Tags
communications, e-mail, employer, HR, monitor, policy, privacy, social media, technology
How far can private employers go in monitoring telephone usage, texting, email, and other forms of communication employees engage in? May an employer access communications between an employee and his or her private attorney if they use employer-provided technology? Can an employer fire an employee who, on his or her own time and on a social media site, makes unflattering statements about the employer?
As you might imagine, it depends on the circumstances. Below is a quick and non-exhaustive review of some recent developments on these issues.
Employee Privacy
An employer certainly has an interest in its employees’ use of employer-provided technology, and for the most part may regulate such use in its discretion. However, in the absence a policy by the employer, or in some instances pursuant to such a policy, employees may enjoy a right to privacy with respect to their use of their employer’s computer systems and networks, communication devices such as phones and pagers, and other technology. Accordingly, an employer can (and should) implement a policy that addresses the limits of employee use of the employer’s technology, and the extent to which the use of such technology is subject to monitoring and access by the employer.
An employer may also have an interest in activities that employees engage in on their own time, with their own personal technology, through social media and networks such as Facebook, LinkedIn and Twitter to name a few. Why? Because employees sometimes share things they shouldn’t, such as confidential company information, customer or client confidences, or other information that may harm the company’s competitive advantage or financial outlook. Employees may also disclose information about themselves that may damage the company’s business or image. Accordingly, it is reasonable for an employer to address in its communications and technology policy, or to have a separate policy that addresses, the use of social media and networks by employees.
The key to these policies is to craft the policy to meet the specific needs of the business, to draft the policy carefully, and to administer and enforce the policy fairly and diligently. The last thing an employer needs is a overly broad or unwieldy policy that does not meet with the realities of the employer’s business or workplace. Accordingly, good planning before drafting a policy is important. It is equally important to then draft the policy to clearly and explicitly address the employer’s right to monitor and access employee communications, but the policy should go no further than is necessary to protect legitimate company interests. Finally, an employer must be prepared to make a commitment to enforce its policy fairly and consistently to minimize the risk that it will be faced with allegations of discriminatory enforcement, that the policy was “waived” by the lack of enforcement, or other legal or ethical challenges.
Cases Dealing With Enforcement of Communications Policies
Recent cases demonstrate some of the complexities associated with these types of employer policies. For example, earlier this year, in Holmes v. Petrovich Development Co., 191 Cal.App.4th 1047 (2011), a California appellate court held that an employer was entitled to access communications between an employee and her private attorney about alleged workplace harassment because the employer had an explicit policy stating that any communications on its system were not private and were subject to monitoring by the employer, and the employee used the employer’s computer system to transmit the communications. The court noted that whether a right of privacy exists depends upon whether there is a reasonable expectation of privacy in the communication, and that here the employee had no reasonable expectation of privacy in light of the employer’s written policy. The court therefore upheld the trial court’s decision to allow the employer’s access of the communications and its use of the communications in defending the employee’s discrimination claim, finding that the absence of a reasonable expectation of privacy waived any attorney-client privilege the employee claimed with respect to the communications.
In another case, In re Oil Spill by the Oil Rig Deepwater Horizon, 2011 WL 1193030 (E.D. La. 2011), a BP Amoco employee sent a number of communications to his wife, also a BP employee, on BP’s email system. These communications were subpoenaed from BP and were to be used in connection with the employee’s deposition in a proceeding involving the BP Gulf spill. The employee asserted that the marital privilege applied, that BP had no right to turn the communications over pursuant to subpoena, and that all such communications should be returned to him. The court held that the employee had no reasonable expectation of privacy with respect to the communications and therefore no privilege existed where BP had a policy specifying that all employee email was subject to being monitored and accessed by BP. The policy also stated that communications were subject to being subpoenaed. Even though BP did not prohibit personal use of its email system, the warning was sufficient to negate any expectation that communications on BP’s system would be confidential or private. Accordingly, there was no privilege.
