Employment Law and New Technologies: Emerging Trends Affecting Employers
© Bob E. Lype, 2011
Published in Tennessee Bar Journal, Vol. 47, No. 5, May, 2011.
It was not so very long ago that employers and the lawyers who advise them were faced with a new set of legal issues because of developing technologies called "the internet" and "e-mails." Businesses were intrigued by the seemingly endless possibilities for how these new methods of communicating could enhance the productivity of their workers. It was only during the early-to-mid 1990s that the internet, as we know it, was commercialized. In 1995, the business world and employment lawyers learned of a potential down-side for the new technologies when Chevron Oil Company paid $2.2 Million to settle a sexual harassment lawsuit brought by employees who alleged that Chevron had permitted its internal e-mail system to be used to disseminate sexually offensive content, including a "joke" e-mail which asked, "Why is beer better than women?" One of the joke answers was, "Beer doesn't demand equality." (n. 1). After this settlement, employers realized the frightening potential liabilities which might arise because of the conversational ease with which e-mail messages could be sent and received, combined with common misconceptions about the permanency of jokes and suggestive e-mails after they are "deleted." As a result, employment lawyers sought to "get ahead of" the new technologies by suggesting monitoring employees' use of e-mail and internet on employer-provided computer systems.
Over the past fifteen years, a number of employees have raised assorted legal challenges to employer monitoring of e-mail and internet use, either based upon alleged common law privacy rights or statutory claims under the Electronic Privacy Communications Act (n. 2) or the Stored Communications Act (n. 3), but most courts which considered such cases found in favor of the employers' monitoring rights, so long as the employers had policies which removed any "reasonable expectation of privacy" the employees may have claimed in their e-mail or internet usage.
Flash forward to 2004, and a second generation of internet uses known as "Web 2.0 applications" became widely available. These are applications which have made it easy for everyday folks to share information, collaborate, and interact on the World Wide Web almost instantaneously and inexpensively, through such things as blogs, Facebook®, video sharing sites such as YouTube®, microblogs such as Twitter®, and the like (often generically referred to as "social media"). Add in the fact that, beginning in 2008, the number of text messages exceeded the number of mobile phone calls for typical cell phones, and we find that the evolving technologies have raised new legal issues for employers who were just getting used to dealing with employee use of e-mails and the internet.
As communications technologies and "social media" continue to open new horizons, employers must try to stay ahead of the curve and anticipate the new types of legal issues and claims which will inevitably result. It is impossible to predict where the new legal roads will lead or how the courts may decide the cases which will invariably arise, but a survey of recent developments will assist employers and the lawyers who advise them to anticipate and recognize developing issues and the current state of the law.
Supreme Court Guidance. The U.S. Supreme Court decided a case in June, 2010, which gives some guidance to employers. In that case, City of Ontario, California v. Quon (n. 4), the Court considered the claims of a public employee (i.e., a police sergeant) whose text messages sent via pager were monitored, resulting in his being disciplined after it was determined that the vast majority were personal, and some were sexually explicit. Quon alleged violations of the Stored Communications Act and a Fourth Amendment violation based upon alleged unreasonable searches. The Supreme Court ultimately held that the search of his text messages was reasonable, for purposes of a Fourth Amendment claim. However, the Court's opinion included language which has a broader application in the context of private employers and their monitoring policies.
The police department's computer policy provided for the employer's right to monitor e-mails and internet use, but it did not expressly cover text messages. The department's supervisors had told employees in staff meetings that text messages would be "considered e-mail messages," and there was a later memorandum to this effect. Good for the employer, said the Supreme Court, because these actions would remove any reasonable expectation of privacy on the part of the employer. However, the supervisor who reviewed the text messages had originally told Quon that he was only going to monitor the text messages to determine how much of the character "overage" fee would have to be paid by the employee, and that he did not intend to monitor whether the messages were work-related. The Supreme Court then assumed, arguendo (without actually deciding) that the supervisor's statements reinstated Quon's reasonable expectation of privacy. (A lesson for employers – do not permit your supervisors to verbally un-do the benefit of your policies).
The Supreme Court explained its wariness about making a broad ruling, saying: "A broad holding concerning employees' privacy expectations vis-a-vis employer-provided technological equipment might have implications for future cases that cannot be predicted. It is preferable to dispose of this case on narrower grounds." (n. 5). This restraint showed foresight, as it was apparent that several of the Justices (like many of us) did not have the best grasp concerning the details of the technology at issue. (n. 6).
