Delaware Employment Law Blog

Michigan is the latest State to pass a "Facebook-privacy" law. The law, called the Internet Privacy Protection Act, was signed by Gov. Rick Snyder last Friday. The law prohibits employers and educational institutions from asking applicants, employees, and students for information about the individual's social-media accounts, reports The Detroit News.

The Michigan law contains four important exceptions. Specifically, the law does not apply when:

1. An employee "transfers" (i.e., steals) the employer's "proprietary or confidential information or financial data" to the employee's personal Internet account;

2. The employer is conducting a workplace investigation, provided that the employer has "specific information about activity on the employee's personal internet account;"

3. The employer pays for the device (i.e., computer, smartphone, or tablet), in whole or in part; or

4. The employer is "monitoring, reviewing, or accessing electronic data" traveling through its network.

The enactment of Michigan's Social Network Account Privacy Act makes Michigan the fifth State this year to enact legislation that prohibits employers from requiring or requesting an employee or applicant to disclose a username or password to a personal social-media account. Maryland, Illinois, California, and New Jersey were the first four. California and Delaware passed similar legislation applicable to educational institutions. Notably, new legislation was introduced in California on December 3, which would extend that State's law to public employers.

I continue to believe that these laws are unnecessary and do nothing more than expose employers to legal risk with no real benefit to the citizenry. However, of all of the states to have passed such "internet-password-protection" laws, Michigan's is the first to contain these critically important exceptions. Without them, the laws have the potential to paralyze employers from conducting internal investigations that are necessary to protect both the organization as a whole and individual employees.

Problems With Delaware's Proposed Social-Media Law

Lawfulness of Employers' Demands for Facebook Passwords

Should Employer Cyberscreening Be Legislated?

Employers Who Demand Facebook Passwords from Employees. Oy Vey.

New Jersey is the latest State to prohibit employers from requesting the passwords of employees and applicants. The N.J. Senate passed A2878 on October 25, 2012. The bill also prohibits employers from any kind of inquiry into whether the employee has an account on a social-networking site and from requiring that the employee or applicant grant the employer access to his or her social-networking account.
Although the Bill passed the Senate unopposed, the added exemption of law-enforcement agencies requires that the Bill be returned to the Assembly for approval before being sent to the Governor for approval, reports CBS New York.

Following Maryland, Illinois, and California, New Jersey is the fourth State in the country to pass a "Facebook-privacy" law applicable to employers.

New Jersey also passed a piece of sister legislation extending the prohibition to colleges and universities. That law passed the N.J. Senate unanimously and will prohibits educational instiuttions from requiring a student to disclose any user name, password or other means for accessing a personal social-networking site. Delaware and California are the only other states in the country with similar prohibiitons.

It's no secret that I am hardly a fan of these laws, which attempt to vigorously legislate a problem that does not exist. When I think of my friends and loved ones who have just experienced the loss and devastation resulting from Hurricane Sandy, I can't help but wonder whether the New Jersey legislature couldn't have found something better to make laws about.

This lawsuit, which we'll file in the category of "Ultimate Jerks at Work," was reported by Kashmir Hill on Forbes.com. Here's the story, as alleged in the lawsuit.

Jonathan Bruns was working for a staffing agency when he was placed with a company in Houston, Texas. According to the complaint, Bruns asked if he could charge his cellphone in a wall outlet. His supervisor, Pete Offenhauser, obliged.

Apparently, after Offenhauser approved the request, he unplugged the phone from the wall and into his laptop. Once the phone was connected, Offenhauser had access to the pictures Bruns had stored on his phone. Among them were photos of Bruns' fiancee.

In the photos, Bruns' fiancee was, er, uh, nude.

What did Offenhauser do next? Oh, come on, I think we all know. He called everyone in the office over to his laptop. Once the whole group was gathered 'round, he showed them Bruns' photos. Bruns walked in and saw the goings on. When he asked what all the excitement was about, he was greeted with "laughs and inappropriate comments," many of which were made by his boss.