In Stengart v. Loving Care Agency, Inc., 990 A. 2d 650 (N.J. 2010), the court found that an employee’s communications to her attorney using her employer’s computer system were privileged, and that possession of the mails by her employer’s counsel violated the rules of professional responsibility. In Stengart, the employee used her employer’s computer system to access her own personal password-protected Yahoo account to send communications to her private counsel about problems at work. After she sued, her employer created a forensic image of her computer’s hard drive and temporary internet files that included emails she exchanged with her attorney on her private account. The employer had a policy that allowed occasional personal use of its systems, but also specifically stated that the employer reserved the right to “review, audit, intercept, access and disclose” all matters on its media systems and servers, and advised employees that such communications should not be considered as private or personal.
The employer alleged that in light of its policy, the employee had no reasonable expectation of privacy with respect to the communications. The employee asserted that she intended the communications to be confidential and privileged and that the policy did not give her fair warning that the employer would access temporary internet files of private communications from her personal account. The court held that the employee had a reasonable expectation of privacy with respect to these communications, as she intended they be private, and she used a personal, password-protected Yahoo account rather than the company-provided email account to transmit the communications. Also, the employer’s policy did not specifically state that temporary internet files or personal accounts would be subject to monitoring and therefore her belief that the communications were confidential and privileged was objectively reasonable. The court also noted that her attorney’s emails expressly claimed confidentiality and privilege.
Thus, these courts (and others) recognize that an employer may draft a policy that is sufficient to negate the existence of privacy rights concerning employee use of the employer’s technology. The extent of enforcement of such a policy depends upon its explicitness and clarity.
Firing Employees Based Upon Their Use of Social Media
It seems reasonable that if an employee posts negative comments about his or her employer on Facebook or another social media site the employer might fire the employee. However, the employer may face legal action in doing so, as evidenced by a recent NLRB complaint filed against an employer in Connecticut, American Medical Response of Conn., Case No. 34-CA-12567. There, the NLRB alleged that an employer’s firing of an employee who posted negative comments about her supervisor on Facebook violated the NLRA’s prohibition against interference with concerted activity. The facts showed that the employee was being investigated for a customer complaint and asked for union representation in an interview to be conducted by her supervisor, which was denied. After that, the employee posted negative comments about her supervisor (calling the supervisor a “scumbag”), and several co-workers posted comments supportive of the employee. The employee then posted additional critical comments about the supervisor. The employee was then fired under the employer’s policy on social media that prevented “disparaging” and other types of negative communications about the company. The case was settled in February 2011, and the NLRA issued a press release that said in part, “Under the terms of the settlement approved today by Hartford Regional Director Jonathan Kreisberg, the company agreed to revise its overly-broad rules to ensure that they do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. The company also promised that employee requests for union representation will not be denied in the future and that employees will not be threatened with discipline for requesting union representation. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.”
This case is somewhat unique in that the employee made a specific request for union representation in connection with the interview, only complained about her supervisor after that request was denied, and shared comments with co-workers, thus directly calling into play the NLRA’s provisions. However, other instances can be imagined where an employee is fired after posting comments about wages, working conditions, workplace safety or similar matters (however inartfully, crassly or even ambiguously phrased) that may fall under the protection of the NLRA. Similarly, an employee may be fired after posting comments about perceived discrimination, alleged unethical conduct or violations of law, and the like that might raise issues under Title VII, the ADEA or ADA, or various state or federal “whistleblower” laws. In these instances, even if the employee has disclosed employer confidences or has made allegedly “disparaging” statements about the employer, the employee may allege that there was discrimination or retaliation by the employer. On the other hand, where an employee uses social media to discuss yet to be released company earnings, a soon to be announced breakthrough product, or confidential customer information, or to make slanderous or threatening statements about the company, its management or co-workers, there may be perfectly good grounds to discipline or fire the employee.
