Can employers use employee's posts to social media as basis for employment decisions or would this violate an employee's right to privacy?

Generally, employees have a privacy expectation in their personnel files, contact information, and work related information. However, this expectation of privacy is not limitless, especially when the employee publically airs his or her work experiences on social media sites for the public to see. Courts have held that employees can waive this right to privacy once they make disclosures in public for everyone else to read via social media networks.

For example, in a case not in the employment context, a California court reviewed the issue of whether an author who posts an article on myspace.com can state a cause of action for invasion of privacy and for intentional infliction of emotional distress against a person who submits that article to a newspaper for republication. The case, Moreno v. Hanford Sentinel, Inc. involved a college student who had moved away from her home town of Coalinga, California. She wrote “An ode to Coalinga” and posted it on her site on MySpace.com. The ode badmouthed her hometown. Six days after publishing it on MySpace, she took the writing off of the site, but the town’s high school principal submitted the writing to the local newspaper for publication. The newspaper republished the ode in the letters to the editor section and listed Moreno’s full name even though she only used her first name on her MySpace page. The ode must have contained some serious dirt on the city, as it resulted in death threats against Moreno’s family, and eventually forced her family to close a 20 year old business and move out of town.

Moreno sued for invasion of her privacy alleging that her post on MySpace was only supposed to be viewed by a few of her friends, and because she removed the post six days after publishing the article. The court rejected Moreno’s theory that the newspaper’s publication violated her right to privacy because her post to MySpace was made virtually to everyone with an Internet connection. The Court reasoned that, “[Moreno’s] affirmative act made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material. As pointed out by appellants, to be a private fact, the expectation of privacy need not be absolute.” Therefore, the court held that “the fact [Moreno] expected a limited audience does not change the above analysis. By posting the article on myspace.com, [Moreno] opened the article to the public at large. Her potential audience was vast.” The court concluded that Moreno therefore could not asserted a cause of action for invasion of her right to privacy against the newspaper.

Even though this case is not involving employment information, a similar analysis would apply to an employee who posts information on social media about workplace issues. Once the employee places the information about his or her work circumstances on social media, this greatly reduces the employee’s privacy in the subject matter. However, an employer should be cautious, and use common sense in responding to such posts. For example, if an employee posts negative information about the company on social media, it would obviously not give the employer a right to disclose the employee’s health information and documents from the employee’s personnel file. Alternatively, if the employee posts about how bad an employer treated him or her, the employer would have the right to publically set the record straight with facts specific to rebut the allegations made by the employee.

Employers should use common sense in responding publically to an employee’s or former employee’s posts on social media and keep any discussions limited to the facts and issues raised by the employee. Furthermore, employers should approach situations with caution when an employee’s posts on social media are password protected and only friends of the employee can view the post. Hacking or gaining access to social media posts under false pretenses is most likely illegal, and would tilt the analysis back into the employee’s favor that the information was not disclosed to everyone and, therefore, would be considered private. In addition, employers may never retaliate against employees for making complaints via the internet or otherwise, and should be careful in making employment decisions based on employees’ complaints about workplace issues even if made on the Internet.

Tweet Like Email LinkedIn

Reminder: Webinar On Social Media Under California Law Tomorrow

This will be one of our most attended webinars, and there is still time to sign up. The webinar will cover legal issues facing California employers under the new Labor Code section prohibiting employers from asking applicants and employees for social media passwords, privacy issues when conducting background checks, alternatives to social media policies, and when policies addressing these issues are necessary. It is taking place at 10:00 a.m. PST January 15. Visit our website for registration information.

