Today, the NLRB‘s Acting General Counsel posted a third report regarding social media issues which have been brought to the agency. The cases discussed in this report should provide further guidance to employers struggling with developing strategies for using social media in their business, developing employee policies regulating activity in social media, and enforcing those policies. In six of the seven cases discussed, the General Counsel’s office found some provision of the employer’s social media policy to be lawful.  In the other case, the entire policy was found to be lawful.  Look for follow up analysis from us and our Labor Partners.

Please also check out our prior reporting on social media developments

The vote by the Illinois Senate, 55-0, in favor of HB 3782 may put Illinois ahead of California and other states to follow Maryland in making it illegal for Illinois employers to ask employees or applicants for their Facebook and other social media passwords. The bill awaits signature by Governor Pat Quinn, which was overwhelmingly approved by the House in March.

HB 3782 would amend the State’s Right to Privacy in the Workplace Act to make it illegal for employers to ask potential and current employees for their social media passwords:

It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.

However, the law would not limit an employer’s right to: 

  • have policies to regulate employees’ use of the employer’s electronic equipment, Internet use, social networking site use, and electronic mail use; or
  • monitor the employee’s use of the employer’s electronic equipment and the employer’s electronic mail.

The law also would not prohibit employers from reviewing information about employees or applicants that is in the public domain, so long as the employer complies with other applicable law. Of course, even information in the public domain can have traps for the unwary employer, such as learning about an applicant’s family medical history on his or her Facebook site which would raise issues under the Genetic Information Nondiscrimination Act.

A Virginia district court recently held that an employee’s clicking of the Facebook “like” button is not comparable to speech. Accordingly, the court affirmed the dismissal of First Amendment retaliation claims brought by employees of a Virginia sheriff’s office finding that the employees’ action was insufficient to merit constitutional protection.

Sheriff B.J. Roberts of the Hampton, Virginia Sheriff’s Office was up for re-election in 2009. Employees within the sheriff’s office alleged that Sheriff Roberts learned that the employees were supporting his opponent when the employees “liked” the opponent’s Facebook page. After he was re-elected, Sheriff Roberts terminated the employees allegedly due to staff reductions and performance issues.

The employees sued Sheriff Roberts alleging that he violated their First Amendment rights to freedom of speech and freedom of association when he unlawfully fired them for actively supporting his political opponent.

The U.S. District Court for the Eastern District of Virginia rejected the employees’ claims because the employees failed to allege that they had engaged in protected expressive speech when they “liked” the opponent’s Facebook page. The court explained that without existing speech warranting First Amendment protection, the employees could not prove a violation of the right to freedom of speech occurred. The court held that “merely ‘liking’ a Facebook page is insufficient speech to merit constitutional protection. In cases where courts have found that constitutional speech protections extended to Facebook posts, actual statements existed within the record.”

While this case may be helpful in the context of public employees, private employers must still be conscious of several issues including: how they obtain social media information about their employeespotential NLRB issues if an employee’s “likes” could be considered protected concerted activity; and potential state constitutional protections of an employee’s right to privacy.

Not long after Maryland enacted a law prohibiting employers from demanding passwords to employees’ or prospective employees’ Facebook and certain other social media accounts, the California State Assembly voted 73-0 in favor of A.B. 1844. The California bill would prohibit an employer from requiring: 

an employee or prospective employee to disclose a user name or account password to access a personal social media account that is exclusively used by the employee or prospective employee.

The state’s Senate will now need to consider the measure, where a related bill, S. 1349 (named "The Social Media Privacy Act"), would also protect students from having to disclose similar information to school officials. A hearing on S. 1349 is scheduled for May 21. Congress and a number of other states, including, Delaware, Illinois, Michigan, Minnesota, Missouri, New York, and South Carolina are considering similar measures.

Employers will need to monitor these developments carefully and consider how to advise and train their managers and human resources personnel about these new requirements.
 

Where no law or employer policy prohibits a worker from recording a conversation with his manager, an employer’s termination of that worker for recording the conversation unlawfully infringed on the worker’s rights under the National Labor Relations Act, the federal appeals court in Washington D.C. has ruled.

According to the U.S. Court of Appeals for the District of Columbia Circuit, in Stephens Media LLC v. NLRB, when the employer denied what the employee believed was his right guaranteed under the Supreme Court’s Weingarten decision to have a witness at a meeting with a supervisor, he conferred with co-workers and decided to secretly record the meeting with his supervisor. The employee used a voice recorder belonging to one of his co-workers to surreptitiously record the meeting. After learning of the taping, the company terminated the employee who taped the meeting and suspended the employee who provided the recorder.

The National Labor Relations Board found these employees were engaged in protected concerted activity under the NLRA when they planned to record the meeting and that by disciplining the employees, the company violated their right to engage in such activity. According to the Board, taping the meeting to document what the employees perceived to be a potential violation of Weingarten qualified as protected activity.

In rejecting the employer’s arguments that this was not protected activity, the Board reasoned:

  1. under established Board precedent, there is no per se rule that the making of surreptitious recordings is unprotected activity;
  2. the company had no policy in effect prohibiting audio recordings; and
  3. the recording was not unlawful under state or local law. See HAW. REV. STAT. § 803-42(b)(4).