The Court ultimately held that, for purposes of the Fourth Amendment claim, the employer's search of text messages in the Quon case was reasonable because it was motivated by a legitimate work-related purpose, and because it was not excessive in scope. Then, somewhat contrary to its stated goal of a narrow holding, the Court added in dicta, "the Court also concludes that the search would be 'regarded as reasonable and normal in the private-employer context....'" (n. 7). Therefore, the Quon decision offers some guidance to private employers, although the guidance is somewhat mixed.
Web-Based E-Mail Accounts. While the law seems reasonably well settled regarding monitoring employees' e-mails which go through an employer-provided server, Web 2.0 applications have now made it easy for employees to maintain personal web-based e-mail accounts which can be accessed with a password from any computer with internet connection, such as a Yahoo® account, or a GMail® account, or an AOL® account. Messages sent and received through these types of web-based accounts never technically cross the employer's server, so there may be questions whether monitoring and accessing these types of e-mail accounts may run afoul of the Stored Communications Act. (n. 8).
A 2002 federal case from Wisconsin, Fischer v. Mt. Olive Lutheran Church,(n. 9), considered this question, without actually resolving it. Fischer involved a senior pastor who overheard a telephone conversation by a children's pastor which seemed to indicate possible homosexual relationships. The senior pastor sent the children's pastor home, and then he hired a technology consultant to examine the church's computers. The children's pastor had a password-protected web-based Hotmail® account which had been accessed through the church's internet connection. The senior pastor was able to guess the password, and the consultant accessed the web-based e-mail account on multiple occasions. Eventually the children's pastor was terminated. He sued and asserted a common law invasion of privacy claim, as well as a claim under the Stored Communications Act, arguing that his e-mails had not been accessed from employer-provided servers, but rather from a remote, web-based server owned by Microsoft. While the Fischer court did not make an explicit finding on the applicability of the Stored Communications Act, it expressed that its review of the legislative history would support a conclusion that accessing e-mails "stored" on a web-based server could be a violation of that Act.
More recently, in a December, 2010 case from New York, Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, Inc. (n. 10), this question was resolved in a surprising twist to an employer. In Pure Power, employees of a gym had signed non-compete agreements, but they decided to set up a competing business. The employer filed a lawsuit based upon the non-compete agreements, using as evidence 546 e-mails from the employees' Hotmail® and GMail® accounts which showed that the employees had taken customer lists and training materials, as well as solicited customers. But how did the employer get access to the e-mails? It turned out that the computers the employees used while working for the employer "auto-stored" the user-name and password fields, so the employer simply logged on as the employees after they had left their employment (and, in fact, after the lawsuit was underway). The employees counter-sued the employer for violations of the Stored Communications Act, and the court agreed that violations had occurred, granting partial summary judgment in their favor. Moreover, the court stated that, even if the employees had not sustained actual damages, they were awarded $1,000 as statutory damages per violation. The employees wanted the court to find 546 separate violations, but it instead found that due to the proximity in time of the access to the e-mails, there was only one violation.
The lesson for employers is that accessing or monitoring an employee's web-based e-mail accounts may lead to a Stored Communications Act claim, although there is not a great deal of court guidance at this point exploring the parameters of such a claim in this context. Proactive employers may consider revising their policies to specifically restrict employees from accessing personal web-based e-mail accounts through the employer-provided internet connections, although such a policy might negatively affect morale or be widely ignored. A more aggressive approach would be to state in the policies that the employer's monitoring rights include the right to review the employee's use of web-based e-mail accounts through the employer-provided equipment. Actually implementing the latter approach may be impractical, if not impossible, since it would be difficult to selectively monitor or access only those e-mails sent or received through the work station, as opposed to all other e-mails created by or sent to the employee through the web-based account. Therefore, actually using this approach could still lead to Stored Communications Act claims. However, having such a policy in place (even if it is never truly implemented) would serve to remove the argument for a reasonable expectation of privacy concerning such e-mail activities conducted during work time, and perhaps more importantly, it might cause the employees to be more careful and selective about such activities at work. Some would argue that having a policy in place which in never intended to be used is a bad idea, but the counter-argument is that the employer would be simply reserving the right to do something, if it should become necessary. In any event, we should expect that this area of the law will see more developments and there will be more guidance for employers.
