No Privacy Claim for Use of Student Facebook Picture

Posted by Molly DiBiancaOn October 6, 2013In: Privacy In the Workplace, Public Sector, Social Media in the Workplace

Email This Post | Print this Post

At a seminar about Internet safety, the District’s IT Director gave a presentation designed to illustrate the permanent nature of social-media posts and how your posts could be embarrassing if published by third parties.  One of the slides in the Director’s presentation, titled, “Once It’s There—It’s There to Stay",” showed a photo of a student in a bikini and standing next to a life-size cut-out of the rapper Snoop Dog. camera lens

The Director found the picture by browsing students’ Facebook pages for pictures to use in his presentation.  Paper copies of the presentation, including the slide featuring the student’s picture, which also identified her by name, were distributed to attendees. 

As you may imagine, the student, Chelsea Chaney, was not happy about her cameo.  She filed suit against the district and against the IT Director, alleging violations of her constitutional rights protected by the 4th and 14th Amendments, as well as state-law tort claims.  The District moved to dismiss.

First, the plaintiff contended that the public display of her picture constituted an unlawful search and seizure in violation of the 4th Amendment.  In order for the 4th Amendment to apply, there must be a reasonable expectation of privacy.  Here, the court held that no reasonable expectation of privacy could exist in the picture because the plaintiff had voluntarily made it available to her friends and, because of her Facebook settings, to her friends’ friends, as well.  By doing so, Chaney surrendered any reasonable expectation of privacy in the picture.  Thus, the 4th Amendment claim was dismissed.

The court reached the same conclusion with respect to the 14th Amendment claim. The 14th Amendment protects an individual’s interest in avoiding the disclosure of personal matters and in making certain decisions.  But the constitution does not create a blanket right of privacy.  Nor does it create a right to be free from public embarrassment or damage to reputation. 

So, what are the lessons to be learned from this case?  Well, if nothing else, it serves as yet another reminder about the permanent and public nature of social-media content.  Once you post it, it is out of your hands and you have no legal recourse if it is republished to others.

From an employment-law perspective, there is another twist.  The District had various social-media and Internet acceptable-use policies, each of which would seem to have been violated by the IT Director.  For example, District employees were required to notify a student’s parents prior to “use of and interaction with a student’s social-media page.”  Here, the Director searched students’ pages for content he could use in his presentation. 

Call me crazy but this seems like a major lapse of judgment on the part of the IT Director.  It’s one thing to give real-life examples but altogether a different thing to use as one of those examples an actual student who will be present in the audience.  Seriously?  As if high school is not hard enough, man.

Chaney v. Fayette County Pub. Sch. Dist., No. 3:13-cv-89-TCB (N.D. Ga. Sept. 30, 2013).

See also Is There a Reasonable Expectation of Privacy In Your Tweets?

Discovery of Social-Media Passwords

Posted by Molly DiBiancaOn October 1, 2013In: Purely Legal, Social Media in the Workplace

Email This Post | Print this Post

Access to social media in civil litigation remains a Wild West in many respects.  Parties don’t know what to ask for, so they ask for too much.  When the other side refuses, the court often agrees because the request is so obviously overbroad.  When it comes to discovery of social-media contents, the general rule of thumb is the narrower, the better.

But what about requests for passwords and user names?  I think most reasonable minds agree that employers should never ask an employee for his or her Facebook password.  So why are lawyers doing it?  Beats me, man.  It’s a terrible idea, no matter who makes the request. keyboard with blue lock key

A recent case in Louisiana seems to support this conclusion.  In NOLA Spice Designs, LLC v. Haydel Enterprises, Inc., the defendant sought to compel the plaintiff-entity and its principal to produce “passwords and user names to all online web sites related to the issues in this litigation, including social media, weblogs, financial information and records”  The court had little trouble concluding that the requests were overly broad and “far exceeded” what was considered proportional under the discovery rules. 

The court acknowledged that the plaintiffs had “no protectable privacy or confidentiality interest in material posted or published on social media.”  Nevertheless, the court explained that there was no reason that the plaintiffs should be required to give total access to their adversary, thereby allowing the defendant to roam around and, potentially, engage in “mischief.”

The court’s analysis is correct.  There is no basis to require a party to turn over social-media passwords during litigation.  In fact, it’s a terrible idea to do so.  And, in my opinion, lawyers are best advised not to request passwords in the first place.  Even if the other side is willing to turn it over, you risk any number of bad outcomes, such as spoliation of evidence.

One court feels at least as strongly as I do on the subject.  In Chauvin v. State Farm Mutual Automobile Insurance Co., a federal court in Michigan affirmed an award of sanctions against a defendant due to its motion to compel production of the plaintiff’s Facebook password.  The court found that the Magistrate Judge did not err in concluding that the content that the defendant sought to discover was available “through less intrusive, less annoying and less speculative means” even if relevant. Furthermore, there was no indication that granting access to the account would be reasonably calculated to lead to discovery of admissible information.  No. 10-11735 (S.D. Mich. Oct. 20, 2011). 

NOLA Spice Designs, LLC v. Haydel Enters., Inc., No. 12-2515 (E.D. La. Aug. 2, 2013).

Peek-a-Boo, I See You: Juror Contact Via LinkedIn

Posted by Molly DiBiancaOn September 30, 2013In: Purely Legal, Social Media in the Workplace

Email This Post | Print this Post

Rules of ethics limit lawyers’ communications with certain groups of people.  For example, a lawyer may not communicate about a matter with a party who is represented by counsel.  Similarly, a lawyer may not communicate with jurors during a trial.  In some states, including Delaware, the prohibition on lawyer-juror communication continues even after the trial has concluded. 

Because of these ethics rules, the definition of “communication” is very important.  When I teach legal ethics and social media, I discuss “inadvertent” communications that can occur via social-networking sites.  For example, at my direction, my paralegal “follows” a juror on Twitter, the juror may receive an email notifying him of his new follower.  Is this a “communication”?   Yes, it probably is because my paralegal “followed” the juror for the purpose of seeing what he is tweeting that may be relevant to the case.   LinkedIN logo icon white

But what if the juror follows me on Twitter long before the trial.  During trial, the juror could view my tweets because they would appear in his timeline.  Would I have “communicated” with the juror?  Maybe. Assuming so, my communication would have been inadvertent, for sure. 

There’s another scenario that I give in this context that, unfortunately for all parties involved, has come to fruition.  In the Bank of America “hustle” case, one of the jurors has notified the court that one of the lawyers for the defense had reviewed the juror’s LinkedIn profile.  Judge Jed Rakoff of the S.D.N.Y. said that, when an associate had viewed the juror’s LinkedIn profile, the firm had “communicated” with the juror.  For those familiar with LinkedIn, you likely know that you can see who has “viewed your profile” within a certain period of time unless the user is not logged in or unless the user has a premium (paid) account, which enables him to block you from seeing his identity.

According to the WSJ’s MoneyBeat blog, the judge ruled that lawyers could conduct Internet research on potential jurors but only during the jury-selection period.  Once trial began, that research was supposed to stop.  (This, too, raises interesting questions.  Why wouldn’t the court want to know if jurors were engaged in misconduct online during the trial?  But that’s a whole different set of questions.)  Apparently, the court has determined “no harm, no foul” because the case will proceed as scheduled with an instruction to the jury that the search was a mistake that they should disregard.

This story, however, should serve as a lesson to lawyers everywhere—understand how social-media works and make sure those who are working for you do, too.  There are ethical implications, as well as the risk of significant costs to the client for failing to “get it.” 

See also, M. DiBianca, Ethical Risks of Lawyers’ Use of (and Refusal to Use) Social Media (Del. L. Rev. 2011) (PDF).

Why Employers Should Love, Not Loathe, Social Media

Posted by Molly DiBiancaOn September 26, 2013In: Social Media in the Workplace

Email This Post | Print this Post

Human resource professionals often cringe at employees’ use of social media.  And for good reason.  Employees have caused countless problems for their employers by publishing confidential information, attacking supervisors and co-workers, and all sorts public-relations nightmares. Admittedly, social media causes a whole set of problems for employers that employers are still attempting to navigate.

But social media isn’t all bad. In fact, there are lots of benefits to be realized from employee social-media use.  Let me suggest one that doesn’t get a lot of attention.  I call it, “the cream rises” thesis. 

Although employers often think that they cannot discipline employees for what they do in their off-duty time, that, usually is not the case. Most times, employers can address conduct that occurs in cyberspace.  In fact, sometimes employers must do so.  And, despite the hype about the NLRB and its general distaste for social-media policies, the reality is that, most of the time, it is totally lawful to discipline employees for social-media conduct that conflicts with the employer’s policies or is in some way harmful to the employer.

The basic premise of my thesis is this: Instead of cringing when an employee acts like an idiot on social media, employers should rejoice—social media enables employers to weed out the problem employees who infect the workplace culture with negativity.  Without social media, these employees are difficult to manage. We know who they are but it’s often quite difficult to prove the harm that their negativity is causing. But social media gives you the proof that you need.

Take, for example, the nurse at the University of Mississippi Medical Center. In response to a tweet by Gov. Barbour calling for suggestions about how to trim fiscal spending, the nurse tweeted back that the Governor should stop coming to the Center after hours for wellness visits, which resulted in overtime costs.

The Governor had visited the Center once after normal operating hours but that was before the nurse’s employment. In other words, she was just a negative employee who couldn’t help but make a nasty comment about which she had no personal knowledge.

Well, good for her.  And good for the Center.  The Center was able to terminate the nurse because her nasty tweet was a violation of HIPAA.  Had it not been for her public comment via social media, the employer likely would not have had such indisputable proof of her nastiness. And, because her nastiness was unlawful, the Center had perfectly legitimate grounds to terminate her.

In other words, the cream rises to the top.  The nasty employees who you do not want to keep employed almost can’t help themselves but to show their true colors via social media.  And that’s a good thing because it enables employers to act sooner rather than later to eradicate these people from the workplace.  Which non-nasty employees really appreciate.

Thanks to my friend and blogger extraordinaire, Venkat Balasubramani, whose post earlier this week prompted me to write on this topic.

New Laws Gives New Rights Delaware First Responders

Posted by Lauren Moak RussellOn September 19, 2013In: Delaware Specific, Discrimination, Discrimination & Harassment, Legislative Update

Email This Post | Print this Post

Delaware extended employment rights to volunteer firefighters and other first responders who must miss work due to emergencies or injuries sustained while providing volunteer rescue services.

