I Tweeted on Twitter® Am I Facebook® Fired or Linked In® to a Lawsuit? Exploring the Legal Issues Employers Face with Social Marketing and Media in the Workplace Margaret J. Strange James F. Shea Jackson Lewis LLP February 23, 2011 1 What We Will Discuss • Social media and the basics of popular social networking/media sites. • How to use social networking information for hiring and other employment actions. •Potential employer liability from social networking including harassment and privacy issues. • How employers can manage employees’ use of social and electronic media during and after work. 2 What are “Social Media” • Social Media Sites – MySpace ® – FaceBook ® – LinkedIn ® • On-Line Media – Hulu ® – YouTube ® • Texting • Email • Instant Messaging • Blogs – Twitter ® 3 4 Facebook 5 Linked in 6 Sample MySpace® Page 7 Sample MySpace® Profile 8 Social Networking Sites: All the Rage 9 Social Networking Sites: All the Rage • Two-thirds of the world’s internet population visits social networking sites • Facebook has more than 400 million users – On average, each user spends minutes per day on Facebook 55 (Source: Facebook Press Room, http://www.facebook.com/press/info.php?statistics (last visited Mar. 3, 2010)) 10 Social Networking Sites: All the Rage • Use of Twitter – the latest digital sensation – has soared more than 1,200 percent • As Twitter has expanded, its largest user group is 25-54 year olds 11 Social Networking Sites: All the Rage • In February 2009, time spent on social networks sites (sns) surpassed email for the first time (Source: Teddy Wayne, “Social Networks Eclipse E-Mail,” The New York Times, May 18, 2009) • • • • • 22% of employees visit sns 5 or more times per week; 23% visit 1-4 times per week 52% of employees choose not to use sns during work hours 10% of employees visit for both business & personal reasons; 6% say they visit for business only 74% of employees say it’s easy to damage a company’s reputation on social media and 15% say if they disagreed with an employer’s actions they would comment online 53% of employees say their social networking pages are none of their employer’s business, but 40% of business executives disagree with 30% admitting to informally monitoring 12 (Source: 2009 Deloitte Ethics Workplace Survey) Hiring Using Social Networking Sites 13 Using Social Media for Recruitment • Attract Employees – through FaceBook® presence or advertising, LinkedIn® discussion board or YouTube® • Source of Candidates – Twitter®, LinkedIn® • Engage Candidates – gather information from target employees for profiles • Screen Applicants – look at profiles • Close the deal – welcome through conversations on social network 14 Hiring & Social Networking • In one survey by CareerBuilder.com, 45% of participating employers said they use social networking sites to research job candidates • Of this group, 35% rejected potential job candidates because of content they found on their SNS Source: CareerBuilder Survey dated August 19, 2009 15 What are You Likely to Find on a Social Networking Site? • Education History • Vacation Photos • Work History • Party Photos • Career Interests • Family Information • Hobbies • Memberships • Favorite Movies • Drug Use • Poor Judgment • Links to Profiles of Friends • Links to Blogs • Political Views 16 Would You Hire Him as an Employee? 17 Do you have the same response now? 18 Hiring & Social Networking – According to some reports, as many as 50% of employers and 77% of job recruiters check out potential employees on the Web. • Using search engines such as Google or Yahoo and internet sites such as PeopleFinders.com, Local.Live.com or Zillow.com, Facebook, MySpace and other networking sites. Source: MySpace Is Public Space When It Comes to Job Search, CollegeGrad.com 19 Hiring & Social Networking • There is no law that directly prohibits the use of SNS in the hiring process. • There has been no reported increase in failure-to-hire cases based on information obtained from SNS. • There is no law which requires the use of SNS in the hiring process. • But there are RISKS to accessing and using such information. 20 Risks for Employers • Hiring Issues Associated with Using the Web – – – – – Lawful background checks? FCRA? Discrimination concerns? Lawful-off duty conduct? First Amendment protections under Connecticut law? Reliability? Even if not unlawful, employer may make employment decisions based on inaccurate information. 21 Risks for Employers • Discrimination Concerns – Viewing applicant’s personal information on social networking sites may trigger anti-discrimination laws. – Access to information regarding protected status? • Age, disability/medical information, race, sex, religious beliefs, pregnancy, sexual orientation, military status, marital status or other protected characteristic – – – – Learn about applicant’s workers’ compensation claim Learn about criminal or arrest histories Invasion of privacy / Intrusion upon seclusion Pretexting and fraud concerns 22 Risks During Hiring • Once accessed, difficult to prove the employer did not rely on protected personal information. • Information obtained can be used against employer if applicant not hired or if hired and an employment dispute later arises. 23 Risks During Hiring • Legal off-duty conduct – Some states have laws that prohibit employers from considering legal off-duty conduct when making adverse employment decisions: – About 9 states, including California, New York, Colorado, and North Dakota, have statutes known as “lifestyle discrimination” laws, which ban discrimination based on legal, off-duty recreational behavior. – An employer could violate these laws by refusing to hire an employee after discovering from a SNS that, for example, the employee was drinking at a party, smoking or engaging in political activity. – Connecticut law protects exercise of rights under the 1st Amendment. 24 Risks During Hiring • Reliability – Employers may mistakenly gather information about or access the account of a person other than the applicant. – Facebook page or website seemingly run by applicant may not be created or even known by the applicant. – False information may be posted on blogs or social networking sites. – Case of mistaken identity. – Keep in mind that reputable news sources are continually coming under fire for relying on unsubstantiated, internet-based information. 25 Lessons Learned—Hiring • If you are going to use SNS for hiring decisions: – Develop policy on whether employer will search internet or access social networking sites for job applicants. – Do so consistently and in a uniform manner. – Make sure candidates are notified, in writing, about the company’s use of SNS to gather information. – Consider searching social networks only after the initial inperson interview with the applicant. – Ensure appropriate employment decisions are made based on lawful, verified information. 26 Lessons Learned—Hiring – Designate non-decision maker to conduct search. The individual should be properly trained to avoid improper access and to screen out information that can not be lawfully considered in the decision-making process. – The non-decision maker can then provide “scrubbed” information to the decision maker for consideration. – Rely on job-related criteria (preferably from a job description). – Be aware of relying on legal, off-duty conduct. – Follow best practices: identify a legitimate, non-discriminatory reason for the hiring decision with documentation supporting the decision. 27 Firing & Social Networking 28 Examples of Employer Use of Electronic Information/Communication to Fire 29 Employees Use SNS to… • An airline attendant posted provocative pictures of herself on her personal blog while wearing her uniform on a company plane • An employee of a computer company posted a picture on his personal blog that included competitor’s computers the company had purchased • A sports writer posted inflammatory comments on his blog about the ethnic heritage of producers of certain movies • A former software company employee sent 200,000 emails to 35,000 employees complaining about his 30 treatment by the company And . . . • Cohasset school administrator posted Facebook comments disparaging residents of town as “snobby and arrogant.” • Windsor Locks superintendent resigned after he posted on his Facebook page that he had counseled an administrator to retire or face termination. He followed his comment with a smiley face. • Man employed by a professional football team was terminated after he criticized a recent personnel decision by the team on his Facebook page. 31 And . . . • A TX disc jockey was fired for blogging about his homosexual dating habits on the company MySpace page • A FL sheriff’s deputy was fired after he posted comments about swimming nude, drinking heavily, female breasts and other topics on MySpace • A CA automobile club fired 27 employees who made objectionable comments on MySpace, including remarks about a co-worker’s weight and sexual orientation 32 Example of Employee Misuse of Electronic Information/Communication 33 Firing & Social Networking • Can Employers Base Termination Decisions on an Employee’s MySpace or Facebook page? – Yes, if does not violate discrimination or other employment laws. No prohibition on using public information. – Refrain from accessing restricted information. – To be safe: perform such searches consistently, document them, get information from reputable sources (accuracy) and be sure the info is truly job-related. – Follow standard procedure for investigating 34 allegations of misconduct Dealing with Employees who Misuse Electronic Communications • Consider the following when disciplining employees based on electronic communications: – Was the communication protected activity under the National Labor Relations Act? Is it protected, concerted activity? – Could the employee be protected under a whistleblower statute? – Is the conduct protected by anti-retaliation provisions of fair employment statutes? 