Privacy, Social Media and Employment Law: Balancing an Employer's Right to Know vs. Employee Privacy

© Bob E. Lype, 2011

Prepared in connection with the seminar, "Beyond the Basics in Employment Law," presented by Sterling Education Services, LLC in Chattanooga, Tennessee on January 27, 2011

Privacy in the workplace is a developing area of law. There are dozens of privacy-related considerations in the employment law setting, and many of the current issues being considered by courts, employees' lawyers and employers' lawyers are novel, so that guidance is somewhat scarce. These novel, developing issues include:

∙ Monitoring of employee communications or conduct at work (including e-mails, internet usage, telephone calls, text messaging, instant messaging, etc.)

∙ Monitoring, or making employment decisions based upon, employees' use of social media such as Facebook®, Twitter®, LinkedIn®, MySpace®, blogging, etc.

∙ Use of new technologies, such as global positioning systems (GPS devices), Google Maps®, and the like to "track" or monitor employee activities both while they are supposedly working and while they are away from work

The "internet," as we know it, was commercialized in the mid-1990s. However, in the last few years, there is a "second generation" of uses of the internet based upon what is commonly known as "Web 2.0" applications. These are applications which have made it easy for everyday folks to share information, collaborate, and interact on the World Wide Web almost instantaneously and inexpensively, through such things as blogs, Facebook®, video sharing sites such as YouTube®, microblogs such as Twitter®, and the like.

The conversational ease with which we can "post" comments, videos, rants, photos and the like through these Web 2.0 applications can cause us to say things "in the heat of the moment," or to use less discretion than we might use if we were writing a letter. In the employment law context, sometimes an employee might use a personal social media to express her personal feelings about a supervisor for the world to see. Sometimes the supervisor might post his gripes about an employee or group of employees. Sometimes such comments are sent out through the company's e-mail account. Sometimes a company's confidential or sensitive information, or even trade secrets, may be shared through a careless e-mail or "blast." There are a myriad of things which can "go wrong" with the use of the new technologies, from an employer's perspective.

In addition, most Web 2.0 applications allow for accounts which can be accessed from any computer with internet capabilities. This leads to employees accessing their social media sites while using their work-provided computers, or text messaging with their work-provided cell phones, etc.
The most frequently cited concerns for employers about these types of issues include:

∙ The drain on productivity caused by employees using social media and technology for personal reasons during work time

∙ The possible increase in malaware and viruses which may be introduced into the company's computer systems, since social media provides a massive platform for hackers to commit fraud and launch spam

∙ Damage to the company's brand and reputation resulting from poor decisions by employees which lead them to make unflattering, or even malicious, comments about the company or its employees

On the other hand, the use of Web 2.0 applications and social media can have certain benefits for employers, as well. These can include:

∙ Some customers, clients, vendors, etc. may be impressed when a company effectively uses these means to communicate, showing that the company is up-to-date and business savvy

∙ Social media may permit an expansion of the company's visibility in aid or marketing

∙ Social media may be an effective recruiting tool which will attract the interest of potential employees

∙ Because so much information is available in a public setting, companies may access the information to learn more about applicants and potential employees

∙ Social media can provide an excellent means of soliciting feedback from customers, clients, and even employees is a simple, cost-effective, and timely manner

There is a tendency to focus on the negative aspects of these new technologies in the workplace (and away from the workplace), but with the fast-paced developments and the seemingly limitless ways they can be used, employers and their attorneys should bear in mind that there can be a mixed bag of positives and negatives. They key for employers will be to learn how to minimize the negatives and maximize the positives.

A. WHOSE COMPUTER IS IT? MONITORING INTERNET AND E- MAIL.

"Why is beer better than women?" One answer: "Beer doesn't demand equality." It's an old, somewhat crude joke – and as you have likely heard by now, it cost Chevron Oil Company $2.2 million to settle a sexual harassment lawsuit in 1997. The lawsuit was brought by employees who alleged that Chevron had permitted its internal e-mail system to be used to disseminate sexually offensive content, such as this "joke." E-mail was still a fairly new tool in 1997, but publicity about the Chevron settlement gave employers a compelling reason to be interested in monitoring employees' e-mail usage. One recent study indicated that 70% of workers admitted having viewed or sent sexually explicit e-mails at work.

Studies show that more than 60 million Americans have e-mail and/or internet access at work. According to an ePolicy Institute study from 2004, 86% of workers who have work-provided e-mail use it for some personal use, including shopping, corresponding with family and friends, browsing news or personal interest sites, etc. In 2000, almost 50% of holiday purchases were made during business hours.

The most commonly cited reasons employers monitor e-mail and internet usage are:

∙ To reduce the risk of legal liability for sexual harassment, fraud, etc.