Tweet Like Email LinkedIn

Everything Employers Need To Know About Social Media In the Workplace In 2013

I will be conducting a webinar on January 15, 2013 on legal issues of social media in the workplace. The presentation will cover everything a California employer needs to know about social media in the modern workplace of 2013:

  • Discussion on the new law (Labor Code section 960) that prohibits employers from asking applicants and employees for their social media passwords taking effect on January 1, 2013.
  • How to avoid invading employees’ privacy rights when using social media for background checks.
  • Developments on how the NLRB held that some social media policies restrict an employee’s right to “engage in concerted activities.”
  • How to use the Internet to properly conduct a background check for applicant.
  • Discussion on whether your company needs a social media policy.
  • Evaluating whether an employer may be held liable for failing to use social media and the Internet to conduct a background check.
  • Alternatives to social media policies.

The cost is $150 (this is waived for clients). You may register below, or send me an email if you are a client.

This webinar has been preapproved by HRCI for 1 recertification credit hour. 

"The use of this seal is not an endorsement by the HR Certification Institute of the quality of the program. It means that this program has met the HR Certification Institute's criteria to be pre-approved for recertification credit."

Tweet Like Email LinkedIn

Can Employers Ask For Applicants' W-2 or Tax Returns?

First it was Facebook passwords, now it is financials. It is becoming more regular that employers ask job applicants for a W-2 or tax returns in order to verify past salary or employment information. Kathleen Pender of the San Francisco Chronicle wrote a story on this interesting issue. Given the tough job market, many job seekers are feeling obligated to provide such information. While many people have the gut reaction that this type of request is improper, as the article notes, there is arguably nothing legally that limits employers from asking for this information.

Of course, the improper use of this information could result in liability for the employer who obtains the information. And, as noted in the article, employers who ask for this information only from individuals in protected classes (such as for race, gender, etc…) would be violating discrimination laws.

It is also interesting to note that the newly adopted Labor Code provision that only allows employers to conduct credit checks (referred to as a consumer credit report in the law) for certain types of employees, provides an exclusion that allows employers to ask for information that verifies income or employment. The law, Labor Code section 1024.5 took effect at the beginning of this year, and defines a consumer credit report as follows:

(1) "Consumer credit report" has the same meaning as defined in subdivision (c) of Section 1785.3 of the Civil Code, but does not include a report that (A) verifies income or employment, and (B) does not include credit-related information, such as credit history, credit score, or credit record.

Because a consumer credit report is defined as excluding verification of “income or employment,” employers asking for W-2s or tax returns would not trigger this provision of the Labor Code. However, as the article notes, it appears that employers are incorporating requests to verify applicant’s pass salary as part of a general background check process. Depending on the facts on the type of information obtained in the background check, it could be argued that the overall background check conducted in these circumstances may constitute one that is covered by Labor Code section 1024.5. If that is the case, the employer has additional objections under the law, and may actually be restricted from performing the background check in the first place.

Tweet Like Email LinkedIn

Everyone Needs To Calm Down About Social Media And The Law

I would love to be able to tell my clients that the Internet and social media has created a very complex set of legal issues that requires them to hire me in order to help develop all new handbook policies, change the way they conduct background checks on applicants, and monitor their employees. However, unfortunately, this is not the case. Employers and employees need to calm down a bit. I cringe when I hear employment lawyers (and Facebook’s Chief Privacy Officer recent comments about employers asking to have employee’s Facebook passwords) advising people to refrain from using the Internet to do background checks on applicants because it may reveal that they are in a protected category, and then this could (possibly) be grounds for a discrimination case. Are these same lawyers advising their clients not to conduct interviews because during a face to face interview the employer will learn the same information? And just because the employer knows that an applicant or employee is in a protect class does not mean that discrimination occurred if it takes an adverse employment action against the applicant or employee. Sure, all employers are subject to frivolous legal actions. But, as I tell my clients, there are only two things my clients and I can control: (1) the advice I give them about how to act according to the law, and (2) whether my clients listen to my advice and act accordingly. The one thing we cannot control, no matter how hard we wish we could, is being able to stop people from filing a baseless lawsuit.

We’ve had the Internet since the 1970’s, and it became mainstream in the 1990’s. I would argue that most people (at least in the U.S.) have had experience on the Internet for at least a decade now. There has not been a lot of case law that has changed the way employment lawyers advise their clients on new human resources policies given the advent of the Internet and social media.

Have the courts simply not caught up with these "new" developments?

As typical lawyers always suggests at this point - courts are slow to deal with emerging technology issues, but I don’t think that is a play here. Courts are slow, but we’ve been actively using the Internet for a decade now. They are not that slow, and I think rather that the rules that were already in place and governed employer’s and employee’s activities were and still are sufficient in addressing the vast majority of the employment issues involving the Internet and social media. Sure, on the fringes there are a few technical items that may be the exception to this, but for the vast majority of employers the Internet and social media does not change much about how HR should conduct itself. The basic analysis regarding monitoring and employee’s off work conduct and right to privacy – the issues usually at play in these types of cases – is the same if the conduct at issue was done off the Internet. I would even argue that privacy cases usually are easier when it involves a posting on the Internet, as no one has any reasonable expectation of privacy in such a public disclosure.

What about social media policies?

That usually leads to the next question, “What about social media policies?” Again, most employers probably don’t need a specific social media policy.  And a basic policy (if you really think a social media policy is necessary) that the employer may terminate or discipline an employee for anything they do on the Internet if the employer could terminate or discipline the employee if the conduct at issue did not occur on the Internet would normally be sufficient.

Employers, lawyers, and employees need to take a step back and realize that even though we have these great new technological advances, the law developed before this technology does a pretty good job at resolving these issues in the employment context.

Tweet Like Email LinkedIn

Employers Requiring Employees To Provide Facebook Passwords

There are more reports of employers requiring applicants and employees to provide their passwords to their Facebook pages so that the employers can get a more accurate view of the employee’s character. I wrote about this issue a couple of years ago regarding the City of Bozeman requiring passwords from applicants. Apart from being a bad recruiting move, I believe it could arguably run afoul of California law as well.

Legality aside, employers that require this information will simply not get qualified applicants. I expect that most applicants or employees would simply refuse to provide this information. In addition, only people that don’t use social media much would have no problems with turning over their passwords. But companies need employees who understand social media these days, not someone who lacks initiative and some basic curiosity to at least log on to Facebook to see what the rest of the world is talking about.

In addition, there may be some real challenges against employers in California who require this information. First off, in California, Article I, Section I of the California Constitution guarantees citizens a right of privacy:

All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.

This right to privacy carries over to the workplace, but is even more protected when the employee is conducting personal activities during non-working hours. A person’s privacy expectation in their Facebook posts is very low since it is on the Internet. But one could argue that off-work conduct (which includes Facebook activity) is part of the employee’s privacy right recognized in the California Constitution.

Furthermore, section 96(k) of the Labor Code provides that the California Labor Commissioner may assert on behalf of employees:

Claims for loss of wages as the result of demotion, suspension, or discharge from employment for lawful conduct occurring during nonworking hours away from the employer’s premises.

For example, in Barbee v. Household Automotive Finance Corp. (2003), a court provided some guidance about the ramifications of section 96(k). Barbee was dating a subordinate at work, which violated the company’s policy and created a conflict of interest. The company gave Barbee and the employee with whom he was involved the option that one of them had to resign or to end the relationship. Barbee refused to resign, and they did not end the relationship, so the company terminated Barbee. Barbee sued, arguing that the company violated Labor Code section 96(k) in that his employer was regulating his lawful conduct during personal time. The court rejected Barbee’s argument in stating:

We conclude that Labor Code section 96, subdivision (k) does not set forth an independent public policy that provides employees with any substantive rights, but, rather, merely establishes a procedure by which the Labor Commissioner may assert, on behalf of employees, recognized constitutional rights. Therefore, in order to prevail on his wrongful termination claim, Barbee must establish that his employment was terminated because he asserted civil rights guaranteed by
article I of the California Constitution. We conclude that Barbee cannot make this showing and therefore he cannot establish the first necessary element of his wrongful termination claim.

