Return to the News Index
Has anyone ever said to you, "You must be the last person to not have a [Facebook page] [MySpace page] [Twitter account]!"? If so, perhaps you do not have time to tweet, or maybe you have no desire to make contact with long lost high school chums. Or maybe you are an employer and have heard of the potential legal risks associated with social networking websites. These risks, some of which are described below, are likely to become fertile pastures for privacy and discrimination lawsuits against employers.
Privacy in social networking has come to the forefront at least once. In Pietrylo v. Hillstone Restaurant Group, employees of a Houston's restaurant in New Jersey started a MySpace group, accessible only by invitation, where employees could vent about their jobs in a secure forum. Houston's management allegedly accessed the group by pressuring an employee to provide the group password. The two employees who started the group were eventually terminated.
They filed suit, alleging a number of claims, and the case was heard by a jury. Although the jury did not find the employee's right to privacy had been invaded, it found that the managers violated the Federal Stored Communications Act and the parallel state law, and awarded compensatory and punitive damages to the terminated employees. The Federal Stored Communications Act, 18 U.S.C.A., Sections 2701, et seq., enacted as part of the Electronic Communications Privacy Act, prohibits, among other things, the intentional unauthorized access of a wire or electronic communication while it is in electronic storage. It provides criminal penalties for violation as well as a private cause of action to any provider of an electronic communication service, (such as an internet service provider), subscriber, or other person aggrieved by the violation.
While invasion of privacy was not found under the facts of Pietrylo, it could be found under different circumstances. Texas recognizes the tort of invasion of privacy, including a cause of action for intrusion upon the plaintiff's seclusion or solitude into his private affairs, which would be highly offensive to a reasonable person. This cause of action has been evaluated by a Texas court in the case of an employee who alleged that his employer broke into his personal e-mail folders maintained on his office computer and disseminated the e-mails to a third party, when access to the personal folders was password-protected.
The court compared the e-mail folders to a previous invasion of privacy case involving an employee's locker. The locker was provided by the employer, but the lock was purchased by the employee with the employer's knowledge, giving the employee a reasonable expectation of privacy when the locker was locked. Moreover, the locker was given to the employee for the purpose of storing personal belongings. In contrast, the computer upon which the e-mails were found was provided to the employee by the employer for performing work functions. Additionally, the e-mails first appeared in the server inbox, and were at that point accessible by a third party. The employee could either leave his e-mails in the inbox, or move them to his personal folder. The court found that, despite the password, the employee did not manifest a reasonable expectation of privacy.
An invasion of privacy claim could arise in countless factual patterns. Assume the factual scenario of Pietrylo was slightly different, and the employer gained access to the group page by pretending to be another individual in order to obtain the password. The jury might have found an invasion of privacy. Or, consider a situation where the employee, above, who claimed a privacy interest in his e-mails, forwarded the e-mails to his personal e-mail account and deleted all copies of the e-mails from the employer's system. Or perhaps the e-mails were sent to his personal account in the first place, but he accessed his personal, password-protected e-mail account on his work computer during working hours. Businesses today may encounter employees who send personal e-mails from their personal accounts, or access social networking sites, on their work-issued Blackberries. Any number of factual situations could potentially lead to different results.
Among the Facebookers and Tweeters, an employer could very likely bump into an employee blogger-an employee who maintains a weblog (or "blog"). Often times, these blogs are open for the world to view. But is an employer at risk for terminating employment for a blog post? The short answer is that it depends.
If the employee blogs about a characteristic protected under Title VII, the employer could face a discrimination suit. Take, for example, James Matthew Barber, the Allstate employee who alleged he was wrongfully terminated for publishing articles, on his own time and from his personal computer, criticizing homosexual marriage. Mr. Barber asserted he was terminated because of his born-again Christian beliefs, and brought Title VII and state law wrongful termination and retaliation causes of action against Allstate. The parties eventually settled the matter, but cases like Mr. Barber's may spring up more and more.
If the blog constitutes concerted activity for the purpose of mutual aid or protection, the employer could face liability under the National Labor Relations Act. If the employee blogs about violations of the Family Medical Leave Act, the employer could face a claim under the FMLA. If the employer is a public employer, and the employee blogs about a matter of public concern, then free speech may be implicated.
For now, the employer is faced with applying the same laws and guidelines as before the dawn of social networking sites. With more and more information about employees at the fingertips of employers, employers should be aware that accessing this information can come with a risk, and that application of familiar laws and guidelines can arise in emerging contexts. Employers should contact an attorney for advice on particular situations.
