In a recent case out of the United States District Court for the District of New Jersey, a jury found that the employer violated the Stored Communications Act and a parallel New Jersey state law, which makes “it an offense to intentionally access stored communications without authorization or in excess of authorization,” by accessing a password-protected online discussion group maintained by its employees through MySpace.
In the case, a group of employees created a password-protected discussion site, which included sexual remarks about management and customers, references to violence and illegal drug use, and confidential employer information. Although one of the employee members of the group voluntarily presented a manager with some of the discussions, another manager later asked the same employee for the group’s password so that he could review the various postings. Subsequently, the two employees who moderated the discussion group were fired.
Based on testimony that the employee member gave management the password out of fear of retaliation, a jury concluded that the employer, through its managers, accessed the discussion group without authorization, in violation of the Stored Communications Act and parallel New Jersey state law. The jury ordered the employer to pay both compensatory and punitive damages.
The lessons of this New Jersey case are important for employers seeking to gain more information about potential hires through social media websites and for employers attempting to find discovery materials from adverse parties or non-party witnesses in the course of litigation. Not only might material obtained from social media sites be inadmissible in a future legal action, but it could actually create employer liability under the Stored Communications Act or similar state laws.
User profiles on social media sites are filled with information that could form the basis of discriminatory hiring decisions. Federal and state statutes prohibit employers from making employment decisions based on race, religion, sex, age, and national origin, just to name a few. This kind of information is readily available on most users’ profiles and could form the basis of a failure to hire action if an employer cannot provide a legitimate business reason for declining an applicant.
To circumvent any missteps, employers should establish a policy removing all decision makers from performing social media background checks and from examining the information background checks produce. As part of this policy, employers should also require that searches be performed in a consistent manner for every applicant in order to avoid disparate treatment liability.
Limit Use to Publicly Available Information
Employers must limit their searches to publicly available user information, and should not fraudulently gain access to users’ profiles – such as by posing as a long lost friend – or else risk violating the end-user licensing agreements of social media sites, the Stored Communications Act, and possibly common law privacy laws as well. Regardless of the reasons why an employer might want to access a current or former employee’s social media profile, it is absolutely necessary that an employer not attempt to do so through any type of fraud or misdeed.
Workplace Policy and Practice Implementation
Another issue for employers to undertake is their current employees’ use of social media sites. It is crucial that employers implement sound policies regarding social media and other Internet use in order to protect against liability. Employees should be cautioned that the company can and will monitor its e-mail and computer systems, and that employees should have no expectation of privacy when using company systems. With respect to blogging, employees should be told that they cannot attach company logos to their postings, or attribute to the company any views expressed in their writing, without prior permission. Employers should also have a policy detailing how the company will deal with lawful but inappropriate comments or material made publicly available by employees through social media sites.
Employers must be especially careful when taking adverse employment actions based on information found on social media sites, including employee rants against their supervisors. Furthermore, in light of the “off-duty conduct” statutes prohibiting employers from taking action against employees for engaging in certain lawful activities outside of work that many states have enacted, employers should be cautious when considering taking adverse employment actions based on information it learns of through employees’ social media user profiles.
Photo credit: Microsoft