Hot Topics in Workplace Privacy: Social Media and Personal Devices

June 18, 2013

David E. Dubberly*Nexsen Pruet, LLC

*Certified by S.C. Supreme Court as Specialist in Employment and Labor Law

Workplace Privacy In The News 

• Background checks for applicants

Workplace Privacy In The News 

• Using social media postings to screen out applicants

Workplace Privacy In The News 

• Discipline for critical social media posts

Workplace Privacy In The News 

• New issue: accessing personal devices to monitor compliance with policies

Social Media and ECPA Compliance

• Computer wiretap laws– Electronic Communications Privacy Act as

amended by Stored Communications Act• Criminal offense to access stored electronic

communications “without authorization”• Also creates civil cause of action

– State computer crimes laws similar

Social Media and FTC Compliance

• Federal Trade Commission– Disclosure of employment status– False or misleading statements

Social Media and Discrimination/Harassment

• Title VII, ADEA, ADA– Discriminatory comments– Harassing messages or pictures

Social Media and Trade Secret Protection

• S.C. Trade Secrets Act– Trade secret information must be “the

subject of efforts that are reasonable under the circumstances to maintain its secrecy” • Reasonable measures may include:

– Confidentiality agreements– Policy prohibiting improper disclosure– Security software for mobile devices– Strong passwords– Immediate report of lost or stolen device– Exit interview procedures

Social Media and Labor Law Compliance

• National Labor Relations Act– Section 7 rights (apply to non-supervisory

employees at almost all companies)– Criticism of supervisor and employer– Prohibition against surveillance

DISH Network Social Media Policy

• Policy:– “You may not make disparaging or

defamatory comments about [Employer], its employees, officers, directors, vendors, customers, partners, affiliates, or our, or their, products/services.”

DISH Network Social Media Policy

• National Labor Relations Board Acting General Counsel May 2012:– “[T]he prohibition on making ‘disparaging

or defamatory’ comments is unlawful. Employees would reasonably construe this prohibition to apply to protected criticism of the Employer’s labor policies or treatment of employees.”

Clearwater Paper Social Media Policy

• Policy: – “Employees are prohibited from posting

information regarding [Employer] that could be deemed material non-public information or any information that is considered confidential or proprietary.”

Clearwater Paper Social Media Policy

• NLRB Acting GC May 2012: – “The term ‘material non-public information,’ in

the absence of clarification, is so vague that employees would reasonably construe it to include subjects that involve their working conditions.”

– “[T]he term ‘confidential information,’ without narrowing its scope so as to exclude Section 7 activity, would reasonably be interpreted to include information concerning terms and conditions of employment.”

Wal-Mart Social Media Policy• Policy on content of communications:– Prohibits “inappropriate postings that may

include discriminatory remarks, harassment and threats of violence or similar inappropriate or unlawful conduct.”

– “Examples … might include offensive posts meant to intentionally harm someone’s reputation or posts that could contribute to a hostile work environment on the basis of race, sex, disability, religion or any other [protected] status.”

Wal-Mart Social Media Policy• NLRB Acting GC May 2012 :– Policy not ambiguous because “it provides

sufficient examples of prohibited conduct so that, in context, employees would not reasonably read the rules to prohibit Section 7 activity.”

Wal-Mart Social Media Policy• Policy on protection of confidential

information:– “Maintain the confidentiality of [Employer]

trade secrets and private or confidential information. Trades secrets may include information regarding the development of systems, processes, products, know-how and technology. Do not post internal reports, policies, procedures or other internal business-related confidential communications.”

Wal-Mart Social Media Policy• NLRB Acting GC May 2012 : – “Employees have no protected right to disclose

trade secrets. Moreover, the Employer's rule provides sufficient examples of prohibited disclosures (i.e., information regarding the development of systems, processes, products, know-how, technology, internal reports, procedures, or other internal business-related communications) for employees to understand that it does not reach protected communications about working conditions.”

Social Media and Background Checks

• October 2011 survey by Reppler– 91% of hiring managers use social media to screen

candidates– 69% have rejected candidates based on their social

media sites• Lied about qualifications• Inappropriate photos• Inappropriate comments• Negative comments about prior employers• Demonstrated poor communication skills

– 68% have hired candidates based on their social media sites

Social Media and Background Checks

• Main downsides– Too much information– Discrimination claims– Some sites may be considered “consumer

reporting agency” for purposes of FCRA• Best practices– Not decision makers– Same protocol for all applicants– Only public information/no deception– Only job-related information

What is BYOD? 

• Transition from company-issued BlackBerrys to employee-owned smartphones and tablets– Connect personal devices to employer e-

mail and data networks– Create, store, and transmit work-related

information on personal devices employer does not control

Work-Related Mobile Device Use

• March 2012 survey by SANS– 60% of employers allow BYOD

• November 2012 survey by Ovum– But only 30% require employees to sign

BYOD agreement• March 2013 survey by Ponemon Institute– 50% who left or lost jobs in last 12 months

admitted taking confidential information– 40% plan to use it in another job

BYOD and CFAA Compliance• Computer hacking laws– Computer Fraud and Abuse Act• Criminal offense to access computer “without

authorization”• Permits recovery of money damages if such

access results in damage of over $5,000– State computer crimes laws similar

BYOD and FLSA Compliance• Fair Labor Standards Act– Exempt vs. non-exempt employees– Unpaid off-the-clock work– Unpaid overtime

BYOD and OSHA Compliance• Occupational Safety and Health Act– Repetitive stress injuries– Distracted driving

Sitton v. Print Direction, Inc. (Ga. Ct. App. 2011)

• Employee used personal laptop connected to employer’s network for work

• Also used it to send business to competing business started by his wife

• While employee away from office, CEO entered his office, moved computer’s mouse, clicked on e-mail listing in personal account that appeared on screen, and printed e-mails showing disloyal conduct

• Employee terminated, then sued under GA computer crimes statute and for common law invasion of privacy

Sitton v. Print Direction, Inc. (Ga. Ct. App. 2011)

• Trial court ruled for employer and awarded $39,000 in damages

• Appeals court affirmed– CEO’s actions not prohibited by GA statute

because they were not “without authority” • Employer’s policy on computer use, which

allowed inspection of electronic devices in course of investigation, applied to personal equipment

– CEO’s actions not unreasonable invasion of privacy under circumstances

BYOD Policy and Consent Form

• What to do if device lost or stolen• What employer data can be downloaded to

personal device• Employer not liable for lost or damaged

personal data• Signed consent for employer to monitor,

access, and remotely delete data in specified circumstances

• Signed consent for employer to install security software and applications to protect its data

Questions?

1-800-825-6757

Nexsen Pruet website:www.nexsenpruet.com