Bruns and his fiancee filed suit against the company, alleging invasion of privacy. This is not exactly a surprise, I'd say. But why not sue the supervisor, Offenhauser, individually? Well, presumably, because he was acting in his capacity as a supervisor at the time of the alleged conduct. But the alleged acts were, after all, tortious in nature, so there would likely be a claim against him, as well as against the company. The company, however, is more likely to have the money to pay.

And that, dear readers, is how the pixels crumble.

You can, according to Joe Cocker, leave a light on. But, if you want a second opinion, I'd suggest that you be sure you log out before you leave the computer room. The case of discussion in today's post, Marcus v. Rogers, was brought by a group of New Jersey public-school teachers. The District made computers with Internet access available for teachers to use during breaks. One of the teachers was in the "computer lab" (my phrase) to check his email when he bumped the mouse connected to the computer next to the one he was using, turning off the screensaver. On the screen, the teacher saw the Yahoo! inbox of a colleague, who had, apparently, failed to log out of her email account before she left.

The teacher recognized his own name in the subject lines of several of the emails. Too curious to resist the temptation, he opened, read, and printed the emails that made reference to him planning to use them at an upcoming staff meeting.

When his colleague learned that her emails had been discovered, she filed suit. The case was tried before a jury, who found in favor of the nosy teacher-defendant. The colleague-plaintiff appealed the decision. On appeal, the question before the court was whether the defendant was acting "without authorization" or whether his access of the emails had "exceeded [his] authorization."

On the first question, the court held that the defendant was not "without authorization" when he accessed the emails because the emails in the inbox were available for anyone to see, since the colleague had failed to log out of her account.

The court upheld the jury's decision on the second question, as well. Specifically, the court found that the defendant had not exceed his authorization because his colleague had "tacitly" authorized the access when she failed to log out.

This is an interesting case that provides some good news for employers. Some good news--but not much. The question of whether an employer can access an employee's personal email account that the employee accessed through the employer's equipment is far from settled. The answer is very fact specific. For example, the answer may be different where, like here, the employee fails to log out when she leaves the computer, versus where the employer uses software to discover the employee's password and then uses the password to access the account.

The answer also can change depending on the jurisdiction. New Jersey has been an outlier in several of the employee-email cases and employers in other states should be cautious about relying on this decision for much more than its interesting set of facts.

[H/T Evan Brown, Internet Cases, which I first heard him discuss on a recent edition of This Week In Law]

Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012).

It’s only Wednesday but this has been a busy week already. If time allowed, I could write posts on several important employment-law-related topics. But, alas, my day job is keeping me busy, so this short-form recap of some of the more notable items will have to suffice.

Delaware’s Pending Password-Privacy Legislation

As I’ve written recently, there is a bill pending in Delaware’s House of Representatives that is intended to prohibit employers from requesting or requiring that an employee or applicant turn over his or her password. If you’ve read my posts on this topic, you know that I have significant concerns about the scope of the bill and its potential consequences for both employers and employees. This afternoon, the bill will be presented for vote to the Telecommunications, Internet, and Technology Committee.  I will keep you posted about the results of that hearing as soon as possible. Until then, you should consider reaching out to your State Representative and voice any concern you may have with the bill.

Pretexting Via Social Media

I wrote earlier this week about a high-school principal in Missouri, who is alleged to have created a fake Facebook account for the purpose of spying on students in her school. As I stated in that post, using deceit about your identity for the purpose of obtaining information about someone, known as pretexting, is a wholly unacceptable practice.

On her Ride the Lightning blog, Sharon Nelson writes of a story with similarly disturbing facts.  In the case that she discusses, an insurer in a dog-bite case permitted its private investigator to lie about his identity on Facebook so he could spy on the plaintiff—a 12-year-old girl.  Folks, if it’s not obvious already, this type of dishonesty is despicable and those who engage in it should not be surprised at the negative repercussions that result. 

Show Me the Numbers

The EEOC has released a new set of statistics relating to Charges of Discrimination filed in FY 2011.  What is notable about this data is that it marks the first time the EEOC has published private-sector statistics for each of the states and territories.  The statistics provide the total number of charges filed in each state and a breakdown of charge by type of discrimination.  This is the first time that state-specific information has been released and it offers helpful insight on a more granular level.

Lots of blawgers have reviewed this data as it relates to their particular states. For example, Dan Schwartz wrote about the Connecticut numbers and McAfee & Taft’s EmployerLINC blog posted about the Oklahoma stats.  And Chris DeGroff and Matthew Gagnon, of Seyfarth Shaw’s Workplace Class Action blog wrote about the significance of this data.

Another One Bites the Dust

Because I just never seem to grow weary of stories involving smart people who fail to exercise good judgment when using social media, I’ll toss this one to my loyal readers for good measure.  In this social-media saga, it’s a CFO who was terminated for improperly communicating company information through his Twitter feed and public Facebook profile. Jon Hyman and Phil Miles recap the story in more detail.

Legislation, both state and federal, prohibiting employers from requesting an employee's or applicant's password continues to make progress. In Particular, the pending bills in California and New Jersey passed to the next level of their respective legislatures yesterday. The first two federal bills of this type of failed but, fear not, a new version has been introduced. Gone is SNOPA; the Password Protection Act of 2012 was introduced earlier this week. In an effort to keep up, I've put together the list below, which includes a reference to each of the states with pending legislation of which I'm aware:

California
Bill: Social Media Privacy Act
Date: May 10
Status: Unanimiously passed the State Assembly
Applies to: Employers; Post-secondar educational institutions
Other: Prohibition against "otherwise asking for access" to an account

Delaware
Bill: HB 308
Date: Apr. 26
Status: Referred to Committee
Applies to: Employers
Other: Multiple other provisions

Federal
Bill: Password Protection Act of 2012
Date: May 9
Status: Introduced
Applies to: Employers
Other: Prohibits requests for "access"

Illinois
Bill: HB 3782
Date: Mar. 29
Status: Passed House; pending in Senate
Applies to: Employers
Other: "or other account information for the purpose of gaining access"

Maryland
Bill: SB 433
Date: Apr. 9
Status: Approved by Gov.; Enacted
Applies to: Employers
Other: Prohibits: (a) any request for access to an account; (b) request for user name.

Massachusetts
Bill: HD 4323
Date: Mar. 23
Status: Filed
Applies to: Employers
Other: Prohibits any request for access to an account

Michigan
Bill: HB 5523
Date: Mar. 29
Status: Introduced; referred to Committee
Applies to: Employers; Educational Institutions
Other: Prohibition against requesting user to "disclose access information

Minnesota
Bill: HF 2963; HF 2982; SF 2565
Date: Mar. 26; Mar. 29; Mar. 27
Status: Referred to Committee
Applies to: Employers
Other: None

New Jersey
Bill: Bill A-2878
Date: May 10
Status: Approved by Committee
Applies to: Employers and Educational Institutions
Other: Prohibits asking if user has an account; law-enforcement exemption

New York
Bill: Sen. 6983
Date: Apr. 13
Status: Referred to Committee
Applies to: Employers
Other: (a) Prohibits asking for (i) log-in name, or (ii) "other means for accessing; (b) Exempts accounts owned by employer

South Carolina
Bill: HB 5105
Date: Mar. 29
Status: Referred to Committee
Applies to: Employers
Other: Prohibition against asking for "other related information" to access an account

Washington
Bill: SB 6637
Date: Apr. 11
Status: Reintroduced
Applies to: Employers
Other: Prohibition against asking for "other related information" to access an account

Delaware employers should be most interested (and concerned) with the legislation introduced by Rep. Darryl Scott (Dover). As I've written previously, I believe the proposed law goes far beyond what is necessary and would have significant negative implications for Delaware employers.

Delaware has joined several other States in proposing a Facebook privacy law, which would prohibit Delaware employers from requesting access to a candidate's Facebook or other social-networking site.

The proposed law, the "Workplace Privacy Act" (H.B. 308) is sponsored by Reps. Darryl M. Scott and William J. Carson and was introduced on Tuesday, May 1.