Volunteer Emergency Responders Job Protection Act

Governor Markell signed two new bills affecting the employment rights of Delaware's emergency responders. Under the Volunteer Emergency Responders Job Protection Act, employers with 10 or more employees are prohibited from terminating, demoting, or taking other disciplinary action against a volunteer emergency responder because of an absence related to a state of emergency or because of an injury sustained in the course of his or her duties as a volunteer emergency responder.

The Act defines a "volunteer emergency responder" as a volunteer firefighter, a member of the ladies auxiliary of a volunteer fire company, volunteer emergency medical technician, or a volunteer fire police officer.

Importantly, while an employer may not discipline or terminate an employee for being absent when performing emergency services, the employer is not required to compensate the employee for time away from work to perform such services. The employee also has an obligation to make "reasonable efforts" to notify the employer of a possible absence.

Under the Act, employers are also entitled to verify that an employee was absent due to emergency service or a related injury. Employers may request a written statement confirming relevant facts from either the volunteer department with which the employee serves or from a treating medical provider. The employer is entitled to the statement within 7 days of making such a request.

Amendment to the Delaware Discrimination in Employment Act

The second bill signed into effect amends the Delaware Discrimination in Employment Act, to provide protection to volunteer firefighters, ambulance personnel, and ladies auxiliary members. More specifically, the bill makes it unlawful for employers to refuse to hire, discharge, or otherwise discrimination as to the terms and conditions of employment based on an individual's service rendered to a volunteer fire or ambulance company or related ladies' auxiliary.

Bottom Line

The bottom line is that Delaware employers have one more protected classification to be aware of. Hopefully these new restrictions will not impose a significant burden upon employers--comments made in connection with the bill signing indicate that the bills are a reaction to a single incident affecting an injured firefighter working in Wilmington. However, as always, employers need to give careful consideration to the circumstances impacting hiring and disciplinary decisions.

Workplace Revenge and the Equal Opportunity Jerk

Posted by Molly DiBiancaOn September 17, 2013In: Harassment, Harassment, Sexual, Jerks at Work

Email This Post | Print this Post

Being a jerk is a legal defense, so to speak.  An “equal opportunity jerk” is a boss who treats everyone badly, regardless of race, religion, gender, etc.  If his subordinates sue, alleging an unlawful hostile environment, they’ll likely have trouble establishing that the jerk was more of a jerk to one particular group of employees based on a protected characteristic. 

It is a defense that defense lawyers prefer to not to have to invoke. Nevertheless, when the facts are there, even an unattractive defense can be a winner. Take, for example, the Third Circuit’s decision in Clayton v. City of Atlantic City. 

people backstabberThe plaintiff was a police officer in the Atlantic City Police Department, who alleged that she was subject to the sexual advances of a senior officer.  This went on for a number of years until, eventually, she came under his direct supervision. 

As her supervisor, she alleged, he gave her a less desirable work schedule and singled her out for various minor policy violations.  Another senior officer also disciplined her and reprimanded the plaintiff for other policy violations, which the plaintiff alleged were common practice throughout the Police Department, such as leaving the city limits without permission for lunch and for rolling her eyes during roll call.  She was eventually transferred to a different unit, which resulted in a pay decrease.

The plaintiff alleged that she was transferred because of her gender.  But she also testified to what she described as a “revenge management” culture in the department.  That culture, as she described it, meant that if you were not liked by a superior, regardless of gender, it was common for the superior to attempt to undermine your career.

It was this “culture of revenge” that resulted in the dismissal of the plaintiff’s suit.  The court reasoned that an attitude of “revenge” is not unlawful, provided it is equally applied without regard to race, religion, gender, etc.  Here, there had not been gender discrimination because males and females alike were subject to the punishments of dissatisfied supervisors.

Although this case makes an excellent teaching example, it’s not exactly one I would recommend as "inspirational.”  Equal opportunity jerks may not be in violation of the anti-discrimination laws, but, boy, they sure do get sued a lot.

Clayton v. City of Atlantic City, No. 12-4273 (3d Cir. Sept. 12, 2013).

Delaware Chancery Ct. Finds No Privilege for Email Sent from Work Account

Posted by Molly DiBiancaOn September 10, 2013In: Cases of Note, Delaware Specific, Privacy Rights of Employees

Email This Post | Print this Post

Does an employee who communicates with his lawyer from a company email account waive the attorney-client privilege with respect to those communications?  The answer is not terribly well settled—not in Delaware and not in most jurisdictions.  But a recent decision by the Delaware Court of Chancery gives Delaware employers and litigants a pretty good idea of the analysis to be applied.

The case, In re Information Management Services, is an unusual type of derivative litigation in that it involves two families, each suing the other for breaches of fiduciary duty.  Two of the company’s senior executives, who were alleged to have mismanaged the company in violation of their fiduciary duties, sent emails to their personal lawyers from their company-issued email accounts.  During discovery, the executives refused to produce the emails, claiming them to be protected by the attorney-client privilege.  The plaintiffs sought to compel production of the emails.

The court adopted the four-factor test first enumerated in In re Asia Global Crossing, Ltd. (Bankr. S.D.N.Y. 2005), and applied it to determine whether the executives had a reasonable expectation of privacy in the contents of the emails that they sought to protect.  The court determined that the executives did not have a reasonable expectation of privacy in the contents of the emails because the company’s policy expressly warned that employee emails were “open to access” the company’s staff.  The policy permitted personal use of the company’s computers “after hours” but warned that, if an employee wanted to keep files private, the files should be saved offline.  Thus, the policy was key in ensuring the company can now access emails between the executives and their counsel.

There are a few particularly notable points in the decision that are worth mention. 

First, Delaware law generally provides great deference to the attorney-client privilege.  Usually, the privilege is considered very difficult to waive.  By contrast, this case suggests that a company policy is sufficient to overcome that otherwise difficult hurdle.  The court goes so far as to say that a policy that prohibits all personal use would likely be sufficient to waive the privilege without any further analysis.

Second, the court seemed to place a high burden on the executives. Vice Chancellor Laster recognized that the executives wrote in the subject lines of the emails, “Subject to Attorney Client Privilege” but concluded that the failure to use webmail (such as G-Mail or Yahoo!) or encryption rendered the communications not confidential.  The court wrote that there could be no reasonable expectation of privacy because:

a third party to the communication had the right to access [the] emails when [the executives] communicated using their work accounts.

The “third party” in this case was the company and its IT staff. But the holding raises questions of whether use of a service such as Dropbox, which, by its terms of service, expressly notifies users of its right to access the contents of any account, would also waive the privilege.  In that case, a third party has the right to access contents so, in accordance with the court’s decision, there could be no reasonable expectation of privacy and, therefore, no privilege.

The decision is very well researched and contains a stockpile of case citations and references for those who may be interested in the subject matter.  And even for those who may not be interested in the macro view of this area of the law, there is one key lesson to take away—Delaware employers should carefully review their policies to ensure that the language clearly warns employees that the company reserves the right to monitor, access, and/or review all emails sent or received from a company email account.  Now, the question of whether a personal, web-based email account, accessed via the company’s servers, would be subject to the same analysis is an even trickier one and one that we’ll save for a later date. 

In re Info. Mgmt. Servs., Inc., No. 8168-VCL (Del. Ch. Sept. 5, 2013).

NLRB Smacks Hand of Employer Over Facebook Firing

Posted by Molly DiBiancaOn September 9, 2013In: Social Media in the Workplace, Union and Labor Issues

Email This Post | Print this Post

The NLRB issued another social-media decision last week, finding that an employer violated the National Labor Relations Act (NLRA) with respect to one “Facebook firing” but clearing the employer with respect to a second termination.  I’ll leave it to my blogging cohorts to write about the termination that didn’t get the employer into trouble and will focus in today’s post just the one that did.Employment Law Cookies

The Facebook firing that landed the employer, a Maryland ambulance company, in hot water was in response to an employee’s comment, posted on a former co-worker’s Facebook page.  The former co-worker, the complainant’s partner, posted on her Facebook page a note indicating that she’d been fired by the employer.  The complainant, William Norvell, and others, posted comments in response.  One of Norvell’s comments was a suggestion that his former co-worker get a lawyer and take the company to court.  Later, he added that she also “could contact the labor board.”  Someone turned over a printed copy of the posts to the HR Director who, after consulting with the COO, decided to terminate Norvell. 

I hope it doesn’t surprise most readers that the Board was not happy about the decision to terminate and found that the termination violated the NLRA.  One of the basic foundations of employment law is this:

Thou shalt not take adverse action against an employee in response to the employee’s protected activity.

The law (several laws, actually), prohibits this.  It’s called retaliation.  In non-legalese, I equate retaliation to telling a child he may have a cookie, holding out the cookie jar, and then smacking his hand when he proceeds to take one.  You may not punish someone for doing what the law provides he may do. 

Applied in this context, the former co-worker certainly had a right to consult a lawyer.  She also had a right to contact “the labor board,” whether that meant the state Department of Labor or the Regional Office of the NLRB.  If her termination had been for lawful reasons, the lawyer, with any luck, would have told her so.  So, too, would the DOL or NLRB.  And, armed with that knowledge, she could move on with her life.  But she had a right to investigate her legal rights either way.

And, in turn, Norvell had a right to suggest or even encourage her to investigate those rights.  Consequently, Norvell was engaging in protected legal activity for which he could not be “punished” (or, as we like to say in the law, “be subjected to an adverse employment action”). 

Butler Med. Transport, LLC, 5-CA-97810, -94981, and –97854 (Sept. 4, 2013).

See also:

Lawful Employer Investigations via Facebook . . . Sort of

Why the NLRB Is Its Own Worst Enemy

Another Dizzying Ride on the NLRB Roller Coaster

I Heart Confidentiality. The NLRB Does Not.

Pop Goes the Weasel . . . And the NLRA

NLRB Upholds Legality of Facebook Firing

Sticks 'n Stones May Break Your Bones, But Workers Can Defame You

Is the NLRB In Need of a Dictionary?

The NLRB's New Webpage Targets Your Employees

Employer Failure to Preserve Employee Social-Media Evidence

Posted by Molly DiBiancaOn September 5, 2013In: Social Media in the Workplace

Email This Post | Print this Post

It’s seminar season again, which means I’m spending a lot of time preparing for upcoming speaking engagements.  For several of the engagements, I’m also preparing written materials that require a good deal of research.  I say this, in part, in the hopes that you’ll forgive my reduced posting schedule but, also, as a lead-in to today’s post.  I came across this case, which was decided in January, in the course of my recent research. Although it’s not hot-off-the-presses recent, it’s recent enough and important enough that it warrants a blog post.  So here goes. 3d man surrounded by laptops

The case, In re Pfizer, Inc. Sec. Litig., was brought by a class of shareholders and related to two of the company’s pain-relief drugs.  The particular decision of interest was on motions brought by both sides seeking sanctions for failure to preserve electronic evidence.  The part that relates to employers specifically is the allegation of the plaintiffs that Pfizer failed to preserve employee “eRooms.” 

