Defending The Digital Workplace

An ebusinesscounsel.com publication

Posts Tagged ‘workplace monitoring

Facebook Firing Ends in Settlement with NLRB

The National Labor Relations Board (NLRB) announced that it had reached a settlement in a case involving an employee’s discharge for posting negative comments about a supervisor on the employee’s Facebook page. Click here for the NLRB’s press release.

In sum, however, the NLRB had issued a complaint against American Medical Response of Connecticut, Inc., on October 27, 2010,  alleging that the discharge violated federal labor law  (the National Labor Relations Act or “NLRA”) because the employee was engaged in “protected activity” when she posted the comments about her supervisor, and responded to further comments from her co-workers.

Under the National Labor Relations Act, employees  have a federally protected right to form unions, and it prohibits employers from punishing workers — whether union or non-union — for discussing working conditions or unionization.

The NLRB complaint also alleged that the company maintained overly broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees. This policy prohibited employees from making disparaging remarks about the company or depicting it online without permission. Further, the NLRB alleged that AMR (the employer) had illegally denied union representation to the employee during an investigatory interview shortly before the employee posted the negative comments on her Facebook page.

Under the terms of the approved settlement, the company agreed to revise its social media policy to ensure that the rules do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.

The Take Away for Employers

This had been the first case in which the NLRB sought to argue that workers’ criticisms of their bosses or companies on a social networking site was a protected activity under the NLRA and that employers would be violating the NLRA by punishing workers for making statements in the context of social media. Accordingly, employers likely would have welcomed guidance from the NLRB as to how the 75-year-old NLRA would be reconciled with the technological realities of how employees communicate in the age of social media.

For example, the employee involved in the NLRB’s complaint, Dawnmarie Souza, at one point mocked her supervisor on Facebook, using several vulgarities to ridicule him. This eventually drew supportive responses from her co-workers that led to further negative comments about the supervisor. Where a Facebook conversation involves several co-workers it is more likely to be viewed as “concerted protected activity.” But what if instead, Ms. Souza had simply lashed out in a negative post against a supervisor and no co-workers joined in the discussion (not even a single “like” in Facebook terminology). Would that type of comment in the absence of “co-worker discussion” still be considered protected?

In any event, from a strategic perspective, employers should appreciate that this issue will be resolved another day, perhaps under a less “labor friendly” NLRB.

The clear take-away, however, is that the NLRB’s original complaint and this settlement signals that the NLRB intends to protect employees’ rights to discuss the conditions of their employment with co-workers irrespective of whether this discussion takes place at the water cooler or on Facebook.

Accordingly, it is critical for employers – regardless of whether your workforce is unionized or not – to review your Internet and social media policies to determine whether they would be subject to a similar attack by the NLRB that the policy ‘reasonably tends to chill employees’ ” in the exercise of their rights under the NLRA to discuss wages, working conditions and unionization. Areas to consider include:

  • Does the social media policy expressly restrict protected activity;
  • Would an employee construe the social media policy as prohibiting protected activity;
  • Has the social media policy been used to discipline employees who engaged in protected activity; and
  • Was the policy put into place in in response to concerted or protected activity.

None of  this should be taken as legal advice, but it is good advice. And we would welcome the opportunity to offer our insight as to what policies should and should not say and strategies for managing the unique risks found at the intersection of social media and employment and labor law.

Adding to your Business Toolbox: A Roundup of Resources for Business Organizations

Business ToolboxA number of resources are available at www.ebusinesscounsel.com that are relevant to starting or improving your business operations. In addition to those resources, the following links also provide information worth checking out:

  1. Entrepreneur: How to Protect Remote Employees’ PCs from Security Threats
  2. Federal Trade Commission: Revised Endorsement Guides for businesses & bloggers (regulations applicable to testimonials and endorsements)
  3. Entrepreneur: Google Apps for Your Business: The Good, the Bad and the Ugly
  4. Hennessey Capital, by Joe Romeo: Business Plan Basics
  5. Mashable – Business: 5 Small Biz Web Design Trends to Watch
  6. Entrepreneur: Big Marketing Stunts, Small-Business Style
  7. Business Model Alchemist a/k/a Alexander Osterwalder a/k/a genius (ok, this might be more personal commentary than fact. Although, based on Mr. Osterwalder’s work, genius status should not be ruled out) :Combining Business Model Prototyping, Customer Development, and Social Entrepreneurship
  8. Mashable – Business: 4 Lessons Small Businesses Can Learn from Apple’s Antennagate