The federal appeals court agreed. An unanswered question is whether the presence of an employer policy would have resulted in a different outcome.

As yet another example of the Massachusetts Attorney General enforcing compliance with the Commonwealth’s data privacy and security laws, that office recently reached a $15,000 settlement in an enforcement action involving Maloney Properties, Inc. (MPI), a property management company based in Massachusetts.

In the lawsuit, the AG alleged that MPI’s policies and procedures failed to adequately protect its customers’ personal information when an MPI employee stored the unencrypted personal information of 621 Massachusetts residents on a company laptop, left the laptop in a personal vehicle overnight, and the laptop was then stolen.

Although there was no indication that any of the personal information on the laptop was acquired or used by an unauthorized person or for an unauthorized purpose, the AG still required MPI to pay a monetary penalty of $15,000 and agree to take certain steps before ending its action against the company.

Some of the steps MPI agreed to take include complying with the Commonwealth’s regulations – including the requirement to encrypt personal information on portable devices, to the extent technically feasible. This also includes encrypting personal information on company-owned portable devices, ensuring that the devices are kept in secure locations, purging personal information when it’s not needed anymore, training its employees at least annually on encryption and proper storage, and performing an annual audit of its compliance with its Written Information Security Program (WISP). In addition, the company must submit the results of its 2012 and 2013 annual WISP audits to the AG’s Office.

The AG’s actions in this matter demonstrate that it does not take lightly the loss of Massachusetts residents’ personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come. This provides a timely reminder for all companies of the importance of understanding and complying with the Commonwealth’s requirements in this area.

UPDATE: Governor Martin O’Malley signed the bills discussed below into law on May 2, 2012.

Maryland will likely become the first state to prohibit employers from demanding usernames, passwords or other means to access any personal account or service through an electronic communication device (computer, phone, PDA, etc.), such as social media sites Facebook or LinkedIn, belonging to employees or job applicants. If signed by Governor Martin O’Mailey, as expected, the new law would become effective October 1, 2012, after being passed unanimously passed in the Senate last week and by a vote of 128-10 in the House. Employers need to monitor developments, as legislatures in other states have taken up similar measures.

S.B. 433/ H.B. 964 applies to any employer engaged in business in Maryland, as well as any unit of state or local government. It also reaches any agent, representative or designee of a covered employer. So, an employer cannot ask a third party to do under the law what the employer cannot do.

Covered employers also are prohibited from discharging, disciplining or otherwise penalizing  employees or applicants (or threatening same) who refuse to comply with the requests for access prohibited above. In addition, employers may not fail or refuse to hire applicants to object to similar requests. However, the Maryland law prohibits employees from making unauthorized downloads of company financial or proprietary data, and permits employers to investigate when it receives information about such activities. 

In this space we have frequently discussed social media issues ranging from legal considerations in policy development, to employers’ legal and practical risks attendant to reviewing job applicants’ social media presence, to legislative reactions to employers’ requiring disclosure of passwords as part of their background check process.   Two further reactions to the password disclosure issue are worthy of note.
First, Connecticut Senator Richard Blumenthal has stated he will introduce federal legislation similar to that currently under consideration in the Illinois and Maryland legislatures.   Arguing that employers’ mandating disclosure of user names and passwords “is a huge invasion of privacy,” State Assemblyman John Burzichelli has indicated that he will introduce similar legislation prohibiting the practice in the New Jersey legislature.
Second, in a statement issued this past Friday by Erin Egan, Chief Privacy Officer, Policy, Facebook responded to “a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information [which] …undermines the privacy expectations and the security of both the user and the user’s friends [and]…also potentially exposes the employer who seeks this access to unanticipated legal liability.”  Facebook advised that it is now a violation of its Statement of Rights of Responsibilities to share or solicit a Facebook password since users “shouldn’t be forced to share [their] private information and communications just to get a job” and friends of users shouldn’t have to worry that [their] private information or communications will be revealed to someone [they] don’t know and didn’t intend to share with just because [their friend] is looking for a job.”
Employers must stay abreast of these developments as they continue to refine all policies and procedures pertaining to employee social media usage.

 

Employers increasingly have health professionals on-site providing medical services to employees. For some employers, the reason is to address the rising costs of health care, including uncertainties about the full impact of health care reform, the Affordable Care Act, looming in 2014. For others, more comprehensive approaches to disability and leave management can mitigate compliance and litigation concerns. 

Whether it is a single nurse at a facility providing basic first aid and assisting in fitness-for-duty exams, or a full-scale health clinic staffed with physicians, nurses and others, there are a range of issues the company should be thinking about – e.g., workplace safety, disability/leave management, labor, employee benefits, and privacy. Some of our practice group leaders put together a white paper to aid employers in spotting these issues. We hope you find this helpful and easy to read. 

Click here to access the White Paper: An Overview of Legal Considerations When Bringing Health Care "In-House"
 

Complying with the Genetic Information Nondiscrimination Act (GINA) is a growing concern for employers and others. We have developed a comprehensive set of frequently asked questions concerning this new law. If you are interested in learning more about GINA: