In another decision that affects non-union as well as union employers, the National Labor Relations Board recently ruled that comments posted on Facebook are protected in the same manner and to the same extent as comments made at the "water cooler." In Hispanics United of Buffalo, 359 NLRB No. 37 (Dec. 14, 2012), the Board found that a non-union employer's termination of five employees for Facebook postings was unlawful, awarding the employees full reinstatement and backpay. To learn more about the decision, please see Littler’s ASAP, NLRB Rules Employer’s Termination of Non-Union Employees for Facebook Posts Violated NLRA, by Alan Levins.
On December 28, 2012, Michigan joined California, Illinois, and Maryland in enacting a social media password protection law when Governor Rick Snyder signed the "Internet Privacy Protection Act" (IPPA or the "Act"). In an accompanying statement, the governor declared that "cyber security is important to the reinvention of Michigan, and protecting the private internet accounts of residents is a part of that," and that "potential employees and students should be judged on their skills and abilities, not private online activity." To accomplish these objectives, the IPPA, like the other states' social media legislation, generally prohibits employers from gaining access to applicants' or employees' personal social media accounts. The Act, however, also permits employers to access employees' use of employer equipment and systems and allows for investigations, under certain circumstances, of employees' personal social media accounts. While relatively straightforward, the Act will require businesses operating in Michigan to grapple with a range of interpretive challenges. To learn more about the Act, please see Littler’s ASAP, Michigan's New "Internet Privacy Protection Act" Sets Limitations for Employers and Employees, by William Balke and Philip Gordon.
Employer access to employee and applicant social media information remains a hot topic. Through blog posts and other online publications, Littler has discussed how various courts, agencies, and legislatures have tackled the issue. Maryland is currently the only state that prohibits asking individuals for social media login and password information, though similar legislation awaits the governor's signature in Illinois. Moreover, multiple state legislatures and the U.S. Congress have introduced proposed laws. Beyond Maryland, however, the practice's validity is uncertain – which is not surprising because most privacy and antidiscrimination laws predate social media.
The legislative process is normally reactive, i.e., a practice becomes widespread and legislation is introduced to curb the activity. However, with social media access requests and review, state legislatures may be reacting to a perceived issue that is not really a problem. There is limited data concerning employer access requests, but what is available suggests the practice is not as prevalent as one would expect based on media coverage. For example, a recent Littler survey found that only 1% of businesses used access requests during the hiring process. A series of Careerbuilder.com surveys suggest the practice peaked years before the issue occupied the spotlight: in 2008, 22% of employers said they used social media sites to screen applicants; in 2009, 45%; in 2012: 37%. While there was a jump in reported use from 2008 to 2009, use has declined since then. Although survey data may not provide conclusive evidence concerning the pervasiveness of employer access requests and review, it certainly casts doubt on whether proposed legislation is necessary.
Regardless of whether courts, agencies, or legislatures legitimate the practice, there are practical considerations employers should consider when deciding whether to incorporate social media access requests and review into hiring and employment practices.
I was recently interviewed by Nymity on the dozen top challenges for employers when developing and enforcing social media/Web 2.0 policies. Part I of the interview [pdf] addresses the following questions:
- Online Background Checks: What are the risks? What are practices that should be curtailed? How can a company gain the benefits of the tools, and minimize those risks?
- Customer‐Facing Company Sites: Such sites and other customer facing tools and techniques can build a brand over night. How does a company avoid the issues and gain the brand lifting benefits?
Continue reading on Littler's Workplace Privacy Council blog.
"Nobody Wants to be Made an Example of" - Crafting Employer Policies to Avoid Liability for Social Media Use
In a recent Business Insider article, business reporter Lou Dubois of Inc. magazine observed that few cases based on social media had yet gone to court and wondered why. From lawyer and blogger Bradley Shear, he received an insightful answer, “Nobody wants to be made an example of.” Social media technology and practices change week to week and month. How does an employer avoid becoming an example and popping up in trade magazines, showing up in business school case studies, or getting “flamed” on the Internet?
As Dubois points out, one part of the answer lies in creating, implementing and enforcing a strong social media policy. Such a policy can help inoculate the employer against litigation by others based on a wide variety of legal theories, a sampling of which includes:
- Equal Employment Law, including Title VII, the Americans with Disabilities Act, the Age Discrimination in Employment Act, and the Genetic Information Nondiscrimination Act, as well as similar state laws, which protect against unlawful employment practices. For example, an employer that knows its employees are being sexually harassed through the use of social media, but takes no action, violates the law.
- The Fair Credit Reporting Act, which prohibits an employer’s obtaining from a third party and using some types of background information without first obtaining authorization from the employee or prospective employee. As we previously posted, a company supervisor who uses a mobile phone application to check an applicant’s credit record and then refuses to hire him based on what he learns may subject the company to liability if authorization has not been provided or if the proper notices have not been given.
- The National Labor Relations Act, which protects employees engaged in certain concerted activities concerning terms and conditions of employment. As we have said (here and here), the National Labor Relations Board, which enforces the NLRA, has been active in pursuing charges against employers arising out of the use of social media or their response to employees’ use of it.
- The Health Insurance Portability and Accountability Act, which protects against the unauthorized disclosure of personal health information. For example, hospital employees who post details of their patients’ medical care could subject their employer to HIPAA liability.
- Copyright Law, which protects “original works of authorship fixed in a tangible medium of expression.” One of the most common copyright violations in social media is the reposting of photographs, videos or news stories without the owners’ permission.
- Trademark Law, which, among other things, protects a company against another person’s use of a symbol that is “likely . . . to deceive as to the affiliation” of the user as to the “sponsorship or approval” of that person’s goods, services or commercial activities. An example of this would be the use of a trademark to suggest that a blog is approved by the company that owns the trademark.
- The Uniform Trade Secrets Act, which has been adopted in some form by the vast majority of the states and protects against the disclosure, misappropriation and use of a company’s information, where the economic value derives from the fact that is not generally known to and not readily ascertainable by proper means and the owner takes reasonable steps to protect its secrecy. An employee who discloses his former employer’s trade secrets on his new employer’s website or in its blog could subject the new employer to liability.
- The Federal Trade Commission Act, which protects against certain kinds of deceptive trade practices. Recently, the Federal Trade Commission refined its guidance concerning testimonials and endorsements. As we have discussed elsewhere, the FTC is likely to consider it unlawful to tout an employer’s products or services on Twitter without disclosing the relationship between the person tweeting and her employer.
Of course, this list is only a partial one and does not include various state common law theories of liability such as defamation.
Dubois’ article correctly points to the importance of a company creating, implementing, and enforcing a social media policy as a way to help reduce the chances of being sued. A strong social media policy should:
- Integrate with the strategic vision of how the employer uses electronic media in its business;
- Dovetail with the employer's policies on: discrimination, harassment, retaliation, ethical practices, intellectual property, trade secrets, information technology, and technology/electronic resources use policies;
- Clarify to whom the policy applies and enumerate the media to which it refers, including social networks, blogs, YouTube, Twitter, text messages, bulletin boards and chat rooms;
- Contain clear statements about limitations on expectations of privacy, including the employer’s ownership of the computer, the employer’s right to monitor and access social media during and after employment, and the existence of an “audit trail” as to activity conducted on a company computer;
- With respect to employer-sponsored social media:
- Require employees to: take responsibility for what they post, create excitement and add value; be respectful and use good judgment; complain to human resources about any misuse of social media;
- Prohibit employees from: disclosing company confidential and trade secret information; posting personal and privileged information like attorney-client and doctor-patient communications; soliciting for non-company activities; slacking; “friending” subordinates on Facebook or similar sites; posting anonymously or pseudonymously; and violating other company policies through the use of social media;
- With respect to non-employer-sponsored social media:
- Require employees to: comply with all company policies; post a disclaimer for any comments relating to the company; be truthful and respectful; resolve human resources complaints internally; contact HR or a manager for needed clarification;
- Prohibit employees from: disparaging the company, its employees, and the competition; using the company’s graphics or photos of the company; posting anonymously or pseudonymously about the company; violating company-mandated blackouts (e.g., for securities purposes;
- Establish clear consequences for violations of the policy
Dubois correctly encourages employers to craft social media policies. But those policies will be dead letters unless managers, information technology staff, and other employees are trained to understand and follow them. Further, the employer will have to monitor, enforce and re-evaluate the policy as necessary. Taken together, these steps can help an employer from becoming the litigation example no one wants to be.
The National Labor Relations Board created a stir in late 2010 by filing an unfair labor practice charge against ambulance company, AMR, for firing an employee who, among other things, called her supervisor a “mental patient” in a Facebook post read by many co-workers. As it turns out, the “Facebook case” was just the beginning of what appears to be a trend by the Board, subsequently joined by unions, to restrict employers’ ability to promulgate and enforce social media policies that, in the Board’s view, impinge on employees’ rights under the National Labor Relations Act. Several recent developments provide a window into the Board’s intentions.
Continue reading on Littler's Workplace Privacy Council blog.
Is it Really Illegal to Require an Applicant or Employee to Disclose her Password to a "Friends-Only" Facebook Page?