How to Increase the Likelihood Employees will Follow Your Social Media Policy

A lot has been written about social media, its impact on business, and risks for employers. See my prior posts here (Digital Security Report: Social Networking Expand Risks for Employers) and here (Another Reason for Employers to be Wary of Social Media – Unfair and Deceptive Acts). And to mitigate these risks the conventional wisdom says to put a policy in place that applies to employees’ use of social media. But it is also important to implement a policy that is actually effective and will be followed by employees.

Before discussing such a policy, a little foundational information is needed. In their book “Switch: How to Change Things when Change is Hard,” Chip and Dan Heath explain that any change must consider what is described as the “Rider” and the “Elephant.” This analogy is, in turn, taken from Dr. Jonathan Haidt’s book “The Happiness Hypothesis,” which describes the emotional side of our brain as an elephant and the rational side as its rider. This analogy creates a vivid image of a person sitting atop an elephant holding the reins seemingly in control. Or at least until the elephant and rider disagree about which direction to go at which point the rider will ultimately lose the battle. (This analogy also vividly explains why despite wanting to lost 10 lbs I can’t put down these delicious cookies. Damn you elephant, Damn you!).

This is a very cursory and simplified explanation of a great book.* But with this explanation, let’s insert the Rider/Elephant into the social media policy implementation equation.

Direct the Rider: The Heath Brothers note that resistance is often due to a lack of clarity. In this regard, social media policies are simultaneously too specific and too broad. This leaves the Rider with information overload and too much ambiguity to process, which undercuts the Rider’s ability to control the elephant. This is because the Rider experiences a decision paralysis, i.e., too many choices consume the Rider’s cognitive resources making it that much easier to give into the immediate emotional needs of the elephant.

For example, a proposed social media policy was forwarded to me by an attorney (a non-client. The attorney wanted to know my thoughts – i.e., free legal advice). This policy was more of a manual, which came in at just over 14 pages. Now imagine you are  John Doe, disgruntled employee blowing off steam on Facebook about a dispute he had with Jane Doe manager. Or that you are Jane Doe manager twittering about your company’s upcoming product release. In these examples, John Doe would need to review Section III, paragraph A(1) to evaluate what his company considers to be appropriate on-line discussions of co-workers. Jane Doe, however, would need to consult with Section V, paragraph B(1) to evaluate how company information should be treated, and would probably want to consult with Section VII, which deals with marketing and communications with the public. Any bets that this policy will be followed?

So lets replace the preceding 14 + page manual with a set of rules that script the critical points your organization wants an employee to consider before publishing  something on any social media outlet. I call this the “Think Before you Publish” Social Media Policy (I know, I’m very creative):

  • Rule No. 1 – Assume anything you blog about, tweet, update on Facebook, or otherwise publish will appear on the cover of the Wall Street Journal;
  • Rule No. 2 – Assume you will have to explain to your mother, father, children, or any loved one why you published any of the preceding and what you were thinking at the time; and
  • Rule No. 3 – If your social media publication involves your employer, any of its managers, employees, products, or services, assume you will also have to explain why and what you were thinking when you made such post to any of these constituents.

These rules taken together provide a working framework for an employee to consider, where the focus is on “specific behavior,” i.e., think about what you are about to publish before making it public. These rules also do not tax the Rider’s cognitive processes by requiring the Rider to evaluate the content of a “tweet” or a Blog posting, or a Facebook update with sections from a 14 + page manual.

I fully concede that it will be important to supplement these three rules with explanations, especially when it comes to work related publications that may not seem facially inappropriate. Examples may include releasing non-public information about an upcoming product release, endorsing a produce or service without considering the Federal Trade Commissions recent expansion into this subject, or if your product or service is in a heavily regulated industry with specific issues to address. But at the very least, these three rules are intended to provide a moment to reflect before hitting that “share” button.

Motivate the Elephant: Motivating the elephant means appealing to a person’s emotional side. This is because simply speaking to the rational rider will not carry the day (I know if I want to lose weight, I need to exercise and eat fewer calories, like from cookies. Yet here I am enjoying one two cookies). Similarly, employees are often given a policy manual to read and review and a form acknowledging the employee has done both. Applying this approach to social media does little to appeal to the “Elephant.” But how do you appeal to an employee’s self-interests to obtain actual buy-in when it comes to following your social media policy?

There are innumerable examples of what happens when social media goes wrong. For example, recently a female middle school teacher was discharged after photographs of her engaged in a simulated act of fellatio with a male mannequin appeared on an internet website (Land v. L’anse Creuse Pub. Schs. Bd. of Educ.). These pictures were taken at a combined bachelor/bachelorette party. The discharge was later reversed by the Michigan Teacher Tenure Commission and affirmed by the Michigan Court of appeals. While this case had a happy ending for the teacher in that she got her job back, it came after a prolonged litigation process that was witnessed, at a minimum, by school employees, students, and parents.

Another great example occurred last year when a consultant/VP tweeted about being in Memphis: “… i’m in one of those towns where I scratch my head and say ‘I would die if I had to live here!'” Unfortunately for the consultant, he was in Memphis because he was presenting to a major client headquartered in Memphis (a little company called FedEx). Worse, employees at FedEx ran across the tweet. And even worse, FedEx responded. Click here for the full write-up and the response.

There is even a website called youropenbook.org that allows one to look through posts on Facebook users’ walls, including the potentially embarrassing and  career-ending kind. In perusing through this site, I was amazed how many people have a boss who is an idiot!

Using these examples – and many, many others – to illustrate why an employee should follow the company’s social media policy appeals to the elephant, i.e., “follow these rules so you don’t end up like the last jack-ass that called me an idiot.” Again, the intention is that before an employee hits the share button, he or she will reflect on what might happen to the individual if the publication became public knowledge.

Conclusion

Social media is widely considered a “must’ for business organizations. That might be true. Even if it is not, however, it is a must to have a social media policy.  To increase the effectiveness of that policy keep in mind your Riders and Elephants. In other words, make the policy succinct and readily translate into expected concrete behavior. Second, when presenting the policy to your employees, don’t forget to appeal to their elephant by addressing their emotional interests, i.e., show why the policy is intended to help the individual.

Feel free to forward me any outrageous or noteworthy social media policies with a brief explanation of why the policy is either. Also, contact me with any questions about this topic.

* I don’t know the authors Chip and Dan Heath. I’ve never spoken with either individual. In fact, other than seeing their pictures on the inside of the book jacket, I couldn’t pick Chip or Dan out of a line-up. I bring this point up because Switch and their earlier book, Made to Stick, are both fantastic reads, worth picking up and this recommendation is based solely on the merit of those books and no personal connection or personal interest on my part (I’m deliberately not including a link to either book to remove any suspicion that I’m even getting compensated for referrals to the books). Although, in full disclosure, if the Heaths would like to give me a cut from the increased book sales my post is certain to generate, I’m willing to negotiate (and please read the preceding disclosure with heavy sarcasm).

Written by Jason Shinn

July 5, 2010 at 10:01 pm

Employer Liability for Employee’s Internet Misconduct – Or When Surfing the Web can Wipe out your Business.

Generally, the Internet is a tremendous asset in the workplace, except when it is a liability. And   liability generally involves employee misconduct. A common example of such liability was recently reported on by the Wall Street Journal (click here for the story). This story discusses repeat instances of employees (in this case U.S. government employees at the Securities and Exchange Commission) accessing Internet pornography. The WSJ’s story notes that one regional supervisor for the SEC had made more than 1,800 attempts to look up pornography in a 17-day span (if you’re doing the math, that is 105.88 times a day!).

Unfortunately, holding employers liable for damages arising out of Internet misconduct by employees is not a novel concept. Common scenarios where employers may be exposed to liability include tort, contract, copyright, and for crimes arising out of an employee’s misuse of a workplace computer.

For example, a case dealing with viewing child pornography resulted in the New Jersey Appellate Division ruling that the company could be liable for damages suffered by innocent third parties where the company failed to investigate reports that an employee was viewing child pornography online at work. Doe v. XYC Corp., (2005). In that case, the Court ruled that when an employer has actual or imputed knowledge that an employee is viewing child porn on a company computer the employer has a duty to act, either by terminating the employee or reporting such activities to law enforcement authorities. In regard to such knowledge, the court noted the following facts.