An eRoom was "a collaborative application” for company employees to “share documents, share calendars, archive email, conduct discussions/instant messaging, and to conduct informal polls.”

When the plaintiffs sought discovery of documents “sent to or maintained” in one of the company’s eRooms, Pfizer’s counsel discovered that the company had decommissioned the used of eRooms.  The company had archived the eRooms and their contents but, when the archives were restored for production in the litigation, only the documents (and corresponding metadata) that existed in them at the time they were archived could be recovered.  In other words, the restored eRoom reflected information only as it existed when the eRoom was archived. 

The good news was that the documents saved in the eRooms were mostly duplicative of documents saved elsewhere in the company’s network, so they had likely been captured and produced as part of the discovery process.  However, the court found, the eRooms had value in and of themselves as compilations.  Therefore, Pfizer had a duty to preserve them and failed to do so.

Nevertheless, the court found that the company’s conduct was, at worst, negligent.  The company instituted a litigation hold and preserved and produced a tremendous volume of information in the course of discovery.  There was no evidence that the failure to preserve and produce the eRooms was intentional or willful.  Furthermore, the court found that plaintiffs had not shown that they were deprived of relevant evidence as a result of the failure to preserve.  Thus, the court determined that sanctions were not appropriate.

The real take-away from this case is a reminder of how difficult it can be to truly capture all sources of electronically stored information used in an organization.  An employer who provides employees with technological resources like eRooms and other internal collaboration and knowledge-management platforms take on the added burden of having to preserve the data those platforms contain in the event of litigation. 

In other words, the more tools you have and the more advanced the tools are, the more difficult the burden in litigation. 

In re Pfizer, Inc. Sec. Litig., 288 F.R.D. 297 (S.D.N.Y. Jan. 8, 2013).

Too Creepy to Win: Employer Access to Employee Email

Posted by Molly DiBiancaOn September 4, 2013In: Privacy In the Workplace, Privacy Rights of Employees

Email This Post | Print this Post

Employee accesses her personal, web-based email account, such as G-Mail, from her employer’s computer. As a result, employer has access to the account. Employee resigns and sues the employer alleging unlawful discrimination, harassment, or other employment-related claim. May the employer lawfully access the emails sent by the employee that are now available via the employer’s computer?

It depends, of course. (You didn’t really think I was going to give you a straight yes or no, did you?)Employee Personal Email

There are a number of factors that go into answering this question. And, although it’s tempting, I’m not going to discuss all of them here. Instead, I am going to discuss a case from a federal court in Ohio that involves some similar—and some different—facts with an important lesson for a holding.

The case is Lazette v. Kulmatycki. The employee-plaintiff, Lazette, alleged that she was issued a Blackberry by her employer, a Verizon affiliate. Lazette claimed that she was permitted to use the phone to access both her work and personal email accounts. She alleged that, at the end of her employment, she turned the phone in to her supervisor, defendant Kulmatycki. At that time, she believed she had disconnected access to her personal G-Mail account.

As it turns out, claims Lazette, she hadn’t. And, for the next 18 months, her former supervisor read “48,000 emails” sent to Lazette’s G-Mail account.

Yikes.

Lazette, not surprisingly, sued the supervisor and her former employer for a variety of privacy-related claims. Somewhat surprisingly, at least to me, the employer moved to dismiss the claims. A motion to dismiss, at least ‘round these parts, is a tough motion to win. The standard is very much in the plaintiff’s favor and, unless there’s really nothing in the complaint that resembles a valid claim, the court is likely to deny a motion seeking dismissal prior to discovery.

But that’s what the employer did. As a result, we get the benefit of the court’s analysis of a question not often addressed in written decisions.

The most interesting part of the analysis to me is the part discussing the plaintiff’s Stored Communications Act (SCA) claim. The plaintiff asserted that the supervisor and employer violated the SCA when the supervisor accessed the plaintiff’s personal email without authorization.

Although the SCA is a tremendously complicated statute that has been interpreted in more ways than I can count, it seems to easily apply to the facts alleged here. In the simplest terms, the SCA is violated when an individual accesses without authorization an electronic communication in storage.

Surely the employee’s emails constitute electronic communication. Surely they were in storage—the complaint did not allege that the defendants intercepted the emails while they were being transmitted. The complaint alleges that the supervisor read the emails once they’d reached the plaintiff’s G-Mail account. So the question, then, is whether the supervisor was an “authorized user” under the statute.

Folks, let me offer a humble thesis here. If it sounds “bad,” meaning that it is likely to give most people the creeps, the courts will apply the law to remedy that bad act. In other words, a defense of “but the law does not prohibit me from being a slimy character” should be a defense of last resort.

Now, don’t get me wrong—that was not the defense asserted in this case. But it was close. In their motion to dismiss, the defendants argued that the supervisor was “authorized” to access Lazette’s email account because, for example, she failed to properly delete the account from her phone before turning it in. They also argued that she failed to tell them not to access her personal emails during the 18 months following the end of her employment.

Both of these constitute what I like to call a “blame-the-victim” defense. This, too, should be considered a defense of last resort.