In some ways, the bill is similar to the Maryland law, which was the first of its kind to be passed into law, and the federal version currently pending in Congress (SNOPA). For example, the Delaware bill would prohibit employers from "requiring or requesting" that any "employee or applicant" disclose his or her social-networking-site password.

The bill goes further, though. Here are some of the more troublesome provisions of the proposed law:

1. The law prohibits employers from requiring or requesting that the user disclose "any other related account information."

This would seem to prohibit an employer from even asking whether the candidate has a Facebook account. There does not seem to be a legitimate reason for such a broad-sweeping prohibition. Moreoever, employers may have good reason to want to know whether an applicant has a Facebook or LinkedIn account. Additionally, isn't this information public in any event, even if access to the account's contents may be restricted?

2. The law also prohibits employers from requiring or requesting that a user log into a social-networking account in the empoyer's presence "so as to provide the employer access" to the user's account or profile.
This, in my opinion goes too far. Although I am not an advocate of this approach, it is not and should not be unlawful. There are certain industries and professions (i.e., the financial sector and law enforcement), that, in some cases, have a legitimate interest in a candidate's online activities. The employer should have the right to gain limited and temporary access the candidate's profile, provided the employer does so in a legitimate and responsible manner.

3. The law also prohibits employers from "accessing" a user's social-networking profile or account "indirectly" through the user's online friend or connection.
Again, this goes too far. And, in my opinion, has deeply troubling (and, likely, unintended), potential consequences. The worst-case scenario would go as follows: Employee reports to Employer that Coworker Posted on Coworker's Facebook profile that Coworker intends to cause harm to his supervisor. The employer has not just a right but a legal duty to prevent workplace violence and would be legally obligated to take stepst to prevent Coworker from carrying out this threat.

But the employer cannot simply fire Coworker based only on Employee's unverified report. It would need to first investigate the Coworker's claim. Most commonly, an employer will do this by asking the reporting Employee to pull up his own Facebook account for the purpose of showing Employer the allegedly threatening post of Coworker. But this provision of the proposed law would prohibit the employer from doing this.

Alternatively, Employer could call in Coworker and ask him whether he posted the threat as reported by Employee. But if Coworker denies making the post, Employer has no recourse and is forced to take him at his word because Employer would be prohibited from "requiring or requesting" that Employee log into the account to clear up the allegation. This, also, is an unsatisfactory result.

The scenarios go on and on. Consider, for example, a report of employee theft. Or an employee who is posting HIPPA-protected personal health information. Or an employee who is posting the employer's trade secrets? The employer would be without recourse in each scenario.

4. Anti-Retaliation
And, making it worse yet, the law would prohibit employers from "discharging, disciplining, or otherwise penalizing, or threatening to discharging, disciplining, or otherwise penalizing" an employee for his or her refusal to provide access.

Although I am not opposed to laws that prohibit employers and educational institutions from demanding an individual's password or log-on information, this bill, as currently drafted, goes far, far beyond what its sponsors likely intended.

I'll be sure to keep readers posted as developments occur.

In the meantime, you can read about what is happening around the country with regard to the issue of "Facebook-privacy laws" here:

Maryland Law Makes It Unlawful to Request Facebook Passwords
Employers Who Demand Facebook Passwords from Employees. Oy Vey.
California Law Moves Closer to Prohibiting Employers From Requesting Facebook Passwords From Applicants
More States Consider Facebook-Privacy LawsShould Cyberscreening by Employers Be Legislated?
Lawfulness of Employers' Demands for Employees' Facebook Passwords
Federal Legislation, SNOPA, Would Prohibit Employers from Facebook Snooping

An appeals court in California recently decided that emails sent by an employee from her work email address to her attorney are not protected by the attorney-client privilege. In the case of Holmes v. Petrovich Development Company, LLC, an employee sued her employer for wrongful termination. Prior to filing her lawsuit, she had exchanged emails with her attorney, using her office email account. The employer used the emails in its defense, and the employee objected, claiming that they were protected by attorney-client privilege.