While the court held that the company’s actions in that case did not violate section 96(k), the facts were very favorable to the employer, and there are other arguments available to employees. For example, an employee may also argue violation of Labor Code Section 98.6 which states in part that “no person shall discharge any employee ... because the employee … engaged in any conduct delineated in this chapter, including the conduct described in subdivision (k) of Section 96 ….”
Unfortunately, there are not many reported cases dealing with these issues. However, with the ubiquity of Facebook and other social medial sites, legislatures and courts will undoubtedly need to weight into these issues.

Tweet Like Email LinkedIn

Is The Jury Still Out On Social Media Background Checks?

Mat Honan at Gizmodo wrote recently about a new company that helps employers search applicant’s “internet background” to assist in the hiring process. As Mat rightly points out, much of the concern over this “new technology” is overblown, and as he puts it, "[e]mployers would have to be stupid not to Google job candidates."  As I have pointed out before, much of the unduly concern is that lawyers don’t understand the technology, and therefore if they don’t understand it, their client’s use of the technology can only lead to bad things.

I think Guy Kawasaki had a great perspective on this issue when I recently interviewed him. He said he would be worried about a job applicant who did not have a Facebook page: what is wrong with this person? Is he anti-social? Is he not with the times or just simply does not understand simple technology? As Mat points out as well, with some common sense a job applicant can easily manage the results of an online search by being careful about which information he or she provides to the employer. For example, an internet search for the job applicant’s private email address might turn up more personal information than if the applicant has a separate email they only use for work purposes and lists on their c.v.

From the employer’s perspective I don’t think the analysis changes much for searching employees background on the Internet:

Generally, under Federal law, employers may utilize social networking sites to conduct background checks on employees if:

  1. The employer and/or its agents conduct the background check themselves;
  2. The site is readily accessible to the public;
  3. The employer does not need to create a false alias to access the site;
  4. The employer does not have to provide any false information to gain access to the site; and
  5. The employer does not use the information learned from the site in a discriminatory manner or otherwise prohibited by law.
Tweet Like Email LinkedIn

California Supreme Court holds employees' privacy rights not invaded by video surveillance

Plaintiffs Hernandez and Lopez were employed by Hillsides Children Center, Inc., which provided services to children with special needs and who were abused. Hillsides discovered that someone was accessing pornographic websites on a computer located in the Plaintiffs’ office late in the evening. 

The employer, citing its mission to protect abused children and to protect itself from any legal liability, installed a video camera in Plaintiffs’ office to identify the perpetrator. Because the websites were only being access at night, the video camera did not record any of Plaintiffs’ activities during the day, and was only turned on at night. The perpetrator was not caught.  But Plaintiffs’ discovered the video camera in the office, and filed this lawsuit for violation of their privacy rights.

The California Supreme Court noted that to succeed on their privacy claims, Plaintiffs would need to prove that:

  1. The plaintiff must possess a legally protected privacy interest,
  2. The plaintiff’s expectations of privacy must be reasonable, and
  3. The plaintiff must show that the intrusion is so serious in nature, scope, and actual or potential impact as to constitute an egregious breach of social norms.

The Court noted that Plaintiffs were able to establish violation of the first two elements in this case– that the employer intentionally intruded into the Plaintiffs’ office in which they had a reasonable expectation of privacy.

Offensiveness of the employer’s action

However, the Court held that Plaintiffs did not meet their burden of proof for the third element. First, the Court held that the degree and setting of the intrusion into Plaintiffs’ privacy was not very high. The Court noted that the “place, time, and scope” of defendant’s surveillance was not highly offensive. Second, the Court looked at the employers motive and justifications for conducting the surveillance – which had no element of being improper in this case. Given nature Hillsides’ business of helping abused children, it was taking proper action to prevent any possible harm to them. Given these factors, the Court found that the Plaintiffs could not, as a matter of law, prove that a reasonable person would find the intrusion into their privacy offensive.