  • The employee’s immediate supervisor, a manager, and the director of network and PC services were all aware of the suspicion that the employee used a company computer to visit sexually explicit websites.
  • Co-workers complained about the employee’s computer habits.
  • An investigation into these complaints uncovered that he visited child porn sites. The company’s response was to tell the employee to stop. The employee did not and he eventually downloaded more than 1,000 pornographic images on his work computer. He also sent three nude or semi-nude photos of his 10-year-old stepdaughter to a child porn site from his work computer.

It is also worth noting that the employer actually had an Internet usage policy in place (a must for every company) that provided employees were only permitted to “access sites, which are of a business nature only,” and reserved the right to inspect computers. But having such a policy in place does no good if it is not enforced. In this regard, a high-ranking IT executive warned a supervisor against monitoring the employee’s computer use, as it was the IT exec’s belief that the company policy prohibited such monitoring.

The other common scenarios where employers may find themselves exposed to Internet misconduct include:

  • Intentional and negligent infliction of emotional distress – In Delfino v. Agilent Technologies, Inc., an employer was not liable under a negligent supervision theory to threat recipients who claimed infliction of emotional distress. This distress arose out of an employee who transmitted Internet threats using employer’s computer system. The court noted that the employer owed the recipients no duty in absence of business relationship or close connection with recipients’ injuries, and employer did not breach any duty as it was unaware of employee’s conduct.
  • Harassment / Hostile Work Environment – Even though employers do not have a duty to monitor the private communications of their employees for comments which harass co-employees, employers do have a duty to take effective measures to stop co-employee harassment when the employer knows or has reason to know that the harassment is part of a pattern of harassment that is taking place in the workplace and in settings that are related to the workplace. Effective remedial steps reflecting a lack of tolerance for the harassment will be relevant to an employer’s affirmative defense that its actions absolve it from all liability. For example, in 2007 case, Avery v. Idleaire Technologies Corp., the Court of Appeals allowed a plaintiff’s hostile work environment claim case to go to a jury (it reversed a trial court’s order dismissing the case). In doing so, the Court noted that a jury “could find it to be objectively offensive for an employer to permit employees to use a company computer terminal on company time to actively seek pornographic material, whether for sexual gratification, entertainment, or in the words of one of the plaintiff’s co-workers, simply out of boredom, and for the evidence of this activity (pop-up adds, printouts, internet history, etc.), to be left for the plaintiff and other employees to see.” Similarly, in Gallagher v. C.H. Robinson Worldwide, Inc., (6th Cir. 2009) the decision to dismiss a sexual harassment claim by the trial court was reversed.  The court noted that Plaintiff testified that co-workers used Internet to view sexually explicit pictures on their computers, along with other conduct compared to a “guy’s locker room” (I don’t know about you, but I didn’t want to spend any more time than I had to in the locker room).
  • Defamation, libel and slander – In Gavrilovic v. Worldwide Language Resources, Inc., the Court held that a coworker’s e-mail statement that an employee of a military contractor was the military base “F*ck toy” was false and defamatory, as required for the employee to recover from the contractor for defamation.
  • Copyright infringement – Employers also may be needlessly exposed to lawsuits for copyright violations if they permit (or ignore the fact that) employees to receive or download software or other materials, e.g., music, video, and graphics files. See Varilease Tech. Group, Inc. v. Michigan Mut. Ins. Co. ((Mich. Ct. App. 2004), which concerned a suit against an employer alleging its employees copied and retained copyrighted product support manuals and diagnostic software, used the materials in their contracts to perform service and maintenance for their clients, and distributed the materials to subcontractors.

It is also worth noting that, in limited circumstances, there may be an upside for employee Internet misconduct. For example, a former employee’s acts of transmitting sexual images via employer’s internet and email applications was a deliberate violation of employer’s computer usage policy, and accordingly, his actions constituted misconduct connected with his work, and thus, claimant was disqualified from unemployment benefits; Ernst v. Sumner Group, Inc., 264 S.W.3d 669, Unempl. Ins. Rep.(2008).

The Take Aways: Monitoring Is A Must

While claims against employers for employee Internet misconduct may ultimately fail to impose liability, the exposure is still there. And the preceding cases underscore the importance of monitoring employee Internet browsing to minimize that liability. Here are some suggestions to consider when it comes to monitoring employee’s Internet usage:

  • Create a policy that spells out what types of sites are off-limits. Also explain that the company has the right to monitor employee usage of company computers to confirm compliance with the policy and, therefore, employees should have no expectation of privacy when it comes to any of the company’s electronic equipment. Make sure employees also understand that violating the policy may result in discipline.
  • Communicate the policy. It is also important for IT to understand that monitoring is permitted and under what circumstances.
  • Highlight to employees the negative effects misuse of the Internet may have on the company (e.g., liability for sexual harassment).
  • If you believe an employee is violating your Internet usage policy, make sure you properly preserve the evidence, e.g., Web activity, the employee’s PC or laptop.
  • If a violation occurs, assess whether law enforcement officials should be contacted, (child porn).

Feel free to shoot me your thoughts or comments about this post. And if you have story that tops the SEC supervisor’s 17 day porn rampage, I would be interested in hearing about it, but I don’t need to see the proof.

Another Reason for Employers to be Wary of Social Media – Unfair and Deceptive Acts

The concerns employers face over the use of social media – e.g., blogs, Facebook, MySpace, etc. – has been widely discussed, including here and here. The Federal Trade Commission (FTC) has recently added to those concerns. Specifically, the FTC updated its guidelines about protecting consumers from misleading endorsements and advertising. Under these guidelines an employer may face liability over an an employee’s endorsements of the employer’s products or services on social media websites. Further, liability may exist even where the employer did not authorize or approve the employee’s remarks.

An Overview of the Guidelines

The FTC’s revised Guides Concerning the Use of Endorsements and Testimonials in Advertising (16 C.F.R. Part 255) (the “Guidelines”), address the application of Section 5 of the FTC Act (the “Act”) – which prohibits unfair or deceptive acts or practices and unfair competition in or affecting commerce — to the use of endorsements and testimonials in advertising. An endorsement or testimonial subject to these guidelines is one “that consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser, even if the views expressed by that party are identical to those of the sponsoring advertiser.” Crystal clear for all, right? Further, the Guidelines require that employees endorsing their employer’s products or services to disclose their relationship to an employer when they give an endorsement or testimonial.

The duty of disclosure applies even when the employee’s endorsement appears on a site that is not maintained by the employer (e.g., Facebook, MySpace) or the employee (bulletin boards) and the statement itself is not misleading. See 16 C.F.R. Part 255.5 (entitled “Disclosure of material connections”). See  example No. 8 under 16 C.F.R. 255.5. And failing to make the required disclosure may expose the employer to liability under the Act. For example, the FTC may bring an enforcement action against an employer if an employee makes a misleading statement about the employer’s products and services that result in injury to consumers. Additionally, if I’m an employer, I would be losing sleep over the preceding example because postings on blogs, MySpace, and Facebook pages may quickly reach wide audiences and, therefore, create the risk of large-scale liability like class-action litigation.

While not the focus of this post, Bloggers should also consider how the Guidelines may apply to their posts. For example, the Guidelines apply to any endorsement of products or services. And any kind of “material connection” between an endorser (like a blogger) and an advertiser must be disclosed to the consumer, e.g., cash payments, free samples, or other benefits to the endorser from the promoter. This is not an endorsement, and even if it was (read with slight sarcasm) I have not received any benefit in connection with writing this post or referencing to the following post and I have no material connection to the brands, products, or services offered by the following post. With that smooth and beautiful literature out of the way, a post bloggers may want to review is provided by Michael Hyatt (click here) (Again – just a suggestion that you may or may not want to follow, and not an endorsement).

The Take Away for Employers

The take-away for employers is to add another item to the “Things that Keep Me Up at Night” list, followed by a note to consider reviewing the company’s technology policies with an eye towards:

  1. Determining if you have a policy? You may not. But you should. And if your company has a policy, what does it say about how the use of the company’s name, trademarks, and other proprietary information may be used (if at all) in blogs and other social media;
  2. Whether the policies include either prohibitions or proper guidance about references to company products or services. Such prohibitions and guidance should go beyond addressing just criticisms of the employer and its products and services;
  3. If endorsements are permitted, employees must understand (and document this understanding) that any endorsement must be limited to truthful and verifiable statements;
  4. Whether employees should be required (probably a good idea) to obtain prior approval by management of any proposed endorsement; and
  5. A requirement that an employee’s statement of endorsement is accompanied by a written disclosure that the employee is not authorized to make statements on behalf of the employer and a disclosure of the employment relationship so that consumers can weigh the testimonial. This statement should be drafted by the company and made readily available to employees.