The Court disagreed and found that the emails were not protected by the privilege.  The court relied on the fact that the employer’s handbook expressly stated that an employee’s emails might be monitored. Such a warning, the Court concluded, made the employee’s emails akin a conversation held in the company’s conference room, with the door open, speaking in a loud voice. The California Court’s decision is in keeping with the Supreme Court’s 2010 decision in City of Ontario v. Quon, in which the Court held that an employee did not have an expectation of privacy in his text messages, sent using an employer-provided pager. This case, however, takes Quon to its logical conclusion, holding that in the absence of a reasonable expectation of privacy, the attorney-client privilege cannot attach.

As Delaware employers should know, they are required by statute to inform employees prior to monitoring an employee’s telephone, email, or internet use. 19 Del. C. § 705. Thus, under the California Court’s logic, any Delaware employee who has received notice of email monitoring under Delaware law has waived the attorney-client privilege as to any emails exchanged with the employee’s attorney, using his or her work email account. It is important to remember that the Delaware courts have not ruled on the issue of attorney-client privilege for work emails. However, this case is a valuable reminder that electronic communications are rarely as private as they appear, and we should all conduct ourselves accordingly.

Delaware readers may be interested a few upcoming events designed to help prevent identity theft. Delaware’s Identity Theft Working Group is sponsoring these events during the week of October 18-24, which is National Protect Your Identity Week.

Oct. 20:  Senior Identity Theft & Fraud

This educational event will take place from 10:30 a.m. – 12:30 p.m. at the Modern Maturity Center in Dover, located at 1121 Forrest Avenue.  You can RSVP for this event and get more information by calling 302-734-1200.

Oct. 21:  Protecting Small Business from Identity Theft

This event is sponsored by the Better Business Bureau of Delaware and will be held at the Wilmington Double Tree Hotel, located at 700 N. King Street from 7:45 a.m. till 10 a.m.  RSVP for the event by calling 302-230-0112 ext. 19.

Oct. 22:  Working Together to Combat Identity Theft

The Federal Bar Association is co-sponsoring a Law Enforcement and Financial Institution training titled “Working Together to Combat Identity Theft” on October 22, 2010, from 8:00 a.m. to 12:30 p.m. at Theatre N, First Floor, 1007 Orange Street, Wilmington, DE 19801.  The October 22 training will include the following discussion topics:

• Elements of Proof of Identity Theft Crimes:  A Federal and State Overview
• An Identity Theft Investigation Case Study:  What Worked and Why
• Addressing Expectations of Both Financial Institutions and Law Enforcement In Investigating Identity Theft Cases
• Panel Discussion:   Financial Institution Investigators and Federal and State Investigators

In order to register for this training, which will be of primary interest to prosecutors and those lawyers who work with clients to investigate matters relating to identity theft, submit this registration form by October 18, 2010.  If you RSVP for the training, please indicate that you are an attorney who will wish to seek Delaware CLE credit for the training.  The training is free.

Oct. 23:  Shred Event

Consumers may bring up to 3 file-size boxes of documents for shredding to the Boscov’s at the Dover Mall between 9 a.m. and 1 p.m.  The Delaware Attorney General is the sponsor of this event and more information can be found at www.attorneygeneral.delaware.gov.

You can print the following poster, which includes information about all of these events. 

Identity Theft Event Poster

Employers in any state can celebrate National Protect Your Identity Week by educating employees about how to protect themselves from identity theft.

Social security numbers, gender, and dates of birth of approximately 22,000 State of Delaware retirees was accidentally posted online.  According to the AP as reported in the Newark Post, Aon Consulting accidentally posted the information to the procurement section of the State's website as part of an RFP for the State to solicit bids from insurance companies to provide vision benefits to current employees and retirees.  The data remained online for five days before being removed.  The employees' names were not posted.

In response to the data breach, Aon is reportedly taking the following actions:

• Contact each affected individual by letter to inform them of the incident and the steps taken to address it;
• Post public notices in states where there are more than 500 affected individuals;
• Provide 1 year of free credit monitoring;
• Establish a toll-free phone line to respond to questions; and
• Notify U.S. DHSS.

