Articles Posted in Social Media in the Workplace

At our Annual Employment Law Seminar last week, I spoke about the “Facebook Privacy” bill that was then pending in Delaware’s House of Representatives.  The bill passed the House on later that day and is now headed to the Senate.  For those of you who weren’t in attendance last week, here’s a brief recap of the proposed law. 

The stated purpose of HB 109 is to protect individuals’ privacy in their personal social media accounts.  Generally speaking, HB 109 would prohibit employers from requiring or requesting that an employee or applicant give the employer access to their personal social-media accounts-either by giving up their passwords or by logging in and letting the employer take a look (also known as “shoulder surfing”). 

As we all know, though, with any law, the devil is in the details.  And there are, not surprisingly, a few devilish details.  For example. . .

HB 109 prohibits an employer from asking an employee (or applicant) from disclosing “a username . . . for the purpose of enabling the employer to access personal social media.”  As written, that would mean that an employer could not ask a candidate what his or her Twitter handle is.  Twitter is, generally speaking, a publicly available site. 

So an applicant could have a public Twitter account, where he tweets racist or sexist speech or talks about how he likes to steal money from his current employer, but the employer wouldn’t be able to ask about it?  Huh?  I supposed we’d just have to wait till discovery in a lawsuit before we could ask for that (public information)?  Not my favorite part of this law.

There are other confusing parts of HB 109 that I think likely are unintended consequences of the legislation.  But, with 38 votes in favor and none against, it appears that the unintended consequences are well on their way to becoming law.  We’ll see what the Senate has to say about it and will be sure to keep you updated.  In the meantime, you can track HB 109 here.

A party’s “right to privacy” in the context of social media is the subject for numerous motions in civil litigation.  The scenario goes like this:  Plaintiff sues defendant, alleging injuries.  Defendants seeks discovery of Plaintiff’s social-media content, such as photos, posts, and comments, in the hopes of disproving liability and/or damages.  Plaintiff claims right to privacy in social-media content.  Court must decide. social media discovery

Because these cases are so fact specific, it can be difficult to extract a single principle or set of guidelines from their holdings.  But a recent case from an appellate court in Florida is a terrific example of the basic balancing act.

In Nucci v. Target Corp., the plaintiff claimed to have suffered physical injuries while shopping at a Target store.  Target sought to discover photographs of the plaintiff from her Facebook account going back two years before the incident through the present.  Target claimed that the photos would go to the quality of the plaintiff’s life before and after the accident to determine the extent of her loss. 

The trial court agreed and ordered the plaintiff to produce the pictures.  The plaintiff appealed.  On appeal, the court examined in detail the balance between a party’s “right to privacy” and another party’s right to take broad discovery in civil litigation.  In the end, the appellate court agreed with Target and upheld the trial court’s ruling, ordering the plaintiff to produce the photographs.  I agree with the court’s ruling and find some of the points made in its opinion to be of particular interest.  Here are a few highlights.

First, unlike most states, individuals in Florida have a constitutional right to privacy.  In Delaware and most other states, there is no such right.  There is a federal constitutional right of privacy but that extends only to actions taken by the government.  So, for example, in Delaware, in order to claim privacy as a basis to avoid similar discovery, it would have to be the government seeking to obtain the pictures.  Thus, the Florida court had to address the privacy issue as an additional step over and above what would be protected in most other states.

With respect to privacy, the court explained that the right of privacy does not attach unless and until there is a “legitimate expectation of privacy.”  Here, the court concluded that, “generally, the photographs posted on a social networking site are neither privileged nor protected by any right of privacy, regardless of any privacy settings that the user may have established.”  The court agreed with other courts that have found that there is no “special privilege” or other protections for content shared via social-networking site.

Second, the court recognized the potential value of information and evidence shared via Facebook or other similar site.  The court explained that, particularly in a personal-injury claim,

. . . there is no better portrayal of what an individual’s life was like than those photographs the individual has chosen to share through social media . . .

Thus, the court held, the photographs sought by Target were “powerfully relevant” to the issue of damages.

This decision is so thoughtful and well written that it is, in my opinion, a leading example for other courts to follow when faced with decisions about what can and should be produced during litigation from a party’s social-networking accounts. 