Recently, the American Civil Liberties Union of Maryland tried to publicly embarrass the Maryland Department of Public Safety and Correctional Services (the “Maryland Corrections Department”) into suspending its practice of asking job applicants to disclose their Facebook password so that the Department could check whether the applicant’s wall or stored e-mail revealed any connection to criminal activity. According to a letter dated January 25, 2011 (pdf), sent by the ACLU to the Maryland Corrections Department, this practice “is illegal under the federal Stored Communications Act (SCA), 18 U.S.C. §§2701-11 and its state analog, Md. Courts & Jud. Proc. Art., §10-4A-01, et seq.” The ACLU’s contention is inaccurate.
Continue reading on Littler's Workplace Privacy Council blog.
A former nurse is seeking more than $15 million from a Texas hospital, alleging she was fired for complaining that hospital employees, including doctors, took photos of sedated patients and posted the pictures on Facebook. Although this case may seem unique, such voyeuristic use of social media in healthcare settings is likely to be the source of a ballooning area of retaliation claims and wrongful dismissal suits.
Pew Research Center Study Finds Older Americans are Becoming More Active on the Internet Through Social Networking and Blogging
A study conducted by the Pew Research Center Internet & American Life Project reveals some surprising and some not-so-surprising differences between younger and older Americans in their use the Internet. Based on survey data from mid-2010 and released in December, the study is similar to one conducted by the Center last year. It may come as no surprise that Internet use continues to grow, that Americans under 34 continue to be the majority of Internet users, or that the percentage of those users exceeds their proportion of the adult population. What may be surprising however, is that the percentage increases in activities like social networking and blogging are greater with older Americans than younger ones. These changes in Internet use will undoubtedly help shape the American workplace.
Many businesses have harnessed powerful social media tools to recruit top talent, engage their customers, and create excitement in the marketplace. But, as GigaOM recently reported, at least two observers suggest that there is a danger of overwhelming employees with so much information that they shy away from using those tools and return to less efficient work flows.
At GigaOM’s Net:Work conference in San Francisco in December, Dave Hersh, chairman of Jive Software, which sells social business software, and Bradley Horowitz, vice president of product management at Google, suggested several considerations that companies should evaluate to ensure their social media efforts don’t disintegrate from within:
Case To Watch: NLRB Challenges Employer's Termination of Employee Based on Violation of Social Media Policy
Labor law attorneys at Littler Mendelson have been predicting for months that the National Labor Relations Board, now dominated by Obama appointees, would take aim at employer policies that could be applied to restrict employees’ use of social media for purposes protected by the National Labor Relations Act. In what appears to be the first shot in an approaching battle, the NLRB’s Office of General Counsel issued a press release on November 2, 2010, announcing that the Board’s Hartford Regional Office had filed a complaint alleging that American Medical Response of Connecticut, Inc. (AMR) violated the NLRA by terminating an employee for posting negative comments about her supervisor on her Facebook page. Continue reading on Littler's Labor Relations Counsel blog.
In an earlier post on this blog, I discussed privacy concerns arising out of location sharing services like Foursquare and Gowalla, which allow users to post their current location (in case anyone’s curious, I’m writing this from a Virgin America jet 30,000 feet over Wyoming), thereby allowing potential thieves to know you aren’t home (and I’ll be back before this is posted).
On October 27, the U.S. Department of Justice (DOJ) announced that it will hold public hearings about a potential revision of regulations under the Americans with Disabilities Act of 1990 (ADA). The regulations at issue relate to disability discrimination in connection with accessibility to information on the Internet. These regulatory efforts would affect entities covered by ADA Title II, which prohibits disability discrimination by state and local government entities in their provision of services, programs, and activities; and Title III, which prohibits disability discrimination by and in the activities of places of public accommodation, such as restaurants.
A recent article on Forbes.com by Kraig Swensrud, an executive at Salesforce.com, on using social networking tools to cure email overload piqued my interest. Most employees these days, me included, receive an overwhelming amount of business-related e-mail at all hours of the day. That email comes in a variety of forms – some specifically for the recipient, others for a larger number of recipients or for the entire company. Some are administrative in nature, others seek answers to specific questions or provide specific information. Some are important, others are functionally equivalent to spam.