Lessons from the "Facebook Firing" Case. What happens when an employer learns that an employee has "ranted" or made negative comments about the employer or a supervisor on a blog post or a social media site, such as Facebook®? These types of publicly posted comments carry no expectation of privacy, so many employers have believed they are free to discipline the employee for them, especially if the employer had the foresight to adopt a "social media policy." That belief was bolstered in December, 2009, when the National Labor Relations Board issued an "Advice Memorandum" in a case involving the "social media policy" of Sears Holdings, parent of Sears and Kmart. The social media policy prohibited employees from using blogs, message boards and the like to "disparage" the company's "executive leadership, employees or strategies." An employees' union had argued that this social media policy unlawfully interfered with "protected concerted activities" for the purpose of "mutual aid and protection," which would violate the National Labor Relations Act (n. 11). The Office of General Counsel of the NLRB issued its ruling in December, 2009 that the social media policy, when considered as a whole, did not violate the "concerted activities" provisions of the NLRA (n. 12).
More recently, however, the NLRB has taken a contrary position, stating that a policy which discourages employees from complaining to and commiserating with each other about management actions does violate the "concerted activities" section of the NLRA. In American Medical Response of Connecticut, Inc. v. International Brotherhood of Teamsters, Local 443 (n. 13), the employer (an ambulance service provider) had a policy which prohibited employees from "depicting the company in any way" on social media sites on which employees made posts about themselves. The employee was asked by her supervisor to prepare an investigative report concerning a customer complaint about her work. She asked for representation in that process from her union, which was denied. Later that day, from her home computer, the employee made some negative comments about the supervisor on her personal Facebook®, which drew supportive responses from several co-workers. The employee was then suspended, and later terminated, on account of violations of the company's internet policies. The NLRB filed a complaint based upon the position that the policy at issue unlawfully interfered with and restrained employees' rights under the National Labor Relations Act in the free exercise of their right to engage in protected concerted activity, including communicating with each other about working conditions and the terms of employment. The NLRB's general legal counsel said publicly that "whether it takes place on Facebook® or at the water cooler, it was employees talking jointly about working conditions, in this case about their supervisor, and they have a right to do that."
The American Medical case was scheduled for hearing before a federal judge in late January, 2011, but that hearing was rescheduled to February to permit the parties to discuss settlement. On February 7, 2011, the parties entered a private settlement of the case. While the specific terms of the settlement were not disclosed, it is reported that the employer agreed not to discipline or discharge employees for engaging in discussions about wages and other work issues when not on the job. (n. 14). Therefore, there has been no judicial ruling on the issues in the case, so employers are left somewhat in limbo regarding the legality of these types of policies. Moreover, the issues in this case may affect all employers, and not just employers with union employees, because the NLRA restriction against policies which interfere with or restrain employees from protected "concerted activities," such as discussing working conditions, generally apply to all employers, and not just to employers with a union workforce.
Discovery Issues Involving Social Media. Savvy employers' lawyers have begun realizing that, in defending employment claims, employees' social network postings may contain a treasure trove of useful information. Is an employee's information discoverable, even if the employee had privacy settings set to "private?" Should an employer be permitted to learn the "friendship status" of the employee on Facebook® or Myspace®? While the Rules of Civil Procedure have been amended to address "e-discovery," those rules are not always applicable to information contained on social networking sites, since the data in question does not "reside" on the servers or computers of the litigants. This is another developing area of the law for employers' lawyers.
In Quigley Corp. v. Karkus (n. 15), a question arose in the context of a securities claim and a shareholder's failure to disclose the "relationship" of "friendship" on a social networking site. The court in that case held that "[f]or purposes of this litigation, the Court assigns no significance to the Facebook® 'friends' reference . . . ." In Mackelprang v. Fidelity National Title Agency of Nevada, Inc. (n. 16), the plaintiff alleged that she had been sexually harassed by her employer, and the employer sought discovery of private messages sent by the plaintiff through her MySpace® account to impeach the plaintiff's credibility, because the company believed the messages would show that the plaintiff was involved in an extramarital affair. The court in that case did not permit the "fishing expedition" discovery to proceed, because it was not directly related to plaintiff's employment.
By contrast, in EEOC v. Simply Storage Management, LLC (n. 17), the court permitted an employer to obtain discovery of an employee's social networking activity on MySpace® and Facebook®, even though the employee's "privacy settings" had been made "private" and the information sought was not available to the general public. Likewise, in Romano v. Steelcase, Inc. (n. 18), the trial court permitted discovery of the plaintiff's social networking information, even though her privacy settings had been set at "only friends," reasoning that liberal rules governing discovery mandated the result, and that to rule otherwise "would condone plaintiff's attempt to hide relevant information behind self-regulating privacy settings." The court held that the defendant could also access "deleted" information which was archived by the service providers.
Cases Involving Global Positioning Systems. In the evolving world of available technology, some employers have determined that they can monitor and track company vehicles (and thus, employees) for a variety of purposes through global positioning system (GPS) technology. Employers may have perfectly legitimate reasons for doing this, including monitoring the productivity of employees who travel as part of their job, keeping track of "time worked" for wage and hour purposes, or disciplining employees for unauthorized deviations and unproductive activities.