At the end of the day, the court was faced with allegations (which the court, at this stage, must take as true), that an employee’s former supervisor essentially spying on the former employee by reading her personal email without her knowledge or consent. And he did so for a year and a half.

It’s creepy. It may not be true. But, as pleaded, it sounds creepy. With allegations like this, it’s hard to imagine that a motion to dismiss would be successful. And it wasn’t.

Now, that doesn’t mean that the employer is lost at sea. The employee still must prove damages, for example. Oh, wait, no it doesn’t. Even if the plaintiff cannot prove actual damages and, therefore, is not entitled to recover statutory damages, she may still be entitled to an award of punitive damages. At least that’s what the Fourth Circuit held in 2009 in Van Alstyne v. Electronic Scriptorium, Ltd., when it upheld an award of punitive damages to an employee whose former employer accessed the employee’s AOL account in search of evidence in defense of the employee’s harassment lawsuit.

I’m all for silver linings but they may be difficult to find in this case.  Just remember, if the alleged conduct gives you the creeps, it’s probably a good idea to consider whether settlement discussions aren’t in order.

Lazette v. Kulmatycki, No. 12-2416 (N.D. Ohio June 5, 2013).

See also

Lawful Employer Investigations of Facebook . . . Sort Of

Employers, Facebook, and the SCA Do Not a Love Triangle Make

Lawful Employer Investigations via Facebook . . . Sort of

Posted by Molly DiBiancaOn August 30, 2013In: Social Media in the Workplace

Email This Post | Print this Post

New Jersey became the 12th state in the U.S. to enact a so-called “Facebook privacy” law yesterday, when Gov. Christie signed the bill into law. Keeping with the theme, here’s a post about an interesting new decision from a federal court in the Garden State, Ehling v. Monmouth-Ocean Hospital Service Corp., No. 11-03305-WJM (D.N.J. Aug. 20, 2013).how_to_permanently_delete_or_deactivate_facebook_account

Ehling worked for Monmouth-Ocean Hospital as a registered nurse and paramedic. She was not exactly a dream employee from management’s perspective. She was President of the Union and, in that capacity was “regularly involved in actions intended to protect [hospital] employees.” For example, she filed complaints with the state and federal EPA over the hospital’s use of a certain disinfectant that allegedly caused health problems for employees. She also testified on behalf of another employee is a wage-and-hour lawsuit.

Ehling, of course, had a Facebook account, which was viewable only to her Facebook friends. Although she was “friends” with many of her coworkers, she was not Facebook friends with any managers at the hospital.

For reasons that are not explained in the court’s opinion, one of Ehling’s Facebook friends, Ronco, took it upon himself to start taking screenshots of Ehling’s Facebook wall and sending them to his real-life pal, Caruso, who happened to be a manager in another department.

One of Ehlings posts included commentary about a shooting by a white supremacist at the Holocaust Museum in Washington D.C. Ehling “blame[d] the paramedics” who saved the shooter. She complained that the paramedics should not have come to the shooter’s rescue and the other guards should “go to target practice.” When management found out about the post, Ehling was temporarily suspended with pay.

Ehling, as you may imagine, filed a complaint with the NLRB, which, perhaps surprisingly, was dismissed. The Board found that suspension did not violate the National Labor Relations Act and that there was no privacy violation because the post was sent, unsolicited, to management.

Not to be deterred, of course, Ehling filed suit in federal court, asserting a laundry list of claims. The most interesting of those claims, however, are the claims brought under the Stored Communications Act (SCA) and an invasion-of-privacy claim. The hospital filed a motion to dismiss but the court denied it, finding that, because the law regarding social media is new, each case involving Facebook privacy claims must be reviewed on a case-by-case basis. (For the record, I disagree with that conclusion.)

So the case went forward. After discovery, the hospital again filed a motion for summary judgment. The court granted the motion as to the SCA claim and the privacy claim. But it got to those decisions in a most belabored way.

With respect to the SCA claim, the court first determined that non-public Facebook posts are “stored electronic communications” under the SCA. Although the SCA is a terribly complicated statute, the tremendous level of detail the court went through to reach this conclusion surprises me. The answer seems fairly obvious but perhaps that’s only the case in my over-simplified view of the statute.

Next, the court had to decide whether the hospital was “authorized” to view the posts. The court concluded that, because Ronco was Ehling’s Facebook friend, he was an authorized user, so he was able to “authorize” the hospital to view any post he could view.

All of this sounds right. But here’s the part that troubles me. Caruso (the manager), never viewed or accessed Ehling’s Facebook page. All he saw were screenshots, taken by Ronco and either emailed or printed out. I have trouble with the idea that an image printed onto a piece of paper can constitute a “stored electronic communication.” Come again? A piece of paper is an electronic anything? How can that be?

Although I think the court reached the right conclusion, I think it got there via an overly complicated and somewhat troubling analysis.  My friend, Venkat Balasubramani, at the Technology & Marketing Law Blog, seems to agree.

P.S. Ehling was suspended—not terminated. Hence, she was, as far as we know, still employed throughout the entire ordeal. The Facebook post was 2009, the court opinion came out this month in 2013.  Talk about awkward.  And, worse, a retaliation claim waiting to happen, no doubt.  TGIF!