35 Dealing with Employees who Misuse Electronic Communications – Was the communication otherwise protected? • Legal off-duty conduct? • Was the communication political conduct? • Is the conduct protected by 1st Amendment? – Adhere to normal best practices for investigations of alleged employee misconduct: conduct thorough investigation, document witness interviews, identify policy violation, interview accused employee and follow progressive discipline. 36 Potential Liability From Social Media 37 Risks for Employers • General Areas – Exhibitionism: lack of filtering when posting information – Voyeurism: searching for information • Electronic Footprints – Shows where you have been and what you have been doing on line 38 – Can be used for e-discovery Risks for Employers • Harassment or Bullying by Employees – Textual harassment or sexting • Discrimination – Employer sponsorship of blog • Ratification of content by inaction • Obligation to take action to prevent or eliminate inappropriate content once on notice – Employer viewing applicant information • Sites may contain information regarding protected status • Information can be garnered that cannot be asked in an interview • May become evidence of what you knew when making employment decision. • Difficult for employer to prove it did not view and rely upon 39 the information when making decision Discrimination, Harassment and Retaliation – Electronic communications provide employees with an opportunity for misuse and can be used as evidence to support a harassment or discrimination claim – Knew or should have known standard applies – Blakely v. Continental Airlines, Inc., 164 N.J. 38 (2000)(Company has duty to take effective measure to stop harassment via “Crew Member Forum” once it knew or should have known harassment was taking place) – What about off-duty conduct? 40 40 41 Reputational Harm to Employers • Blogs and other electronic communications also may have dramatic negative consequences for employers: – Domino’s, Burger King, KFC – Employees posted video/photographs harming company image – Former Intel employee sending 200,000 e-mails to 35,000 employees complaining about his treatment by Intel – California jury awarded employer $775,000 in compensatory and punitive damages against former employees for “cybersmearing” of employer. Varian Medical Systems, Inc. v. Delfino, Santa Clara Super. Ct. No. CV780187 41 (Dec. 18, 2001) 42 Business Proprietary Information • Intellectual property infringement – Microsoft employee posted software upgrade • Securities fraud/Unfair Competition – Whole Foods CEO’s anonymous blogging criticizing competitors led to unfair competition lawsuit and FTC/SEC investigation 42 Risks for Employers • Negligent Referral – FaceBook®, LinkedIn®, and Twitter® allow users to post recommendations from their employers. • Employee expects detailed favorable recommendation • Favorable on-line reference may conflict with employee performance evaluations • Negative online recommendation may be the basis for defamation claim. 43 44 Risks for Employers • Negligent Supervision/Retention: An employer may be held liable for an employee’s wrongful acts if the employer knew or had reason to know of the risk the employment created – Doe v. XYC Corp., 382 N.J. Super. Ct.122 (2005) (Court found employer held employer had duty to investigate and respond in case of alleged negligent supervision of employee who was criminally charged with child pornography using workplace computer) 44 Risks for Employers • Violations of Security Laws – Disclosure of non public material information • Unfair Competition/False Advertising – Federal Trade Commission Guides • Employer may be liable for violation if employee does not disclose relationship to employer when employee posts regarding products and services 45 Risks for Employers • Wrongful Termination – Potential First Amendment Speech claims by public sector employees – Potential Sarbanes Oxley violation where employee reports unlawful conduct online and is terminated • Not sure yet whether publication in a blog satisfies reporting requirement – Potential NLRA violation where employee complains in blog about company practices regarding pay, working conditions – Potential anti-retaliation violation where employee terminated for complaining in blog that manager treats