According to a recent article in the New York Times, innovative trends in the corporate training industry are on the upswing. These innovations include using comic improvisation to deliver training and leveraging digital devices to reach geographically dispersed audiences. Although the customer service training addressed in the article falls into the category often referred to as “soft-skills” learning, such as teambuilding, communication skills and leadership training, the theme – innovation in corporate training – has application to the more cut and dry world of employment law training. The challenge, however, is that employment law training must meticulously (and appropriately) cover a wide range of learning objectives to be effective. These objectives include:
• fulfilling complicated and detailed compliance objectives;
• clearly covering elements required to assert an affirmative defense to various claims of employment-related misconduct;
• raising awareness of ever-changing legal definitions, and
• providing a variety of skill-building exercises focusing on risk management, issue-spotting, effective response strategies, and professional practices.
As Germany Considers Restrictions on Use of Social Media for Recruiting, Multi-National Employers Need to Start Thinking About Social Media Policy 2.0
A bill approved on August 25, 2010, by Germany’s cabinet for introduction to the German Parliament would restrict employers’ use of social media in the recruitment process. Many multi-national employers are still struggling to implement a policy governing the use of social media in their U.S. workplace. Before multi-national employers even complete that task, or catch their breath from doing so, they need to confront the question, as the German proposal suggests, whether the version 1.0 social media policy addressing only U.S. employees can be lawfully applied to non-U.S. employees. Continue reading on Littler's Workplace Privacy Counsel blog.
Enforcement Action by Federal Trade Commission Highlights Importance of Social Media Guidelines for Employees
Employees who post reviews of their employer’s products and services on social media sites, without disclosing their corporate affiliation, can land their employer in an FTC enforcement action. The FTC’s second enforcement action for violation of the agency’s endorsement guidelines, announced on August 26, makes this point.
According to the FTC, Reverb Communications, an on-line public relations firm, sought to boost sales of its clients’ gaming applications by having its employees post positive reviews on iTunes. Over the course of nine months, Reverb employees, posing as disinterested users, gave clients’ games a rating of 4 or 5 and posted comments, such as “Amazing new game,” “ONE of the BEST,” and “Really Cool Game.” According to the FTC, these reviews were misleading because they did not, as suggested, come from independent, ordinary consumers, but from Reverb employees who had a financial incentive to provide a positive endorsement. Continue reading on Littler's Workplace Privacy Counsel blog.
What do senior management executives in the consumer packaged goods companies and retailers think about corporate social media strategies?
Top executives were probed on this topic, along with many others, as part of the research for a 2010 Grocery Manufacturers Association/PricewaterhouseCoopers financial performance report.
The surveyed executives expressed keen awareness of the pressing need for a well-honed social media strategy that harnesses the positive power of social media, effectively addresses/turns around potential negatives and includes ROI measurement.
"If you're going to tell your [brand] story in a world of blogs and streaming video, you better be able to communicate digitally," one CFO told Pricewaterhouse.
The U.S. Department of Justice (DOJ) is planning to revise its Americans with Disabilities Act (ADA) regulations in order to establish requirements for making the goods, services, facilities, privileges, accommodations, or advantages offered by public accommodations via the Internet accessible to individuals with disabilities. To that end, the DOJ will issue an advanced notice of proposed rulemaking (ANPRM) (pdf) to solicit comments as to how it should craft such regulations. The agency is also considering drafting regulations that would establish web accessibility for programs and services provided via the Internet by state and local governments.
As described in the ANPRM, Title III of the ADA prohibits discrimination on the basis of disability in the activities of “places of public accommodation.” “Places of public accommodation” are private entities whose operations affect commerce and that fall into one of 12 categories listed in the ADA, such as restaurants, movie theaters, schools, day care facilities, recreational facilities, and doctors’ offices. Title III also requires newly constructed or altered places of public accommodation – as well as commercial facilities (privately owned, nonresidential facilities such as factories, warehouses, or office buildings) – to comply with the ADA Standards. Title II governs accommodation requirements for state and local government entities. The DOJ notes that when the ADA was enacted, the Internet did not yet play as pivotal a role in our everyday activities as it does today. Therefore, the DOJ states that it is considering amending its Title II and Title III regulations “to require public entities and public accommodations that provide products or services to the public through websites on the Internet to make their sites accessible to and usable by individuals with disabilities under the legal framework established by the ADA.”
Whenever people are presented with new forms of technology, it takes some time to figure out the boundaries of intelligent behavior as it relates to the use of that new technology. One issue that perennially arises is the over-sharing of private information. Those of us old enough to remember when answering machines became popular in the 1980s recall people leaving outgoing messages along the lines of, “sorry I can’t answer the phone, I’m in Aruba for the weekend.” This led to burglaries of houses because someone knew from listening to the outgoing message that the resident would be away. Eventually, people began leaving more generic outgoing messages.
Current social networking sites have a similar danger –recently there has been a spate of news reports about burglaries involving people who posted on their Facebook wall that they were away from home. What’s new and different about modern social networking sites is that some sites – Foursquare and Gowalla are examples – exist solely to share their users’ location with the world.