Additionally, don’t forget to review your marketing contracts. In light of the widespread adoption of “Word of Mouth Advertising” (there is even a trade group for Word of Mouth Advertising, click here) in the Web 2.0 World (I lost track, but I think we are still on 2.0 … right???) companies should also review their contracts with any marketing professionals. This is because such advertising depends upon leveraging social networks in making a product or service go “viral.” Thus, in addition to assessing company employment policies, companies will want to make sure that their marketing contracts properly address compliance with the FTC’s Guidelines (this is a polite way of saying, make sure your marketing firm is going to defend you or reimburse you if you get sued because of an endorsement. After you do this, make sure the marketing firm has the finances/insurance to cover your defense tab – If you can’t avoid risks, make sure someone else has to cover the bill).

Feel free to contact me with questions about this post, about how your company is responding to the FTC’s Guidelines or leveraging social media in general, or about exorbitantly paying me to endorse your products or services, which I’m not above doing if the price and FTC language is right. I’m just kiddin,’ but seriously, I’m not (a little hat tip to Dodgeball).

Will Your Company E-mail Policy Eliminate Litigation?

iStock_000003283183XSmallA recent federal court decision provides a text book example of how company e-mail policies when drafted and implemented properly can reduce or otherwise eliminate litigation.

Factual Background:

The plaintiff, Kevin Sporer contended that his former employer, United Air Lines invaded his privacy by viewing a pornographic video attached to an e-mail that Sporer sent from his work account to his personal account. Sporer also contended that United wrongfully terminated his employment. Sporer was a supervisor at the time of the discharge.

Sporer received an e-mail entitled “Amazing oral talent!!!!!!!!!!” on his work e-mail account from a friend. Sporer then sent this e-mail from his work computer, over United’s server, to his personal e-mail account. The trial court noted that the e-mail “contained a pornographic movie of a woman orally copulating a man in various acrobatic positions.” (Imagine if you were the judge explaining to your significant other: “Honestly, honey, I have to watch this for work.”).

A few minutes after transmitting the email to his personal e-mail account, Sporer emailed his friend that sent the e-mail: “Thank you for the spiritual lift. However, I need you to use my home E-mail address…. Apparently United Air Lines, Inc. has a strict computer security policy and these babies will get me fired.”

During a routine audit (yes, employers actually do this), United’s Information Security department came across the pornographic e-mail Sporer sent to his personal e-mail account, which eventually resulted in Sporer’s discharge for violating United’s e-mail policy.

The E-mail Policy:

UAL’s e-mail policy provided, in relevant part:

Message content must always be professional. It is strictly prohibited to transmit or store any messages or data that compromises or embarrasses the Company, contains explicit or implicit threats, obscene, derogatory, profane or otherwise offensive language or graphics, defames, abuses, harasses, or violates the legal rights of others.

United’s Information Security Policy also prohibited the transmission of obscene, derogatory, profane or otherwise offensive language or graphics. United’s information security policies are established to: “(1) protect the company’s investment in its human and financial resources expended to create its systems; (2) safeguard its information; (3) reduce business and legal risk; and (4) maintain public trust and the reputation of the company.” Under the heading “Privacy and Monitoring,” United’s Electronic Communications Standards provides:

The company reserves the right to monitor all e-mail on the company e-mail system-In other words, as an employee you should assume no right of privacy on e-mail transmitted on the company system. In addition, and messages sent or received, for business or personal reasons, may be disclosed to law enforcement officials or third parties without your prior consent.

Sporer admitted to having received reminders about United’s e-mail policy and that he understood that the content of his emails should not be less than professional. In fact, to turn on and use his work computer, Sporer had to click “OK” to clear the Warning Notice, informing him that the computer system is monitored.