blacks differently than whites 46 Developing Case Law - Privacy • Quon v. Arch Wireless Operating Co. Inc., 554 F.3d 769 (9th Cir. 2008) cert. granted (Dec. 14, 2009) –Failure to monitor supported employee expectation of privacy –“Workplace realities” debate • Brown-Criscuolo v. Wolfe, 601 F. Supp. 2d 441 (D. Conn. 2009) – Policy granting employees a “limited expectation of privacy” in their personal files and failure to regularly monitor supported claim of violation Developing Case Law - Privacy • Stengart v. Loving Care Agency, Inc., 2009 N.J. Super. LEXIS 143 (June 26, 2009) – Attorney-client privilege outweighed company’s expectation that privileged e-mails were its property Developing Case Law – Privacy • Pietrylo v. Hillstone Rest. Group d/b/a Houston’s (D.N.J., No. 06-5754, jury verdict against employer 6/16/09) – Managers coerced employee into providing password to other employees’ MySpace accounts – Jury found violation of federal Stored Communications Act and awarded $17,003 in damages AND attorneys’ fees against the employer Developing Case Law – Privacy • Van Alstyne v. Elec. Scriptorium Ltd., 560 F.3d 199 (4th Cir. 2009) – Company president accessed employee’s AOL account – Jury awarded plaintiff $175,000 statutory damages and $50,000 punitive damages against company president (and $25,000 in statutory damages and $25,000 in punitive damages against the company) PLUS $124,000 in fees and $10,000 in costs Developing Case Law— Retaliation / NLRA • Forsberg v. Pefanis, 2009 U.S. Dist. LEXIS (N.D. Ga. 2009) – Court permitted claim of retaliation to go to trial where employer attempted to access plaintiff’s private MySpace account • Guard Publishing Company v. NLRB, 571 F.3d 53 (D.C. Cir. 2009) – The union president was disciplined for sending union e-mail via his workplace computer – Enforcing an overly broad non-solicitation policy, or enforcing a non-solicitation policy selectively, violates the NLRA Developing Case Law – Discrimination • Marshall v. Mayor and Alderman of the City of Savannah, 2010 U.S. App. LEXIS 3233 (11th Cir. 2010) – Employee firefighter was disciplined for placing certain inappropriate photos of herself on her MySpace page – Employee filed gender and race discrimination claims alleging that no similarly situated male employees were subjected to discipline for equal offenses – Court granted summary judgment in favor of City – BUT ONLY BECAUSE no evidence that the City had knowledge of other firefighters who may have posted similar material Best Practices For Employees • Make employees aware that they are subject to same privacy laws as employers. • Place employees on notice regarding appropriate use of internet. • Ensure employees understand that posting equals worldwide publication. • Make employees aware of the privacy rights of others. 53 Best Practices for Employers • Be proactive. • Adopt a clear policy. • Train employees on the proper use of the internet. • Consider a total ban on the internet during working hours. • Place employees on notice regarding potential monitoring. • Be consistent in disciplining for violations. • Understand the risk inherent in using the internet and develop policies to manage potential pitfalls. 54 Managing Employee Use of Social Media 55 Methods to Minimize Risk • Consider whether to block employee access to social networking sites through company computers or to limit access during working hours • Consider restriction on professional references via LinkedIn • Investigate complaints of discrimination/harassment stemming from posts on social networking/blogs • Ensure security of employer sponsored blogs • Implement a social networking/blogging policy • Have written policy regarding use of and access to company owned technology 56 57 Methods to Minimize Risk • Consider Company philosophy – business only? • No expectation of privacy when using company equipment • Employees must abide by non-disclosure and confidentiality agreements/policies • Only individuals officially designated may speak on behalf of the Company • “Bloggers Beware” - “The views expressed in this blog are my personal views and opinions and do not necessarily represent the views or opinions of my employer” 57 58 Methods to Minimize Risk • Company policies governing corporate logos, branding, and identity apply to all electronic communications • Employees are prohibited from making defamatory comments when discussing the employer, superiors, co-workers, products, services and/or competitors • Based on new FTC guidelines, require employees to obtain prior approval before referring to company products and services and to disclose the nature of the employment relationship • Employees must comply with company policies with respect to their electronic communications, such as policies