Hot Topics in Workplace Privacy: Social Media and Personal Devices June 18, 2013 David E. Dubberly* Nexsen Pruet, LLC *Certified by S.C. Supreme Court as Specialist in Employment and Labor Law Workplace Privacy In The News • Background checks for applicants Workplace Privacy In The News • Using social media postings to screen out applicants Workplace Privacy In The News • Discipline for critical social media posts Workplace Privacy In The News • New issue: accessing personal devices to monitor compliance with policies Social Media and ECPA Compliance • Computer wiretap laws – Electronic Communications Privacy Act as amended by Stored Communications Act • Criminal offense to access stored electronic communications “without authorization” • Also creates civil cause of action – State computer crimes laws similar Social Media and FTC Compliance • Federal Trade Commission – Disclosure of employment status – False or misleading statements Social Media and Discrimination/Harassment • Title VII, ADEA, ADA – Discriminatory comments – Harassing messages or pictures Social Media and Trade Secret Protection • S.C. Trade Secrets Act – Trade secret information must be “the subject of efforts that are reasonable under the circumstances to maintain its secrecy” • Reasonable measures may include: – – – – – – Confidentiality agreements Policy prohibiting improper disclosure Security software for mobile devices Strong passwords Immediate report of lost or stolen device Exit interview procedures Social Media and Labor Law Compliance • National Labor Relations Act – Section 7 rights (apply to non-supervisory employees at almost all companies) – Criticism of supervisor and employer – Prohibition against surveillance DISH Network Social Media Policy • Policy: – “You may not make disparaging or defamatory comments about [Employer], its employees, officers, directors, vendors, customers, partners, affiliates, or our, or their, products/services.” DISH Network Social Media Policy • National Labor Relations Board Acting General Counsel May 2012: – “[T]he prohibition on making ‘disparaging or defamatory’ comments is unlawful. Employees would reasonably construe this prohibition to apply to protected criticism of the Employer’s labor policies or treatment of employees.” Clearwater Paper Social Media Policy • Policy: – “Employees are prohibited from posting information regarding [Employer] that could be deemed material non-public information or any information that is considered confidential or proprietary.” Clearwater Paper Social Media Policy • NLRB Acting GC May 2012: – “The term ‘material non-public information,’ in the absence of clarification, is so vague that employees would reasonably construe it to include subjects that involve their working conditions.” – “[T]he term ‘confidential information,’ without narrowing its scope so as to exclude Section 7 activity, would reasonably be interpreted to include information concerning terms and conditions of employment.” Wal-Mart Social Media Policy • Policy on content of communications: – Prohibits “inappropriate postings that may include discriminatory remarks, harassment and threats of violence or similar inappropriate or unlawful conduct.” – “Examples … might include offensive posts meant to intentionally harm someone’s reputation or posts that could contribute to a hostile work environment on the basis of race, sex, disability, religion or any other [protected] status.” Wal-Mart Social Media Policy • NLRB Acting GC May 2012 : – Policy not ambiguous because “it provides sufficient examples of prohibited conduct so that, in context, employees would not reasonably read the rules to prohibit Section 7 activity.” Wal-Mart Social Media Policy • Policy on protection of confidential information: – “Maintain the confidentiality of [Employer] trade secrets and private or confidential information. Trades secrets may include information regarding the development of systems, processes, products, know-how and technology. Do not post internal reports, policies, procedures or other internal business-related confidential communications.” Wal-Mart Social Media Policy • NLRB Acting GC May 2012 : – “Employees have no protected right to disclose trade secrets. Moreover, the Employer's rule provides sufficient examples of prohibited disclosures (i.e., information regarding the development of systems, processes, products, know-how, technology, internal reports, procedures, or other internal business-related communications) for employees to understand that it does not reach protected communications about working conditions.” Social Media and Background Checks • October 2011 survey by Reppler – 91% of hiring managers use social media to screen candidates – 69% have rejected candidates based on their social media sites • • • • • Lied about qualifications Inappropriate photos Inappropriate comments Negative comments about prior employers Demonstrated poor communication skills – 68% have hired candidates based on their social media sites Social Media and Background Checks • Main downsides – Too much information – Discrimination claims – Some sites may be considered “consumer reporting agency” for purposes of FCRA • Best practices – – – – Not decision makers Same protocol for all applicants Only public information/no deception Only job-related information What is BYOD? • Transition from company-issued BlackBerrys to employee-owned smartphones and tablets – Connect personal devices to employer email and data networks – Create, store, and transmit work-related information on personal devices employer does not control Work-Related Mobile Device Use • March 2012 survey by SANS – 60% of employers allow BYOD • November 2012 survey by Ovum – But only 30% require employees to sign BYOD agreement • March 2013 survey by Ponemon Institute – 50% who left or lost jobs in last 12 months admitted taking confidential information – 40% plan to use it in another job BYOD and CFAA Compliance • Computer hacking laws – Computer Fraud and Abuse Act • Criminal offense to access computer “without authorization” • Permits recovery of money damages if such access results in damage of over $5,000 – State computer crimes laws similar BYOD and FLSA Compliance • Fair Labor Standards Act – Exempt vs. non-exempt employees – Unpaid off-the-clock work – Unpaid overtime BYOD and OSHA Compliance • Occupational Safety and Health Act – Repetitive stress injuries – Distracted driving Sitton v. Print Direction, Inc. (Ga. Ct. App. 2011) • Employee used personal laptop connected to employer’s network for work • Also used it to send business to competing business started by his wife • While employee away from office, CEO entered his office, moved computer’s mouse, clicked on e-mail listing in personal account that appeared on screen, and printed e-mails showing disloyal conduct • Employee terminated, then sued under GA computer crimes statute and for common law invasion of privacy Sitton v. Print Direction, Inc. (Ga. Ct. App. 2011) • Trial court ruled for employer and awarded $39,000 in damages • Appeals court affirmed – CEO’s actions not prohibited by GA statute because they were not “without authority” • Employer’s policy on computer use, which allowed inspection of electronic devices in course of investigation, applied to personal equipment – CEO’s actions not unreasonable invasion of privacy under circumstances BYOD Policy and Consent Form • What to do if device lost or stolen • What employer data can be downloaded to personal device • Employer not liable for lost or damaged personal data • Signed consent for employer to monitor, access, and remotely delete data in specified circumstances • Signed consent for employer to install security software and applications to protect its data Questions? 1-800-825-6757 Nexsen Pruet website: www.nexsenpruet.com