This is an example of a data breach that did not involve any fault on the part of the employer (State of Delaware), thus demonstrating that, even when the employer takes all precautions, its employees' personal data may still be breached. 

More than a year ago, I posted about what an employer should do in the event that employees' confidential information is stolen or otherwise compromised.  (See What to Do If Your Employees' Confidential Data is Stolen).  In Delaware, and many other states, there is a law that addresses what obligations employers and other entities have.  (See 6 Del. C. Chp. 22, Credit and Identity Theft Protection).  The FTC's Identity Theft Site, including its Guide for Businesses, Protecting Personal Information (PDF), are two other helpful resources.

The best plan is one that you make in advance. There's no better time to review your internal response procedures now so you are prepared should your employees' confidential or personal information be publicized accidentally.

Should employers conduct online searches of job applicants? That's one of the questions I'm asked most often by employers when talking about social media.  One of the less commonly asked questions is whether employers should conduct the same type of online search after the hiring decision has been made.  In other words, should employers monitor their employees' online activities during employment? 

There are good arguments for and against this practice. For me, the most persuasive argument is logistics--it just doesn't seem realistic for most employers to dedicate the resources required to monitor employees' online habits.  But here's a recent story that shows why employers may want to run a search of current employees on Google. 

Inc.com reported the story about a single mother in St. Louis who, during the day, worked for a non-profit.  At night, though, she wrote an anonymous "sex blog" called "The Beautiful Kind."  She'd managed to keep her online identity a secret until Twitter came along. 

When she created her Twitter profile, she used her real name, thinking that only her handle would be visible. When she realized that her name actually appeared in her profile, she immediately removed it and adjusted the name field of her handle accordingly.  Immediately, however, was not quickly enough. 

Thanks to Topsy, a Twitter search engine, her original profile was cached and her real name was displayed next to her user handle. According to the blogger, senior management suggested that supervisors search the web for information about their employees.  When the blogger reported to work, she was fired by her boss, who had found out about her extracurricular "activities" on Topsy. The nonprofit claimed that it could not justify the risk to its public image caused by an employee's racy blog.

The interesting point to this story, aside from the idea of supervisors being encouraged by senior management to spend time surfing the web, is that the employee was terminated as a result of conduct that did not involve her job.  She was blogging during nonworking time on a computer not owned by her employer or connected to her employer's network.  In some states, where off-duty conduct is protected to varying degrees, the termination may be unlawful.  But, in Missouri, which does not have any laws offering such protection to employees, it would appear that the termination is entirely lawful.

And, if nothing else, this story is an excellent example of the principle that, if you put it on the Internet, you'd better assume that your boss is going to see it and is going to hold you accountable.

See these related posts for more about the impact of social media on employers and employees:

Judge Shows Why Employers Should Consider Prohibiting Employees From Posting Anonymously Online

Breach of Noncompetition Agreement Via LinkedIn

Sure, You Can Use Facebook at Work . . . We'll Just Monitor What You Post

More Employers Searching Online for the Dirt on Candidates

Sample Social-Media Policy

5 Non-Negotiable Provisions for Your Social-Media Policy

State Off-Duty Conduct Laws and Facebook-Friending Policies

Follow me on Twitter @MollyDiBi

Employees love social networking. Some employers also love social networking, especially in the context of recruiting, onboarding, and engagement efforts. But employers are not so crazy about the use of Web 2.0 tools by employees.  The question is often asked whether employers may lawfully access an employee's (or applicant's) social-networking page.  And the answer, as any lawyer worth his oats surely will tell you, is "it depends."

There are a number of different contexts in which this question can arise and each has a different response.  For example, in the hiring context, employers often want to conduct a DIY background check by Googling a candidate or searching for the candidate's Facebook profile.

I've already said plenty on this topic and won't rehash it here.  (See More Good Advice on Best Practices for Use of Social Networks for Employers, Free Podcast: Employers' Use of Facebook, MySpace, and Other Social Networking Sites).  But, generally speaking, this presents only minor (and avoidable) potential legal issues.   