Nucci v. Target Corp., No. 4D14-138, 2015 Fla. App. LEXIS 153 (Fla. Ct. App. 4th Dist. Jan. 7, 2015).

See also:

How NOT to Produce Facebook Evidence

Waiver of Attorney-Client Privilege Via Facebook

Delaware Supreme Court Rules On Admissibility of Facebook Evidence

Discovery and Preservation of Social Media Evidence

Court Finds Duty to Preserve Personal Emails of Employees

Discovery of Social-Media Passwords

Delaware Chancery Ct. Finds No Privilege for Email Sent from Work Account

Employer Failure to Preserve Employee Social-Media Evidence

Is There a Reasonable Expectation of Privacy In Your Tweets?

EEOC Sanctioned for Failure to Produce Social-Media Evidence

Employees Must Turn Over Facebook Info For Harassment Claim

Discovery of EEOC Claimants’ Social-Media Posts

Call Me, Maybe. Discovery of Employee Identities

Spoliation of Facebook Evidence

Earlier this week, I wrote about the issue of threats made via Facebook constitute constitutionally protected speech.  Today’s post also is about threats made via Facebook but in the context of the workplace.  The case, decided by the Court of Appeals of Ohio, is timed perfectly for my road trip tomorrow to Ohio.  social media letterpress

In Ames v. Ohio Department of Rehabilitation & Correction, an employee, a Senior Parole Officer, was sent for an independent medical exam after she posted a Facebook comment that her employer believed to be a threat.  The comment was in reference to shooting parolees.  The employee claimed that the comment was a joke.  The psychologist who conducted the exam cleared her to return to work, finding no evidence of depression, anxiety, or mood disturbance.

A few months later, the employer received an “anonymous” complaint that the employee was using her state-issued computer for non-work purposes.  It turned out that the complaint actually was made by the new partner of the employee’s ex-girlfriend.  The new partner, of course, was a co-worker. There was an investigation and the employee was issued a written reprimand.

A few months later, the co-worker (partner of employee’s ex), files an incident report alleging that the employee had sent a threatening text message to the co-worker and the ex.  A few weeks later, the employee filed an incident report against the co-worker, alleging that the co-worker had used a state computer for, you guessed it, non-work-related purposes. An investigation was begun.

Days later, the co-worker notified the employer that the ex had filed for an order of protection against the employee.  In the motion, the ex claimed that, two years earlier, the employee had held a gun to her head.  The employee denied that any such incident had occurred.

In any event, the employer sent the employee off for a second IME, this time to discover whether she had a “propensity for violence.”  Now, I’m no psychologist, but I’m pretty sure that there’s no widely accepted methodology for determining whether a person has a “propensity for violence.”  Apparently, the psychologist who conducted the IME had similar doubts and gave an inconclusive report, failing to address whether the employee had any such “propensity.”  So the employer sent her off for a third IME, this time specifically asking the examiner to make such a conclusion.

The examiner declined to make such a finding, explaining that there is (as I believe I may have mentioned) no reliable way to make such a determination.  Nevertheless, a few months later, the employee posted a threatening message on Yahoo! Messenger to the ex.  She denied sending the message but resisted the employer’s attempts to determine if the account had been hacked.  As a result, she was terminated for the threat and for failing to cooperate in an investigation.

The employee sued under the disabilities laws, claiming she’d really been terminated because the employer perceived her to be disabled.  The employee lost, appealed, and lost again.

So, what are the lessons to be learned here?  Oh, my, there are so many.  Too many to discuss in full so I’ll give you the redux in bullet points:

1.  Love triangles in the workplace usually end badly. 

2.  Threats of violence made via Facebook can serve as grounds for discipline.

3.  Failure to cooperate in an investigation constitutes grounds for discipline.

Ames v. Ohio Dep’t of Rehab. & Correction, 2014-Ohio-4774 (Oct. 28, 2014).

The intersection of Facebook use and Free Speech is complicated.  Complicated enough, in fact, that the U.S. Supreme Court will weigh in on the subject when it decides a case it is scheduled to hear argument in today, Elonis v. United StatesFacebook threat as free speech

The basic legal principle at issue is what constitutes a “true threat.”  It is a crime to use the phone or Internet to make a “threat to injure” another person.  And “true threats” are not protected as speech under the First Amendment.  So, “true threats” to injure another made via Facebook can be punishable as crimes.  Otherwise, the speech would be protected by the constitution and could not be considered criminal.

