In addition to addressing the myriad of typical employment issues, employers are challenged by a new onslaught of issues posed by a technology-savvy work force. Armed with only a superficial understanding of various evolving technologies and an even less certain understanding of applicable laws, most employers are struggling to address employee misuse of these technologies while attempting to use the technologies to improve their business operations and work force management.
Nevertheless, employers who take action and invest in using evolving technologies and provide training for their human resources and management personnel to better address employee misuse of technologies fare far better than those who delay in addressing these inevitable issues.
Understanding the sites
Most employees are connected to the Internet inside and outside of their workplaces. A majority of these employees regularly access the Internet while at work for personal rather than professional reasons. The types of technologies employees use and misuse are endless; however, employers have learned social networking sites, instant messaging and blogging are the most likely to disrupt a workplace and cause significant legal and business problems.
Social networking sites are by no means new, but they have become especially popular—and problematic—in recent years. Some noteworthy social networking sites are Facebook, Twitter and LinkedIn,® all of which have grown tremendously in terms of members and users.
According to iStrategy Labs, a digital marketing agency, the number of Facebook users has doubled every six months; Nielsen Online says Twitter use increased an astonishing 1,382 percent between 2008-09; and LinkedIn claims it has become the primary site for professional networking and job candidate research.
iStrategy Labs also says the 35- to 54-year-old population has been the fastest-growing segment of new Facebook users, resulting in a 276.4 percent growth rate during late 2008 and early 2009.
These astonishing statistics leave employers no choice but to recognize employees are using social networking sites, and, accordingly, employers must devise strategies for effectively addressing social networking issues.
However, some employers resist taking action because they are unsure to what extent they are allowed to regulate employees' online social networking activities. Not surprisingly, though employers generally believe they have wide latitude to monitor employees' social networking activities, employees believe their use of social networking sites is none of their employers' business.
This fundamental difference of opinion between employers and employees makes it more challenging for employers to craft effective policies that address their legitimate business concerns without alienating employees.
Understanding the social networking sites is the first step to taking action and drafting policies that address the various issues raised by employees' use of such sites.
Facebook probably is the most widely used social networking site. Millions of people use Facebook every day to, among other things, maintain contact with friends, acquaintances and people from their past; upload and share personal photos that identify other individuals pictured in the photos with or without the individuals' knowledge or consent; comment on various topics, including their daily work experiences; and share videos and links to various Web sites.
Facebook connects people using various networks or commonalities, including locations, interests, viewpoints, educational backgrounds and workplaces. Facebook users may create profiles that include as much or as little information as they want subject to whatever security settings they select. Users' security settings vary greatly with some users limiting the content of their Facebook pages to their Facebook "friends" and others providing all Facebook users with unlimited access to the content available on their Facebook pages.
Unlike Facebook, LinkedIn's networking purposes are of a professional nature. Individuals and companies create profiles to share their credentials and increase their visibility through connections with other users. LinkedIn users establish connections based on personal relationships, work experiences, group memberships and educational backgrounds.
LinkedIn users can request and provide professional recommendations to and for one another by posting a narrative recommendation on the individual's LinkedIn page. LinkedIn users also can participate in online discussions and forums. Employers and recruiters increasingly are relying on LinkedIn to search for and screen potential candidates.
Twitter is much newer and less complex than Facebook and LinkedIn; however, it has the unique potential of quickly connecting large numbers of people. Twitter allows its users to provide status updates in the form of posts known as "tweets" limited to 140 characters in length. Tweets generally describe where the user is; who the user is with; or what the user is doing, thinking or feeling.
Twitter users can "follow" each other, thereby remaining apprised of each other's daily thoughts and experiences. Users also can comment on each other's posts, creating exchange threads. If your employees are avid "tweeters," they likely are tweeting while at work and about work.
Instant messaging, also known as "IM" or "IMing," predates the popularity of social networking sites. Instant messaging involves the exchange of messages in real time between two or more people logged onto a common instant messaging service. Popular services are offered through America Online, Microsoft and Yahoo!, among others. Although instant messaging may appear to be a harmless form of communication for employees, it poses significant risks for employers.
For example, most consumer-grade instant messaging software—the kind that can be downloaded for free—do not have the capacity to detect or filter potentially harmful communications or detect a change of login names to prevent employees from posing as one another and gaining access to an employer's information system.
Similarly, instant messaging applications are susceptible to computer worms and viruses that can go undetected by firewalls because most firewalls are unable to scan or screen instant messages for unwanted content. Additionally, most instant messaging programs lack the capacity to encrypt messages and have features that by-pass corporate firewalls, making it difficult for employers' administrators to control and monitor instant messaging.
Further, most instant messages are not saved or otherwise backed up, resulting in unreliable records. Employees can selectively save or print their instant messages and use them out of context for their own self-serving reasons, such as to build a harassment case.
On the other hand, systems that have the capacity to automatically store or save all instant messages create a permanent record of numerous, uninhibited commentary between employees, often at the employer's expense.
Increasingly popular, blogs are essentially personal journals or diaries posted on the Internet. Blogs are created to update a group of people—or the public at large—about the blogger's opinions, thoughts and/or experiences. Accordingly, some blogs are password-protected.
Blogs can be as topic-specific or general as the blogger desires, and many bloggers use blogs to vent frustrations about current, former or potential employers. Many bloggers also allow readers to post comments in response to the individual blog entries.
Currently, there are 112 million blogs with about 120,000 new ones appearing every day. Many businesses embrace blogging and encourage it as a means of promoting employee creativity and dialogue. However, blogs pose the same types of concerns for employers as do instant messaging and other forms of online social networking.
For example, blogging allows employees to intentionally (or unintentionally) create a selective record of experiences at work—usually without providing any context—that later can be used to build an employee's case of harassment or discrimination. As with all forms of online social networking, blogging can create significant liabilities for you, and you should take appropriate steps to prevent and adequately address these risks.
The legal landscape
It is undeniable your employees use social networking sites, instant messaging and/or blogging to communicate with their families, friends, acquaintances, other individuals and the public. Although these social communication tools are not necessarily negative, they can result in a number of employment headaches.
If your employees use online social communication tools while at work, you can experience a significant loss of productivity. If employees use these tools to vent their frustrations about their workplace, they can affect your public image and even profitability. If employees use these tools to disclose confidential or sensitive information about other employees, customers or trade secrets, you can suffer significant financial and other hardships. If employees use these tools to enable or complain about harassment or discrimination in the workplace, you can be subject to various discrimination, harassment and retaliation complaints.
The following concepts and statutes summarize the legal framework at the courts' disposal in analyzing cases that arise from the use (or misuse) of technology in the workplace.
Almost every state follows the concept of at-will employment, which means employers and employees retain the right to terminate an employment relationship at any time, for any reason or no reason at all without cause and without notice. However, all terminations are subject to federal, state and local statutes. Even when relying on the at-will employment rule, be careful not to violate the various applicable laws.
Various federal and state anti-discrimination laws prohibit discrimination and harassment based on a variety of protected characteristics (race, color, national origin, ancestry, religion, gender, pregnancy status, sexual orientation, age, disability, etc.), as well as retaliation for complaining of these violations.
You may face liability for harassment, discrimination and retaliation perpetuated by employees via various online social communication tools. You also may face liability for how you use information gained through the monitoring of employees' (or potential employees') online social communication activities. Accordingly, consider the risks posed by anti-discrimination laws in creating and implementing strategies for addressing the use of social networking and other forms of electronic communication.
Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986, or ECPA, generally governs privacy and monitoring rights with respect to a broad range of communication forms.
Title I of ECPA prohibits the intentional interception of real-time electronic communications, subject to two exceptions: the consent exception and business extension exception.
The consent exception permits employers and other entities to intercept electronic communications upon receipt of the express or implicit consent of either the communication's sender or intended recipient.
The business extension exception permits an "electronic communication services provider," which includes certain employers who provide electronic communication services and related equipment to their employees, to intercept communications as long as the interception occurs in the normal course of business and for a legitimate business reason.
Title II of ECPA, known as the Stored Communications Act (SCA), prohibits unauthorized access to and disclosure of electronically stored communications and transaction records. SCA also provides a consent exception (similar to that of Title I) and an employer-owned systems exception. The latter provides that an employer may access or disclose electronic communications that are automatically stored in its system for backup protection and similar purposes.
Most employers are fairly confident these exceptions allow them to monitor employees' electronic communications on company-provided systems. But you should not use improper means to access employees' electronic communications even if company-provided systems are used.
In the federal New Jersey case Pietrylo v. Hillstone Restaurant Group, a group of employees alleged their employer violated SCA by accessing an employee-created, password-protected MySpace page. (MySpace is a social networking site similar to Facebook.) The plaintiffs were terminated for complaining about management and posting sexual remarks about managers and customers on MySpace. A manager obtained the MySpace password from a third employee. The jury concluded the employer had impermissibly pressured the employee to supply the password, thereby violating SCA.
Similarly, in Konop v. Hawaiian Airlines Inc., a vice president of Hawaiian Airlines asked an employee for login information to access the employee's password-protected Web site, which the employee provided. The vice president used the password to access the Web site numerous times. After finding comments critical of the airline, the employer suspended the employee. The U.S. Court of Appeals for the Ninth Circuit held the employer had violated SCA by viewing the contents of the employee's password-protected Web site without the employee's consent and later suspending the employee for comments made on the Web site.
Also, in Pure Power Boot Camp v. Warrior Fitness Boot Camp, the federal District Court for the Southern District of New York held the employer violated SCA when it accessed an employee's personal, password-protected e-mail account after discovering the employee's username and password were saved on the company computer. The court held the broad electronic communications policy, which provided employees had "no expectation of privacy," did not authorize the employer's review of non-work-related e-mails maintained in the employee's personal, password-protected e-mail account.
Further, in Van Alstyne v. Electronic Scriptorium Ltd., the U.S. Court of Appeals for the Fourth Circuit allowed significant punitive damages under SCA despite the absence of actual damages because the employer repeatedly had accessed an employee's personal, password-protected e-mail account without the employee's consent.
As these recent decisions demonstrate, you should tread carefully when monitoring and responding to employees' online social communication activities. Even if an employee uses your computer system to access or perform an online social communication activity and the electronic information is found on your system, a court still may find a violation of SCA if it determines the requisite consent was not properly obtained or you exceeded your limited monitoring rights.
Accordingly, you face many risks under SCA and other ECPA sections. As we will discuss, other laws also expose you to significant liability for monitoring and responding to employees' online social communications.
Online social communication tools and social networking sites in particular give rise to important questions and considerations throughout the various stages of the employment relationship. You should keep in mind the unique situations that arise at each stage of the employment relationship and monitor and/or respond to employees' online activities accordingly.
Employers increasingly are supplementing their standard recruitment and hiring processes with searches on Facebook, LinkedIn, Twitter, various online social communication tools and other online resources, such as Google.™ Some employers have developed a formulaic, well-established procedure for using these additional "research" tools, but other employers find themselves using these tools unofficially and, oftentimes, inadvertently.
For example, a prospective Cisco employee recently tweeted: "Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work." A Cisco associate responded he would be happy to pass the individual's sentiments along to the hiring manager. Needless to say, this incident did not help the woman in her job search efforts.
Employers are performing this "research" to recruit and screen potential job candidates. Clearly, the Internet provides a free, easy and readily available way of quickly gathering information about potential job candidates. The information gathered can help make good hiring decisions and prevent possible employer liability for negligent hiring and retention claims. However, this type of research poses significant liabilities for employers too eager to let the research influence employment decisions.
Before accessing information about a potential job candidate online, decide what type of information you are seeking and, if possible, determine the information you will ignore.
You can, for example, decide to verify information already learned from the job candidate, such as information contained on the candidate's employment application and resume, qualifications, employment history and similar information. This type of information may be readily found on a candidate's LinkedIn account.
Similarly, you can review an applicant's Facebook page and read his or her posts, blogs or tweets and, in doing so, discover information about the candidate's job skills, communication skills, social skills, integrity, level of professionalism, maturity, obedience for the law and overall good judgment. Undoubtedly, most (if not all) of this information would legitimately influence a hiring decision.
Through your innocent (or not so innocent) gathering of general information about job candidates, you may come across information that is subject to legal protections and may not be used as the basis of an employment decision.
Many social networking sites contain photos of job applicants that reveal information about an applicant's race, color, national origin or disability. An applicant's Web site, posting or blog also can contain information about a wide range of protected characteristics such as the applicant's age, religion, sexual orientation, union membership, political views or family responsibilities. This is precisely the kind of personal information you cannot use to make an employment decision and the kind of personal information you generally are prohibited from inquiring about during an interview or on a job application.
Once you learn of an applicant's protected characteristic, it may be impossible to prove you did not rely on or use this information in arriving at an employment decision.
Furthermore, several states have enacted statutes prohibiting employers from making employment decisions based on information gathered about applicants from social networking sites and other online social communication tools.
For example, Colorado, New York and North Dakota limit an employer's ability to use lawful "off-duty" behavior as the basis for an employment decision. Additionally, Illinois and Wisconsin prohibit employment discrimination because of an employee's consumption of legal products, such as alcohol and tobacco, when off work. Similarly, Missouri specifically prohibits employment discrimination because of an employee's use of tobacco and/or alcohol when not at work.
Although you may be afforded greater discretion when an employee's off-duty behavior is inconsistent with your business needs, be careful when acting on information or conduct discovered through online "research."
Ultimately, the risk of liability is real and often unavoidable. In many cases, risks significantly outweigh the possible benefits associated with online candidate research. If you perform such research despite the various risks identified, you should, at a minimum, determine the safest approach for performing and using the research.
For example, you could require all applicants to sign and date an authorization specifically enabling you to perform online research and releasing you from liability resulting from such research. Applicants also should be required to acknowledge the research results could be considered in making pertinent employment decisions.
Similarly, you should identify, preferably in a written policy, the information you search for and create search criteria designed to gather only the type of information you can lawfully use in making an employment decision. If possible, use individuals who are not involved with the decision-making process and are trained to recognize and remove impermissible information regarding the applicant from the material to be reviewed by the decision-makers.
Also, carefully document the research performed on social networking sites or other online research tools, identify the information ultimately considered and provide the legitimate business reasons used in reaching the final employment decision.
Misuse and abuse
Employers know they can—with certain limitations—monitor employees' online activities and electronic communications. But specific guidelines for lawfully monitoring employees' online activities and electronic communications remain a mystery for most employers.
Although the law in this area is in its early stages of development, you can minimize exposure to liability by creating or updating existing electronic communication policies to include employee access and use of social networking sites.
Social networking policy provisions should address the permissible use of social networking sites; prohibit inappropriate conduct such as harassment, discrimination, retaliation or defamation; and warn against disclosure of confidential information and trade secrets. Employees also should be required to be respectful of their employer and be explicitly discouraged from publicly disparaging the employer and its products, services, clients and competitors. Furthermore, employees should be required to take full responsibility for and sole ownership of their electronic communications and make clear their views do not reflect their employers' views.
You may face legal liability for employees' misuse of social networking sites and other evolving technologies to harass, defame or invade the privacy of co-workers or third parties outside the workplace. Certain federal and state laws require employers to actively protect employees from harassment, discrimination and other abuses, and various common law theories make employers liable for their employees' foreseeable misconduct.
Generally, courts have held employers have a duty to investigate and stop unlawful and harassing conduct in work-related settings if the employer has actual or constructive notice the unlawful or harassing conduct is taking place.
In Blakey v. Continental Airlines Inc., a female pilot filed hostile work environment and defamation claims against her employer based on derogatory comments posted about her on the employer's electronic bulletin board. The Supreme Court of New Jersey concluded the electronic bulletin board was part of the workplace and the offensive comments posted by the employees could support a hostile work environment claim for which the employer could be liable. The court noted that though employers need not monitor all private employee communications, they are required to stop known or suspected co-worker harassment.
Similarly, in Jane Doe v. XYC Corp., an employee used his employer's computer system to upload and view child pornography that was later determined to include pornographic images of his stepdaughter. The employee's wife sued the employer, alleging it knew or should have known the employee was using his work computer to access child pornography. A New Jersey Appellate court held that because the employer had knowledge of the employee's unlawful use of its computer systems, it had a duty to monitor and take action to prevent further violations by its employee.
In contrast, in Yath v. Fairview Clinics, a Minnesota Appellate court granted summary judgment in favor of the employer on the employee's invasion of privacy claim. The court held though the medical clinic's employee accessed a patient's private medical records and later posted the patient's personal information on MySpace, the employee's intentional misconduct was not foreseeable and, accordingly, the employer could not be held liable.
Employees' disclosure of confidential information or trade secrets and/or public disparagement of their employers also can create a nightmare situation. You can face liability for inadvertently misinforming the public, violating customer and/or consumer trust, violating confidentiality and similar agreements with other entities and/or people, violating fiduciary duties in disclosing nonpublic information and a multitude of other violations. In addition to the legal consequences, such exposures can result in significant financial hardships and generate insurmountable negative publicity.
If you do not adequately communicate expectations regarding online activity to employees and/or fail to properly take advantage of your right (and sometimes obligation) to monitor employees' electronic communications, you can face significant exposure and liability. Therefore, developing and implementing appropriate monitoring policies and procedures are essential. However, the tension between employers and employees regarding the propriety of monitoring employee electronic communications remains an issue ripe for litigation.
Even after an employment relationship is terminated, you will need to consider the various liabilities that arise out of responding to (or ignoring) requests for online recommendations or references through various Web sites such as LinkedIn.
For example, if you terminated an employee because of performance issues and a manager later posts a glowing recommendation on the terminated employee's LinkedIn page, the legitimacy of the termination may be questioned. This may pose significant problems if the employee later files a claim of discrimination or retaliation against you, alleging the reason for termination was pretextual.
Further, when a management-level employee posts an electronic recommendation on a terminated employee's Linked-In page, that recommendation may be perceived as an official endorsement of the terminated employee. Such a recommendation could expose you to liability if another company relies on the recommendation and hires that person. Accordingly, either refrain from providing online references or treat and process every online reference as a formal recommendation.
Evolving technologies, particularly social networking sites, provide you with a wealth of opportunities to make better, more informed employment decisions and perpetuate a positive public image. These same technologies also pose significant liabilities for employers, so you cannot afford to sit idly by while employees and competitors use online social communication tools to advance their respective goals. Consider the following:
Social networking sites and other online communication tools are here to stay. Your employees are using these tools while at work and are posting, tweeting, instant messaging and blogging about their workplace. Your competitors are using these tools to make informed employment decisions and better manage their workplaces. You must act now to ensure your business is prepared to thrive in this new age of social networking and evolving technologies.
Jason C. Kim is a partner and Gray I. Mateo-Harris is an associate in the labor and employment practice group of the Chicago-based law firm Neal, Gerber & Eisenberg LLP.