Although blogging and social networking may benefit companies in many ways, employers have begun taking note of important legal risks of employee use of Web 2.0. Last week we posted about "reducing employer risk concerning social media use - disparagement." This week we are discussing reducing risks associated with employee social media use in the context of severance and settlement negotiations.
In this context, the payment of severance to or resolution of threatened or actual litigation with an ex-employee provides an opportunity to reduce risks of communications that may harm an employer, its employees and others. For example, an employer could condition severance or settlement on the employee’s representation that s/he has not disparaged the employer, its executives, board members, employees, or products and services. If the employee has published such information and cannot make such a representation, it is virtually impossible to “unring the bell.” But if such disclosures have occurred, the employer should consider whether to condition payments or continued payments of settlement or severance amounts, on the employee’s:
- Listing all disparaging communications and posts, the content and virtual locations of that information, and the recipients (if known).
- Deleting all offensive content from social media sites, if possible.
- Correcting misstatements contained in previous posts.
- Cooperating with the employer to assist in the takedown of all disparaging communications.
- Agreeing not to post any disparaging comment about the employer in the future.
Last week we posted about "reducing employer risk concerning employee social media use - anonymous communications." Today we are discussing reducing employer risks in the context of disparagement by employees.
Although blogging and social networking may benefit companies in many ways, employers have begun taking note of important legal risks of employee use of Web 2.0. We have addressed some of those risks on Littler's Workplace Privacy Counsel blog, including here, here, here, here, here, and here. Recently, the ABA podcast a segment highlighting some of these risks entitled, “Tweet, Tweet, You're Fired“ that raised additional issues employers should consider as they evaluate their own policies and practices regarding social media.
In a previous post on the Workplace Privacy Council blog, we discussed the dangers of employee endorsements on social media websites. On the flipside, the ABA podcast raises the issue of whether an employer should develop a policy to regulate the disparagement of others by its employees.
Employees may cause harm to their employers on social media websites by disparaging them, their colleagues, or the products they produce and the services they render. The employer may take legal action against such employees, but that path sometimes is fraught with dangers of its own.
Moreover, the other sort of mischief caused by disparaging comments by employees on social media occurs when that disparagement is directed outward especially to competitors. Federal statutes and regulations and state statutes prohibit deceptive trade practices. Overzealous employees may run afoul of these laws by disparaging competitors inappropriately.
Although blogging and social networking may benefit companies in many ways, employers have begun taking note of important legal risks of employee use of Web 2.0. The ABA podcast a segment highlighting some of these risks entitled, “Tweet, Tweet, You're Fired“ raised additional issues which employers should consider in evaluating their policies and practices.
As the prescient New Yorker cartoon pointed out, “On the Internet, No one Knows You’re a Dog.” Employees can inflict substantial harm on their employers – e.g., by divulging trade secrets or confidential information, or disparaging them, their employees or their goods and services, or even improperly disparaging competitors – through anonymous comments placed on social media sites. Many Internet users do not use email addresses that include personally identifiable information about themselves, and many sites permit anonymous postings. It is easy for any employee to avoid revealing his or her true identity, or even affirmatively misrepresenting that identity, when using social media.
Deciphering that information by subpoenaing the records of specific providers may be challenging or impossible. As a practical matter, then, employers may find it difficult to determine whether a specific employee was the source of a problematic communication posted through social media.
Even if an employer deduces or otherwise learns that an employee was the source of the communication, its power to regulate his or her conduct may be limited. For example, states sometimes prohibit the termination based on lawful off-duty conduct unless that conduct relates to a bona fide occupational requirement and is related to the employee’s work activities and responsibilities or creates a conflict of interest. See, e.g., Colo. Rev. Stat. § 24-34-402.5(1). Moreover, state and federal whistleblower laws may protect the identity of some employees who are using social media to blow the whistle on illegal practices.
“BeenVerified” is a new mobile Web application that allows users to conduct background checks on any individual by merely entering the name or email address of the individual. Users get three free background checks monthly and unlimited checks for a monthly fee of only $8. BeenVerified has been a smashing success, with more than one million checks run to date.
HR professionals, recruiters, managers, and co-workers may find BeenVerified hard to resist. According to the application, users can check an individual’s “Criminal History, Property Records, Current Contact Info, Relatives, Neighbors, and more,” merely by entering an individual’s name. By entering an email address, the user can find out about the individual’s social networking activities and view “their online photos, websites, blog posts, and entire online presence.” All of the data is compiled into a concise report.
Continue reading on Littler's Workplace Privacy blog.