Defending The Digital Workplace

An ebusinesscounsel.com publication

Posts Tagged ‘employment law

Resources and Links for Employment Law Issues Facing Employers and Employees

I no longer actively publish on this blog site. However, readers of this blog or those interested in issues at the intersection of employment law and technology issues can still discuss these issues with me at my new blog, The Michigan Employment Law Advisor. This blog is focused on Michigan and federal employment law issues facing employers and employees.

Additionally, for more information about the legal services my law firm provides, as well as free resources for entrepreneurs, start-ups, and HR professionals, please see my law firm website at Shinn Legal, PLC.

I would also welcome the opportunity to connect with you on TwitterLinkedIn, or Facebook.

In any event, I appreciate all the readers and comments who participated in the employment law discussions and I look forward to continuing to develop those discussions. Best to you.

Facebook Firing Ends in Settlement with NLRB

The National Labor Relations Board (NLRB) announced that it had reached a settlement in a case involving an employee’s discharge for posting negative comments about a supervisor on the employee’s Facebook page. Click here for the NLRB’s press release.

In sum, however, the NLRB had issued a complaint against American Medical Response of Connecticut, Inc., on October 27, 2010,  alleging that the discharge violated federal labor law  (the National Labor Relations Act or “NLRA”) because the employee was engaged in “protected activity” when she posted the comments about her supervisor, and responded to further comments from her co-workers.

Under the National Labor Relations Act, employees  have a federally protected right to form unions, and it prohibits employers from punishing workers — whether union or non-union — for discussing working conditions or unionization.

The NLRB complaint also alleged that the company maintained overly broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees. This policy prohibited employees from making disparaging remarks about the company or depicting it online without permission. Further, the NLRB alleged that AMR (the employer) had illegally denied union representation to the employee during an investigatory interview shortly before the employee posted the negative comments on her Facebook page.

Under the terms of the approved settlement, the company agreed to revise its social media policy to ensure that the rules do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.

The Take Away for Employers

This had been the first case in which the NLRB sought to argue that workers’ criticisms of their bosses or companies on a social networking site was a protected activity under the NLRA and that employers would be violating the NLRA by punishing workers for making statements in the context of social media. Accordingly, employers likely would have welcomed guidance from the NLRB as to how the 75-year-old NLRA would be reconciled with the technological realities of how employees communicate in the age of social media.

For example, the employee involved in the NLRB’s complaint, Dawnmarie Souza, at one point mocked her supervisor on Facebook, using several vulgarities to ridicule him. This eventually drew supportive responses from her co-workers that led to further negative comments about the supervisor. Where a Facebook conversation involves several co-workers it is more likely to be viewed as “concerted protected activity.” But what if instead, Ms. Souza had simply lashed out in a negative post against a supervisor and no co-workers joined in the discussion (not even a single “like” in Facebook terminology). Would that type of comment in the absence of “co-worker discussion” still be considered protected?

In any event, from a strategic perspective, employers should appreciate that this issue will be resolved another day, perhaps under a less “labor friendly” NLRB.

The clear take-away, however, is that the NLRB’s original complaint and this settlement signals that the NLRB intends to protect employees’ rights to discuss the conditions of their employment with co-workers irrespective of whether this discussion takes place at the water cooler or on Facebook.

Accordingly, it is critical for employers – regardless of whether your workforce is unionized or not – to review your Internet and social media policies to determine whether they would be subject to a similar attack by the NLRB that the policy ‘reasonably tends to chill employees’ ” in the exercise of their rights under the NLRA to discuss wages, working conditions and unionization. Areas to consider include:

  • Does the social media policy expressly restrict protected activity;
  • Would an employee construe the social media policy as prohibiting protected activity;
  • Has the social media policy been used to discipline employees who engaged in protected activity; and
  • Was the policy put into place in in response to concerted or protected activity.

None of  this should be taken as legal advice, but it is good advice. And we would welcome the opportunity to offer our insight as to what policies should and should not say and strategies for managing the unique risks found at the intersection of social media and employment and labor law.