Plaintiff’s Arguments Against Discharge

Sporer argued that his termination was wrongful because it was in violation of his right to privacy and in violation of a federal statute (18 U.S.C. § 2511, et seq.), which prohibits the interception and disclosure of wire, oral (Amazing or otherwise), or electronic communications. An invasion of privacy claim under California law requires a plaintiff to demonstrate: “(1) a legally protected privacy interest; (2) a reasonable expectation of privacy in the circumstances; and (3) conduct by defendant constituting a serious invasion of privacy.” Hill v. National Collegiate Athletic Assn., 7 Cal.4th 1, 39-40, 26 Cal.Rptr.2d 834, 865 P.2d 633 (1994). The Court quickly dismissed Sporer’s invasion of privacy claim noting that in 2001, “more than three-quarters of this country’s major firms monitor, record, and review employee communications and activities on the job, including their telephone calls, e-mails, Internet connections, and computer files.” Id. at 451, 117 Cal.Rptr.2d 155. The court further noted that there can be serious consequences for employers who do not monitor their employee’s communications and activities on the job. Id. at 452 n. 7, 117 Cal.Rptr.2d 155. Further, the advance notice that United monitored computer use for compliance with its policies, including a prohibition against use for “obscene or other inappropriate purposes,” and Sporer having an opportunity to consent to such monitoring, further undercut any reasonable expectation of privacy. Additionally, and this is a key point for employers, United had a policy of monitoring its employee’s computer use, warned employees that they had no expectation of privacy on e-mail transmitted on the company system, and provided its employees with a daily opportunity to consent to such monitoring. In light of these facts, the Court found that Sporer had no reasonable expectation of privacy in the use of his work email.

Sporer’s contention that United violated the federal statute (18 U.S.C. § 2511) by monitoring his work e-mail also failed. The statute excludes surveillance of communications where there is consent. The Court construed “consent” to express and implicit consent and that implied consent may be inferred “from surrounding circumstances indicating that the [party] knowingly agreed to the surveillance.” Id at 116-117. Circumstances showing consent will ordinarily include “language or acts which tend to prove … that a party knows of, or assents to, encroachments on the routine expectation that conversations are private.” Id. at 117. In regard to Sporer, he had been repeatedly informed that United monitored use of its computers, including emails and he had to click “OK” to clear the Warning Notice informing him that the computer system is monitored. Sporer also knew from past experience that United monitors work e-mail accounts. In fact, he was previously disciplined for sending an e-mail with a sexual video from his work account to his personal account. And the e-mail Sporer wrote to his friend minutes after he received the inappropriate email made clear that Sporer was aware of United’s strict computer policy and that United monitored work email accounts. The Court, therefore, found that because Sporer knew his work e-mail account was not private and was being monitored by United his consent to such monitoring may be implied. Accordingly, United did not violate 18 U.S.C. § 2511 by monitoring Sporer’s work e-mail account.

The Take-Away:

While monitoring employer provided e-mail accounts is (or should be) the norm, courts can reach conflicting decisions as to when and under what circumstances such monitoring is permissible. See How Far Can Employers Go in Reading Employee E-mail? For this reason, it is important for employers to reduce the risk that a Court will “second guess” such monitoring. The Sporer/United decision provides a text book roadmap for “getting it right” when it comes to employer e-mail policies and employee monitoring. In that regard, a few “take-aways” are as follows:

  1. Have a written policy: Employers must have a written e-mail policy that explains how company e-mail should be used. The overall theme of this policy should be that e-mail must be used for business purposes. Ideally, this e-mail policy will be part of an overall technology policy that establishes a road map with respect to the intended use of IT resources and what is prohibited. For example, limitations for accessing certain Websites and restrictions for loading unauthorized software into the company IT environment. See “How High Can Damages go for Unlicensed Software Use.
  2. Writing the Email Policy: Your e-mail policy will depend upon your organizational needs. Generally it makes sense to get input from upper management in drafting a policy that supports the company’s overall mission. IT professionals can make recommendations as to what is technologically possible. And human Resource professionals should also be consulted because the policy will affect every employee. Equally important are recommendations from legal counsel. Aside from selfish job security motivations, legal counsel will provide valuable insight as to what is permitted, what is not permitted, and overall compliance recommendations. While not required, getting input from employees increase the chances of the policy ultimately being followed by employees.
  3. Communicate and Explain the Policy: Employers must communicate the policy to all stakeholders, including employees. It is also a good practice to document the employee has read and understands the policy by obtaining signed acknowledgment forms.
  4. Communicating the Policy is not a One Time Event: While it is not necessary, periodically communicating the existence of the policy is a good practice. First, it is a reminder to employees of what is expected in regard to e-mail/technology use and what is prohibited. Second, if your company ever needs to rely upon it in litigation, it just “looks better” if an employee was “reminded” about the policy. For example, United’s log-in procedure required employees to click a button (“OK”) to clear the notice that the employee’s email may be monitored. In other instances, employers have actually displayed random provisions of their overall employee policy at the log in screen, which also had to be cleared through clicking a button similar to “OK.” This random display also directed the employee to a link for the full policy for more information.
  5. Providing an Employee Out: It is a fact of Internet life that unsolicited e-mail is a given (I’m always amazed at how many women are waiting to hear from me or the number of Nigerian businessmen that need my assistance). And a lot of this unsolicited email is along the lines of the “Amazing” video of the pseudo-acrobat. Accordingly, chances are an employee will receive an e-mail that violates the company’s e-mail use policy. In that event, make sure employees understand what is expected, e.g., deleting it, contacting a supervisor., contacting IT, or whatever reporting requirements that are determined to be appropriate. Applying this to Mr. Sporer’s situation, his mistake was not in receiving the email, but rather forwarding it on to his personal email account and then deleting it. Presumably had he just deleted the email he would not have violated the policy. This goes back to effectively communicating what is expected of employees.

For more information on comprehensive technology policies or specific questions about e-mail policies, please feel free to contact me.

Social Networking Risks Part II: Employer in Bulls eye for Wrongfully Accessing MySpace Page

Networking BullseyeA prior post, Digital Security Report: Social Networking Sites Expand Risks for Employers, discussed the technological and legal risks social networking sites pose for employers. As an exclamation point to that post, an employer was recently caught in the social networking “bulls eye” when a jury returned a verdict against the employer for wrongfully accessing an employee’s MySpace page.

A restaurant employee created a discussion group about his workplace on his personal MySpace web page. The discussion group, named the “Spectator,” was a “private” group (or at least what passes as private nowadays), accessible only by invitation. Those who accepted the invitation became members and could log on at any time to participate in the group’s stated mission: to “talk about all the crap/drama/and gossip occurring in our workplace, without having to worry about outside eyes prying in.” (I’m sure another employee already created the discussion group to “talk about socially important issues relevant to the improvement of society and improvement of the human condition.”).

At some point a hostess and group member showed the discussion group to a manager. This eventually lead to management asking the hostess for her sign-in information. While she provided her log-in information, the circumstances of this exchange were disputed: Management argued that the sign-in information was voluntarily provided by the hostess. The employees argued, based on deposition testimony by the hostess, that she felt pressured to turn it over. In any event, the restaurant employer terminated the employee/creator of the MySpace page and a contributing “author” after it discovered sexual comments about employees and customers, disparaging jokes about company practices, and references to drugs and violence.

The discharged employees sued their former employer alleging, among other things, that the company violated the federal Stored Communications Act and invaded their privacy. Click here for a copy of the the Complaint. The case – in large part – hinged on the hostess’s testimony that she felt pressured to disclose her log-in information because she feared discipline for non-cooperation. Unfortunately for the employer, the jury believed the hostess was pressured into turning over her sign-in information.

The jury awarded each plaintiff the maximum back pay that could be awarded — a total of approximately $3,500 — and found that the employer had also acted maliciously, i.e., had engaged in “intentional wrongdoing ….” That finding allowed the plaintiffs to recover punitive damages and the actual damages awarded also triggered the Stored Communications Act’s right of an aggrieved party to recover attorneys’ fees.

This case illustrates a number of points that employers already know – investigating employees and suspected misconduct has risks if not done properly (and even if it is done properly). For points of consideration as to minimizing these risks, see Mishandling Investigations of Employee Misconduct – That’s What She Said. Also, the post referenced above (click here) provides additional considerations employers may consider when it comes to social networking sites. And, as always, feel free to contact me for additional thoughts on these subjects or to share your experience. Thanks.

Follow

Get every new post delivered to your Inbox.