The stories are legendary: the employee who calls in sick and then posts a picture of himself dressed as a fairy at a Halloween party hundreds of miles away; the video of the salesman in a drunken stupor at a conference he is attending on the company’s dime; and just this past week, the New York City lawyer railing against an employee and a customer speaking Spanish to one another in a restaurant. An individual’s social media can be a treasure trove of information about a person and could give insight into a person’s character and habits that might not become apparent until months or years of employment have gone by, perhaps never.
At a recent employment law update forum for human resources professionals hosted by McLane Middleton, Professional Association, one of the most talked about topics was social media. More specifically, what actions can be taken, if any, against employees who post about or discuss their employment negatively on social media, such as Facebook and Twitter? With technology continuing to evolve, the law has often struggled to keep up. However, a recent summary order by the Second Circuit Court of Appeals held that an employee’s use of Facebook’s ever-popular “like” button was concerted activity under the circumstances. The opinion reminds employers yet again to carefully review their social media policies and to think twice before taking disciplinary measures against employees who post or just “like” unfavorable information about their employment on social media, even though it has the possibility to reach thousands, if not millions, of people – including customers.
In Three D, LLC d/b/a Triple Play Sports Bar and Grille v. National Labor Relations Board, No. 14-3284, 2015 WL 6161477, at *1 (2d Cir. Oct. 21, 2015), a Connecticut sports bar appealed a decision of the National Labor Relations Board (“NLRB”) finding that it had violated Section 8(a)(1) of the National Labor Relations Act (“NLRA” or “Act”) by discharging two of its employees for their Facebook activity and by maintaining an overbroad Internet/Blogging policy. The employee conduct at issue was two-fold: (1) an employee named Spinella “liked” a status update of a former employee, LaFrance, which stated “Maybe someone should do the owners of Triple Play a favor and buy it from them. They can’t even do the tax paperwork correctly!!! Now I OWE money … Wtf!!!!”; and (2) another employee’s, Sanzone’s, comment to the post stating “I owe too. Such an asshole.”
Section 7 of the NLRA guarantees that employees shall have the right to self-organization, to form, join, or assist labor organizations and to engage in other concerted activities for the purpose of mutual aid or protection. 29 U.S.C. § 157. Section 8(a)(1) of the Act protects employees’ Section 7 rights by prohibiting an employer from interfering with, restraining, or coercing employees in the exercise of their Section 7 rights. In its decision, the court noted that an employee’s Section 7 rights must be balanced against an employer’s interest in preventing disparagement of his or her products or services and protecting the reputation of his or her business. Accordingly, an employee’s communications with the public may lose the protection of the Act if they are sufficiently disloyal or defamatory.
However, in this case, the court agreed with the NLRB that Spinella and Sanzone’s “like” and “comment” were protected activity under the Act because the discussion concerned workplace complaints about tax liabilities, their employer’s tax withholding calculations, and LaFrance’s assertion that she was owed back wages. The court also found that the activity was not so disloyal as to lose protection of the Act because the comments did not mention the employer’s products or services, much less disparage them. The court rejected Triple Play’s argument that a previous decision, NLRB v. Starbucks Corp., 679 F.3d 70, 77 (2d Cir. 2012), suggested that an employee’s obscenities uttered in front of customers would not be protected in most circumstances. Distinguishing the present case from Starbucks, the court noted that the Starbucks panel premised its decision on a finding that the NLRB had disregarded the entirely legitimate concern of an employer not to tolerate employee outbursts containing obscenities in the presence of customers. In this case, however, the NLRB stated unequivocally that it had considered the longstanding recognition that an employer has a legitimate interest in preventing the disparagement of its products or services and in protecting its reputation. Additionally, the court considered that Spinella’s and Sanzone’s communications were made to seek and provide mutual support looking toward group action, and were not made to disparage Triple Play or undermine its reputation.
The court noted that almost all Facebook posts by employees have at least some potential to be viewed by customers and although some customers might have seen the Facebook discussion, it was not directed toward customers and did not reflect the employer’s brand. The activity did not lose the protection of the NLRA simply because it contained obscenities that could have been viewed by customers online. To hold otherwise, the court reasoned, could lead to potentially chilling effects on employees’ Section 7 rights to engage in concerted activities.
The court also affirmed the NLRB’s ruling that Triple Play’s Internet/Blogging policy, which did not explicitly restrict the exercise of Section 7 rights, was still overbroad because employees would reasonably interpret the policy as proscribing any discussions about their terms and conditions of employment deemed inappropriate by Triple Play. The policy therefore violated Section 8(1)(1) of the NLRA since it would reasonably tend to chill employees in the exercise of their Section 7 rights.
Although the Second Circuit recently decided not to publish its decision, despite a petition to do so by the NLRB, the case is a good reminder that employers must be careful when it comes to disciplining and discharging employees for what seems to be detrimental speech online – whether it is a lengthy post, or just a “like” – it is still speech and may be protected as concerted activity by Section 7 of the NLRA. This is another step in the NLRB’s increasingly expansive view of what constitutes protected activity by employees online. Once again, employers should reevaluate their internet policies to determine if they may be reasonably interpreted as violating Section 8(a)(1) of the NLRA.
