Employees love social networking. Some employers also love social networking, especially in the context of recruiting, onboarding, and engagement efforts. But employers are not so crazy about the use of Web 2.0 tools by employees. The question is often asked whether employers may lawfully access an employee's (or applicant's) social-networking page. And the answer, as any lawyer worth his oats surely will tell you, is "it depends."
There are a number of different contexts in which this question can arise and each has a different response. For example, in the hiring context, employers often want to conduct a DIY background check by Googling a candidate or searching for the candidate's Facebook profile.
I've already said plenty on this topic and won't rehash it here. (See More Good Advice on Best Practices for Use of Social Networks for Employers, Free Podcast: Employers' Use of Facebook, MySpace, and Other Social Networking Sites). But, generally speaking, this presents only minor (and avoidable) potential legal issues.
A different context occurs when an employer wants to view a current employee's Facebook or MySpace page. Add to that the situation where the employer doesn't want the employee to know about it's "investigation" or where the employer sees something it doesn't like and takes adverse action because of it, and you've got an entirely different set of circumstances and associated legal issues.
A recent case in the U.S. District Court in the District of New Jersey is the perfect "flare-gun" case--sending a poignant warning to employers considering similar actions. In Pietrylo v. Hillstone Restaurant Group, a waiter at the employer's Houston's restaurant created a MySpace page and group. The group was private--only those who were invited by its creator could access the site. The waiter, Pietrylo, gave access to co-workers, who could then read postings or create postings themselves.
The page was devoted to the daily happenings at their workplace. As one may imagine, out of the sight and earshot of management, the employees engaged in a good deal of petty griping on the MySpace page. There were jokes about customers, managers, service standards, and even sexual commentary and references to illegal drug use.
Well, as seems to be the case in the age of the Internet, the postings did not stay private for long. An invited member permitted one of the managers to view the site while she was logged in under her legitimate credentials. The manager, not surprisingly, was not amused and reported the page to other managers. Management then requested the employee's password so they could access the site without her present.
Not much later, Houston's fired two employees, Pietrylo, who'd started the site, and Marino, who'd posted on the site as an invited member. As the reason for the terminations, the employees were told that their postings constituted a violation of company policy involving "professionalism and a positive attitude." Those employees then filed suit.
The case went to trial and the jury returned a verdict in favor of the employees on two counts. The first count was brought under the federal Stored Communications Act (SCA), and the second was a state claim for invasion of privacy. So, where did the employer "go wrong?" Presumably, in the way that it gained access to the site. Although the manager learned of the site and viewed it for the first time with the volunteered permission of an invited member, management later demanded her password and log-in credentials. She gave them the password because she was afraid that she'd be terminated if she refused. Assuming that management "coerced" the log-in information, then it was not an "authorized user" of the site--regardless of whether it had a password or not--under the SCA.
The invasion-of-privacy claim is even easier to understand. The fundamental premise of a privacy claim is that the defendant violated the plaintiff's reasonable expectation of privacy. Here, the employees who were fired had a reasonable expectation that the site would remain private. The only individuals who could access the site were those who had been expressly invited. Additionally, the site contained a "welcome" post in which Pietrylo wrote that the group's purpose was to dish about work (pun intended), without "any outside eyes spying" because the group was "entirely private" and could be accessed by invitation only.
So what's the takeaway from this case? Employers should not log into an employee's social-networking site under false pretenses or by coercing another employee to grant them access they would not otherwise be able to obtain. In other words, if you want to know what your employees are doing online--you need to be up front with them about it. If you don't like the idea of employees secretly talking about the workplace and their employer, don't expect them to jump for joy when you secretly try to find out what they're saying. Fair is fair.
Pietrylo v. Hillstone Restaurant Group, Case No. 06-5754.
For related posts, see: