INTELLECTUAL PROPERTYCourse Handbook Series

Number G-1186

Fifteenth AnnualInstitute on Privacy

andData Security Law

Volume Two

Co-ChairsFrancoise GilbertJohn B. Kennedy

Lisa J. SottoThomas J. Smedinghoff

To order this book, call (800) 260-4PLI or fax us at (800) 321-0093. Ask ourCustomer Service Department for PLI Order Number 51896, Dept. BAV5.

Practising Law Institute1177 Avenue of the Americas

New York, New York 10036

42

Privacy Developments in the Digital Workplace (March 3, 2014)

Philip L. Gordon

Littler Mendelson, P.C.

If you find this article helpful, you can learn more about the subject by going to www.pli.edu to view the on demand program or segment for which it was written.

2-555

2-556

3

I. SOCIAL MEDIA AND THE HIRING PROCESS

A. Key Trends In Social Media Checks

Social media has become a critical element in the hiring and/or recruiting process for many employers. By way of illustration, as of February 28, 2014, LinkedIn boasted more than 277 million regis-tered users in more than 200 countries and territories,1 and LinkedIn members had performed over 5.7 billion professionally-oriented searches on the platform in 2012. Those 5.7 billion searches were not limited to individuals seeking jobs, professional connections or merely long lost friends, but also included prospective employer representatives searching for qualified candidates or simply monitor-ing employees’ online representations about themselves and the company.2

In 2013, Jobvite, a web-based recruiting platform, surveyed over 1,000 human resources and recruiting professionals to determine whether and how job recruiters are screening job candidates on different social networks.3 Ninety-four percent (94%) of respondents stated that they use or plan to use social media for recruiting. Seventy-eight percent (78%) responded they successfully hired a candidate through social networks. Forty-nine percent (49%) of recruiters who used social recruiting saw an increase in the quality of candidates. The survey responses further reflected a growing interest in reviewing candidates’ profiles during the hiring process. LinkedIn is the most used social media site of the “Big Three”: ninety-four percent (94%) of employers use LinkedIn, sixty-five percent (65%) use Facebook, and fifty-five percent (55%) use Twitter.4

Social media monitoring service Reppler also recently surveyed over 300 hiring professionals to determine when and how job recruiters are screening job candidates on different social networks.5 Employers tend to review social media at the early stages of the hiring process. Forty-seven percent (47%) of employers review an

1. About LinkedIn, LINKEDIN (last accessed on February 28, 2014), http://www.

linkedin.com/company/linkedin?trk=tabs_biz_home. 2. See generally, REPPLER, supra note 7. 3. Social Recruiting Survey Results 2013, JOBVITE, http://web.jobvite.com/rs/jobvite/

images/Jobvite_SocialRecruiting2013.pdf. 4. Id. 5. REPPLER, supra note 7.

2-557

4

applicant’s social networking sites after the employer receives an application, while twenty-seven percent (27%) of employers review social networking sites following an initial conversation with an applicant. By contrast, only nineteen percent (19%) of employers check social media sites after detailed conversations with applicants or right before making an offer.6

Many employers look to social networking sites to screen employees for red flags such as drug use, heavy drinking, badmouth-ing former employers, and lying about one’s qualifications.7,8 Indeed, sixty-nine percent (69%) of employers passed over a candidate based on information gleaned from the candidate’s social networking profile. For example, fifty-one percent (51%) of employers reported that they rejected candidates after finding inappropriate or discriminatory content or photos, including content about activities such as drug or alcohol use. Eighteen percent (18%) of employers reported they rejected candidates after finding that the applicant posted negative comments or confidential information regarding his or her previous employer on a social media website. Thirteen percent (13%) of employers reported they rejected candidates after learning from a social networking site that the candidate lied about his or her job qualifications.9 10

6. Id. 7. Job Screening with Social Networks: How Are Employers Screening Job Appli-

cants? REPPLER (Oct. 2011), http://blog.reppler.com/2011/09/27/managing-your-online-image-across-social-networks/.

8. In another recent study, researchers hired human resources-type recruiters and asked them to rate hundreds of Facebook pages according to how employable they seemed, and then six months later asked employers about those persons’ job per-formances. The researchers found a “strong correlation between those employers’ reviews and the employability predictions they had made based on folks’ profile pages,” and thus the “[k]ey takeaway for hiring employers: The Facebook page is the first interview; if you don’t like a person there, you probably won’t like working with them.” Kashmir Hill, Facebook Can Tell You If A Person Is Worth Hiring, FORBES (Mar. 5, 2012), http://www.forbes.com/sites/kashmirhill/2012/03/05/ facebook-can-tell-you-if-a-person-is-worth-hiring/ (citing Donald Kluemper, Peter Rosen, & Kevin Mossholder, Social Networking Websites, Personality Ratings, and the Organizational Context: More Than Meets The Eye?, J. OF APPLIED SOC. PSYCHOL. (Feb. 1, 2012)).

9. Id. 10. In contrast to the findings by the Jobvite and Reppler surveys, a recent survey by

the Society of Human Resources Management (SHRM) suggests a much lower use of social media to screen applicants. According to this study, only twenty-six

2-558

5

B. Application Of The Fair Credit Reporting Act To Social Media Checks

Social networking sites provide a unique, and often helpful, perspective into a job applicant or employee’s lifestyle and off-duty conduct, and thus can be an attractive source of information for employers. Many employers, however, may not realize that checking applicants’ or employees’ social media sites could trigger an obligation to comply with the federal Fair Credit Reporting Act (FCRA). The FCRA may apply when employers use a vendor to conduct social media checks. For example, on May 9, 2011, the Federal Trade Commission concluded that Social Intelligence Cor-poration, a vendor that provides internet and social media background screening service for employers, is a consumer reporting agency under the FCRA.11 Consequently, an employer that uses an outside vendor, like Social Intelligence Corporation, to conduct a social media background check must comply with the FCRA’s four-step procedural framework before taking adverse action based on the vendor’s report.

The four steps are as follows: (a) provide the applicant with prior notice of the background check and obtain the applicant’s consent; (b) if relying on information from the social media screen as the reason for adverse action, send the applicant a pre-adverse action notice; (c) permit the applicant at least five (5) business days to dispute information in the report with the consumer reporting agency; and (d) send the applicant a final adverse action notice.

Mobile applications (“apps”) provide an even more subtle “FCRA trap” for employers. The app known as “Been Verified,” for

percent (26%) of employers used online search engines to screen applicants during the hiring process, which is a decline from 2008 when thirty-four percent (34%) reported using online search-engines. Sixty-four percent (64%) of employers report they never used online search-engines to screen applicants or used them in the past but no longer do so. The Use of Social Networking Websites and Online Search Engines in Screening Job Candidates, SOCIETY FOR HUMAN RESOURCE MANAGEMENT (Aug. 25, 2011). It is difficult to reconcile the two studies, but one possible explanation is that the differences arise from the type of positions held by the respondents (e.g., whether the respondent was a hiring professional versus an employer’s human resources personnel.)

11. Letter from Mithal, Maneesha, Associate Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection Federal Trade Commission, to Rene Jackson, Nixon Peabody LLP (May 9, 2011).

2-559

6

example, runs checks of an individual’s criminal history and property records for just $2.00; for an additional $2.00, the user can obtain searches of the individual’s social sites, Amazon reading lists and Pandora play lists.12 This type of app effectively permits an employee interviewing a candidate to conduct a “mini-background check” without the employer even knowing about it.

Even though the app is not a bricks-and-mortar background check vendor, use of the app likely constitutes a background check subject to the FCRA. On February 7, 2012, the Federal Trade Com-mission (FTC) warned mobile app marketers who provide background screening services that they may be violating the FCRA. The letters stated, “If you [the mobile app marketer] have reason to believe that your background reports are being used for employment or other FCRA purposes, you and your customers who are using your reports for such purposes must comply with the FCRA.”13 And in January 2013, the Federal Trade Commission settled its first FCRA case involving mobile apps against an app marketer.14 The settlement order “bars the respondents from furnishing a consumer report to anyone they do not have reason to believe has a ‘permissible purpose’ to use the report, failing to take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports, and failing to provide users of its reports with information about their obligations under the FCRA.”15 The lesson gleaned from this settlement to employers is this: whenever an employee runs a “mini-background check” on an applicant through a mobile app, the employee is exposing his or her employer to potential liability under the FCRA. To mitigate this risk, employers should consider implementing a policy that prohibits employees from using mobile apps to obtain information about candidates or other employees, or

12. See Tony Bradley, Controversial App Provides Background Checks On the Go,

PCWORLD (Jan. 20 2010), http://www.pcworld.com/businesscenter/article/187304/ controversial_app_provides_background_checks_on_the_go.html.

13. FTC Warns Marketers That Mobile Apps May Violate Fair Credit Reporting Act: Agency Sends Letter to Marketers of Six Apps for Background Screening, FEDERAL TRADE COMMISSION (Feb. 7, 2012), http://www.ftc.gov/opa/2012/02/mobile apps.shtm.

14. Marketers of Criminal Background Screening Reports To Settle FTC Charges They Violated Fair Credit Reporting Act, Federal Trade Commission (Jan. 10, 2013), http://www.ftc.gov/opa/2013/01/filiquarian.shtm.

15. Id.

2-560

7

else should assume that mobile app searches are covered by the FCRA and ensure that such apps are used in full compliance with the FCRA’s requirements.16

There are two important exceptions to the application of the FCRA to social media background checks. First, the FCRA does not apply when the employer’s own employees conduct their own searches of social media for information about employees, or even when employees “Google” or use some other search engine to collect information about a candidate or co-worker. In these circumstances, the FCRA does not apply because the employer is not using a consumer reporting agency. Second, an employer is not required to comply with the FCRA’s procedural framework when investigating suspected misconduct related to employment, even if the employer uses a private investigator or other third party that falls within the definition of a consumer reporting agency. The FCRA expressly carves out such investigations from the four-step procedural framework discussed above as long as the employer provides the candidate with a summary of the investigation report on which the employer relies, in whole or in part, to take adverse action.17

C. Substantive Risks Arising From Social Media Checks

A Careerbuilder study conducted in 2013 indicates that more than forty-three percent (43%) of hiring managers who currently research candidates using social media reported they found information that caused them not to hire a candidate.18 At the same time, some employers also noted they found information that made a candidate appear more attractive or helped solidify the decision to extend a job offer.19 But even though social media provides a unique perspective into a job applicant or employee, employers also need to consider the

16. Philip Gordon & Jennifer Mora, New Background Check Mobile Web Application

May Jeopardize FCRA Compliance Obligations, LITTLER PRIVACY AND DATA PROTECTION GROUP (Jan. 27, 2010), http://privacyblog.littler.com/2010/01/articles/ background-checks/new-background-check-mobile-web-application-may-jeopardize-fcra-compliance-obligations/.

17. 18 U.S.C. §1681a(y). 18. More Employers Finding Reasons Not to Hire Candidates on Social Media, Finds

CareerBuilder Survey, CAREERBUILDER (June 27, 2013), http://www.careerbuilder. com/share/aboutus/pressreleasesdetail.aspx?id=pr766&sd=6/26/2013&ed=06/26/ 2013.

19. Id.

2-561

8

risks arising from how they use the information obtained through social media checks.

1. Is The Information Reliable And Relevant?

To begin with, the information may not be reliable. For example, the information could be false, such as “a Facebook persona created by a person with an axe to grind; a Facebook persona created by a person trying to make themselves or someone else look better; fake recommendation letters on LinkedIn; misleading photos on a webpage; a faux Twitter feed; etc.”20 Another consideration is whether the employer is sure the information it finds actually pertains to the individual the employer is screening. For example, if an employer is considering hiring a job candidate with a common name, determining whether Google search results based on that candidate’s name actually apply to the individual the employer is evaluating could be very difficult.21 Indeed, in 2012, in a Form 10-Q filing with the Securities and Exchange Commission, Facebook acknowledged that 8.7% of the accounts on the network are fake.22

Employers also should consider whether social media information is even relevant. For example, a social media site might include a five-year old photograph of a younger job applicant drunk or smoking marijuana. Further investigation could reveal that the photograph was taken during a college fraternity party and that since graduating from college, the applicant has married, had a child, and used alcohol only moderately if at all. An employer does not want to reject a capable candidate based on information that does not accurately reflect the applicant’s ability to do the job.

20. Youndy Cook, Priya Harjani, Peter Land, Employee’s Use of Web 2.0: Take this

Job and Twitter It, THE NATIONAL ASSOCIATION OF COLLEGE AND UNIVERSITY ATTORNEYS (Mar. 23, 2011).

21. Id. 22. Todd Wasserman, 83 Million Facebook Accounts Are Fake, MASHABLE (Aug. 2,

2012) http://mashable.com/2012/08/02/fake-facebook-accounts/; Facebook, Inc. United States Securities and Exchange Commission Form 10-Q (dated July 31, 2012), http://www.sec.gov/Archives/edgar/data/1326801/000119312512325997/ d371464d10q.htm#toc.

2-562

9

2. Can The Employer Lawfully Rely On The Information?

Social media also can include information that is not only irrelevant but also illegal to use when making a hiring decision. As such, it is important for employers to consider how to handle social media content in the hiring process. An applicant, for example, might post in social media concerning her bouts with an eating disorder, depression or childhood leukemia. Even more mundane, an applicant’s social media site could reveal that he is celebrating a birthday beyond the age of forty. This information might not otherwise be available to the employer through “traditional” hiring processes and, consequently, could support an applicant’s failure-to-hire claim.

Recently, trial-level cases in which social media recruiting tools and/or website recruiting efforts were used as evidence of discrimination as part of a challenged hiring practice. In reviewing social media, hiring managers will exclude or include candidates based on their own personal review of the background information. This subjective review of social media content is particularly vulnerable to litigation of discrimination claims, as plaintiffs in disparate-treatment cases can challenge subjective evaluations which might arguably manifest covert or unconscious discrimination.

Given this, an employer should be cautious about the social media content used to make subjective decisions in hiring. Postings and pictures may alert a potential employer to infor-mation protected by federal, state or local anti-discrimination laws. The posting might show a candidate at a rally for LGBT rights or reveal an affiliation with a disabled veterans group. Fictitious applicants might intentionally advertise the inclusion in protected groups to flush out discriminatory hiring practices. It can be a challenge for an employer to establish that the protected class information was not a factor in the hiring decision. Computer forensic evidence documenting that an interviewer visited social media sites and did not hire an otherwise qualified applicant may enable a plaintiff to defeat summary judgment and bring a case to trial.

Another cause of concern is the Genetic Information Nondis-crimination Act of 2008 (GINA), which generally prohibits an employer from obtaining genetic information. Title II of GINA makes it illegal not only to discriminate on the basis of genetic information but also to acquire genetic information about

2-563

10

applicants or employees. Because GINA broadly defines the term “genetic information” to include medical conditions of family members, reviewing an employee’s or applicant’s Facebook profile or other personal social media page could easily result in a violation. For example, if an employer found an employee’s status update stating that she is raising money for breast cancer in honor of her mother who died from the disease, just acquiring that information could be a violation of GINA.

GINA provides two exceptions to the rule that mere acquisition of employees’ “genetic information” by employers is illegal, which could apply to social checks.23 First, inadvertent acquisition of genetic information does not violate GINA. The EEOC provided the following example: when a manager or supervisor “inadvertently learns genetic information from a social media platform which he or she was given permission to access by the creator of the profile at issue (e.g., a supervisor and employee are connected on a social networking site and the employee provides family medical history on his page).”24 It is unclear whether this exception would apply, however, when an employer is intentionally acquiring as much information as possible through social media about a job applicant. However, even lawfully obtained genetic information may not be used in any manner as the basis for a hiring decision.

Second, when an employer accesses genetic information posted by an applicant in publicly available social media, that acquisition would be lawful because GINA recognizes another exception for genetic information that is commercially and publicly available. However, the EEOC regulations provide that media sources with “limited access” will not be considered commercially and publicly available.25 That is, this exception does not apply to genetic information obtained through sources such as social networking sites that require permission to access from a specific individual or where access is conditioned on membership in a particular group (unless the employer can show access is routinely granted to all who request it). The exception also does

23. The Genetic Information Nondiscrimination Act of 2008 (Pub.L. 110-233, 122

Stat. 881, enacted May 21, 2008). 24. http://bit.ly/9LUP85; http://www.eeoc.gov/laws/types/genetic.cfm. 25. Id.

2-564

11

not apply if the employer sought access to the publicly available source with the intent of obtaining genetic information (as opposed to general background information about an applicant or employee). The EEOC explained, “[f]or example, an employer who acquires genetic information by conducting an Internet search for the name of an employee and a particular genetic marker will not be protected by this exception, even if the information the employer ultimately obtained was from a source that is commercially and publicly available.”26

D. Emergence of Social Media Password Protection Laws In A Dozen States

Employers should also be cognizant of the increasing number of states that have enacted social media password laws which generally prohibit asking applicants or employees for password information to their social media accounts. In 2013 alone, nine states enacted some form of social media password protection legislation, bringing the total number of states to 12 since Maryland enacted the first such law in May 2012. Bills are currently pending in more than 20 other states. The current roster of states that have enacted such legislation include: Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Jersey, New Mexico, Oregon, Utah and Washington. These 12 states have created an unwieldy legislative patchwork that will leave many multi-state employers struggling to create a uniform policy. Nonetheless, a thorough review of the legislative hodgepodge does lead to several useful conclusions for employers, as described more fully below.

1. Prohibited Conduct By Employers

One of the only points of uniformity is the basic prohibition: all of these laws prohibit employers from requesting or requiring that applicants or employees disclose their user name, password, or other information needed to access a personal social media account. The notable exception is New Mexico, which applies the prohibition only to applicants.

The states with the most expansive legislation — Illinois, Michigan and Washington — also prohibit employers from

26. Id.

2-565

12

requiring that applicants or employees (a) accept a request, such as a Facebook “friend request,” that would permit access to restricted content; (b) permit the employer to observe their restricted social media content after they have logged in, i.e., “shoulder surfing”; and (c) change their privacy settings in a manner that would permit the employer to access their restricted social media content. Arkansas and Colorado do not expressly prohibit shoulder surfing. California, Michigan, New Jersey, and Oregon do not expressly prohibit requiring an applicant or employee to change privacy settings to permit employer access to restricted social media content. It remains an open question whether state courts will read these slightly narrower statutes and those statutes that prohibit only compelled disclosure of log-in credentials to encompass other methods for circumventing user-created restrictions on access to personal social media.

A majority of states expand on their access prohibition by applying it not only to social media but also to any personal online account. For example, the Nevada law defines “social media account” to mean “any electronic service or account or electronic content, including, without limitation, videos, photographs, blogs, video blogs, podcasts, instant and text messages, electronic mail programs or services, online services or Internet website profiles.” The states that most broadly define social media are Arkansas, California, Colorado, Maryland, Michigan, Nevada and Utah. By contrast, Illinois, New Mexico, New Jersey, Oregon, and Washington appear to apply their password protection laws only to social media accounts, excluding other personal online services from their laws’ purview.

The legislative patchwork also presents material differences regarding the target of an access request. In virtually all states, an employer is prohibited from seeking access to an applicant’s or employee’s own restricted social media content. California’s law appears to go one step further by prohibiting employers from asking an employee to help obtain access to the restricted social media content of a co-worker.

2. Exceptions To The General Prohibition

The range of exceptions to the general prohibition is even more dizzying than the range of prohibitions, although they are applicable only to employees and not applicants. All states, except for Illinois, expressly provide that employers can demand that

2-566

13

employees provide log-in credentials to non-personal accounts that are used for the employer’s business purposes. The precise formulation of these exceptions varies, but the gist of most of them is that if the employer creates or pays for the account, the general prohibition does not apply. Utah’s law takes this exception one step further by permitting employers to request the log-in credentials for a personal social media account that the employee uses to conduct the employer’s business.

The uniformity of the “non-personal account” exception evaporates with respect to workplace investigations. On this topic, the states break down into three camps. Three states — Illinois, Nevada and New Mexico — have no exception for workplace investigations. Five states — Arkansas, California, Michigan, New Jersey, and Utah — have what could be characterized as a broad exception. California’s exception, for example, reads as follows: “Nothing in this section shall affect an employer’s existing rights and obligations to request an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations, provided that the social media is used solely for purposes of that investigation or a related proceeding.” The remaining four states — Colorado, Maryland, Oregon and Washington — have relatively narrow exceptions for workplace investigations. The Colorado and Maryland laws, for example, permit requests for access to employees’ personal social media content only when necessary to investigate violations of securities laws or regulations or potential misappropriation of trade secrets. Notably, the states with a workplace investigation exception appear to permit the employer to require the disclosure only of social media content, not the employee’s log-in credentials.

Without an exception to the general rule, these password protection laws could interfere with the ability of broker-dealers and other employers to comply with statutory or regulatory requirements to monitor business-related posts by employees regardless of whether the account used to post is personal or employer-provided. Consequently, seven states have adopted language championed by the securities industry that appears to allow employers to request log-in credentials when required to comply with legal obligations or the rules of a self-regulatory organization such as the Financial Industry Regulatory Authority’s (FINRA) rules on the supervision of online communications.

2-567

14

These states include Arkansas, Michigan, Nevada, New Jersey, Oregon, Utah and Washington. Washington law, for example, provides as follows: “This section does not prevent an employer from complying with the requirements of state or federal statutes, rules or regulations, case law, or rules of self-regulatory organizations.” As noted above, two states — Colorado and Maryland — have adopted narrower exceptions that appear to permit requests for social media content to investigate compliance with securities laws or regulations.

These 12 password protection laws have several other variations. First, more than half of the states — Arkansas, Illinois, Michigan, New Mexico, New Jersey, Oregon and Utah — expressly state that it is not unlawful for employers to access publicly available social media content. While the remaining five states do not speak to this issue, there does not appear to be any viable basis for an applicant or employee to complain about an employer’s access to publicly available social media content. Second, three states — Arkansas, Oregon and Washington — expressly state that employers do not engage in prohibited conduct if they inadvertently acquire social media log-in credentials while monitoring corporate electronic resources as long as the employer does not use the information to access an employee’s personal social media. Finally, three states — Michigan, Oregon and Utah — confer on employers immunity from claims based on their failure to request or require that an applicant or employee provide access to restricted, personal social media content.

3. Available Remedies

The remedial schemes for violation of these laws vary even more substantially than the prohibitions and exceptions. In three states — Arkansas, Nevada and New Mexico — the statutes do not include a remedial provision and do not expressly incorporate one by reference. Two states — California and Colorado — provide no private right of action. The remaining states provide a private right of action with varying caps: Utah and Washington ($500); Michigan ($1,000); Illinois, Maryland and New Jersey (no cap); Oregon (unclear). Four states — California, Colorado, Illinois and Oregon — expressly create administrative remedies; the other states do not.

2-568

15

4. Permissible Conduct By Employers

Employers (especially multi-state employers) seeking to establish a uniform policy on access to applicants’ and employees’ personal social media content are faced with a legislative patch-work that can leave them scratching their heads. Despite these challenges, some conduct by employers is not prohibited under these laws. For instance, nothing in the password protection laws purports to regulate an employer’s access to publicly available social media content for applicants and employees. As mentioned above, however, employers do need to consider other factors when relying on publicly available social media content, such as whether the content is true and whether the content contains information on which an employer cannot lawfully rely for employment purposes. In addition, employers can use restricted social media content voluntarily provided to the employer. Employees routinely report voluntarily to HR about troubling social media content posted by co-workers. Nothing in the social media password protection laws restricts an employer’s ability to accept and act on this infor-mation, even if the incriminated employee has restricted access to his or her social media content.

E. Practical Steps To Reduce The Risks Of Social Media Checks

Employers should consider implementing the following steps to reduce the risks associated with social media checks: 1. An employer should determine when in the hiring process to

review social media. A large number of applicants subjected to social media searches could create statistical data supporting a disparate-impact case. It is advisable to limit social media review to applicants who pass at least an initial level of screening. Overall, an employer should review all applicants at the same stage in the hiring process.

2. Establish company policies that govern social media checks, including who is authorized to conduct the checks, which websites or methods may be used when conducting these checks, what information may properly be used in conducting these checks, and how the information found will be evaluated. The employer should develop a template to document the objective information that will be collected from a LinkedIn or

2-569

16

Facebook profile. If possible, employers should separate screeners from decision-makers. Screeners should redact any data that would show membership in a protected class or participation in a protected activity from screening reports. In addition, decision-makers and interviewers should be instructed not to conduct their own social media searches. However benign the searches may be, forensic computer analysis revealing a social media search could become the basis of a discrimination claim. Interviewers should be instructed to direct any open questions to human resources so that all searches are performed by trained personnel and administered in a manner consistent across all applicants.

3. If a consumer reporting agency is used to conduct social media checks, the employer should comply with the federal Fair Credit Reporting Act and any applicable state equivalents. The employer should provide applicants with a pre-adverse action and final adverse action notice if adverse action is taken on the basis of those reports.

4. After appropriate personnel are selected to perform social media searches, an employer should create clear guidelines for the scope of social media searches. Social media searches should be limited to publicly available content that does not require a password or “friend” status for access. It is generally not advisable, and is illegal in states with password protection laws, to ask applicants or employees for password information to their social media accounts. While the password protection laws have a range of exceptions applicable to requests for an employee’s log-in credentials, these exceptions generally do not apply in the context of the hiring process.

5. After social media content has been gathered, it is important to verify the content’s reliability. Given the unreliability of social media, having clear, consistent guidelines regarding how to verify all applicants’ and employees’ data is the best practice.

6. Provide applicants and employees the opportunity to rebut or explain adverse information regardless of whether the FCRA applies.

7. As the social media search, redaction, and analysis are conducted, an employer should maintain clear documentation of why the applicant was or was not hired; save and maintain any

2-570

17

unprofessional derogatory posts about protected categories; save and maintain tweets that demonstrate a commitment to the mission of the employer or lack thereof; and save both the profile showing protected categories and the redacted portion given to the interviewer. These records should be retained with applicable legal records-retention requirements and be consistent with the company’s corporate records-retention policy. In the event an applicant or employee alleges that an employer obtained restricted social media content in violation of a password protection law, the employer should be in a position to prove that it did not compel the applicant or employee to permit access by prohibited means. The employer can best avoid a “he-said-she-said” battle by producing documents showing the lawful means by which the employer obtained the social media content.

II. NLRA RESTRICTIONS ON DRAFTING LAWFUL SOCIAL MEDIA POLICIES AND DISCIPLINING EMPLOYEES BASED ON SOCIAL MEDIA POSTS

Most employers today have some form of presence on social media and consider employee social media use both a benefit and a burden. However, the parameters pursuant to which an employer can regulate and enforce limitations on employee social media use are constricted by the prohibitions against interfering with certain rights guaranteed to employees by the National Labor Relations Act (NLRA). Social media policies can be deemed patently unlawful under the NLRA and subject the employer to cease-and-desist and notice-posting remedies. Indeed, unlawful policies maintained during all or part of the “critical period” between the filing of a union election petition and the election date can be used to set aside the election results, even if the policies were not enforced. Finally, disciplining or discharging an employee pursuant to an unlawful social media policy constitutes an independent unfair labor practice when the employee violated the policy by engaging in activity protected by the NLRA. The offending employer may be subjected to an additional remedy, which includes reinstating the discharged employee and compensating him or her for any lost wages and benefits.

A. The NLRA Protects Concerted Activity By Employees

The National Labor Relations Board (NLRB) fosters its own set of ever-changing rules regarding when and under what circumstances an employer may lawfully regulate employees’ social media activity

2-571

18

and when and under what circumstances an employer may take action against an employee for social media conduct. The Board’s authority stems from Section 7 of the NLRA, which gives non-supervisory employees (unionized or not) the right to engage in “concerted” activity for “mutual aid or protection” related to the terms and conditions of their employment. The NLRA makes it an unfair labor practice for an employer to interfere with, restrain, or coerce employees in the exercise of the rights guaranteed in Section 7.27

The NLRB asks the following questions when determining whether an employee’s social media postings and other activity is protected by Section 7:

• Does it concern the terms and conditions of employment?

• Does it constitute “concerted” activity?

• Is it so opprobrious, disloyal, malicious, or disruptive to workplace discipline as to lose the protection of the NLRA? To constitute “concerted” activity, the employee must (1) act

with or on the authority of other employees and not solely by and on behalf of himself or herself; and (2) seek to initiate, induce or prepare for group action; or (3) bring authentic group complaints to the attention of management.28 Concerted activity includes (a) activity emanating from earlier discussions among employees and/or with management about the issue; (b) requests for assistance from other employees with respect to the issue; (c) references to future efforts to discuss the issue with the employer; and/or (d) co-workers’ responding to the posts and supporting the concerns as a group.

In general, “employee communications to third parties in an effort to obtain their support are protected [concerted activity] where the communication indicate[s] it is related to an ongoing dispute. . . and the communication is not so disloyal, reckless or maliciously untrue as to lose the Act’s protection.”29 Though the meaning of “disloyalty” is hotly debated,30 certain categories of speech have

27. 29 U.S.C. §158(a)(1). 28. 29 U.S.C. §157. 29. Am. Golf Corp., 330 NLRB 1238, 1240 (2000); NLRB v. Local Union No. 1229

(Jefferson Standard), 346 U.S. 464 (1953) (broadcasting station employees were unprotected when hand billing critical to the employer’s programming).

30. See, e.g., Sierra Publ’g Co. v. NLRB, 889 F.2d 210, 216 (9th Cir. 1989); Branscomb, supra, note 3, at 295.

2-572

19

emerged as being unprotected: (1) remarks that disparage the employer or its products,31 (2) confidentiality breaches32 and (3) recklessly or maliciously false accusations.33 Courts have applied different tests to determine when negative remarks about the employer or its products fall under Section 7’s disparagement exception. In general, disparaging “appeals to third parties forfeit [Section] 7 protection only if their connection to the employees’ working conditions is too attenuated or if they are unrelated to any grievance which the workers may have.”34 Although the tenor of the language seems to be a factor in the analysis,35 several federal courts of appeals and the NLRB have found employee speech protected even when that speech uses profanity or harsh language.36 Courts have held, however, that an employee’s remarks lost the protection of Section 7 when those remarks, which supported a union and protested recent layoffs, “constituted ‘a sharp, public, disparaging attack upon the quality of the company’s product and its business policies’ at a ‘critical time’ for the company.”37 Accordingly, the scope and rationale of the disparagement exception is unclear.

Although employees cannot be prohibited from discussing their own working conditions, they are not protected when disseminating information obtained in confidence (such as payroll information held in confidence by a payroll manager) or without authorization, even when it concerns terms and conditions of employment.38 Yet even

31. 1 The Developing Labor Law 211 (Patrick Hardin & John E. Higgins, Jr. eds., 4th

ed. 2001). 32. Nancy J. King, Labor Law for Managers of Non-Union Employees in Traditional

and Cyber Workplaces, 40 Am. Bus. L.J. 827, 855 (2003); 1 Developing Labor Law, supra, note 35, at 207.

33. 1 Developing Labor Law, supra, note 35, at 210; see, e.g., TNT Logistics N. Am., Inc., 347 NLRB. No. 55, 2006 NLRB LEXIS 287, at *7-*8 (July 24, 2006), http://www.nlrb.gov/nlrb/shared_files/decisions/347/347-55.pdf.

34. Sierra Publ’g Co. v. NLRB, 889 F.2d 210, 216 (9th Cir. 1989) (citing examples). 35. Id (“[D]espite the criticisms voiced in the [employees’] letter, the tone was both

constructive and hopeful.”). 36. See, e.g., id. at 218 (citing examples); Emarco, Inc., 284 NLRB. 832, 834 (1987). 37. Endicott Interconnect Techs. v. NLRB, 453 F.3d 532 (D.C. Cir. 2006) (quoting

Jefferson Standard), 346 U.S. 464, 471 (1953)) (holding employee’s remarks unprotected when he cast doubt on struggling manufacturer’s continuing business viability, writing that the business was being “tanked” and its managers were going to “put it into the dirt”).

38. See NLRB v. Brookshire Grocery Co., 919 F.2d 359 (5th Cir. 1990) (wage data stolen from supervisor’s office); Lafayette Park Hotel, 326 NLRB. 824, 826

2-573

20

false statements remain protected as long as the employee making the statements does so neither knowingly nor recklessly.39 An employee who has no reason to question the information that he or she merely passes along from someone else has no duty to investigate its truth-fulness because such a duty would unacceptably chill employee speech under Section 7.40 Nonetheless, employees have no right under the NLRA to propagate lies knowingly or recklessly.41

Irrespective of whether any given employee’s online activity is protected by Section 7, an employer’s social media policy can be unlawful under the NLRA on its face if it is overly broad such that it tends to restrict (whether explicitly or not) activities which would be protected by Section 7 such as policies that (1) employees would reasonably construe to prohibit Section 7 activity; (2) were promul-gated in response to union activity; or (3) were enforced in such a manner so as to restrict the exercise of Section 7 rights. Since late 2010, the NLRB has been hearing an increasing number of cases regarding Section 7 violations pertaining to allegedly overbroad social media policies, which have a tendency to “chill” employees’ exercise of their Section 7 rights. In addition, the NLRB has been addressing numerous unfair labor practices charges involving discipline or discharge of employees because of their social media activity.

B. Recent NLRB Advice Memos And Cases Related To Social Media

The NLRB’s Acting General Counsel (“GC”) has issued three separate reports in August 2011, January 2012 and May 2012, to provide guidance to the NLRB’s regions when litigating enforcement

(1998) (“hotel-private” information such as “guest information, trade secrets, [and] contracts with suppliers”).

39. See, e.g., Konop v. Hawaiian Airlines, 302 F.3d 868, 883 (9th Cir. 2002) (“Federal labor law protects even false and defamatory statements unless such statements are made with actual malice--i.e., knowledge of falsity or with reckless disregard for the truth.” (citing Old Dominion Branch No. 496 v. Austin, 418 U.S. 264, 281 (1974) and Linn v. United Plant Guard Workers, 383 U.S. 53, 61 (1966))).

40. KBO, Inc., 315 NLRB. 570, 571 & n.6 (1994) (holding that an employee who “relay[ed] to [other employees] in good faith what he had been told” by another employee was protected by section 7, even though it was false).

41. See, e.g., Sprint/United Mgmt. Co., 339 NLRB. 1012, 1012 n.2 (2003); KBO, supra, 315 NLRB. at 570.

2-574

21

actions involving social media.42 Each report summarizes different cases involving challenges to social media policies, discipline based upon a policy, or both. While intended principally for the NLRB’s own staff, these memos can provide useful guidance for employers. The third memorandum attaches a complete social media policy that the GC believes “is lawful under the Act.” However, while the mem-oranda reflects the Office of the GC’s current view of social media policies, the memoranda are not binding, do not constitute precedent of any sort, and largely have not been reconciled by the NLRB itself or by the federal courts. What an employer truly can and cannot do is evolving, and clarification is being provided with each new enforcement decision.

1. Overly Broad Policies Are Being Targeted As Violating The NLRA

The Board has repeatedly found that the following types of policies are overly broad and violate the NLRA to the extent they “chill” the exercise of Section 7 rights vis-à-vis online activity by employees.

a. Non-Disparagement Policies

The GC has consistently taken the position that broad non-disparagement policies violate the NLRA on a per se basis because they could inhibit employees from making negative comments about the terms and conditions of employ-ment. For example, the GC has opined that a policy prohibiting “[m]aking disparaging comments about the company through any media, including online blogs, other electronic media or through the media” and another policy banning “discrimina-tory, defamatory, or harassing web entries about specific employees, work environment, or work-related issues on social media sites” were both unlawful. In the third memoran-dum, the GC found that a policy admonishing employees to “treat everyone with respect” and noting that “[o]ffensive, demeaning, abusive or inappropriate remarks are as out of place online as they are offline” was unlawful.

42. http://www.nlrb.gov

2-575

22

While the GC appears to thwart employers’ efforts to prevent online postings detrimental to the employer and/ or workplace, an employer can implement a valid non-disparagement policy by including non-disparagement language within a list of other forms of unprotected conduct. To illustrate the point, the GC noted that a policy prohibiting “statements which are slanderous or detrimental to the com-pany” was lawful when it “appeared on a list of prohibited conduct including ‘sexual or racial harassment’ and ‘sabotage.’” Thus, the GC approved a policy which “prohibited the use of social media to post or display comments about coworkers or supervisors or the Employer that are vulgar, obscene, threat-ening, intimidating, harassing, or a violation of the Employer’s workplace policies against discrimination, harassment, or hostility on account of age, race, religion, sex, ethnicity, nationality, disability, or other protected class, status, or characteristic.”

b. Confidentiality Policies

With respect to confidential company information, the GC opines that a confidentiality policy is illegal if it would impinge on employees’ ability to discuss their wages and working conditions with others inside or outside the company. Accordingly, the GC repeatedly finds social media policies restricting posting “sensitive,” “confidential or proprietary” or “non-public information” to be overly broad and vague. For example, a policy prohibiting employees from online discussions regarding “confidential guest, team member or company information,” was found to be impermissibly vague and overbroad, particularly since the policy also applied “in the Breakroom . . . at home or in public areas.” The GC found these provisions unlawfully restricted Section 7 rights and forbid the employer from enforcing a policy requiring employees to report misuse of confidential information.

By contrast, the GC approved a policy provision that “prohibited employees from using or disclosing confidential and/or proprietary information, including personal health information about customers or patients” as well as “‘embargoed information,’ such as launch and release dates and pending reorganizations.” The GC approved of this language because “[c]onsidering that the Employer sells

2-576

23

pharmaceuticals and that the rule contains several references to customers, patients, and health information, employees would reasonably understand that this rule was intended to protect the privacy interests of the Employer’s customers and not to restrict Section 7 protected communications.” The GC further approved a policy that prohibits employees from sharing “Secret, Confidential or Attorney-Client Privileged Information.” The GC’s distinction suggests a potential litmus test for confidentiality language in a social media policy: if the policy reasonably would be read to prevent employees from disclosing the amount of their compensation to family members, the GC likely would find the policy to be overbroad.

c. Use Of The Company Logo

With respect to logos and trademarks, a policy which prohibits “use of the company’s name or service marks outside the course of business without prior approval of the law department” is, according to the GC, unlawful. The GC takes the position that employees have the right under the NLRA to use the company’s name and logo “while engaging in protected concerted activity, such as in electronic or paper leaflets, cartoons, or picket signs in connection with a protest involving the terms and conditions of employment.” The GC reasoned that such protected use of a company’s name and logo does not “remotely implicate[]” the company’s interests protected by trademark law, “such as the trademark holder’s interests in protecting the good reputation associated with the mark from the possibility of being tarnished by inferior merchandise sold by another entity using the trademark and in being able to enter a related commercial field and use its well-established trademark.” Many employers likely will disagree; they almost surely will perceive as damaging the use of the company’s logo in a cartoon lambasting the company’s hourly wage, for example.

In rare good news for employers, at least one Administrative Law Judge (ALJ) agrees. In G4S Secure Solutions (USA) Inc.,43 an administrative law judge (“ALJ”)

43. G4S Secure Solutions (USA) Inc., Case No. 28-CA-23380 (March 29, 2012).

2-577

24

analyzed the following two provisions of the employer’s social media policy for compliance with the NLRA: (1) “do not comment on work-related legal matters without express permission of the Legal Department”, and (2) “photographs, images and videos of G4S employees in uniform, (whether yourself or a colleague) or at a G4S place of work, must not be placed on any social networking site, unless express permission has been given by G4S Secure Solutions (USA) Inc.” The ALJ concluded that the “no photographs” provision was lawful, reasoning that patient privacy and other legitimate client concerns could support such a policy. However, the ALJ reached the opposite result regarding the policy provision restricting communications about “work-related legal matters” because the term “legal matters” was not defined. The ALJ feared that a lay employee would not “have the knowledge to discern what is a federal law, and thus permitted under the disclaimer, as opposed to what is a prohibited ‘legal matter.’”

d. Requiring Disclaimers By Employees

Social media policies commonly mandate that employees include a disclaimer in any social media content that relates to the employer for example, that employees “expressly state that their comments are their personal opinions and do not necessarily reflect the Employer’s opinions.” The GC opined that such a requirement violates the NLRA and would “significantly burden the exercise of employees’ Section 7 rights to discuss working conditions and criticize the Employer’s labor policies.” Fortunately, employers can achieve a similar result with a policy that prohibits employees from represent-ing in any way that they are speaking on the Company’s behalf without prior written authorization to do so. The GC has approved such an employee disclaimer requirement in the section of a social media policy addressing product promo-tions because, in context, it could not be read to interfere with Section 7 rights where the policy focused on product promotions and endorsements and was intended to avoid potential liability for unfair and deceptive trade practices under guidance issued by the Federal Trade Commission.

2-578

25

e. Privacy and Online Decorum

To protect privacy, some employers have instructed employees not to state their affiliation with the Company when engaging in social media unless there is a legitimate business reason to do so; however, the GC believes that this type of policy violates the NLRA “because personal profile pages serve an important function in enabling employees to use online social networks to find and communicate with their fellow employees ...”

Moreover, the GC took issue with policies designed to maintain harmony online and in the workplace because they use terms that the GC considered undefined, vague, or subjective, including prohibitions on “insubordination or other disrespectful conduct,” “inappropriate conversation,” “unprofessional communication that could negatively impact the Employer’s reputation or interfere with the Employer’s mission,” or requiring that social media activity occur in an “honest, professional, and appropriate manner.” One employer’s policy exhorting employees to “Respect Privacy” and to “disclose personal information only to those authorized to receive it” was deemed unlawfully overbroad because “employees would reasonably construe it to include infor-mation about employee wages and their working conditions.” Another policy deemed unlawful instructed employees that they should “[t]hink carefully about ‘friending’ co-workers,” and warning that “[o]ffensive, demeaning, abusive or inappro-priate remarks are as out of place online as they are offline.”

Finally, an employer’s policy that warned employees not to “pick fights” and to avoid “controversial topics” online also failed the GC’s test. According to the GC, the purpose of the policy was to caution employees against online discussion regarding topics that could become heated or controversial. Since topics regarding working conditions or unions could potentially become heated and controversial, the policy could reasonably be construed as inhibiting Section 7 rights. Like-wise, a provision requiring employees to “[g]et permission before reusing” intellectual property that belonged to others was unlawful because it could inhibit workers from “taking or posting photos” of picket lines or unsafe conditions.

On the bright side, a policy noting that “no employee could ever be pressured to ‘friend’ or otherwise connect with

2-579

26

a coworker via social media” was deemed valid as was a requirement that employees “be honest and accurate.” However, a policy that required employees to ensure their posts were “completely accurate and not misleading” was not, because employees “would construe these provisions as prohibiting them from discussing information regarding their terms and conditions of employment,” absent some limits or examples “that would exclude Section 7 activity.” The GC also found illegal a policy that, on threat of discipline, “required employees to first discuss with their supervisor or manager any work-related concerns, and it provided that failure to comply could result in corrective action, up to and including termination.” According to the GC, even an instruc-tion to report “any unusual or inappropriate internal social media activity” could be construed as encouraging employees to report to management the union activities of other employees. Employers can avoid this potential pitfall by urging, but not mandating, that employees use internal channels to address concerns or report misconduct.

f. Comments To The Media Regarding Social Media Posts

Social media policies often forbid employees from communicating with the media via online activities regarding Company issues. The GC finds such a prohibition illegal unless it is “a media policy that simply seeks to ensure a consistent, controlled company message and limits employee contact with the media only to the extent necessary to effect that result” and, therefore, “cannot be reasonably interpreted to restrict Section 7 communications.”44 For example, the third memorandum finds unlawful a provision that, in part, required employees to “receive prior authorization ... to correspond with members of the media or press” as well as an employer’s warning not to “comment on legal matters, including pending litigation or disputes.” The GC explained that an employee would construe the language as prohibiting the discussion of

44. http://www.nlrb.gov/news/acting-general-counsel-releases-report-social-media-

cases

2-580

27

potential claims against the employer. Additionally, the GC found unlawful provisions that required employees to obtain written authorization from the company president before posting online “in the name of” the employer or that notified employees that the company had only authorized the commu-nications department to discuss company information with the media. According to the GC, “[e]mployees have a protected right to seek help from third parties regarding their working conditions,” including “going to the press” or contacting government agencies on behalf of the employer.

However, the GC has sanctioned a media policy requiring that employees “maintain confidentiality about sensitive information” and direct all media inquiries to the company’s public affairs office after stating that the employee was not authorized to comment. This does not violate the NLRA because it is intended only “to ensure a consistent, controlled company message,” was not a blanket prohibition on all contact between employees and the media, and “did not convey the impression that employees could not speak out on the terms and conditions of their employment” where the “policy repeatedly stated that the purpose of the policy was to ensure that only one person spoke for the company” and even though “employees were instructed to answer all media/ reporter questions in a particular way.” Another “lawful” policy included a simple, broad provision that “[a]ssociates should not speak to the media on [Employer’s] behalf without contacting the Corporate Affairs Department.”

g. Securities Blackouts

Publicly traded companies are rightfully concerned that employees may let slip on social media highly sensitive information about a corporate transaction, new product launch, or non-public financial information. Among the few policy provisions with which the GC did not take issue was one which stated that the employer might “request employees to confine their social networking to matters unrelated to the company if necessary to ensure compliance with securities regulations and other laws.” The GC reasoned that “employees reasonably would interpret the rule to address only those communications that could implicate security regulations,” as opposed to the terms and conditions of their employment.

2-581

28

2. Disclaimers Carving Out NLRA-Protected Activity Likely Will Not Be Effective

In the last few years, many employment and labor law practitioners have recommended the inclusion of a disclaimer in social media policies, explaining that the policy is not intended to interfere with employees’ rights under the NLRA. However, the GC found that the following disclaimer was ineffective:

[T]he policy [will] not be interpreted or applied so as to interfere with employee rights to self-organize, form, join, or assist labor organiza-tions, to bargain collectively through representatives of their choosing, or to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, or to refrain from engaging in such activities.

According to the GC, this disclaimer could not “save” a policy provision prohibiting employees from posting “inappropriate” content because “an employee could not reasonably be expected to know that this language encompasses discussions the Employer deems ‘inappropriate.’” Given the detailed nature of the disclaimer in question, this conclusion suggests the GC, and possibly the Board itself, will view skeptically any effort by an employer to rely upon a disclaimer to save an otherwise overly broad policy.

3. Recent Cases Striking Down Employer Social Media Policies

a. UPMC, NLRB Case No. 06-CA-081896 (Apr. 19, 2013)

In UPMC, the ALJ struck down employer policies that prohibited employees from using company e-mail accounts to send certain non-work-related messages and prohibited employees from talking about the employer’s hospital system on social media websites that were accessed through company computers. The ALJ held that these provisions were overly broad, ambiguous and violated Section 7 of the NLRA, as they could chill employees from exercising their right to engage in union activity. The employer was ultimately ordered to “cease and desist” and “take certain affirmative action designed to effectuate the policies of the Act.” On the other hand, the ALJ upheld a third policy that broadly forbid solicitation through company e-mail accounts, noting that the

2-582

29

solicitation policy “bars all non-work solicitation,” and was not isolated just to union activity.

b. DISH Network Corp., 359 N.L.R.B. No. 108 (April 30, 2013)

The NLRB found that DISH’s social media policy was unlawful on two grounds: (i) it banned employees from making “disparaging or defamatory comments about DISH Network”; and (ii) the policy banned employees from engaging in negative electronic discussions during “Company time”. The Board found that the latter policy violated the NLRA because employees reasonably would understand it to bar employees from discussing the terms or conditions of employment during breaks and meal periods.

c. Target Corp., 359 N.L.R.B. 103 (April 26, 2013)

Target had a “Use Technology Appropriately” policy, which said, “If you enjoy blogging or using social networking sites such as Facebook and YouTube, ...please note there are guidelines to follow if you plan to mention Target or your employment with Target in these online vehicles[.]” The policy went on to say that employees who blogged or used social media should not release “confidential guest, team member or company information,” must “[c]learly distinguish [themselves] from Target” so as to avoid appearing to be a spokesperson, and cannot harass or threaten guests or team members. The ALJ held, and the NLRB adopted, that the confidentiality policy was unlawful because Target’s definition of “confidential information” as “any information that is not public” was overbroad. The NLRB reasoned that the employees reasonably would understand the definition to include their wages and hours because Target did not make that information publicly available. In addition, the policy’s examples of “confidential information” included “employee personnel records,” which employees would reasonably under-stand to include information about their wages and hours.

In sum, employer policies should not be so broad such that they prohibit, discourage or chill activity that is protected by Section 7 (e.g., discussion of wages or working condi-tions). Specifically, the General Counsel’s Memoranda and

2-583

30

the foregoing cases make clear that: (1) specific examples of the type of conduct prohibited should be included in any policy affecting social media; (2) the policy should carefully carve out and protect employee’s specific rights under NLRA; a general saving clause likely will be deemed insufficient; and (3) the policy should not use vague terms like “appropriate” or “professional” without providing clear definitions for those terms.

C. Determining Whether And Under What Circumstances To Take Action Against Employees For Social Media Activities

Whether and under what circumstances an employer is permitted to discipline an employee for social media activity is hardly clear. The following cases illustrate several examples where employers have been deemed to have lawfully (and unlawfully) taken action against employees based on their social media activity.

1. Cases Involving Employee Discipline And Social Media Activity

a. Karl Knauz Motors, Inc., NLRB Case No. 13-CA-46452 (Sept. 28, 2011)

In Karl Knauz Motors, Inc., an ALJ ruled that three of the four handbook policies at issue (including one that prohibited employees “from being disrespectful or from using language that damages the reputation of the Company” and another requiring “outside inquiries concerning employees” to be directed to the human resources department) were unlawful, yet held that a car dealership had acted lawfully when termi-nating sales employee Robert Becker based on one of two disparaging Facebook posts.

In his first post, Becker commented upon, and posted photos of, a customer event launching a new BMW model. Becker disapproved of his employer’s inexpensive food choices for the event (i.e., hot dogs, cookies and chips). He posted photos of the food display and of salesmen posing with the food, sarcastically commenting how the company “went all out.” Before the event, Becker and several other salesmen had raised concerns during a meeting with management that a

2-584

31

seemingly cheap event could hurt sales and, therefore, decrease their commissions. In his second post, Becker posted photos of a Land Rover that a customer’s son had accidentally driven into the pond at the dealership across street, which his employer also owned. Becker posted photos of the customer’s son appearing upset as well as the wrecked vehicle and then made sarcastic comments about the incident. Becker was terminated for his commentary.

As to the first post, the ALJ found it was protected, concerted activity because it was a “logical outgrowth” of prior concerns raised by other salesmen at the pre-event sales meeting and that the “mocking and sarcastic tone” of the post did not rise to the level of disparagement which would deprive the activity of its protection. However, the ALJ credited the employer’s evidence that Becker was terminated solely for the second post and found that post did not constitute protected, concerted activity because the incident had no connection to the terms and conditions of Becker’s employ-ment and Becker never spoke to any other employees about the incident or posting. A fortiori, the second post was not concerted or for the purpose of “mutual aid and protection” and, therefore, was not protected.

b. Hispanics United of Buffalo, Inc., NLRB Case No. 3-CA-27872 (Sept. 2, 2011)

In Hispanics United of Buffalo, Inc., an employee asked a number of colleagues from work, who also were Facebook friends, what they thought about a comment by another colleague who had complained about their lack of productiv-ity. An obscenity-laced discussion in Facebook followed. After the employee who was the object of the criticism shared the Facebook posts with organization’s Executive Director, the Executive Director fired five of the employees who were involved in the Facebook exchange for “harassment” of the employee who had complained about their productivity. The ALJ ruled that the five employees had been fired unlawfully, noting that “[e]mployees have a protected right to discuss matters affecting their employment amongst themselves,” and it was “irrelevant … that the [employees] were not trying to change their working conditions and that they did not communicate their concerns to” Hispanics United. The ALJ

2-585

32

reasoned that even “[e]xplicit or implicit criticism by a coworker of the manner in which they are performing their jobs is a subject about which employee discussion is pro-tected by” the NLRA because, for example, in one instance, an employee stated that she intended to raise concerns with the Executive Director. The fired workers “were taking a first step towards taking group action to defend themselves against the accusations they could reasonably believe [their colleague] was going to make to management. By discharging the [five workers] on October 12, Respondent prevented them by [sic] taking any further group action vis-a-vis [their colleague’s] criticisms.” Id.

The ALJ found inapplicable the exceptions that might cause the employees’ speech to lose its Section 7 protection. The Facebook posts were not made at work and not made during working hours. Moreover, despite at least some of the employees’ use of obscenity, the ALJ found, there were no “outbursts” “so opprobrious as to lose protection under the Act.” Finally, after reviewing the employer’s anti-harassment policies, the ALJ concluded there was simply no harassment occurring since none of the posts had any nexus to any characteristic identified as protected under those policies like sex or race. As a result, the employer was ordered to reinstate the five workers with back pay.

c. Design Tech. Group, LLC, 359 N.L.R.B. 96 (Apr. 19, 2013)

In Design Tech. Group, LLC, the NLRB upheld the ALJ’s decision that an employer violated the NLRA, when it discharged three employees who posted comments on Facebook that were deemed to be concerted efforts to change the store’s closing time. Specifically, the employees worked at a retail clothing store that closed later than other stores in the area. The employees allegedly felt unsafe closing the store when the area was already deserted. The employees posted comments on Facebook, including “tomorrow I’m bringing a California Worker’s Rights book to work. . . BOY will you be surprised by all the crap that’s going on that’s in violation 8) see you tomorrow.” Another employee who saw the posts on Facebook forwarded screenshots of the posts to the store’s

2-586

33

manager. The store’s manager responded by terminating the three employees, stating that “things were not working out.”

The employer argued that the Facebook postings were not protected because the employees had “‘no ‘honest and reasonable belief’ that the purpose of their conduct was for the mutual aid and protection of employees,’ and that instead, the employees ‘schemed to entrap their employer into firing them.’” The ALJ rejected this theory, and the NLRB upheld the ALJ’s determination, ultimately holding that the employees’ Facebook posts were concerted efforts, protected by Section 7 of the NLRA. The “postings were complaints among employees about the conduct of their supervisor as it related to their terms and conditions of employment and about management’s refusal to address the employees’ concerns.” The employer was ordered to reinstate the employees, pay them back pay, and rescind a policy in the employee handbook that prohibited employees from disclosing their wages or compensation to third parties, including other employees.

d. New York Party Shuttle, LLC, 359 N.L.R.B. No. 112 (May 2, 2013)

The NLRB affirmed the ruling of the ALJ that the employer, a tour guide company, violated the NLRA when it failed to give an employee, a tour guide, any tour guide assignments, and eventually fired him, after he publicized his desire to organize a union and criticized the Company’s employment practices in an e-mail and Facebook posting to third parties. The e-mail that led to the employee’s termination was sent to the employees of the tour guide’s former employer; none of the e-mails were sent to his then-current co-workers. His Facebook post was made to a private Facebook group page, accessible only to New York City tour guides who had been invited to join the group. Both the email and the Facebook post referred to the tour guide’s former employer as a “worker’s paradise compared to his new employer,” and made other negative comments about his current employer, such that it bounced paychecks.

Before the ALJ, the Company argued that the statements were not protected because they were libelous. The ALJ disagreed, finding that, although harsh, the statements were largely true and, therefore, could not constitute libel. The

2-587

34

NLRB agreed, and rejected the Company’s arguments for the same reasons. Notably, the employees comments were protected, even though there was no evidence of concerted activity, because they related directly to union organizing.

e. Tasker Healthcare Grp. d/b/a Skinsmart Dermatology, NLRB Div. of Advice, No. 4-CA-94222 (May 8, 2013)

A medical office employee (the “Employee”) who performed general office work participated in a Facebook “group message” along with ten other participants, including seven current and three former employees of the dermatology office. The group was allegedly formed by one of the former employees, who wanted to use the group message to organize a group social event.

During the group conversation, the Employee mentioned that a former employee was returning to the company and might become a supervisor. The Employee also mentioned a current supervisor who had tried to advise the Employee on a work-related matter. The Employee told the Facebook group that she had replied “aren’t you the supervisor for mind and body. . . In other words back the freak off.” The Employee went on to say that the employer was “full of shit,” but “seem[ed] to be staying away from me, you know I don’t bite my [tongue] anymore, F[*]CK... FIRE ME… Make my day…” No other employees participated in this part of the conversation. Later, one of the Employee’s co-workers said that she had made the Employee laugh, and then commented that “it’s getting bad there, it’s just annoying as hell. It’s always some dumb shit going on.” No more work-related statements were made by any of the participants in the group message. One of the current employees who participated in the group message ultimately showed the conversation to the employer. The employer informed the Employee that she obviously was no longer interested in working for the employer, and fired her.

The Employee filed an unfair labor practice charge with the NLRB. The NLRB’s Division of Advice issued an advice memorandum, stating that the Employees comments “merely expressed an individual grip rather than any shared concerns about working conditions,” and that such comments “merely

2-588

35

reflected her personal contempt for her returning coworker and for her supervisor, rather than any shared employee concerns over terms and conditions of employment.” Conse-quently, the NLRA did not protect the Employees comments, and the Employer’s termination of her employment was lawful.

2. Practical Advice For Employee Discipline Based On Social Media Activity

The key takeaways from the memorandums and the case law with respect to employee discipline for online activity can be summarized as follows. First, the Board will strictly scrutinize discipline based on social networking, the subject matter of which relates to the terms and conditions of employment, the exercise of rights conferred by the NLRA, or other matters traditionally considered “protected activity” under the Boards’ precedent. Second, if it appears the employees were collaborating, otherwise known as engaging in “concerted activity,” the online activity will likely be protected. In other words, individual gripes will not suffice. Finally, activity will be protected where the offending online post was either the culmination of an on-going dispute with the employer or the continuation of a pre-existing conversation among employees.

Even if the employee’s offending online conduct includes “swearing and/or sarcasm,” use of a “short-hand expletive,” and references to management personnel as an “asshole” and a “scumbag,” discipline against the posting employee may be deemed to violate the NLRA. For example, in finding that an employee did not lose the NLRA’s protections after calling her supervisor a “scumbag,” the GC relied on the following facts: (a) “the Facebook posts did not interrupt the work of any employee because they occurred outside the workplace and during nonworking time;” (b) “the comments were made during an online employee discussion on supervisory action;” (c) “the name-calling was not accompanied by verbal or physical threats;” (d) “the Board has found more egregious name-calling protected;” and (e) “the employee’s Facebook postings were provoked by the supervisor’s unlawful” conduct. Thus, the Board effectively is telling employers that they must have thicker skin when it comes to employees’ raunchy social media posts.

Accordingly, before disciplining or discharging employees for violating a social media policy, employers should ensure that the

2-589

36

policy itself is lawful and assess whether the employee’s activities are concerted and protected under the NLRA. In addition, employers should consider the following.

a. Understand What “Protected Concerted Activity” Can Include And Be Sure That The Conduct At Issue Does Not Implicate Protected Activity

When a manager learns that employees are criticizing him or her on Facebook, it’s natural to want to respond. Social media policies need to address exactly these types of situations. Employees and supervisors need clear guidance on what is acceptable and legal. In the eyes of the NLRB, one employee griping about his or her manager is not the same as a group of employees complaining about their paychecks. Supervisors and managers must be trained to identify the difference and determine when conduct can justify discipline.

Moreover, supervisors and managers should also be trained to identify when and under what circumstances certain Section 7-related activity loses its protected character. As noted previously, mere profanity, vulgar language and even name-calling will not suffice to cause Section 7-related activity to lose its protected status. Rather, such language will be deemed to have lost its Section 7 protection only where it includes (1) remarks that disparage the employer or its products in a manner unrelated to “any grievance which the workers may have;”45 (2) confidentiality breaches,46 and (3) recklessly or maliciously false accusations.47

45. 1 The Developing Labor Law 211 (Patrick Hardin & John E. Higgins, Jr. eds., 4th

ed. 2001) (hereinafter 1 Developing Labor Law); see also Sierra Publ’g Co. v. NLRB, 889 F.2d 210, 216 (9th Cir. 1989) (citing examples); (citing examples); accord Am. Golf Corp., 330 NLRB. at 1241 (finding unprotected an employee’s handbill suggesting that the town hire a different contractor because it did not mention the employee’s labor dispute with the contractor).

46. Nancy J. King, Labor Law for Managers of Non-Union Employees in Traditional and Cyber Workplaces, 40 Am. Bus. L.J. 827, 855 (2003); 1 Developing Labor Law, supra, note 35, at 207.

47. 1 Developing Labor Law, supra, note 35, at 210; see, e.g., TNT Logistics N. Am., Inc., 347 NLRB. No. 55, 2006 NLRB LEXIS 287, at *7-*8 (July 24, 2006), http://www.nlrb.gov/nlrb/shared_files/decisions/347/347-55.pdf.

2-590

37

b. When In Doubt, Escalate

In sum, the three advice memos on social media should be taken as that–advice. They are indicative of the facts on which cases will be brought – not the actual law of social media under the NLRA, which is a rapidly evolving work in progress. If managers and supervisors have any questions about whether an employee’s actions violate the company’s social media policy, they should consult Human Resources and the legal department before imposing any type of discipline.

2-591

NOTES

2-592