∙ To protect company assets (e.g., both to avoid introduction of harmful viruses and the like, and to prevent dissemination of confidential information)

∙ To prevent loss of productivity

Electronic Privacy Communications Act. The Electronic Privacy Communications Act ("EPCA")(18 U.S.C. §§ 2510 et seq.) protects most electronic communications, including e-mail, from interception, attempted interception, disclosure, and unauthorized access. Whether the statute applies depends upon the medium of the message, the system upon which the message is located, and whether the message is in transit or stored. Among the exceptions under the EPCA, there are three which would relieve an employer from liability for monitoring its employees' e-mails: (1) consent (which includes implied consent), (2) the "provider" exception (which applies when a company provides its own e-mail service or communications systems), and (3) the "intra company communications" exception (when the employer accesses stored communication files).

By way of example, in Fraser v. Nationwide Mutual Ins. Co., 352 F.3d 107 (3d Cir. 2003), the terminated employee argued that his employer had improperly "intercepted" his e-mails which were stored on the company's central file server. The Court held that no "interception" had occurred under the EPCA.

Stored Communications Act. The Stored Communications Act ("SCA")(18 U.S.C. §§ 2701 et seq.) prohibits unauthorized access to stored electronic communications, giving a private cause of action for unauthorized access to stored data found on a computer's hard drive or e-mail servers. However, the SCA contains a "provider exception" which would apply to employer-provided accounts, equipment, etc.

General rule. It is generally well-settled than an employer may monitor an employee's use of company-provided e-mail systems, internet usage, and the like. The key consideration for the employer is to have a clear, clearly communicated policy which removes any reasonable expectation of privacy from the employee in connection with such use of company equipment or accounts, whether that use occurs at work or away from work.

If an employee decides to pursue a tort-type invasion of privacy claim based upon an employer's review of e-mails, the employee must establish some reasonable expectation of privacy in the communications. In the cases which have considered such claims, this has proved to be a very difficult thing for employees to so. See, e.g. United States v. Hassoun, 2007 U.S. Dist. LEXIS 3404 (S.D. Fla. Jan. 17, 2007)(in light of employer's written policies, employee had no reasonable expectation of privacy in his office computer or e-mail); Garrity v. John Hancock Mutual Life Ins. Co., 2002 U.S. Dist LEXIS 8343 (D. Mass., May 7, 2002)(employee had no reasonable expectation of privacy in folders marked "personal"); Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996)(no reasonable expectation of privacy in work e-mail, even in the absence of a written e-mail policy).

With regard to a common law invasion of privacy claim, the most frequent subset of invasion of privacy claims relied upon by employees is "intrusion upon seclusion." While Tennessee has not specifically adopted the "intrusion into seclusion" type of claim for invasion or privacy, the Tennessee Supreme Court seems to have implicitly conceded that such a claim may be cognizable in this State. See Givens v. Mulliken, 75 S.W.3d 383 (Tenn. 2002).

Recent lesson from the Supreme Court regarding reasonable expectation of privacy. In June, 2010, the United States Supreme Court decided a case in the context of a public employee (i.e., a police officer) who sent text massages via an employer-provided pager. The case was City of Ontario, California v. Quon, 130 S. Ct 2619, 177 L. Ed 2d 216 (decided June 17, 2010). While Quon involved a public employer, and while it involved text messages sent by pager, it is nonetheless instructive for all employers with regard to the reasonable expectation of privacy issue. In Quon, the police department supplied pagers which could send and receive text messages, but there was a monthly limit on the number of characters each pager could send or receive, with a resulting fee if the number of characters was exceeded. When Officer Quon and several other officers exceeded the monthly character limits for several months, the police chief reviewed transcripts of the text messages sent over a two-month period, in order to evaluate whether the existing character limits was too low, or whether the officers would need to pay the fee. It was discovered that many of Quon's messages were not work-related, and some were sexually explicit. The internal affairs division compared the dates and times of text messages to his work schedule, and he was ultimately disciplined for violating the department's rules.

Quon then filed a lawsuit alleging violations of his Fourth Amendment Rights (reminder: his employer was a governmental agency), as well as violations of the federal Stored Communications Act by the pager service provider. The question reviewed by the Supreme Court involved Quon's reasonable expectation of privacy.

The police department had a clear Computer Policy which pertained to e-mails, and which clearly stated that the department reserved the right to monitor and log all e-mail and internet use, with or without notice. On its face, the policy did not state that it applied to text messages sent via the pagers, and the Supreme Court noted that text messages are unlike e-mails in that they did not pass through the department's computer servers. However, in staff meetings the officers were told that pager messages "are considered e-mail messages," and that they "would be eligible for auditing." This was later confirmed in a written memorandum to officers. The Supreme Court had no trouble in deciding that the official policy of the department removed any reasonable expectation of privacy, for purposes of reviewing the reasonableness of the search under the Fourth Amendment claim.