prohibiting harassment and standards of conduct • Company reserves the right to take disciplinary action if the employee's communications violate company policy 58 Methods to Minimize Risk • If allowed at work, time spent social networking/blogging/texting should not interfere with job duties • Remind employees expected to comport themselves professionally both on and off duty • Do not prohibit employees from discussing terms and conditions of employment • Avoid “Big Brother” image while protecting the Company and its employees • Get a signed acknowledgment of the policy 59 Key Provisions of a Policy • Policy should identify WHAT EQUIPMENT IS COVERED: – Company computer system (hardware and software) and all company issued electronic devices, including servers, backup devices, PCs, laptops, cell phones, PDAs, pagers, text messaging devices • Policy should identify WHO IS COVERED – All users of system--any exceptions? 60 Key Provisions of a Policy – Employee Responsibility • Each employee is responsible for online activity conducted personally or which can be traced to the company – Policy should identify the LEGITIMATE INTERESTS advanced: – Employee productivity – Protect confidentiality – Protect image and intellectual property rights (logo, copyrighted material, etc.) 61 Key Provisions of a Policy – The policy should identify WHAT CONDUCT IS PERMITTED • Identify “Acceptable use” of covered systems and devices • Clarify Personal use v. Business use • Consider corporate culture and other business factors • Make choice then ensure workers know what, if any, personal use is permitted under policy • Consider prohibiting entirely social networking or blogging at work 62 • BUT, protected activity under NLRA Key Provisions of a Policy – Policy should clearly express that there is NO PRIVACY when using any part of the computer system – Personal communications to third parties are no exception to the “no privacy” rule – Consider prohibiting (and blocking) employee access to personal e-mail accounts from company equipment 63 Key Provisions of a Policy • Reserve the RIGHT TO INSPECT EQUIPMENT AND DEVICES used at or to do work • Reserve the RIGHT TO MONITOR AND REVEW CONTENT of e-communication sent or received on or through company system or devices, as well as internet use 64 Key Provisions of a Policy – Signed consent – Check specific state law on giving notice prior to monitoring – Ensure monitoring based on legitimate needs & limited in scope 65 Key Provisions of a Policy • IDENTIFY PROHIBITED USES of the covered system and devices – No disclosure of confidential information/insider info/trade secrets – No harassment/discriminatory statements or sexual innuendo about co-workers – No disparaging remarks about company, company products or services, customers, or co-workers 66 Key Provisions of a Policy • Policy should IDENTIFY PROHIBITED USES of the covered system and devices – No job searches or moonlighting – No use in violation of this or any other company policy • Personal (off work) conduct may create risk – Emails to coworkers that violate policy (e.g., harassment) – List should be inclusive (not exhaustive) 67 Key Provisions of a Policy • The policy should explain that if an employee MENTIONS THE COMPANY OR ITS PRODUCTS OR SERVICES in an online communication, then employee should use true identity and must disclose employment relationship and state that opinions expressed are personal and do not represent the company’s opinion 68 Key Provisions of a Policy • Provide reporting procedure for violations and questions • The policy should notify employees that ANY VIOLATION WILL RESULT IN DISCIPLINE, up to and including termination 69 Key Provisions of a Policy • Employer should COMMUNICATE AND PROVIDE COPY of the policy to each user • Employer should OBTAIN SIGNED ACKNOWLDGEMENT OF RECEIPT AND CONSENT TO TERMS – Same when a revision is made • Reinforce all relevant company policies also apply 70 Key Provisions of a Policy • Employer should REVIEW AND REVISE policy regularly • Employer should ACTUALLY MONITOR use of the system and devices to maintain and protect policy’s integrity • Guard against violations and inconsistent use 71 Key Provisions of a Policy • Employers should train all employees to enhance understanding and compliance with the electronic communications policy – Address privacy, monitoring, permitted and prohibited uses – Define technical terms and clarify policy application to all company property 72 Key Provisions of a Policy • Train Supervisors and IT personnel – Many of the new court decisions involve conduct that may be perceived as acceptable but is not permitted under applicable law – Must avoid deviations that evolve into “informal policy” giving rise to privacy expectations 73 THANK YOU 74