But what’s a “true threat?”  Is that question to be answered by the “reasonable person” who would be subject to the threat?  Or does the speaker have to have intended his words as a threat to constitute a criminal act?

In Elonis, the defendant was arrested after making violent threats directed to his ex-wife (and others).  At trial, he testified that he did not intend to frighten anyone and compared his posts to rap lyrics.  The jury didn’t buy it and found that a reasonable person would have viewed the posts as “true threats.”  So now the Supreme Court will decide what the “true test” for “true threats” should be. 

The legal issue may appear easier than it is.  The facts of the case may make the speech and speaker less sympathetic.  For example, his Facebook comments included the following about his wife, after she left with their two children:

If I only knew then what I know now, I would have smothered [you] with a pillow, dumped your body in the back seat, dropped you off in Toad Creek and made it look like rape and murder.

He later posted, “I’m not gonna rest until your body is a mess, soaked in blood and dying from all the little cuts.”  And, when a court issued the wife a protective order, Elonis posted whether it was “thick enough to stop a bullet.”  He also threatened to kill an FBI agent and to slaughter a class of kindergarten students, reports the LA Times.

Employers, do you know what apps your employees are using?  That’s the question posed by a recent article in the WSJ.  (See Companies Don’t Know What Apps Their Employees Are Using).  My guess is that the answer to this important question is, “No.”  Here are my top tips for how not to be the employer discussed in the WSJ article.  employee cloud storage

First, have a policy about employees’ use of cloud-based apps to save work-related documents.  Consider prohibiting employees from saving work documents to cloud-based storage accounts such as Dropbox, SkyDrive, and Box.net.  Also consider prohibiting employees from backing up the contents of their work laptops to cloud-based back-up accounts, such as Mozy and Carbonite.

Second, communicate your policy to all affected employees.  If employees don’t know about the prohibitions, your policy is unlikely to have the desired deterrent factor.  This means that your policy needs to be written in plain English and that it should be publicized to employees in a way that will actually be heard.

Third, enforce the policy.  Don’t make exceptions.  If an employee violates the policy, the employee should be disciplined accordingly.  Even if the employee is your favorite employee.  And even if the employee complains a lot about the policy-and claims that he or she needs the online storage and/or back-up accounts.  The answer is “no.”  And that answer must be consistent, regardless of how loudly an employee complains.

As a bonus point, I’ll note that employers should consider having all employees execute a confidentiality agreement.  The agreement can be very brief-a paragraph long does the trick, most of the time.  But the key is to have all employees execute the document.  And, ideally, have the employees reaffirm their adherence to the confidentiality agreement on a yearly basis.

A lot of additional work?   Yes.  But, if you have an employee who defects to a competitor and takes with him several gigabytes worth of your confidential data, the extra “work” will be worthwhile.  You’ll be glad you have taken these steps-and don’t hesitate to thank me for the great suggestions. 

Employers face a serious challenge when trying to prevent employees from taking confidential and proprietary information with them when they leave to join a new employer-particularly when the new employer is a competitor.   When an employer becomes suspicious about an ex-employee’s activities prior to his or her last day of work, there are a limited number of safe avenues for the employer to pursue.  privacy policy with green folder

Generally, an employer should not review the employee’s personal emails or text messages if they were sent or received outside the employer’s network.  But what if the employee turns over his personal emails or text messages without realizing it?  The answer is, as always, “it depends.”  A recent case from a federal court in California addresses the issue in a limited context.

After the employee resigned, the employer sued him for misappropriating trade secrets.  He filed counterclaims, accusing the employer of violating the federal Wiretap Act, the Stored Communications Act (SCA), and state privacy laws.  The employee alleged that the employer had reviewed his text personal text messages on the iPhone issued to him by the former employer after he’d returned it but before he unlinked his Apple account from the phone.

All of the employee’s counter-claims were dismissed by the court.  The court found that the Wiretap Act claim failed because there was no allegation that the employer had intentionally intercepted any messages.  The SCA claims failed because there was no allegation that the employer had accessed any messages.  And, perhaps most obviously, the privacy claims failed because the employee could not have had a reasonable expectation of privacy.