However, there was more to the story. It turned out that Quon's supervisor had told Quon, the first or second time that he had an overage of characters, that "it was not his intent to audit an employee's text messages to see if the overage was due to work related transmissions," and that Quon could reimburse the overage fee rather than having any audit performed. Quon agreed and reimbursed the overage fee for several months, but the supervisor eventually "became tired of being a bill collector" and performed the audit.

Therefore, the Supreme Court had to consider whether these statements by the supervisor "overrode the official policy" and gave Quon the basis for a reasonable expectation of privacy? The Court then "punted" on the issue and stated that it would "assume arguendo" that Quon did have a reasonable expectation of privacy in the text messages. The Court was obviously wary about making any ruling on this issue which would be taken too broadly, noting:

Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior. As one amici brief notes, many employers expect or at least tolerate personal use of such equipment by employees because it often increases worker efficiency. Another amicus points out that the law is beginning to respond to these developments, as some States have recently passed statutes requiring employers to notify employees when monitoring their electronic communications. At present, it is uncertain how workplace norms, and the law's treatment of them, will evolve....

Cell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification. That might strengthen the case for an expectation of privacy. On the other hand, the ubiquity of those devices has made them generally affordable, so one could counter that employees who need cell phones or similar devices for personal matters can purchase and pay for their own. And employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.

A broad holding concerning employees' privacy expectations vis-a-vis employer-provided technological equipment might have implications for future cases that cannot be predicted. It is preferable to dispose of this case on narrower grounds.

Quon, 130 S. Ct at 2629-2630 (internal citations omitted).

The Court then proceeded to issue its decision based upon the assumption that the supervisor's statements overrode the department's policies and did allow the officer to have a reasonable expectation of privacy in his text messages. This quasi-ruling by the Supreme Court may give employers some heartburn, because it seems to indicate that even a good, effective company policy may be overridden by a passing comment by a supervisor. Ouch!

On the other hand, the Supreme Court's ultimate ruling will likely be helpful to employers. It held that "because the search was motivated by a legitimate work-related purpose, and because it was not excessive in scope, the search was reasonable," for purposes of the Fourth Amendment claim. While the Court was careful and narrow in the rationale behind its ruling regarding the expectation of privacy, it went out of its way to broaden its ultimate holding to include the private employer context, stating, "the Court also concludes that the search would be 'regarded as reasonable and normal in the private-employer context....'" 130 S. Ct at 2633 (emphasis added).

Therefore, for private employers, the Quon decision teaches:

∙ An employer's computer-usage and e-mail policies can be expanded to cover other applications, such as text messages, by follow-up clarifications and memoranda

∙ The computer-usage and e-mail policy can remove any reasonable expectation of privacy by the employee

∙ Passing comments by a supervisor may reinstate the reasonable expectation of privacy

∙ But monitoring of the e-mails, text messages and the like by a private employer may still be regarded as "reasonable," so long as it was (1) motivated by a legitimate work-related purpose, and (2) not excessive in scope

What about web-based e-mail accounts or "webmail"? Most decided cases involve employees' use of e-mail via accounts provided by the employer, using the employer's e-mail servers, etc. What about when an employee has, and uses, a personal, web-based e-mail account (such as a Yahoo® account, or a GMail® account, or an AOL® account) when the employee is at work?

The Electronic Communications Privacy Act (referenced above) would not apply to interception of web-based e-mail by an employer because no "interception" occurs, since the e-mails never touch the employer's server, but instead merely traverse the employer's network to and from the web-mail provider's server. However, it is less certain whether the Stored Communications Act (referenced above) might apply.

There is a scarcity of case-law and authorities addressing the monitoring of employee's personal web-mail accounts by an employer. In one case which addressed this question, Fischer v. Mt. Olive Lutheran Church, 207 F. Supp. 2d 914 (W.D. Wis. 2002), a senior pastor overheard a telephone conversation by a children's pastor which seemed to indicate possible homosexual relationships. The senior pastor sent the children's pastor home, then hired a technology consultant to examine the church's computers. The children's pastor had a password-protected Hotmail® account which had been accessed through the church's internet connection. The senior pastor was able to guess the password, and the consultant accessed the personal Hotmail® account on multiple occasions, and eventually the children's pastor was terminated. He sued and asserted a common law invasion of privacy claim, as well as a claim under the Stored Communications Act, arguing that his e-mails had not been accessed from employer-provided servers, but rather from a remote, web-based server owned by Microsoft. Unfortunately, the Fischer court never definitively answered the question whether there was a violation of the SCA, but it gave an indication that it believed the legislative history behind the SCA showed that the actions in that case should have been covered by the Act. The Fischer court also denied that the defendant was entitled to summary judgment on the invasion of privacy claim.