What these examples tell employers is that before taking action against an employee for posting information on a social media site, the employer must carefully review the content of the posting(s) and the facts and circumstances surrounding the employee’s conduct, and if necessary, seek legal advice.
Take Aways For Employers
There is good reason for most employers to maintain a policy regulating employee use of the employer’s technology. Many employers may also have good reason to implement a policy addressing employee use of social media. However, as the above examples indicate, there may be hidden traps for an employer. Thus, careful planning and drafting and even-handed and regular enforcement of the policy are keys to minimizing potential problems. A few important steps are critical to a policy’s success. These steps apply whether the employer is considering a policy for the first time, or has had a policy in place for a number of years. It is always a good idea to periodically review policies to ensure they are current and are still consistent with the employer’s needs.
First of all, it is imperative that an employer carefully consider what it wants to accomplish with its policy. To what extent does it want to restrict employee use of its technology for non-business purposes? To what extent does it want to be able to monitor, review and access information on its technology? To what extent is it willing to commit to administer and enforce a policy? Does it want to allow employees to use the company’s name, products or services in connection with their social media communications? To what extent? One employer may be concerned simply about a lack of productivity because employees engage in excessive personal use of its technology. Another employer may want to allow a certain level of personal use of its technology to keep morale up or simply in recognition of the realities of its workplace. Yet another employer may want to encourage employees (or employees in certain positions or management levels) to use social media to promote the company or its products or services. Others may want employees to use social media to discuss its charitable or other endeavors. Still other employers may want a comprehensive policy to address all of these issues and others. While most policies have some common elements, each employer should tailor its policy to meet its specific goals and needs.
Second, the employer should consider any potential unintended consequences that may arise from policies that are too restrictive or too permissive. Allowing employees to make reference to the company or to discuss company products or services on social media sites may get the company good press, but it may also result in ethical, legal or other challenges for the employer. Monitoring and accessing employees’ social media postings may also open an employer up to allegations of discrimination, harassment, or retaliation, such as where an employee discloses a protected trait of which the employer was previously unaware. Any adverse employment action taken against the employee after this trait is discovered could be claimed as discriminatory even if not based on that trait. Similarly, the NLRA case shows that even fairly offensive employee comments may be protected by state or federal law.
Third, after the employer has determined its goals and needs, it is imperative that the employer carefully craft its policy to accomplish the desired results. With respect to employer-owned and sponsored technology, it is often wise for the employer to make clear that any usage is subject to monitoring by the employer, that employees have no expectation of privacy as to such matters, and that the employer may inspect and access any information stored or maintained on its technology at any time. That way, there is no question as to ownership, usage and rights concerning the employer’s systems and technology. Similarly, if the employer is concerned that employees may try to circumvent its policy by accessing personal accounts through the employer’s systems, the employer should, in explicit terms, specify that all usage of the employer’s technology, even on web-based, password-protected systems, will be subject to monitoring. To the extent the employer wants to reach employees’ private social media endeavors, it is important that any policy be drafted in such a way as to cover only matters as to which an employer has a legitimate business interest, and to do so in clear and unambiguous terms.
Fourth, once an employer has drafted a policy, it should designate a knowledgeable person or group of persons to administer the policy and should thoroughly train them on the policy and how it is to be administered. The employer should also provide training and education to managers and supervisors on the policy and its enforcement. The employer should educate management on legal and ethical issues that may arise in the enforcement of the policy, including the employer’s potential liability for statements made by employees while using the employer’s technology (or even employer-sanctioned use of social media) and the potential for allegations of retaliation, discrimination, unequal enforcement, or violation of privacy rights. As part of this, the employer should train management on the potential legal issues that may arise from taking disciplinary action against employees for their alleged violation of the employer’s policy, and ensure that all such matters are vetted through the appropriate channels before action is taken.
Finally, the employer must distribute the policy to employees, make sure that employees acknowledge receipt of the policy, and require employees to verify that they understand the policy and agree to abide by it, knowing the consequences that may result from a violation.