Why the NLRB Is Its Own Worst Enemy

Posted by Molly DiBiancaOn August 21, 2013In: Union and Labor Issues

Email This Post | Print this Post

The NLRB’s social-media war has been front and center for employers since 2010.  Decisions by administrative law judges and by the Board itself, as well as advisory memoranda from the Acting General Counsel have created an impossible patchwork of prohibitions and rules that, if followed, would make managing an efficient workforce effectively impossible.  And it doesn’t stop there.

But social media hasn’t been the only target in the NLRB’s sights. There have been a series of decisions and other events that, if taken seriously, make the NLRB seem more out of touch than ever.  The Board’s positions have become so extreme that, in my opinion, they’re likely to work to employers’ advantage as the public disgust grows. Here are a few of the reasons that I believe the NLRB is likely its own worst enemy.

NLRB Message No. 1:  Racist Language and Racially Insensitive Displays In the Workplace Are Perfectly Acceptable

An employee wore a shirt with “slave” and a picture of a ball and chain printed on the back.  The employee, who was a known union supporter, was disciplined pursuant to the employer’s dress-code policy, which prohibited clothing displaying: (a) vulgar or obscene words or phrases; (b) images that may be racially, sexually or otherwise offensive; or (c) content that is derogatory to the Company.  An ALJ found that the dress code was unlawfully overbroad because it prohibited protected concerted activities and racially or sexually discriminatory language.

NLRB Message No. 2:  The Supreme Court Ain’t the Boss of Me

In 20__, the Board issued its D.R. Horton decision, in which it held that employees could not waive their right to bring a class action under the NLRA. Earlier this year, though, the U.S. Supreme Court ruled in American Express v. Italian Colors Restaurant, that arbitration agreements should be enforced.  But the AmEx case was brought under antitrust law, not the NLRA, so it did not directly overrule D.R. Horton.  Nevertheless, many employment lawyers believe that the ruling in AmEx would effectively overturn the Board’s ruling.

Well, an ALJ disagrees. On Monday, a judge found that a mandatory arbitration agreement, which waived the right to pursue a class action, violated the the NLRA. Instead of following the Supreme Court’s direction as stated in the AmEx case, the judge ruled that she was bound by the Board’s decision in D.R. Horton unless and until it was overturned.

NLRB Message No. 3:  Your Business Is the Board’s Business

In a decision that shocked many employer’s lawyers, the Board affirmed the decision of an ALJ, which held that a confidentiality requirement violated the NLRA. Specifically, the employer’s mortgage bankers were required to sign employment contracts, which included a confidentiality provision that precluded those employees from disclosing certain personnel information, including: (a) “personal information of coworkers;” (b) home phone numbers or cellphone numbers; (c) addresses; or (d) email addresses. 

Again, the ALJ determined that this provision was overly broad in violation of the NLRA.  Most troubling to me is that the Board saw fit to take on language in a contract as opposed to in an employee handbook.  Delaware law heavily favors the enforcement of contracts, including employment contracts. The NLRB seems to take the position that the ability of parties to negotiate and execute contracts is irrelevant.

A Message for Employers

Although the recent decisions by the NLRB have been frustrating for employers (to put it mildly), there is a bright side. It may well be that the NLRB’s position has become so extreme that it has managed to get the attention of more and more employers.  And the attention has not been positive. If the NLRB continues in this direction, it may just result in more harm than the Board expects.

2d Cir. Drops the FLSA Hammer

Posted by Molly DiBiancaOn August 12, 2013In: Fair Labor Standards Act (FLSA), Wages and Benefits

Email This Post | Print this Post

The FLSA continues to wreak havoc for countless employers. I’ve written numerous times about the difficulties in defending against a claim brought under the FLSA or its state counterparts.  Even meritless claims can be incredibly costly to litigate, leaving many employers feeling like they have no choice but to settle. I believe the term I’ve used on more than one occasion to describe such situations is “legal extortion.” 3d man with hammer

There are, however, some small glimmers of hope from the courts. I’ve written about a line of cases that have rejected plaintiff’s auto-deduction cases.  I also wrote recently about an 8th Cir. decision, Carmody v. Kansas City Board of Police Commissioners, in which the court awarded summary judgment against a class of plaintiff-police officers who failed during discovery to identify with specificity the hours they claimed to have worked but not been paid. This decision was a very big deal for employers.  Which is why a new decision from the 2d Circuit offers even more hope that the law will trend towards dismissal of meritless cases involving legal extortion.

In Dejesus v. HF Management Services, LLC, the plaintiff’s overtime claim was dismissed by the trial court because her complaint did not include “any approximation of the number of unpaid overtime hours worked, her rate of pay, or any approximation of the amount of wages due.”  Instead, her complaint merely alleged that she worked more than forty hours per week during “some or all weeks” of her employment.

On appeal, the 2d Cir. affirmed the decision of the trial court, finding that the plaintiff had not plausibly alleged that she worked overtime without proper compensation under the FLSA.  The court reiterated the standard that it had announced in Lundy v. Catholic Health System of Long Island, decided earlier this year.  Specifically, the standard requires a plaintiff to sufficiently allege 40 hours of work in a given workweek as well as some uncompensated time in excess of the 40 hours.” 

In Lundy, the court did not go so far as to require that the plaintiff include an approximation of the number of overtime hours sought but it did say that including such an approximation “may help draw a plaintiff’s claim closer to plausibility” and thereby avoid dismissal.