People often think of the Americans with Disabilities Act as a law that protects individuals with physical and mental disabilities from discrimination or other unfair treatment. What is seldom mentioned is that the ADA also protects the confidentiality of employee medical information, and requires that employers keep all such information confidential.
There are some exceptions that allow limited disclosure of protected medical information by employers, including when the employee voluntarily discloses his or her own medical information to co-workers. In that instance, the employee cannot claim a breach of confidentiality if their information is released to other co-workers.
This exception was recently tested in a case out of the Federal district court in Indiana called Shoun v. Best Formed Plastics, 28 F. Supp. 3d 768 (N.D. Ind. 2014). There, the employee – Shoun – alleged that his former employer violated the ADA by divulging confidential medical information to others via a posting on Facebook. Shoun was injured at work, spent months on leave recovering, and sought to collect workers’ compensation benefits as a result of the injury. While out on leave and seeking these benefits, a co-worker of Shoun’s responsible for processing his workers’ compensation claim learned of the nature and extent of his injuries.
Shoun then filed a lawsuit in federal court alleging different violations of the ADA. During the course of this lawsuit, the co-worker posted the following message on her personal Facebook page: “Isn’t [it] amazing that how Jimmy experienced a 5 way heart bypass just one month ago and is back to work, especially when you consider George Shoun’s shoulder injury kept him away from work for 11 months and now he’s trying to sue us.” Based on this posting, he alleged a new claim against the employer for violating the ADA’s confidentiality and disclosure provisions.
The employer moved to dismiss this ADA claim, arguing that Shoun voluntarily disclosed his medical condition through the original filing of his ADA lawsuit, prior to the Facebook post. The court disagreed and allowed the claim to go forward, concluding that disclosure via a court filing was not a “voluntary” disclosure that met the exception under the statute.
This decision teaches us that employers must use great caution when discussing a co-worker’s health condition on social media, or anywhere else for that matter. Training on the ADA’s confidentiality and medical information disclosure rules is especially important, given that this is an oft-overlooked part of the law. Employers need to understand that the concept of confidential medical information is broad-ranging, and includes workers’ compensation claim files, FMLA claims, reasonable accommodation requests, and other medical information related to the performance of one’s job. Such information should always be off-limits for discussion.
Employees’ rights to act together to address conditions at work are protected under the National Labor Relations Act. This protection applies equally to both union and non-union employees and extends to employees’ work-related conversations on social media. But, as many employers may wonder, how far does the protection of the Act reach? The NLRB’s decision in Richmond District Neighborhood Center and Ian Callaghan (Case 20-CA-091748, October 28, 2014) provides some guidance on it.
The New Hampshire Legislature passed HB 1407 which will prohibit employers from obtaining an employee’s personal social media account user name and password. The bill passed both the House and the Senate. The governor is expected to sign it into law.
This bill applies to both employees and prospective employees for employment. Employers found to be in violation will be subject to the penalties under RSA 273:11-a, including a fine of up to $2,500 per violation.
HB 1407 does not prevent an employer from monitoring company equipment and email, adopting workplace policies on the use of employer property (including Internet use, social networking site use or electronic mail use), or requesting disclosure of login information where the social media account is paid for by the employer or provided to employee as part of employment relationship.
Also, nothing in the bill prohibits an employer from: (a) Obtaining information about an employee or prospective employee that is in the public domain; or (b) Conducting an investigation: (1) To ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct based on information about activity on an employee’s personal account or service received from an employee or other source; (2) Of an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to a personal online account or service by an employee or other source.
Once signed into law, NH will join over a dozen other states with laws limiting an employer from requiring or obtaining passwords to personal social media accounts of employees.
An administrative law judge (“ALJ”) writing on behalf of the National Labor Relations Board (“NLRB”) reviewed the social media/on line communications policy of The Kroger Co. of Michigan, a retail grocery chain, in the context of an unfair labor practices complaint. In the decision issued on April 22, 2014, the ALJ ruled that portions of Kroger’s policy were unlawfully broad and in violation of Section 7 of the National Labor Relations Act.
If you identify yourself as an associate of the Company and publish any work-related information online, you must use this disclaimer: “The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of The Kroger Co. family of stores.”
It is fairly common for employers to establish policies requiring that employees use disclaimers of this nature when posting on line. The ALJ, however, stated that “there is no question but that this rule implicates much Section 7 activitiy. While not all work-related information is potentially protected by Section 7, a great deal of it is.”
The ALJ conceded that an employer has a legitimate interest in stopping unauthorized employees from speaking on behalf of the company and even from being perceived as speaking on behalf of the company. He determined that in evaluating the employer policy, it was necessary to consider what the risk is that, in the absence of a disclaimer, section 7 activity, i.e. discussing the terms and conditions of employment, would be mistaken for employer sanctioned speech. The ALJ concluded that a disclaimer is problematic under the Act if it is likely to chill legitimate and protected employee speech.