More recently, in Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, Inc. (S.D.N.Y., decided December 22, 2010), the Court considered a similar situation. Employees of a gym had signed non-compete agreements, but they decided to set up a competing business. The employer filed a lawsuit based upon the non-compete agreements, using as evidence 546 e-mails from the employees' Hotmail and GMail accounts which showed that the employees had taken customer lists and training materials, as well as solicited customers. But how did the employer get access to the e-mails? It turned out that the computers the employees while working for the employer "auto-stored" the user-name and password fields, so the employer simply logged on as the employees. The employees, who had obviously done something improper, counter-sued the employer for violations of the Stored Communications Act, and the Court agreed that violations had occurred. Moreover, even if the employees had not sustained actual damages, they were awarded $1,000 as statutory damages per violation. The employees wanted the Court to find 546 separate violations, but it instead found that due to the proximity in time of the access to the e-mails, there was only one violation. Still, the lesson to employers is that accessing web-based e-mail accounts may lead to SCA claims.

B. WIRELESS DEVICES AND EMPLOYER AND EMPLOYEE PRIVACY VIOLATIONS.

"Wireless devices" is a broad term, which can include communications by cellular telephones, instant messaging and text messaging via cellular telephones, and similar types of communications. It can also include other types of technologies, such as personal digital assistants (PDAs), global positioning system (GPS) units, and other such technologies. "Wireless" refers to the use of energy sources to transfer information, including radio frequencies, infra red lights, laser lights and "acoustic energy." Wireless communication includes the communications between a television set and a remote control, or permitting a computer to make an internet connection via "Wi-Fi," or BlueTooth® connections. "Wireless" is not necessarily a synonym for "cordless."

Text messaging and similar "wireless" communications. Employee communications by wireless devices can include text messaging, cellular telephone conversations, instant messaging and e-mails sent via wireless devices such as Blackberry® phones. A 2008 Nielsen study showed that U.S. wireless subscribers now send and receive more text messages than mobile phone calls. A 2007 survey showed that 19% of "smart phone" users worked more than 50 hours per week, and one-third believed that their smart phones "enslaved them to their work."

Employers are learning that they can face liability because of text messages and instant messages, just as they learned about e-mails over the last decade. In one case, a company employee received a sexually explicit text message from her boss's phone at 2:00 a.m. The boss denied sending the message, claiming that a friend used his phone that night without telling him. Nonetheless, the company paid a $50,000 settlement. In another example, Central Michigan University paid a $450,000 settlement to two soccer players because of alleged sexually explicit text messages sent by their coach.

With regard to expectations of privacy and an employer's right to monitor text messaging and other forms of wireless communications sent via company-provided cellular telephones and similar technologies, the generally accepted "rule of thumb" remains the same as with regard to computer and e-mail monitoring – employers should have a clearly communicated policy which removes any reasonable expectation of privacy by the employee, and then, employers should have the right to monitor such communications. Of course, having the right to do so does not necessarily make this a prudent course in all cases.

The most recent guidance regarding monitoring text messages and similar communications comes from the 2010 Supreme Court case of City of Ontario, California v. Quon, discussed above. As is discussed above, Quon provides the following guidance for employers:

∙ An employer's computer-usage and e-mail policies can be expanded to cover other applications, such as text messages, by follow-up clarifications and memoranda

∙ The computer-usage and e-mail policy can remove any reasonable expectation of privacy by the employee

∙ Passing comments by a supervisor may reinstate the reasonable expectation of privacy

∙ But monitoring of the e-mails, text messages and the like by a private employer may still be regarded as "reasonable," so long as it was (1) motivated by a legitimate work-related purpose, and (2) not excessive in scope

Reminder to Tennessee employers: no texting while driving law. Tennessee employers should also be mindful that Tennessee has passed legislation which prohibits texting while driving. The law is codified at Tenn. Code Ann. § 55-8-199. If an employer provides a cellular telephone to an employee who drives during the course of employment, the employer should adopt and communicate a clear policy prohibiting texting while driving, both for the safety of employees and others, and also to create at least an argument for a defense against respondeat superior liability following an accident caused by an employee texting while driving on company business.

Other wireless device concerns: GPS and RFID technology. Besides the more obvious examples of wireless devices (smart phones, text messaging, etc.), there are at least two new forefront issues for employers involving wireless technologies which impact employee privacy concerns. They involve the application of new technologies by employers in new and unique ways – so new, in fact, that there is virtually no specific legal guidance on their part to date. However, employers and their attorneys should be aware of the new technologies and the potential employment-related legal claims which will almost certainly follow. The two technologies are "global positioning system" (GPS) technology and "radio frequency identification" (RFID) technology.

