Hot Topics in Workplace Privacy:
Social Media and Personal Devices
June 18, 2013
David E. Dubberly*
Nexsen Pruet, LLC
*Certified by S.C. Supreme Court as
Specialist in Employment and Labor Law
Workplace Privacy In The News
• Background
checks for
applicants
Workplace Privacy In The News
• Using social media
postings to screen
out applicants
Workplace Privacy In The News
• Discipline for critical social media posts
Workplace Privacy In The News
• New issue:
accessing
personal
devices to
monitor
compliance with
policies
Social Media and
ECPA Compliance
• Computer wiretap laws
– Electronic Communications Privacy Act as
amended by Stored Communications Act
• Criminal offense to access stored electronic
communications “without authorization”
• Also creates civil cause of action
– State computer crimes laws similar
Social Media and
FTC Compliance
• Federal Trade Commission
– Disclosure of employment status
– False or misleading statements
Social Media and
Discrimination/Harassment
• Title VII, ADEA, ADA
– Discriminatory comments
– Harassing messages or pictures
Social Media and
Trade Secret Protection
• S.C. Trade Secrets Act
– Trade secret information must be “the subject
of efforts that are reasonable under the
circumstances to maintain its secrecy”
• Reasonable measures may include:
–
–
–
–
–
–
Confidentiality agreements
Policy prohibiting improper disclosure
Security software for mobile devices
Strong passwords
Immediate report of lost or stolen device
Exit interview procedures
Social Media and
Labor Law Compliance
• National Labor Relations Act
– Section 7 rights (apply to non-supervisory
employees at almost all companies)
– Criticism of supervisor and employer
– Prohibition against surveillance
DISH Network Social Media Policy
• Policy:
– “You may not make disparaging or
defamatory comments about [Employer],
its employees, officers, directors, vendors,
customers, partners, affiliates, or our, or
their, products/services.”
DISH Network Social Media Policy
• National Labor Relations Board Acting
General Counsel May 2012:
– “[T]he prohibition on making ‘disparaging
or defamatory’ comments is unlawful.
Employees would reasonably construe
this prohibition to apply to protected
criticism of the Employer’s labor policies
or treatment of employees.”
Clearwater Paper Social Media Policy
• Policy:
– “Employees are prohibited from posting
information regarding [Employer] that
could be deemed material non-public
information or any information that is
considered confidential or proprietary.”
Clearwater Paper Social Media Policy
• NLRB Acting GC May 2012:
– “The term ‘material non-public information,’ in
the absence of clarification, is so vague that
employees would reasonably construe it to
include subjects that involve their working
conditions.”
– “[T]he term ‘confidential information,’ without
narrowing its scope so as to exclude Section
7 activity, would reasonably be interpreted to
include information concerning terms and
conditions of employment.”
Wal-Mart Social Media Policy
• Policy on content of communications:
– Prohibits “inappropriate postings that may
include discriminatory remarks, harassment
and threats of violence or similar
inappropriate or unlawful conduct.”
– “Examples … might include offensive posts
meant to intentionally harm someone’s
reputation or posts that could contribute to a
hostile work environment on the basis of race,
sex, disability, religion or any other
[protected] status.”
Wal-Mart Social Media Policy
• NLRB Acting GC May 2012 :
– Policy not ambiguous because “it provides
sufficient examples of prohibited conduct
so that, in context, employees would not
reasonably read the rules to prohibit
Section 7 activity.”
Wal-Mart Social Media Policy
• Policy on protection of confidential
information:
– “Maintain the confidentiality of [Employer]
trade secrets and private or confidential
information. Trades secrets may include
information regarding the development of
systems, processes, products, know-how
and technology. Do not post internal
reports, policies, procedures or other
internal business-related confidential
communications.”
Wal-Mart Social Media Policy
• NLRB Acting GC May 2012 :
– “Employees have no protected right to
disclose trade secrets. Moreover, the
Employer's rule provides sufficient examples
of prohibited disclosures (i.e., information
regarding the development of systems,
processes, products, know-how, technology,
internal reports, procedures, or other internal
business-related communications) for
employees to understand that it does not
reach protected communications about
working conditions.”
Social Media and Background Checks
• October 2011 survey by Reppler
– 91% of hiring managers use social media to
screen candidates
– 69% have rejected candidates based on their
social media sites
•
•
•
•
•
Lied about qualifications
Inappropriate photos
Inappropriate comments
Negative comments about prior employers
Demonstrated poor communication skills
– 68% have hired candidates based on their
social media sites
Social Media and Background Checks
• Main downsides
– Too much information
– Discrimination claims
– Some sites may be considered “consumer
reporting agency” for purposes of FCRA
• Best practices
–
–
–
–
Not decision makers
Same protocol for all applicants
Only public information/no deception
Only job-related information
What is BYOD?
• Transition from company-issued
BlackBerrys to employee-owned
smartphones and tablets
– Connect personal devices to employer email and data networks
– Create, store, and transmit work-related
information on personal devices employer
does not control
Work-Related Mobile Device Use
• March 2012 survey by SANS
– 60% of employers allow BYOD
• November 2012 survey by Ovum
– But only 30% require employees to sign
BYOD agreement
• March 2013 survey by Ponemon Institute
– 50% who left or lost jobs in last 12 months
admitted taking confidential information
– 40% plan to use it in another job
BYOD and CFAA Compliance
• Computer hacking laws
– Computer Fraud and Abuse Act
• Criminal offense to access computer “without
authorization”
• Permits recovery of money damages if such
access results in damage of over $5,000
– State computer crimes laws similar
BYOD and FLSA Compliance
• Fair Labor Standards Act
– Exempt vs. non-exempt employees
– Unpaid off-the-clock work
– Unpaid overtime
BYOD and OSHA Compliance
• Occupational Safety and Health Act
– Repetitive stress injuries
– Distracted driving
Sitton v. Print Direction, Inc.
(Ga. Ct. App. 2011)
• Employee used personal laptop connected to
employer’s network for work
• Also used it to send business to competing
business started by his wife
• While employee away from office, CEO entered
his office, moved computer’s mouse, clicked
on e-mail listing in personal account that
appeared on screen, and printed e-mails
showing disloyal conduct
• Employee terminated, then sued under GA
computer crimes statute and for common law
invasion of privacy
Sitton v. Print Direction, Inc.
(Ga. Ct. App. 2011)
• Trial court ruled for employer and
awarded $39,000 in damages
• Appeals court affirmed
– CEO’s actions not prohibited by GA statute
because they were not “without authority”
• Employer’s policy on computer use, which allowed
inspection of electronic devices in course of
investigation, applied to personal equipment
– CEO’s actions not unreasonable invasion of
privacy under circumstances
BYOD Policy and Consent Form
• What to do if device lost or stolen
• What employer data can be downloaded
to personal device
• Employer not liable for lost or damaged
personal data
• Signed consent for employer to monitor,
access, and remotely delete data in
specified circumstances
• Signed consent for employer to install
security software and applications to
protect its data
Questions?
1-800-825-6757
Nexsen Pruet website:
www.nexsenpruet.com