The court specifically found that the employee had “failed to comport himself in a manner consistent with objectively reasonable expectation of privacy” by failing to unlink his old phone from his Apple account, which is what caused the transmission of his text messages to his former employer.

Sunbelt Rentals, Inc. v. Victor, No. C 13-4240-SBA (N.D. Cal. Aug. 28, 2014).

See also

Too Creepy to Win: Employer Access to Employee Emails

Traveling for Work and Late-Night Emails

Lawful Employer Investigations of Facebook . . . Sort Of

Employers, Facebook, and the SCA Do Not a Love Triangle Make

Employees telling secrets online was the subject of yesterday’s post, Keeping Secrets on Social Media.  Today’s post–a continuation of the theme from yesterday–is about “auto-expire” apps. 

telling secrets

An “auto-expire” app is an app that enables users to set an automatic expiration date and time for social-media or other online content.  There are lots of reasons one would use an auto-expire app but the three that come immediately to mind are regret, efficiency, and secrecy.

Social-media regret is nothing new.  Just last summer, I wrote a post about social-media regret syndrome.  Auto-expire apps like Xpire, for example, allow users to set expiring posts for Facebook, Twitter, and Tumbler. 

Efficiency also is a reason to consider these apps. You don’t need to keep (or have others keep) the series of text messages exchanged about where to meet for lunch. 

But secrecy, in my opinion, is the most prominent reason for the increased interest in these auto-expire apps.  In the employment context, there may be security reasons for having highly confidential discussions automatically deleted forever.  Apps like Wickr (branded as “a top-secret messenger), are targeted to businesses for exactly that reason.  Wickr advertises that messages sent through the app contain no geolocation data and are not tracked or monitored–what’s yours is yours and cannot be accessed by the host site.

Be careful, though, about what you send through these apps–people are often surprised by the utility of having access to evidence in the form of contemporaneous posts and conversations.  But, for certain exchanges, you can imagine the equally powerful utility of having an untraceable and permanently deleted line of communications.

The title of this post is a bit laughable, isn’t it?  I mean, really, it’s almost an oxymoron.  Keeping secrets on social media?  What’s the point?  The very existence of social media is dependent upon sharing-not secret-keeping.  But the two are intersecting more and more.  Which is why I am writing a short series of posts about the topic.  Beginning today with a post about “anonymous” apps. telling secrets

Back in February, fellow employment lawyers, Adam S. Forman and Dan Schwartz, and I were interviewed for an article in Law360, titled, “What Employers Need to Know About the New Social Media.”  In that article, I discussed what I think is the wave of the future in social media for employers-apps focused on secrecy.

For example, one app, Secret, allows users to share anonymous messages with anyon3e in their contacts who also uses the app.  Employers in the tech industry, where these apps are particularly popular, are struggling with how to deal with (and, preferably, prevent), the loss of confidential company information. 

For example, an employee hears through the grapevine that the Vice-President of R & D has taken a job with a competing firm.  Employee posts that hot tidbit on Secret, where all of his work colleagues (who also have the app, of course), will see it.  The firm can be seriously disadvantaged by uncontrolled leaks of information.  And, when the app is designed specifically for that very purpose, it is hard to address with any meaningful result. 

As a side note, educators are struggling with a related problem.  Students bullying other students via these anonymous apps is a serious problem that many school districts are trying to manage.

So what should employers be doing?  Well, to start, they should be reading this blog post.  If they do, at least they’ll know about the existence of these “anonymous” social-media apps and about the potential issues the employer may be facing already because of them.  Next, employers should consider investigating for themselves. Have an individual from HR subscribe to the service and see what, if anything, is posted about the company.  Although it may hurt to find out, it’s better that you know so you can make a rational decision about how, if at all, to address it.

In the next post in this series, I’ll discuss “auto-expire” apps that enable users to set an expiration date on their posts and messages.  Stay tuned.

Electronic discovery, the collection and production of electronic documents in litigation, is a scary thing to many lawyers. Some are so scared by it, in fact, that they just deny that it exists and continue to produce only hard-copy documents. Of course, that is a terrible idea. And not at all in compliance with the rules of procedure. But, alas, it is what it is. ESI Discovery

There are times that a lawyer will want to produce electronic records, such as text messages, emails, and, heaven forbid, social-media content, but simply not know how to do it.  I had an opposing counsel call me once and say that he was willing to produce his client’s relevant Facebook posts if I would show him how to do it.  Ummmm, no. 