Creative employers have begun to see new applications for GPS technology, which uses satellites to communicate with devices on the ground to determine the device's exact location at any given point in time. Some of the new applications include tracking the whereabouts of employees who travel as part of their job, as well as logging driving for purposes of "time worked" and avoiding unauthorized overtime, and disciplining employees for unauthorized deviations and unproductive activities.

To date, only a handful of legal challenges by employees have resulted in lawsuits against employers based upon the use of GPS technology, and thus far, it does not appear that any employee legal challenges have prevailed. In Elgin v. St. Louis Coca-Cola Bottling Co., 2005 U.S. Dist. LEXIS 28976 (E.D. Mo. 2005), the employer tracked an employer-owned vehicle assigned to the plaintiff during both working and non-working hours, and the employee had not been informed ahead of time about the practice. He sued for invasion of privacy and "intrusion upon seclusion," but his claim was dismissed because the court found that the use of the GPS to track the location of the company car did not constitute a substantial intrusion upon his seclusion, "as it revealed no more than highly public information as to the van's location." Likewise, in Girardi v. City of Bridgeport, 985 A. 2d 328 (Conn. 2010), the employer (i.e., the City) had installed a GPS device in a City-owned vehicle driven by a fire inspector, without the employee's knowledge. Information collected from the GPS device was used to discipline the fire inspector for poor job performance. Connecticut had a statute which prohibited an employer from electronically monitoring an employee's activities without prior notice, and the employee filed a lawsuit based upon the statute. The Connecticut Supreme Court held that the statute did not create a private right of action, and it also held that the employer had not violated the employee's expectation of privacy because the GPS unit did not provide any further information than could have been obtained through visual surveillance of the public roads.

RFID technology is similar to GPC technology, in that it involves "tracking," except that it tracks by radio frequency. In business, RFID is used to track sales, monitor inventory, and prevent theft. (Think of the "tags" which must be removed from clothing you purchase at a store before you exit through the "sensor" doors). RFID has been used in medicine to obtain vital information from patients who cannot communicate, such as Alzheimer's patients, by implanting transponder "tags" (sometimes called microchips) the size of a grain of rice under the skin. Can you imagine the ways an employer might utilize this technology?

Actually, some employers are already utilizing RFID technology with employees, such as by issuing identification cards which allow the employee access into parking lots, buildings and rooms; or the "EZPass" system which allows employees to pass toll gates on toll roads without stopping. This same technology also allows employers to determine the time an employer passed through the toll gate. But would any employer dare to suggest implanting a "tag" underneath the employee's skin – and would any employee ever go along with that? In 2006, a Cincinnati company gave employees the "option" of receiving such tags, but it also conditioned employer access to certain areas of its premises to having such a tag.

Even without subcutaneous tagging, employers can and do still utilize this technology with employees with such items as company-provided credit cards, parking cards, cell phones, etc. Until legal precedents and authorities are developed, we may assume that the legal analysis would be much the same as with regard to GPS technology. However, if employers begin requiring under-the-skin tagging, expect new legal arguments and new legal implications.

C. MONITORING AND CREATING POLICIES REGARDING ELECTRONIC COMMUNICATIONS.

The first and most important thing an employer should do regarding its plan to monitor employees' communications and technology use is to provide notice to the employees. As the Court stated in U.S. v. Bailey, 272 F. Supp. 2d 822,835 (D. Nebraska 2003), "an employer's notice to an employee that workplace files, Internet use, and e-mail may be monitored undermines the reasonableness of an employee's claim that he or she believed such information was private and not subject to search." Adequate notice removes the employee's claim of any reasonable expectation of privacy.

Such notice also serves the ultimate purpose of the employer's monitoring policy – altering employee's behavior. In addition, when an employer provides notice of its policy with an explanation of the legitimate business interests which lead to the need for the policy, then any stigma that the employer is "spying on its employees" can be removed.

If an employer already has an existing electronic communication and/or monitoring policy, it should review the policy to ensure that it extends to all forms of electronic communications. This is one of the lessons from the Supreme Court's 2010 Quon decision. As a reminder, the employer's policy in Quon covered e-mail communications, but as originally written, it did not cover text messages. However, the employer provided both verbal and written notice that text messages would be treated the same as e-mails, which worked in the employer's favor.

In addition, in another lesson from Quon, an employer should ensure that there are no "informal policies" in place which would undermine the written policies. In Quon, a supervisor had verbally re-assured the employee that his text messages would not be monitored, so long as he paid the monthly text message overage fee. The Supreme Court "assumed" that the supervisor's statement created a reasonable expectation of privacy on the part of the employee in his text messages. Employers should educate their supervisors regarding the electronic communications policies, and they should instruct supervisors to not make any statements, promises, etc. inconsistent with the policies.