Adding to your Business Toolbox: A Roundup of Resources for Business Organizations

Business ToolboxA number of resources are available at www.ebusinesscounsel.com that are relevant to starting or improving your business operations. In addition to those resources, the following links also provide information worth checking out:

  1. Entrepreneur: How to Protect Remote Employees’ PCs from Security Threats
  2. Federal Trade Commission: Revised Endorsement Guides for businesses & bloggers (regulations applicable to testimonials and endorsements)
  3. Entrepreneur: Google Apps for Your Business: The Good, the Bad and the Ugly
  4. Hennessey Capital, by Joe Romeo: Business Plan Basics
  5. Mashable – Business: 5 Small Biz Web Design Trends to Watch
  6. Entrepreneur: Big Marketing Stunts, Small-Business Style
  7. Business Model Alchemist a/k/a Alexander Osterwalder a/k/a genius (ok, this might be more personal commentary than fact. Although, based on Mr. Osterwalder’s work, genius status should not be ruled out) :Combining Business Model Prototyping, Customer Development, and Social Entrepreneurship
  8. Mashable – Business: 4 Lessons Small Businesses Can Learn from Apple’s Antennagate

Will Your Company E-mail Policy Eliminate Litigation?

iStock_000003283183XSmallA recent federal court decision provides a text book example of how company e-mail policies when drafted and implemented properly can reduce or otherwise eliminate litigation.

Factual Background:

The plaintiff, Kevin Sporer contended that his former employer, United Air Lines invaded his privacy by viewing a pornographic video attached to an e-mail that Sporer sent from his work account to his personal account. Sporer also contended that United wrongfully terminated his employment. Sporer was a supervisor at the time of the discharge.

Sporer received an e-mail entitled “Amazing oral talent!!!!!!!!!!” on his work e-mail account from a friend. Sporer then sent this e-mail from his work computer, over United’s server, to his personal e-mail account. The trial court noted that the e-mail “contained a pornographic movie of a woman orally copulating a man in various acrobatic positions.” (Imagine if you were the judge explaining to your significant other: “Honestly, honey, I have to watch this for work.”).

A few minutes after transmitting the email to his personal e-mail account, Sporer emailed his friend that sent the e-mail: “Thank you for the spiritual lift. However, I need you to use my home E-mail address…. Apparently United Air Lines, Inc. has a strict computer security policy and these babies will get me fired.”

During a routine audit (yes, employers actually do this), United’s Information Security department came across the pornographic e-mail Sporer sent to his personal e-mail account, which eventually resulted in Sporer’s discharge for violating United’s e-mail policy.

The E-mail Policy:

UAL’s e-mail policy provided, in relevant part:

Message content must always be professional. It is strictly prohibited to transmit or store any messages or data that compromises or embarrasses the Company, contains explicit or implicit threats, obscene, derogatory, profane or otherwise offensive language or graphics, defames, abuses, harasses, or violates the legal rights of others.

United’s Information Security Policy also prohibited the transmission of obscene, derogatory, profane or otherwise offensive language or graphics. United’s information security policies are established to: “(1) protect the company’s investment in its human and financial resources expended to create its systems; (2) safeguard its information; (3) reduce business and legal risk; and (4) maintain public trust and the reputation of the company.” Under the heading “Privacy and Monitoring,” United’s Electronic Communications Standards provides:

The company reserves the right to monitor all e-mail on the company e-mail system-In other words, as an employee you should assume no right of privacy on e-mail transmitted on the company system. In addition, and messages sent or received, for business or personal reasons, may be disclosed to law enforcement officials or third parties without your prior consent.

Sporer admitted to having received reminders about United’s e-mail policy and that he understood that the content of his emails should not be less than professional. In fact, to turn on and use his work computer, Sporer had to click “OK” to clear the Warning Notice, informing him that the computer system is monitored.