Perhaps the most powerful part of the court’s opinion in Dejesus was the acknowledgment that the information about the plaintiff’s allegations rest squarely with the plaintiff.  As the court explained, if an employee has absolutely no recollection whatsoever about the times worked, then he or she should not have pursued a claim in court. 

Hopefully, this trend continues and, with any luck, courts in other circuits will begin to adopt this reasoning in FLSA cases.

Dejesus v. HF Mgm’t Servs., LLC, No. 12-4565 (2d Cir. Aug. 5, 2013).

See also

Another Auto-Deduct Case Bites the Dust (Raposo v. Garelick Farms, LLC (D. Mass. July 11, 2013)).

8th Cir- FLSA Plaintiffs Must Spell It Out (Carmody v. Kan. City Bd. of Police Comm’rs (8th Cir. Apr. 23, 2013)).

2d Cir- FLSA Does Not Cover Gap Time (Lundy v. Catholic Health Sys. (2d Cir. Mar. 1, 2013)).

Another Employer's Auto-Deduct Policy Is Upheld (Creeley v. HCR ManorCare, Inc., (N.D. Ohio Jan. 31, 2013)).

6th Cir. Affirms Dismissal of FLSA Gotcha Litigation (White v. Baptist Mem'l Health Care Corp. (6th Cir. Nov. 6, 2012)).

The Legality of Automatically Deducting Meal Breaks (Camilotes v. Resurrection Health Care Corp. (N.D. Ill. Oct. 4, 2012)).

E.D. Pa. Dismisses Nurses' Claims for Missed Meal Breaks, Part I and Part II (Lynn v. Jefferson Health Sys., Inc. (E.D. Pa. Aug. 8, 2012)).

FLSA Victory: Class Certification Denied (Pennington v. Integrity Comm’n, LLC (E.D. Mo. Oct. 11, 2012)).

Kansas Court Mitigates the Risks of a BYOD Workforce

Posted by Molly DiBiancaOn August 12, 2013In: Policies, Privacy In the Workplace, Purely Legal, Social Media in the Workplace

Email This Post | Print this Post

BYOD at work is all the rage. What is BYOD, exactly? Well, it stands for “Bring Your Own Device” and, put simply, it means that an employee uses his own smartphone, tablet, or laptop for work as well as for his personal purposes.  BYOD policies raise several concerns, including increased security risks and wage-and-hour issues for work performed at home.  Another issue is one of particular interest to litigators like me—the question of how BYOD policies will affect e-discovery.  In other words, will an employer be on the hook for the preservation of its employees’ personal devices if those devices are used for work and for personal purposes? Discovery of text messages

The answer to this question can have wide-reaching impacts. For example, if the answer is, “yes,” the employer would be responsible for ensuring that each such device is preserved immediately upon the threat of litigation. But telling your employees to submit their personal smartphones to the company’s lawyers is probably not going to go over so well. 

A recent case from a federal court in Kansas gives hope to employers who want to permit employees to use their own devices without risking liability for failing to preserve those devices should litigation arise.  In Cotton v. Costco Wholesale Corp., the District of Kansas denied the employee-plaintiff’s motion to compel text messages sent or received by employees on their personal cell phones. The court’s decision was based on the fact that the employee had not shown that the employer had any legal right to obtain the text messages.  In other words, that the phones and the data they contained were not in the “possession, custody, or control” of the employer.

The court also based its decision on the absence of any evidence that the employees had used their phones for work-related business. Although it wasn’t the controlling factor in the outcome of the case, the fact that it was mentioned by the court is likely enough to give future litigants grounds to argue that where BYOD is the standard policy—officially or unofficially—there is a basis to compel production. But, for now, this decision is definitely a positive sign for risk-adverse employers.

Cotton v. Costco Wholesale Corp., No. 12-2731 (D. Kan. July 24, 2013).

H/T Jay Yurkiw at Porter' Wright’s Technology Law Source blog.

Bra-Less Investigative Reporter Fired for Blog Post

Posted by Molly DiBiancaOn August 6, 2013In: Social Media in the Workplace

Email This Post | Print this Post

Yes, America, there is such a thing as too much information.  But, at least when it comes to social media, we’ve not yet figured that out.  Exhibit A: Alabama TV reporter, Shea Allen.

Ms. Allen wrote a blog post entitled, “Confessions of a Red Headed Reporter.”  And confess, she did.  For example, she admitted that she’d “gone bra-less” for an entire live newscast (although, according to her, no one was the wiser).  She also admitted that she really hates the elderly.  Well, she hates reporting about them, anyway.

She seemed to have realized that she may have over-shared because she pulled the post shortly after she posted it. But that moment of enlightenment didn’t last for long. She put the post back up but changed its title to: “No Apologies: Confessions of a red headed reporter.”

She was terminated after news of her “confessional” went viral.  Shocking, I know.

So, what’s the lesson from this self-described “snarky and cynical” young journalist’s termination.  Well, for employers, I would say that the lesson is a familiar one.  For crying out loud—get a social-media policy.  Or, if you can’t manage that, for whatever reason, at least educate your employees about the risks of oversharing.  Ms. Allen maintains that what she does in her “personal space is protected by the First Amendment.” 

Maybe Ms. Allen should consider doing a little more investigating on this point before reaching this conclusion. Because no, actually, she is not protected by the First Amendment.  She worked for a private news station—not the government—and, therefore, the First Amendment does not protect her off-duty blogging.

Read more about this story at Gawker.com.