One commentator has summarized the following key principles to be included in an employer's policy: (1) have a formal written policy and distribute it to all employees; (2) use the policy to inform employees that e-mail and other employer provided hardware are for business use only; (3) enforce the policy to avoid creating an informal expectation of privacy through lack of enforcement; (4) prohibit offensive or sexually explicit material; and (5) include all forms of electronic communications in the policy. See Alper, "Managing the Electronic Workplace," 36th Annual Institute on Employment Law 2007.

D. THE USE OF SOCIAL NETWORKING SITES IN THE EMPLOYMENT CONTEXT.

1. Employer Risks With Using Social Networking Sites for Employment Decisions.

"Social networking" sites can include Facebook®, Twitter®, LinkedIn®, MySpace®, and other similar sites. These sites serve as all-purpose platforms for on-line networking. Users create a profile which includes a variety of personal and professional information (e.g., date of birth, education, employer, marital status, employment history, expertise, awards), and then the users invite others to join their networks. Users can also contact others within the networks of their contacts, expanding their on-line connections.

Users of social networking sites can also share information through various "channels" of communication, including messaging, video file sharing, discussion forums, and blogging (short for "web logging").

For those seeking employment, social networking sites can serve as a useful tool to complement the more traditional job-seeking efforts. For example, LinkedIn® claims to have 8.5 million professional users from 150 industries across the globe.
Employers have also begun to use social networking sites in efforts to recruit candidates for employment. According to one source, roughly half of employers in the U.S. are using internet searches to "vet" job candidates. Employers can search sites for individuals with skill-sets and experience which matches job openings. This includes the ability to locate "passive" job candidates, i.e., those who might be interested, but are not formally looking for a job opportunity.

Employers also have begun to use social networking sites as a part of their background checks on applicants. There is a wealth of information which can be "mined" from an applicant's various social networking sites, which can include job attitudes, political affiliations, age and marital status. "Vetting" through reviewing social networking sites can also expose those who would lie or cheat to get a job. According to one source from 2006, 44% of job applicants lied about their work histories, 41% lied about their education, and 23% falsified credentials or licenses. But should an employer use social networking as part of a background check? What are the legal risks?

Because information posted on internet sources is generally considered public, and because information posted on web page "profiles" generally consists of voluntary disclosures, employers are not generally restricted from accessing such information. However, employers should be aware of two important caveats: (1) authentication – everything located on the internet is not infallibly true and correct; and (2) an employer cannot use information gathered in this manner to screen out applicants based upon membership in protected classes, such as racial groups, ethnic groups, religious persuasions, etc. Finally, because review of candidate profiles on social networking sites is likely to retrieve isolated bits of personal information, the employer who utilizes such a search risks making judgments out of context.

2. Best Practices and Policies to Minimize Employer Risk.

To minimize the risk of a discrimination-type claim on account of "screening" applicants through a review of social networking sites, there are various things an employer can do. The "safest" way an employer can utilize social networking information in this manner is to obtain the applicant's consent and only conduct the review after a conditional job offer has been extended. However, in the real world, few employers are willing to wait until that point before mining the publicly-available data.

Another best practice for employers in this regard is to avoid relying exclusively, or almost exclusively, on the results from any social network review in making any employment decisions.
In addition, employers should clearly train their managers, and all persons who may be involved in the review and/or decision-making process, of the legal obligation to avoid gathering any information about membership in any protected class, or any information which might tend to disclose an applicant's or employee's medical conditions.

Finally, employers should consider working with their IT personnel to come up with a way to verify and confirm what information has been accessed. While a "scout's honor" system might work, a better plan would be to come up with some analysis of web logs which shows which sites were accessed, on which dates, by which computers. Then, so long as the supervisors conducting the searches and reviews understand and honor the company's policies, there will be objective evidence to support, and hopefully to defeat, a claim by a disgruntled, unsuccessful applicant.

E. OFF THE JOB BEHAVIOR, E.G., BLOGGING, FACEBOOK AND DATING.

Facebook and blogging. As is noted above, there are millions of Americans who regularly use Facebook® accounts, write web logs or "blogs," etc. Any American employer of any appreciable size is bound to have multiple employees who use these outlets to express their frustrations, to tell funny anecdotes, to spread some amount of gossip, etc. Often the gripes involve supervisory employees, or the funny anecdotes and rumors involve co-workers. What can, and what should, and employer do with regard to such behavior?