In striking down the disclaimer language the ALJ stated that “Given the breadth of online communications to which the rule applies, it would be extremely burdensome to have to post the disclaimer in each instance or on each new page, and this would have a reasonable tendency to chill Section 7 activity in this regard.” The Decision itself is worth the read in that it gives startling insight into the reasoning of at least this one ALJ.
Employers frequently access and review data created or stored by employees on company-owned electronic devices, such as computers, laptops, tablets (iPad), and cellphones (iPhone, Droid and Blackberry). Well-crafted technology and social media policies specifically authorize employers to do so. But, if not careful, employers can step over the line between permissible conduct and conduct that violates the federal Stored Communications Act (SCA). The line between permitted and unlawful conduct is not always apparent, so employers need to be aware of the SCA and seek counsel before accessing or reviewing an employee’s electronic communications.
Company-owned electronic devices are treasure troves of evidence of employee misconduct, particularly where employees use the devices to access personal email (Gmail, Yahoo!, etc.) or social media (Facebook, Google+, Twitter, Flickr, etc.). Employers feel justifiably entitled to access and review data created and stored on such devices, particularly where employees are instructed that the company owns the devices and has the right to monitor the data, and that employees have no right to privacy. As a general rule, the law supports employers here.
In Deborah Ehling v. Monmouth-Ocean Hospital Service Corp., the employer terminated the employee based (in part) on posts she made on Facebook. The court underwent a rigorous analysis to determine that the SCA protects Facebook posts, as long as the posts are limited to friends and not on the person’s public Facebook pages. As the court explained,
“when it comes to privacy protection, the critical inquiry is whether Facebook users took steps to limit access to the information on their Facebook walls” and the “privacy protection provided by the SCA does not depend on the number of Facebook friend that a user has.”
Although the employee’s Facebook posts were protected, the employer did not violated the SCA because it received the posts through a person authorized to access them: one of the employee’s co-workers, who was her Facebook friend, gave them to the employer. However, as this court and others have recognized, an employer violates the SCA if it obtains an employee’s private Facebook posts by other means, such as (1) using a password retrieved from the hard drive of the employee’s company-owned electronic device or from a keystroke logger installed on the device, (2) accessing the account by using the employee’s company-owned device where the password populates automatically, (3) creating a fictitious person on Facebook to friend the employee, and (4) pressuring co-workers to divulge the employee’s Facebook posts. In those circumstances, access to the Facebook posts would not be authorized under the SCA.
In another case, Sandi Lazette v. Verizon Wireless, the employee returned her company-owned Blackberry to her employer, but did not properly disconnect her Gmail account from it before doing so. Over the next 18 months, her supervisor read 48,000 emails sent to that account, some of which were quite personal. The court in that case (like many other courts) found that email stored in webmail accounts (like Gmail) is protected by the SCA, at least while the email resides unread on the servers of the service provider.
The employer made several unsuccessful arguments to avoid liability. For example, the court rejected the argument that the supervisor was accessing only the company-owned Blackberry, recognizing that he was actually using that device to access an account on the Gmail servers. However, an employer does not violate the SCA if it recovers an employee’s personal emails that are stored on a company-owned device, such as when the data is in a backup file or recovered from the “residual” space of a hard drive. The court also rejected the employer’s argument that the employee had impliedly consented to the employer’s review of her Gmail by not properly disconnecting the account. While consent need not be explicit, the court recognized that,
“Negligence is … not the same as approval, much less authorization. There is a difference between someone who fails to leave the door locked when going out and one who leaves it open knowing someone will be stopping by.”
Technology presents legitimate opportunities for employers to monitor their employees. It also presents potential pitfalls, some of which are not apparent. Employers should continue to harvest valuable information from company-owned electronic devices, but also need to become aware of the SCA and seek counsel before accessing or reviewing employee electronic communications.
In our evolving technological world, more and more people are using social media for building both work and personal connections. This has presented a conflict in the workplace between a company’s need to protect its business interests and an employee’s concern with privacy. States have been wading into these waters with legislation limiting or prohibiting an employer’s request for employee social media user names, passwords, and other personal account information.
In New Hampshire, a bill that would prohibit an employer from requiring an employee or prospective employee to disclose his or her social media passwords passed the House, with amendment, and is before the Senate Commerce Committee. HB414 proposes a new “Use of Social Media” subdivision under the state’s protective legislation. This proposed law would prohibit a New Hampshire employer from requesting or requiring an employee or prospective employee to disclose a user name or password for any account primarily used for personal communications unrelated to any business purposes of the employer or to require an employee to add the employer to a list of contacts associated with the account. The proposed law would not limit an employer from adopting and enforcing workplace policies on the proper use of company equipment, monitoring the company’s systems, or obtaining information about an employee or prospective employee that is in the public domain.
This proposed bill raises issues for businesses who may be seeking this type of information from employees or prospective employees. For example, some employees use their personal accounts to promote a company product or business. In those situations, it may be difficult to categorize or determine if the accounts are “primarily used for personal communications” and beyond an employer’s reach. The broad definition of “social media” further adds to this dynamic. If enacted this year, the law would take effect 60 days after its passage.