Accessing Employee Information Comes with Risks (Andy Cox and Michele Sheets, Employment Newsletter, February 2010)
February 04, 2010Has anyone ever said to you, "You must be the last person to not have a [Facebook page] [MySpace page] [Twitter account]!"? If so, perhaps you do not have time to tweet, or maybe you have no desire to make contact with long lost high school chums. Or maybe you are an employer and have heard of the potential legal risks associated with social networking websites. These risks, some of which are described below, are likely to become fertile pastures for privacy and discrimination lawsuits against employers.
Privacy in social networking has come to the forefront at least once. In Pietrylo v. Hillstone Restaurant Group, employees of a Houston's restaurant in New Jersey started a MySpace group, accessible only by invitation, where employees could vent about their jobs in a secure forum. Houston's management allegedly accessed the group by pressuring an employee to provide the group password. The two employees who started the group were eventually terminated.
They filed suit, alleging a number of claims, and the case was heard by a jury. Although the jury did not find the employee's right to privacy had been invaded, it found that the managers violated the Federal Stored Communications Act and the parallel state law, and awarded compensatory and punitive damages to the terminated employees. The Federal Stored Communications Act, 18 U.S.C.A., Sections 2701, et seq., enacted as part of the Electronic Communications Privacy Act, prohibits, among other things, the intentional unauthorized access of a wire or electronic communication while it is in electronic storage. It provides criminal penalties for violation as well as a private cause of action to any provider of an electronic communication service, (such as an internet service provider), subscriber, or other person aggrieved by the violation.
While invasion of privacy was not found under the facts of Pietrylo, it could be found under different circumstances. Texas recognizes the tort of invasion of privacy, including a cause of action for intrusion upon the plaintiff's seclusion or solitude into his private affairs, which would be highly offensive to a reasonable person. This cause of action has been evaluated by a Texas court in the case of an employee who alleged that his employer broke into his personal e-mail folders maintained on his office computer and disseminated the e-mails to a third party, when access to the personal folders was password-protected.
The court compared the e-mail folders to a previous invasion of privacy case involving an employee's locker. The locker was provided by the employer, but the lock was purchased by the employee with the employer's knowledge, giving the employee a reasonable expectation of privacy when the locker was locked. Moreover, the locker was given to the employee for the purpose of storing personal belongings. In contrast, the computer upon which the e-mails were found was provided to the employee by the employer for performing work functions. Additionally, the e-mails first appeared in the server inbox, and were at that point accessible by a third party. The employee could either leave his e-mails in the inbox, or move them to his personal folder. The court found that, despite the password, the employee did not manifest a reasonable expectation of privacy.
An invasion of privacy claim could arise in countless factual patterns. Assume the factual scenario of Pietrylo was slightly different, and the employer gained access to the group page by pretending to be another individual in order to obtain the password. The jury might have found an invasion of privacy. Or, consider a situation where the employee, above, who claimed a privacy interest in his e-mails, forwarded the e-mails to his personal e-mail account and deleted all copies of the e-mails from the employer's system. Or perhaps the e-mails were sent to his personal account in the first place, but he accessed his personal, password-protected e-mail account on his work computer during working hours. Businesses today may encounter employees who send personal e-mails from their personal accounts, or access social networking sites, on their work-issued Blackberries. Any number of factual situations could potentially lead to different results.
Among the Facebookers and Tweeters, an employer could very likely bump into an employee blogger-an employee who maintains a weblog (or "blog"). Often times, these blogs are open for the world to view. But is an employer at risk for terminating employment for a blog post? The short answer is that it depends.
If the employee blogs about a characteristic protected under Title VII, the employer could face a discrimination suit. Take, for example, James Matthew Barber, the Allstate employee who alleged he was wrongfully terminated for publishing articles, on his own time and from his personal computer, criticizing homosexual marriage. Mr. Barber asserted he was terminated because of his born-again Christian beliefs, and brought Title VII and state law wrongful termination and retaliation causes of action against Allstate. The parties eventually settled the matter, but cases like Mr. Barber's may spring up more and more.
If the blog constitutes concerted activity for the purpose of mutual aid or protection, the employer could face liability under the National Labor Relations Act. If the employee blogs about violations of the Family Medical Leave Act, the employer could face a claim under the FMLA. If the employer is a public employer, and the employee blogs about a matter of public concern, then free speech may be implicated.
For now, the employer is faced with applying the same laws and guidelines as before the dawn of social networking sites. With more and more information about employees at the fingertips of employers, employers should be aware that accessing this information can come with a risk, and that application of familiar laws and guidelines can arise in emerging contexts. Employers should contact an attorney for advice on particular situations.