Employers can be pretty savvy. Consider the soon-to-be Cisco employee who posted the following "tweet" on Twitter®: "Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work." A Cisco supervisor saw the "tweet" and tweeted back, "Who is the hiring manager? I'm sure they would love to know that you will hate the work. We here are Cisco are well versed in the web." The job offer was rescinded shortly thereafter.

The tensions regarding these matters are between an employer's business interests and an employee's or applicant's privacy and rights of personal expression. A 2009 study showed that 12% of employers monitor "the blogosphere to see what is written about it," while 10% of employers regularly monitor social networking sites to see what is being written about them. Frankly, these figures seem low.

There is little data to show how many employees have been terminated for blogging-type activities or posts on social networking sites like Facebook. However, there are at least some examples of it, and in fact, there is a term which has been coined to describe this – "dooced." The term comes from the real-life example of the termination of an employee named Heather Armstrong after her supervisor saw a personal blog – located at www.dooce.com – which contained satirical comments critical of management.

A handful of states have enacted legislation which limits the rights of employers to take employment actions based upon such off-duty conduct as blogging and Facebook posts (California, New York, Colorado, Montana and North Dakota).

Even in states where no such statutes have been enacted, employers could face legal liability for employment decisions based upon off-duty blogging or Facebook posts, such as: (1) if the employee blogs or posts about status in a protected class, or a medical condition, or a religious belief – employment decisions could lead to a discrimination claim; or (2) if the employee blogs or posts about alleged harassment or discrimination at work – employment decisions could lead to a retaliation claim; or (3) if the employee "whistleblows" about alleged company wrongdoing – employment decisions could lead to a retaliation claim, or possibly a Sarbanes-Oxley type whistleblower claim.

On the other side of the spectrum, employers could be held liable and responsible for certain communications by their employees, even if the communications occur away from work. For example, if an employee of a publicly traded company revealed non-public information about the company's financial forecasts through a blog or post, the employer could be held liable under securities laws.

Discovery issues. One developing topic for employers and their lawyers is whether information posted or available through blogs, social networks sites, etc., is subject to discovery in litigation? While the Rules of Civil Procedure have been amended to address "e-discovery," those rules are not always applicable to information contained on social networking sites, since the data in question does not "reside" on the servers or computers of the litigants. In addition, there are likely to be arguments about the relevance, as well as the admissibility, of any evidence obtained from such sites. Would a person's "friendship" status have any legal significance to a lawsuit? In Quigley Corp. v. Karkus, 2009 U.S. Dist. LEXIS 41296 (E. D. Pa. 2009), this question arose in the context of a securities claim and a shareholder's failure to disclose this "relationship." The Court held that "[f]or purposes of this litigation, the Court assigns no significance to the Facebook 'friends' reference . . . ." However, the litigation still involved discovery issues related to the Facebook status. In Mackelprang v. Fidelity National Title Agency of Nevada, Inc., 2007 U.S. Dist. LEXIS 2379 (D. Nev. 2009), the plaintiff alleged that she had been sexually harassed by her employer, and the employer sought discovery of private messages sent by the plaintiff through her MySpace account to impeach the plaintiff's credibility, because the company believed the messages would show that the plaintiff was involved in an extramarital affair. The court in that case did not permit the "fishing expedition" discovery to proceed, because it was not directly related to plaintiff's employment.

In a recent case, EEOC v. Simply Storage Management, LLC, 2010 U.S. Dist. LEXIS 52766 (S. D. Ind. 2010), the court permitted an employer to obtain discovery of an employee's social networking activity on MySpace and Facebook, even though the employee's "privacy settings" had been made "private" and not available to the general public.

Pending case regarding Facebook posts. Finally, employers and their attorneys should be aware of a ground-breaking, pending case before the National Labor Relations Board, which is scheduled for hearing on January 25, 2011. The case is American Medical Response of Connecticut, Inc. v. International Brotherhood of Teamsters, Local 443, Case No. 34-CA-12576 before the National Labor Relations Board. The issue of the case involves whether an employee may be disciplined or terminated for making negative comments about her supervisor in posts on her private Facebook account, from her home computer.

In American Medical, the employer is an ambulance service provider, and the employee was an emergency medical technician who was fired for violating a company policy which prohibited employees from "depicting the company in any way" on Facebook and other social media sites on which employees made posts about themselves. The employee was asked by her supervisor to prepare an investigative report concerning a customer complaint about her work. She asked for representation in that process from her union, which was denied. Later that day, from her home computer, the employee made some negative comments about the supervisor on her personal Facebook, which drew supportive responses from several co-workers. The employee was then suspended, and later terminated, on account of violations of the company's internet policies.

The NLRB investigated and found that the employee's Facebook postings constituted "protected concerted activities" for the purpose of "mutual aid and protection," and that the company's policies unlawfully interfered with and restrained employees' rights under the National Labor Relations Act in the free exercise of their right to engage in protected concerted activity, including communicating with each other about working conditions and the terms of employment.