To date, only a handful of legal challenges by employees have resulted in lawsuits against employers based upon the use of GPS technology, and thus far, it does not appear that any employee legal challenges have prevailed. In Elgin v. St. Louis Coca-Cola Bottling Co. (n. 19), the employer tracked an employer-owned vehicle assigned to the plaintiff during both working and non-working hours, and the employee had not been informed ahead of time about the practice. He sued for invasion of privacy and "intrusion upon seclusion," but his claim was dismissed because the court found that the use of the GPS to track the location of the company car did not constitute a substantial intrusion upon his seclusion, "as it revealed no more than highly public information as to the van's location." Likewise, in Girardi v. City of Bridgeport (n. 20), the employer (i.e., the City) had installed a GPS device in a City-owned vehicle driven by a fire inspector, without the employee's knowledge. Information collected from the GPS device was used to discipline the fire inspector for poor job performance. Connecticut has a statute which prohibits an employer from electronically monitoring an employee's activities without prior notice, and the employee filed a lawsuit based upon the statute. The Connecticut Supreme Court held that the statute does not create a private right of action, and it also held that the employer had not violated the employee's expectation of privacy because the GPS unit did not provide any further information than could have been obtained through visual surveillance of the public roads.
Similar to GPS technology is "radio frequency identification" (RFID) technology, which permits "tracking" by radio frequency. In business, RFID is used to track sales, monitor inventory, and prevent theft. RFID has been used in medicine to obtain vital information from patients who cannot communicate, such as Alzheimer's patients, by implanting transponder "tags" (sometimes called microchips) the size of a grain of rice under the skin.
Some employers are already utilizing RFID technology with employees, such as by issuing identification cards which allow the employee access into parking lots, buildings and rooms; or the "EZPass" system which allows employees to pass toll gates on toll roads without stopping. This same technology also allows employers to determine the time an employer passed through the toll gate. RFID technology is also used by employers in connection with company-provided credit cards, parking cards, and cell phones. It may only be a matter of time before some employers may insist upon implanting a "tag" underneath the employee's skin. In fact, in 2006, a Cincinnati company gave employees the "option" of receiving such tags, but it also conditioned employee access to certain areas of its premises to having such a tag. (n. 21).
Conclusion. In the ever-changing world of developing technology, employers and their lawyers must try to stay in front of the curve, anticipating new legal issues and challenges. However, this will likely be an uphill battle, at best. Even before the pages of this Tennessee Bar Journal article yellow, it is virtually certain that some of the technologies discussed herein will be obsolete, and employers will be facing an entirely new set of legal issues. However, employers must not stick their heads in the sand, and at a minimum they should be aware of these developing issues and areas of legal conundrums, in the "brave new world" of technology at work.
1. New York Times, "Chevron Settles Sexual Harassment Charges," published February 22, 1995.
2. 18 U.S.C. §§ 2510 et seq.
3. 18 U.S.C. §§ 2701 et seq.
4. 130 S. Ct 2619, 177 L. Ed 2d 216 (decided June 17, 2010).
5. 130 S. Ct. at 2630.
6. See United States Supreme Court docket no. 08-1332; oral argument conducted April 19, 2009; transcript available at www.supremecourt.gov.
7. 130 S. Ct. at 2633 (emphasis added).
8. Footnote 3, supra.
9. 207 F. Supp. 2d 914 (W.D. Wis. 2002).
10. 2010 U.S. Dist. LEXIS 135339 (S.D.N.Y., decided December 22, 2010).
11 See 29 U.S.C. § 157.
12. NLRB Case No. 18-CA-19081, Advice Memorandum issued December 4, 2009.
13. Case No. 34-CA-12576 before the National Labor Relations Board.
14. The Wall Street Journal, "Facebook Firing Case Is Settled," reported February 8, 2011.
15. 2009 U.S. Dist. LEXIS 41296 (E. D. Pa. 2009).
16. 2007 U.S. Dist. LEXIS 2379 (D. Nev. 2009).
17. 2010 U.S. Dist. LEXIS 52766 (S. D. Ind. 2010).
18. 907 N.Y.S.2d 650 (Sup. Ct. N.Y., decided September 21, 2010).
19. 2005 U.S. Dist. LEXIS 28976 (E.D. Mo. 2005).
20. 985 A. 2d 328 (Conn. 2010).
21. Peter Laborge, "Company Required RFID Injection," www.securityfocus.com/brief/134