A different context occurs when an employer wants to view a current employee's Facebook or MySpace page.  Add to that the situation where the employer doesn't want the employee to know about it's "investigation" or where the employer sees something it doesn't like and takes adverse action because of it, and you've got an entirely different set of circumstances and associated legal issues.

A recent case in the U.S. District Court in the District of New Jersey is the perfect "flare-gun" case--sending a poignant warning to employers considering similar actions.  In Pietrylo v. Hillstone Restaurant Group, a waiter at the employer's Houston's restaurant created a MySpace page and group.  The group was private--only those who were invited by its creator could access the site. The waiter, Pietrylo, gave access to co-workers, who could then read postings or create postings themselves.

Social networking site Tagged.com is accused of stealing the identities of 60 million people. N.Y. Attorney General Andrew Cuomo announced that his office intends to file suit. In short, Tagged.com is alleged to have sent invitational e-mails that appeared to be from one of their users to one of the user’s contacts. The e-mail read that the recipient was being sent photos from his or her friend—the Tagged.com user. To view the photos, the recipient non-member, had to register for a Tagged.com account. Then Tagged.com accessed the new member’s contact list, restarting the cycle.

(via Death By Email)

This is a serious and unfortunate example of the wide-spread danger that can result the misuse of technology.  Combined with the far-reaching power of social media and, as this story makes clear, the potential impact can increase exponentially. 

Larry Mendte’s ankle bracelet came off yesterday. Mendte completed his six-month house arrest and is free to live out the rest of his two-and-a-half-year probation outside the confines of his Main Line home. The house arrest and probation constitute the sentence he received after pleading guilty to intentionally accessing the private e-mail account of his former co-anchor, Alycia Lane. 

Mendte was convicted under the Computer Fraud and Abuse Act (CFAA), which makes it unlawful to intentionally access a protected computer without authorization. In the last few years, employers have tried, with mixed results, to put this statute to work against employees who engage in cyber-sabotage.

In January 2009, for example, an employer filed suit under the CFAA against two former sales reps, alleging that the former employees had deleted information from their company laptops after resigning.[1] That case was dismissed, though, in a somewhat disappointing ruling from the District Court, which held that the intended purpose of the CFAA was limited to preventing and prosecuting computer hacking and did not extend to the misdeeds of former employees.

But in February 2009, another federal court declined to dismiss a claim under similar facts.[2] In that case, an employer sued former executives under the CFAA, alleging they’d e-mailed documents to their home computers when they were preparing to compete with the company.

So often, employers want to file a counter-claim in response to what they believe is a bogus suit filed for a former employee. The law rarely provides for this, though. For many employers and their legal counsel, the application of the CFAA to the wrongdoings of former employees is a developing area of the law with great potential.

[1] Lasco Foods, Inc. v. Hall & Shaw Sales, Marketing & Consulting, LLC, 600 F. Supp. 2d 1045 (E.D. Mo. 2009)

[2] Ervin & Ervin Smith Advertising v. Ervin, No. 8:08-459 (D. Neb. Feb. 3, 2009).

Online social networks (OSNs), such as Facebook and MySpace, have found their way into the workplace.  Employees' use of OSNs and the impact of that use on workplace productivity are topics all to themselves.  OSNs are also being used by employers, though, as well.  In fact, Facebook and similar sites are becoming increasingly common tools in employers’ arsenals.  Employers have found a number of ways to use technology to their advantage.

The various ways that employers are putting these tools to use span across the entire employment relationship, from pre-employment (recruiting), to potential employment (screening), and then all the way through the employment relationship (monitoring).  

I'm a guest blogger this week at LexisNexis' Workers' Compensation Law Center.  In today's post, I discuss the many ways that employers are putting Facebook, LinkedIn, and other, similar sites, to work in the workplace.  (See How Employers Are Putting Online Social Networking Sites to Work.)  Be sure to check out the post to learn about the variety of ways employers have utilized the very same type of technology that is considered one of the biggest drains on employee productivity.