The NLRB's general legal counsel has said that "whether it takes place on Facebook or at the water cooler, it was employees talking jointly about working conditions, in this case about their supervisor, and they have a right to do that."

And now for a key point – obviously, the employee in American Medical was a union member and the complaint arose in the context of union representation. However, the NLRB restriction against policies which interfere with or restrain employees from protected "concerted activities," such as discussing working conditions, generally apply to all employers, and not just to employers with a union workforce. Therefore, all employers should monitor the results of this pending case, and they may need to review and revise their internet policies.

Soon we will know the outcome of this case. Meanwhile, employers and their lawyers should bear in mind that policies which "chill" co-workers from discussing working conditions and supervisors, including on social networking sites, may violate the "concerted activity protections" under the NLRA which apply to both union and non-union work settings.

Dating and other out-of-work activities. The National Institute of Business Management suggests a "litmus test" for employers in deciding whether to "police" an employee's off-duty conduct: "If an employee's off-duty conduct puts your company in legal or financial jeopardy, courts will be more willing to let you regulate it." Of course, this is not a definitive legal standard.

There are a myriad of examples of off-duty conduct which might clash with the interests of the employer. A sampling of examples, together with a sampling of how courts have viewed the employer actions, includes:

∙ Dating and/or sexual relationships (e.g., a company terminated an executive after he attended a convention with a woman who was not his spouse in Staats v. Ohio Nat'l Life Ins. Co., 620 F. Supp. 118 (W.D. Pa 1985); an employee was terminated due to inter-racial dating in Adams v. Governor's Comm. on Post-Secondary Education, 26 Fair Empl. Prac. Cases (BNA) 1348 (N.D. Ga. 1981))

∙ Sexual orientation

∙ Civic/political activities

∙ Leisure activities

∙ Moonlighting

Sonne, "Monitoring for Quality Assurance: Employer Regulation of Off-Duty Behavior," 43 Ga. L. Rev. 133 (Fall, 2008) lists several examples of employer actions based upon off-duty conduct (internal citations omitted):

∙ In the early twentieth century, Henry Ford was notorious for creating a "Sociology Department," which was "responsible for ferreting out immoral and undesirable behavior on the part of Ford employees" both on and off the job site.

∙ In the 1990s, retail giant Wal-Mart Stores, Inc. maintained a policy barring a "dating relationship between a married associate and another associate, other than his or her own spouse."

∙ In the summer of 1999, Arizona's Scottsdale Healthcare fired two nurses for violating a policy against "immoral or indecent conduct while on or off duty" by running a sexually explicit website.

∙ Around January 2003, Weyco Inc., a mid-sized administrator of medical benefits, announced that "it would no longer hire smokers and told current employees who smoked that they had 15 months to quit."

∙ In May 2003, a Budweiser beer distributor apparently terminated an employee for his public drinking of a beer produced by its arch-rival, Coors, while a similar incident occurred in 2005 when a Miller beer distributor's employee drank a Budweiser.

∙ In January 2006, Gannett Co., a large publishing company, "added a $ 50 a month surcharge to the health premiums of its employees who smoke." PepsiCo charges smokers $100 more per year

∙ In May 2007, the Olive Garden restaurant terminated a supervisor "after she posted photos of herself, her [underage] daughter, and other restaurant employees hoisting empty beer bottles" on MySpace.

There are simply too many cases, and too many examples, to discuss in this article and seminar materials. The general approach has been to uphold employers' decisions in most instances based upon the employment at will doctrine. Employees have advanced a number of arguments and claims, with varying degrees of success, including claims based upon invasion of privacy, constitutional principles such as freedom of association, public policy arguments, and tort claims such as intentional infliction of emotional distress or outrageous conduct. Commentators have suggested a host of approaches to these issues.
At present, because of the "mixed bag" of claims, issues and results, employers are best advised to seek legal counsel before implementing any decisions, policies or approaches based upon off-duty conduct by employees. Each situation should me measured in a case-by-case approach.

View all articles by Bob E. Lype

Certifications of specialization are available to Tennessee lawyers in all areas of practice related to or included in the areas of Civil Trial, Criminal Trial, Business Bankruptcy, Consumer Bankruptcy, Creditor's Rights, Medical Malpractice, Legal Malpractice, Accounting Malpractice, Elder Law, Estate Planning and Family Law. Listing of related or included practice areas herein does not constitute or imply a representation of certification of specialization.

Tennessee law requires me to inform you that this website is an advertisement. The information contained in this website is not intended as legal advice. Visiting this website does not and is not intended to create an attorney-client relationship.