Take away for employers

  • Do not assume that you have the right to monitor employees during working hours. As the case establishes, employees still have reasonable expectations of privacy at work.
  • Do not assume a computer monitoring policy applies to video and audio surveillance. The employer in this case tried to argue that the computer monitoring policy diminished Plaintiffs’ expectation of privacy at work, but the Court disagreed because the policy never mentioned the possibility that employees could be videotaped at work.

The case, Hernandez v. Hillsides, Inc. can be read here (PDF).
 

Tweet Like Email LinkedIn

Job Applicants Asked To Provide Their Passwords To Social Networking Sites

The City of Bozeman, Montana asked job applicants to provide their user names and login information to common social networking sites on their job applications. As you may expect, this has caused a major uproar from privacy groups.

Just over one-year ago, I was asked by employers about what legalities were involved in Googling a job applicant, or looking at their on-line presence before making a hiring decision. It seems now, however, that once employees realized that their on-line presence is not so private, they began to restrict who could view this information on the Internet.

The city of Bozeman apparently was not happy with the increasing sophistication of people posting information on the Internet, resulting in it being shutout of viewing job applicants’ Facebook pages. So the city simply started to ask job applicants to provide their user names and passwords to social networking sites. The application provides:

Please list any and all current personal or business Web sites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.

Many people and groups, such as the ACLU, have objected to this request arguing that it violates the job applicants’ privacy rights. As a result of the criticism it received, the city said that it will likely remove the request for user names and passwords, but may still require job applicants to “friend” the city in Facebook so that the city could still see what is posted.

I think this policy goes too far. Irrespective of the legal privacy questions raised, I do not think it would be a good hiring practice for an employer. I, for one, (and I think a lot of other people) would simply refuse to provide this information. If the city disqualifies job applicants who do not provide the information (which is claims it does not do), it is limiting its potential workforce of qualified people. Employees using these technologies are computer savy and are at least motivated enough to learn and try new technology. The job applicants who most likely will not have a problem in providing this information are those who do not know how to use a computer or the Internet and do not have any social networking accounts. Are these really the best qualified employees? In today’s workforce, a working knowledge of the Internet and social networking sites is almost a necessity. Businesses are learning about these new mediums and are discovering new ways of advertising and conducting business. It would be a detriment to not have employees who at least know what technology is available and is commonly used.

I also think that this incident will begin the discussion about people’s privacy interest in this type of information. The more and more people begin to “live” on the Internet, state legislatures will probably begin to define specifically what employers can and cannot ask for from employees.

Other articles of interest I’ve written related to employee's on-line privacy in the workplace:

California Appellate Court Holds Postings On MySpace.com Are Not Private

Can An Employer Be Liable For Not Googling A Job Applicant?

Google Latitude In The Workplace

 

Tweet Like Email LinkedIn

Employee's Personal Data On Company Computers And Devices

The Wall Street Journal recently wrote about how employees are surprised after being given notice that they have been laid-off that they cannot retrieve personal (and business related) information from their computers. The author notes that with advances in technology that often times blur the boundaries between work and personal pursuits, many employees are hit really hard when they cannot retrieve their personal contacts from their work PDA or computer:

As layoffs sweep across industries, employees' personal information is winding up in the dustbin, as well. Most workers know better than to store personal files on their office computer. But employees who spend the majority of their time at the office often treat the company PC as their personal gadget, filling it with music, photos, personal contacts -- even using the computer's calendar to track a child's soccer schedule. That makes it all the more distressing when a newly laid-off worker learns that his digital belongings are company property.

The author correctly notes that what information is the employee’s as opposed to the employers is probably going to be set forth in and governed by the employer’s policies. Often times these policies will be provided to the employee when he or she first starts:

Employees worried about their job security should review the forms they signed when they were hired. They should look at the company's electronic communications policy, employee guidelines and non-compete agreements to make sure they understand everything properly. When employees sign these agreements, they should also make copies to save at home, too, Ms. Yancey says. Those that break these agreements risk being fired or sued by their employer, she adds.