Plaintiff’s Arguments Against Discharge

Sporer argued that his termination was wrongful because it was in violation of his right to privacy and in violation of a federal statute (18 U.S.C. § 2511, et seq.), which prohibits the interception and disclosure of wire, oral (Amazing or otherwise), or electronic communications. An invasion of privacy claim under California law requires a plaintiff to demonstrate: “(1) a legally protected privacy interest; (2) a reasonable expectation of privacy in the circumstances; and (3) conduct by defendant constituting a serious invasion of privacy.” Hill v. National Collegiate Athletic Assn., 7 Cal.4th 1, 39-40, 26 Cal.Rptr.2d 834, 865 P.2d 633 (1994). The Court quickly dismissed Sporer’s invasion of privacy claim noting that in 2001, “more than three-quarters of this country’s major firms monitor, record, and review employee communications and activities on the job, including their telephone calls, e-mails, Internet connections, and computer files.” Id. at 451, 117 Cal.Rptr.2d 155. The court further noted that there can be serious consequences for employers who do not monitor their employee’s communications and activities on the job. Id. at 452 n. 7, 117 Cal.Rptr.2d 155. Further, the advance notice that United monitored computer use for compliance with its policies, including a prohibition against use for “obscene or other inappropriate purposes,” and Sporer having an opportunity to consent to such monitoring, further undercut any reasonable expectation of privacy. Additionally, and this is a key point for employers, United had a policy of monitoring its employee’s computer use, warned employees that they had no expectation of privacy on e-mail transmitted on the company system, and provided its employees with a daily opportunity to consent to such monitoring. In light of these facts, the Court found that Sporer had no reasonable expectation of privacy in the use of his work email.

Sporer’s contention that United violated the federal statute (18 U.S.C. § 2511) by monitoring his work e-mail also failed. The statute excludes surveillance of communications where there is consent. The Court construed “consent” to express and implicit consent and that implied consent may be inferred “from surrounding circumstances indicating that the [party] knowingly agreed to the surveillance.” Id at 116-117. Circumstances showing consent will ordinarily include “language or acts which tend to prove … that a party knows of, or assents to, encroachments on the routine expectation that conversations are private.” Id. at 117. In regard to Sporer, he had been repeatedly informed that United monitored use of its computers, including emails and he had to click “OK” to clear the Warning Notice informing him that the computer system is monitored. Sporer also knew from past experience that United monitors work e-mail accounts. In fact, he was previously disciplined for sending an e-mail with a sexual video from his work account to his personal account. And the e-mail Sporer wrote to his friend minutes after he received the inappropriate email made clear that Sporer was aware of United’s strict computer policy and that United monitored work email accounts. The Court, therefore, found that because Sporer knew his work e-mail account was not private and was being monitored by United his consent to such monitoring may be implied. Accordingly, United did not violate 18 U.S.C. § 2511 by monitoring Sporer’s work e-mail account.

The Take-Away:

While monitoring employer provided e-mail accounts is (or should be) the norm, courts can reach conflicting decisions as to when and under what circumstances such monitoring is permissible. See How Far Can Employers Go in Reading Employee E-mail? For this reason, it is important for employers to reduce the risk that a Court will “second guess” such monitoring. The Sporer/United decision provides a text book roadmap for “getting it right” when it comes to employer e-mail policies and employee monitoring. In that regard, a few “take-aways” are as follows:

  1. Have a written policy: Employers must have a written e-mail policy that explains how company e-mail should be used. The overall theme of this policy should be that e-mail must be used for business purposes. Ideally, this e-mail policy will be part of an overall technology policy that establishes a road map with respect to the intended use of IT resources and what is prohibited. For example, limitations for accessing certain Websites and restrictions for loading unauthorized software into the company IT environment. See “How High Can Damages go for Unlicensed Software Use.
  2. Writing the Email Policy: Your e-mail policy will depend upon your organizational needs. Generally it makes sense to get input from upper management in drafting a policy that supports the company’s overall mission. IT professionals can make recommendations as to what is technologically possible. And human Resource professionals should also be consulted because the policy will affect every employee. Equally important are recommendations from legal counsel. Aside from selfish job security motivations, legal counsel will provide valuable insight as to what is permitted, what is not permitted, and overall compliance recommendations. While not required, getting input from employees increase the chances of the policy ultimately being followed by employees.
  3. Communicate and Explain the Policy: Employers must communicate the policy to all stakeholders, including employees. It is also a good practice to document the employee has read and understands the policy by obtaining signed acknowledgment forms.
  4. Communicating the Policy is not a One Time Event: While it is not necessary, periodically communicating the existence of the policy is a good practice. First, it is a reminder to employees of what is expected in regard to e-mail/technology use and what is prohibited. Second, if your company ever needs to rely upon it in litigation, it just “looks better” if an employee was “reminded” about the policy. For example, United’s log-in procedure required employees to click a button (“OK”) to clear the notice that the employee’s email may be monitored. In other instances, employers have actually displayed random provisions of their overall employee policy at the log in screen, which also had to be cleared through clicking a button similar to “OK.” This random display also directed the employee to a link for the full policy for more information.
  5. Providing an Employee Out: It is a fact of Internet life that unsolicited e-mail is a given (I’m always amazed at how many women are waiting to hear from me or the number of Nigerian businessmen that need my assistance). And a lot of this unsolicited email is along the lines of the “Amazing” video of the pseudo-acrobat. Accordingly, chances are an employee will receive an e-mail that violates the company’s e-mail use policy. In that event, make sure employees understand what is expected, e.g., deleting it, contacting a supervisor., contacting IT, or whatever reporting requirements that are determined to be appropriate. Applying this to Mr. Sporer’s situation, his mistake was not in receiving the email, but rather forwarding it on to his personal email account and then deleting it. Presumably had he just deleted the email he would not have violated the policy. This goes back to effectively communicating what is expected of employees.

For more information on comprehensive technology policies or specific questions about e-mail policies, please feel free to contact me.

Social Networking Risks Part II: Employer in Bulls eye for Wrongfully Accessing MySpace Page

Networking BullseyeA prior post, Digital Security Report: Social Networking Sites Expand Risks for Employers, discussed the technological and legal risks social networking sites pose for employers. As an exclamation point to that post, an employer was recently caught in the social networking “bulls eye” when a jury returned a verdict against the employer for wrongfully accessing an employee’s MySpace page.

A restaurant employee created a discussion group about his workplace on his personal MySpace web page. The discussion group, named the “Spectator,” was a “private” group (or at least what passes as private nowadays), accessible only by invitation. Those who accepted the invitation became members and could log on at any time to participate in the group’s stated mission: to “talk about all the crap/drama/and gossip occurring in our workplace, without having to worry about outside eyes prying in.” (I’m sure another employee already created the discussion group to “talk about socially important issues relevant to the improvement of society and improvement of the human condition.”).

At some point a hostess and group member showed the discussion group to a manager. This eventually lead to management asking the hostess for her sign-in information. While she provided her log-in information, the circumstances of this exchange were disputed: Management argued that the sign-in information was voluntarily provided by the hostess. The employees argued, based on deposition testimony by the hostess, that she felt pressured to turn it over. In any event, the restaurant employer terminated the employee/creator of the MySpace page and a contributing “author” after it discovered sexual comments about employees and customers, disparaging jokes about company practices, and references to drugs and violence.

The discharged employees sued their former employer alleging, among other things, that the company violated the federal Stored Communications Act and invaded their privacy. Click here for a copy of the the Complaint. The case – in large part – hinged on the hostess’s testimony that she felt pressured to disclose her log-in information because she feared discipline for non-cooperation. Unfortunately for the employer, the jury believed the hostess was pressured into turning over her sign-in information.

The jury awarded each plaintiff the maximum back pay that could be awarded — a total of approximately $3,500 — and found that the employer had also acted maliciously, i.e., had engaged in “intentional wrongdoing ….” That finding allowed the plaintiffs to recover punitive damages and the actual damages awarded also triggered the Stored Communications Act’s right of an aggrieved party to recover attorneys’ fees.

This case illustrates a number of points that employers already know – investigating employees and suspected misconduct has risks if not done properly (and even if it is done properly). For points of consideration as to minimizing these risks, see Mishandling Investigations of Employee Misconduct – That’s What She Said. Also, the post referenced above (click here) provides additional considerations employers may consider when it comes to social networking sites. And, as always, feel free to contact me for additional thoughts on these subjects or to share your experience. Thanks.