My point, though, is that lawyers are ethically bound to understand and comply with the applicable e-discovery rules but, as a matter of practical reality, that does not mean that they comply.  Which is why e-discovery continues to be a predominant subject for discussion in the legal profession.

A recent case from South Carolina gives a pretty good example of how not to produce electronically stored information (ESI).  In Wellin v. Wellin, the defendants moved to compel the production of certain ESI, including emails, text messages, and Facebook posts in “native format.”  (Native format means, in the most basic sense, that if it was originally in electronic form, you must produce it in electronic form, as opposed to paper form).

The plaintiffs apparently had attempted to produce the requested items but, instead of producing the responsive material in native format, they . . . [wait for it, wait for it] . . . :

printed out responsive emails and provided photocopies of certain portions of those emails to defendants. Additionally, [one plaintiff] provided the content of several text message exchanges and Facebook posts by transcribing those messages on loose-leaf paper.

The Court granted the motion to compel. 

Initially, I assumed that the producing parties must have been acting pro se (without counsel) because there is just no way that a lawyer would produce text messages and Facebook posts that were “transcribed” on “loose-leaf paper.”  Upon closer review of the opinion, though, it appears that all parties were represented.  Clearly, I am missing something about the course of events that led a party to produce ESI in this “format” (is loose-leaf paper even considered a “format”?). 

What matters, though, is that employers and their counsel be diligent in their efforts to preserve all potentially relevant evidence, including text messages and social-media content, and to preserve it in its original form (native format).  Preservation is the first step.  Maybe we can work on our production skills after that.  I’ll keep my fingers crossed.

Wellin v. Wellin, No. 2:13-cv-1831-DCN, 2014 U.S. Dist. LEXIS 95027 (D.S.C. July 14, 2014).

Breaches of confidentiality via Facebook and other social media are more common than most of us would like to think.  Employees post information about customers, clients, and patients on Facebook, in violation of internal company policies and privacy laws, such as HIPAA, for example.  I recently wrote about a plaintiff who could not collect a sizeable settlement payment because his daughter posted about the settlement on Facebook, which served to demonstrate that her father had breached the confidentiality provision in the settlement agreement.  Waiver of Privilege via Facebook

There’s another reason to be concerned about what employees say on social-networking sites-waiver of the attorney-client privilege.  The general rule is that confidential communications between an attorney and her client are subject to the privilege and are not subject to discovery by the opposing side.  Privilege can be waived, however.  And one way for a client to waive privilege is to have the communication in the presence of a third party.  Another way is for the client to tell a third party about the communication between himself and his lawyer. 

For example, Lawyer and Client meet to discuss strategy regarding litigation.  This conversation would be privileged.  If Client brings his friend to the meeting, the conversation would not be privileged.  And, if Client did not bring his friend but reported the conversation to his friend after the meeting was over, the privilege would be lost. 

Communicating an otherwise privileged conversation via Facebook is no different than if done via telephone or in person.  A case decided earlier this week in a federal court in Nebraska reminds us of this risk.  In Kaiser v. Gallup, Inc., the employee-plaintiff filed suit under the ADA against her former employer.  During discovery, the employer learned that the plaintiff had communicated with her cousin, who was a lawyer, about events leading up to the plaintiff’s termination.  The employer also discovered that the plaintiff had discussed the  communications with her cousin (the lawyer) via Facebook. 

The employer sought to compel the plaintiff to produce those communications.  In response, the plaintiff contended that they were protected by the attorney-client privilege because, at the time the communications were made, her cousin represented her as counsel in her unemployment-benefits claim.  The employer argued that, even if the privilege had once applied, the plaintiff waived it when she discussed the communications with third parties.  The plaintiff failed to show that she hadn’t waived the privilege and the court granted the employer’s motion. 

This case, and others like it, serve as a good reminder that confidential information should not be shared through any medium, including social media.  Posting it to Facebook is, contrary to popular belief, the equivalent to sharing it on the phone, in an email, or in person.  If it’s a secret-it doesn’t belong on Facebook. 

Kaiser v. Gallup, Inc., No. 8:13CV218, 2014 U.S. Dist. LEXIS 92588 (D. Neb. July 8, 2014).

Contact Information