It is important to note that in California, it is extremely difficult for employers to enforce non-competition agreements due to a California Supreme Court ruling in Edwards v. Arthur Andersen last year. California employers can still protect company information through other means, such as establishing that the information is a trade secret, or is proprietary information.

Steps California Employers Should Take To Avoid Litigation Over Electronic Data

  • California employers need to establish a clear policy that establishes that the employee does not have any privacy expectation in any data stored on company owned computers or devises.
  • The policy should establish that all aspects of an employee’s use of company equipment can be monitored.
  • Employers need to have the employees sign an acknowledgment of electronic data and monitoring policy.
  • The employer should remind employees of the electronic data policy at least every year.
  • If employers do have trade secrets, they need to maintain strict protocols to ensure that only employees with a “need to know” have access to the information and take steps to ensure that the information is protected.
  • If an employee who has been laid off requests personal information from his or her computer such as family pictures, an employer’s accommodation of this request will be somewhat of a step towards minimizing the employee’s ill-will towards the company (and less likely to pursue litigation against the company).
     
Tweet Like Email LinkedIn

Google Latitude In The Workplace

Google Latitude, a new Google application allows users to track the physical location of other people through a mobile phone or computer. While the GPS tracking technology is nothing new, the amazing aspect of this is how inexpensive tracking technology has become. Many employers have already implemented GPS tracking, but now with Google’s basically free service many more employers will look to this technology to help manage their workforce. However, there are already concerns about individual privacy rights being voiced about this technology, and employers should be aware of employee’s privacy rights before using this technology.

First off, in California, Article I, Section I of the California Constitution guarantees citizens a right of privacy:

All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.

This right to privacy carries over to the workplace. Furthermore, section 96(k) of the Labor Code provides that the California Labor Commissioner may assert on behalf of employees:

Claims for loss of wages as the result of demotion, suspension, or discharge from employment for lawful conduct occurring during nonworking hours away from the employer’s premises.

In Barbee v. Household Automotive Finance Corp. (2003), a court provided some guidance about the ramifications of section 96(k). Barbee was dating a subordinate at work, which violated the company’s policy and created a conflict of interest. The company gave Barbee and the employee with whom he was involved the option that one of them had to resign or to end the relationship. Barbee refused to resign, and they did not end the relationship, so the company terminated Barbee. Barbee sued, arguing that the company violated Labor Code section 96(k) in that his employer was regulating his lawful conduct during personal time. The court rejected Barbee’s argument in stating:

We conclude that Labor Code section 96, subdivision (k) does not set forth an independent public policy that provides employees with any substantive rights, but, rather, merely establishes a procedure by which the Labor Commissioner may assert, on behalf of employees, recognized constitutional rights. Therefore, in order to prevail on his wrongful termination claim, Barbee must establish that his employment was terminated because he asserted civil rights guaranteed by article I of the California Constitution. We conclude that Barbee cannot make this showing and therefore he cannot establish the first necessary element of his wrongful termination claim.

While the court held that the company’s actions in that case did not violate section 96(k), the facts were very favorable to the employer that are not applicable when dealing with privacy rights and GPS tracking.  Also and there are other arguments available to employees. For example, an employee may also argue violation of Labor Code Section 98.6 which states in part that “no person shall discharge any employee ... because the employee … engaged in any conduct delineated in this chapter, including the conduct described in subdivision (k) of Section 96 ….”

Therefore, there are a few minimum steps employers should take when using tracking technology in the workplace:

  1. Develop a policy about how the company will use GPS tracking in the workplace.
  2. Disclose the policy in writing to the employees.
  3. Pay for the device or software that is required for the tracking (requiring employees to pay for business expenses violates Labor Code section 2802).
  4. Allow the employee to turn the GPS device off when not working during the day, such as during lunch breaks, on personal time, or after they have left for the day.
     
Tweet Like Email LinkedIn