Digital Security Report: Social Networking Sites Expand Risks for Employers

Digital PadlockSocial networking websites—such as Facebook, LinkedIn, and MySpace— give users the platform to post information about themselves, to stay in touch with friends and meet new ones. These sites also create a buffet of legal and IT risk that business organizations must address.

In regard to IT risk, Sophos, an international provider of enterprise cyber-security solutions, released its Security Threat Report. The report noted that criminals have increased the focus of enterprise attacks using social networking sites. Click here to be linked to Sopho’s overview of the Report and here for the full report.

The Report also provides various recommendations and insight for responding to risk created by social networking websites. Despite the risks, Sophos recommends against employers implementing a wholesale ban on these social networking websites. The rationale for this conclusion is that users/employees will likely circumvent the employer’s protective measures and thereby open up another layer of vulnerability to the organization.

In regard to legal risks, these sites hold a goldmine of information for employers that may be useful in qualifying and screening potential hires. In fact, one in five decision-makers use social networking sites to screen potential applicants. See One in five bosses screen applicants’ Web lives. But the other side of the coin is that an employer may learn about information that may later become a cornerstone in a discrimination lawsuit. For example what if the information revealed that an applicant  is in a protected class under federal or state laws, e.g., photos showing a person’s race, information about a person’s religious affiliations, or that an applicant is pregnant. Whether this information was a determining factor in the adverse hiring decision will be answered against the factual backdrop  that the employer checked the applicant’s profile and was therefore aware of the particular fact creating the protected class under state for federal law.

Other risks employers must address when it comes to social networking sites is the disclosure of confidential and proprietary information. In a recent and extreme example, Britain’s new spy chief’s wife, posted family pictures and exposed details of where the couple live and take their vacations (or for those outside of the U.S., holidays) and who their friends and relatives are on her FaceBook page. The British spy agency was concerned that this information could compromise security and potentially be useful to hostile foreign powers or terrorists. See British Spy Chief’s Cover Blown on Facebook . (No offense to the spy chief’s wife (Lady Shelley Sawers), but I don’t ever recall any Bond Girl exposing Mr. Bond on their FaceBook pages).

While not every business organization employs a top spy or incorporate national security into their business plans, most organizations do have information they consider to be top-secret. Whether it is marketing plans, customers, formulas, etc., inadvertently distributing such information via the social networking world may significantly undercut a business initiative or other strategic plans. I’ve also run into situations where employees exchange information in responding to and asking questions through various Listservs and similar platforms. While the motivation is generally legitimate, the unintended consequence may result in the disclosure of confidential and proprietary information or preclude protection under a particular IP strategy.

There are a numerous risks that should be weighed against the benefits of social networking sites (feel free to contact me for more information). But a few take-aways for employers are as follows:

  1. First and foremost, start with determining what the employer’s expectations are when it comes to using company resources to access social networking sites. It may not be worth the trouble and risks and an across the board ban will be implemented. Or, it may be allowed with respect to certain departments. Ideally, formulating this expectation will involve working with your IT professionals. For instance, is it feasible to implement a wholesale ban against using social networking applications or is there a business justification for making exceptions? If so, what security gaps need to be addressed?
  2. Second, make sure your expectations are reflected in your company’s Internet acceptable usage policy and this policy expressly applies to social networking sites. Also, make sure that the policy clearly spells out the ramifications, including the levels of discipline that may occur for violating the policy.
  3. Third, educate users as to your expectations and be prepared to offer explanations for the policy/ban, e.g. the security risks, the risks of exposing information that provides a competitive edge to the company, etc. I know from experience that it is becoming common for employers to include social networking sections to their training on protecting corporate information. This is not a legal requirement, but speaking from experience, it is easier for an individual to “buy-in” to a policy if there is a rational reason for it.
  4. Finally, and this relates to the first point, work with IT to determine how the policy will be enforced. While the “scouts honor” system works great for scouts, a better approach is to rely on some sort of analysis of Web logs, which will detail use during business time (if not allowed), or implementing an automated search of websites for corporate information.But that is just the cynic in me speaking.
What if the information revealed on the site puts the applicant in a protected class under federal or state laws. Whether the information putting the applicant in the protected class was a determining factor in the adverse hiring decision, the fact that the employer checked the profile and was aware of that fact may give rise to an allegation of discrimination. In addition, the applicant’s conduct could be protected concerted activity under federal labor law. Also, some states prohibit adverse employment actions based on political expression.

