Employee Privacy

California is the latest state to enact legislation restricting the circumstances under which employers or schools can demand access to employees’ or students’ personal social media accounts.

California Gov. Jerry Brown signed two bills into law on Sept. 27.  The first, A.B. 1844, bars employers from requiring or requesting that employees or job applicants disclose personal social media usernames or passwords, access personal social media accounts in the employer’s presence, or otherwise “[d]ivulge any personal social media.” Employers are barred from firing or otherwise retaliating against anyone who refuses to comply with a request that is prohibited under the law. Employers may require employees to disclose information needed to access employer-issued devices and may request access to personal social media the employer reasonably believes is relevant to a misconduct investigation.

S.B. 1349 creates parallel protections for students, prospective students and student groups at public and private colleges and universities.Continue Reading New California Laws Restrict Employer, College Access to Personal Social-Media Content

By Brian Ryoo

On May 30, National Labor Relations Board (“NLRB”) Acting General Counsel Lafe E. Solomon issued his third report on employer social media issues, focusing on “overbroad” employer social media policies.  The report expresses concern about “ambiguous [policies] that contain no limiting language or context” and give employees insufficient notice of their protected rights under the National Labor Relations Act (“NLRA”).  The report describes several recent cases in which the agency found employer social media policies to be unlawful, and it appends an example of a social media policy that is lawful from the NLRB perspective. 

Section 7 of the NLRA protects certain employee rights, such as the right to self-organization, to form, join, or assist labor organizations, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection.  This protection applies to employees at almost all private employers, whether they have wage or non-supervisory, salaried employees.  NLRB case law interprets the Act to prohibit any work rule that “would reasonably tend to chill employees in the exercise of their Section 7 rights”― a prohibition that it has found implicated by overbroad employer social media policies.

Solomon’s report indicates that NLRB enforcement activity has focused on circumstances in which employers had issued a blanket ban on a broad spectrum of social media activities without including limiting language or clarifying that the rules do not restrict rights protected under Section 7.  Rules that the NLRB will consider lawful “clarify and restrict their scope by including examples of clearly illegal or unprotected conduct, such that they would not reasonably be construed to cover protected activity.”Continue Reading NLRB Issues Updated Report on “Overbroad” Social Media Policies

A federal district court in New Jersey ruled this week that an employer might have invaded an employee’s common-law privacy rights by coercing a co-worker into giving the employer access to the employee’s Facebook profile.

The plaintiff, a nurse and paramedic employed by a non-profit hospital service corporation, alleges that her supervisor forced a co-worker who was one of the plaintiff’s Facebook friends to log into Facebook in front of the supervisor so the supervisor could see the plaintiff’s postings. The complaint alleges the supervisor viewed and copied several of the plaintiff’s posts, including a comment implying that paramedics should not have saved a man who shot and killed a guard at the United States Holocaust Memorial Museum in Washington, D.C. The complaint alleges that the employer sent letters about the post to state regulators in a “malicious” attempt to damage the plaintiff’s reputation and employment opportunities. The defendants asked the court to dismiss the plaintiff’s common law invasion of privacy claim and her claim under New Jersey’s Wiretapping and Electronic Surveillance Control Act.Continue Reading N.J. Federal Court: Privacy Claim Based on Coerced Access to Employee’s Facebook Posts May Proceed

Lawmakers in Maryland and Illinois have introduced bills that would prohibit employers from requiring job applicants or employees to grant access to their social networking accounts.  The bills arose from reports that employers have impliedly or explicitly required access to social networking accounts as a condition of hiring or employment.

Continue Reading Maryland and Illinois Introduce Bills to Limit Employer Access to Employees’ Social Networking Accounts

Earlier this week, California became the latest state to restrict the use of consumer credit reports in the employment context, as Gov. Jerry Brown signed into law A.B. 22.  As we previously have blogged, a growing number of states–including Connecticut, Hawaii, Illinois, Oregon, Washington, and Maryland–have augmented the protections provided by the federal Fair Credit Reporting Act (“FCRA”) with laws that further limit the ways in which credit reports may be used in making employment decisions. Continue Reading New California Law Restricts Use of Credit Reports for Employment Purposes

Yesterday, the Missouri State Senate voted unanimously to repeal controversial portions of the state’s Amy Hestir Student Protection Act, which restricts how teachers can use the Internet.  If passed by the state House and signed by the governor, the repeal bill would eliminate restrictions on teachers’ maintenance of non-public

Continue Reading Missouri Closer to Repealing Controversial Restrictions on Teachers’ Internet Use

Your company has just launched an innovative new social media service, and you’ve received fanfare from the press, increased website traffic, and a spike in advertising revenues.  In short, the service is a complete success — until you’re served with a class action complaint seeking millions of dollars in damages and a civil investigative demand from the FTC.  What did you do wrong, and what can you do to get out of this mess?

That’s the question that I recently explored as a part of a panel at the summer meeting of the Virginia Bar Association on the benefits and risks of social media.  On the panel, we discussed the many ways that social media has influenced law and policy over the past few months and highlighted what businesses and their lawyers need to understand about privacy issues online in order to avoid litigation and regulatory enforcement.

One of the main reasons that companies face litigation and investigations in the social media area is that they haven’t fully evaluated the information that they are collecting through social media and how that information is (or could be) used.  That is why the discussion on privacy today is coalescing around the concept of “privacy by design,” which Kashmir Hill at Forbes recently described as companies “bak[ing] privacy into their products” rather than considering privacy only reactively.  (You can read more about privacy by design here.)Continue Reading Social Media: Legal Risks and Rewards

A new bill has been introduced in the Illinois legislature that would make it illegal for employers to ask prospective employees for access to their social network profiles.  The bill, H.B. 3782, would amend the Illinois Right to Privacy in the Workplace Act to provide that employers may not ask

Continue Reading Illinois Bill Would Ban Employer Demands for Job Applicant Social Network Credentials

Following last year’s Supreme Court decision in Quon v. Arch Wireless, a case that Yaron Dori and I explored in an earlier E-Commerce Law Reports article, courts across the country have been struggling to balance employers’ right to monitor employees’ electronic communications against employees’ privacy rights.  The latest volley in this area is an opinion released last week by a California appellate court in the case of Holmes v. Petrovich Development Company, LLC.

In Petrovich, the California Court of Appeal confronted the question of what happens when an employee uses her business email system to seek legal advice.  The plaintiff in the case, Julie Holmes, claimed that her employer and coworkers reacted negatively to her announced plans to take maternity leave, and she used her work email to contact a lawyer about a lawsuit against the company.  When the employer obtained those emails and introduced them as evidence against Holmes in the lawsuit, Holmes claimed that they were protected by the attorney-client privilege.

The court disagreed, finding that Holmes’ employer had made clear to her that business emails were not private and that office computers would be monitored to ensure that they were used only for business purposes.  Because of this clear policy, the court concluded that Holmes’ emails were “akin to consulting her attorney in one of defendants’ conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by Petrovich would be privileged.”Continue Reading No More Secrets? Employee Emails Not Protected by Attorney-Client Privilege