How Far Can Employers Go in Reading Employee E-mail?

Employers routinely face situations where they must investigate an employee suspected of misconduct. Such investigations increasingly – if not always – involve email. But do employers become guilty of misconduct or otherwise risk liability if they access an employee’s email account? Does it matter if the company has a policy regarding email privacy? What if the policy is inconsistent or not enforced? Does it matter if the the email account is a company provided account or accessed using company computers/Internet connections? While the answers to these questions will, unfortunately, depend upon the circumstances, a great overview of issues employers should consider prior to investigating employee email is found at Investigating Personal Web-Based E-Mail.Email Watch

When it comes to investigating employees and email, employers will often feel as if they are shooting at a moving target in the dark when it comes to “getting it right.” That is because court opinions addressing employee email investigation often become very fact specific and reach conflicting results.

For example, in Stengart v Loving Care Agency, Inc. (New Jersey 2009), the employer provided plaintiff with a laptop computer and a work email address. Prior to plaintiff’s resignation, she communicated with her attorneys about her anticipated suit against her employer. These email communications were sent from plaintiff’s work-issued laptop but through her personal, web-based, password-protected Yahoo email account. After plaintiff filed suit, the company created a forensic image of the hard drive from plaintiff’s computer. In reviewing plaintiff’s Internet browsing history, the employer’s attorney discovered and read numerous communications between plaintiff and her attorney.

The trial judge found  in favor of the employer noting that the company’s policy put employees on sufficient notice that electronic communications, “whether made from her company E-mail address or an Internet based E-mail address would be subject to review as company property.”In reaching this conclusion, the judge stated that the company policy “specifically place[d] plaintiff on notice that all of her Internet based communications [we]re not to be considered private or personal” and that the policy “put employees on notice that the technology resources made available to employees were to be used for work related purposes, particularly during business hours.

The Court of Appeals, however, reversed this decision noting that “there is much about the language of the policy that would convey to an objective reader that personal emails, such as those in question, do not become company property when sent on a company computer, and little to suggest that an employee would not retain an expectation of privacy in such emails.” The Court further based its decision on the “important societal considerations that undergird the attorney-client privilege.” This opinion is available here and is worth reviewing for its interesting discussion of the competing interests between employers’ interest in maintaining its business operations and employee privacy against the backdrop of digital communication (yes, I’ve been told I’m a dork for finding this stuff interesting).

In contrast to Stengart, the court in Scott v. Beth Israel Med. Center Inc., (N.Y. Sup. Ct. 2007) sided in favor of the employer and decided that email communications between plaintiff and his attorney exchanged over the employer’s email system was not protected by attorney-client privilege or work product doctrine. The emails in question were were all sent over the employer’s email server. And the employer’s email policy stated, among other things, that the electronic mail systems were the property of the employer and should be used for business purposes only, that employees “have no personal privacy right in any material created, received, saved or sent using [employer's] communication or computer systems,” and that the employer reserved the right to access and disclose such material at any time without prior notice.

The take away for employers is that it takes planning to bench the judicial-Monday-morning quarterback scrutinizing your investigation decisions. This planning starts with a well-written policy clearly advising employees of how company computers, Internet resources, and  email will be treated. An employer should obtain the employee’s signed acknowledgement that the policy was received and understood. And, the policy must be enforced. See  Privacy in the Digital Workplace – Oxymoron? Maybe Not, where an employer had such a policy in place, but represented it would not be enforced, which – under the facts of that case – created an “expectation of privacy” for the plaintiff employee.

Follow

Get every new post delivered to your Inbox.