In days past employees discussed and debated workplace issues around the water cooler. That sentimental past-time has long since been replaced by online social media networking and the reach of social media is stunning.

There are more than 2 billion monthly active Facebook users as of June 2017.  65% of these users on average log into Facebook daily and are considered active users. Five new profiles are created every second. The highest traffic occurs mid-week between 1-3pm. There are 328 million monthly active Twitter users, 100 million daily active tweeters and 500 million Tweets sent every day.

Disgruntled employees now use social media to speak out about employers and co-workers, using Facebook, Twitter, blogs and the like. An on-line attack has the potential to cause harm to the good-will of companies, and negatively impact the morale and reputation of employees.

The National Labor Relations Board (NLRB) regulates the employer-employee relations of private union and non-union workplaces.  In recent years the Board has consistently acted to protect from discipline unhappy employees who resort to social media and has waged an active war with employers to expand the rights of employees to use their employers’ private email systems.

As a result, many employers are asking fundamental questions. Do employees have a right to use social media sites while at work? Can I monitor employees’ social media activity? Do I need a social media policy?

The statistics vary but somewhere between 25% to 50% of companies have a social media policy in place. About 30% have policies that delineate how employees must present themselves when posting on the internet; nonetheless, 75% of the employees of these companies use social media regardless of the company’s policy.

The National Labor Relations Act gives employees the right to act together to address wages, hours and terms and conditions of employment. This is referred to as “protected, concerted activity.” When an employee posts a complaint on Facebook or Twitter about a company policy, such as vacation or flexible work hours, or complains about a work unit’s supervision, the employee may be engaging in protected activity that the NLRB considers to be beyond the reach of disciplinary action.

What are some of the factors that employers need to consider?

  1. Was the post for purely personal reasons?
  2. Did other employees join in or “like” the post?
  3. Did the post concern work-related issues?
  4. Was the post so disloyal or egregious so as to lose protected status?

While an employee may post a comment or observation a company considers disrespectful or objectionable that may qualify as protected, concerted activity, there are recognized limitations.  One such area includes proprietary and confidential information, and trade secrets.  Another area that is off limits includes comments about co-workers that are based on race, age, religion and other unlawful activity, such as sexual harassment.

However, in the absence of evidence of these off-limits areas, comments that companies have considered disrespectful, damaging to the company’s reputation, inappropriate in violation of company policies, or even as flat out false have been found lawful and protected.  And, to add insult to injury, the NLRB also has held the underlying company handbook personnel policies to be illegal.  As a result, employee discipline has been overturned, the employee reinstated with back pay and other lost benefits, and the company ordered to revise the underlying policy.

Now, some relief may be on the horizon for 2018 and beyond.  On December 1, 2017, the new NLRB General Counsel issued a memorandum to field offices directing them to submit cases involving several of these contentious social media, handbook policy and use of company email issues to the Division of Advice for further guidance.  This action acts to essentially freeze regional offices from moving new cases forward.

In the meantime, how does an employer navigate the murky social media waters?

  1. Notify employees that internet use will be monitored and that there is no expectation of privacy in the use of the company’s email and internet system.
  2. Implement a social media policy and train employees on its content.
  3. Designate a person to be responsible for implementing and administering these steps, and monitoring compliance.
  4. Implement a procedure to report policy violations.
  5. Prohibit the use of social media networking during working time.
  6. Review underlying policies (confidentiality, non-disparagement, harassment, etc.) to assure the policies do not infringe on concerted, protected activity.

The Pennsylvania courts have delved into the “App Store,” addressing for the first time the use of smartphones and their applications in the context of illegal wiretapping.

Pennsylvania’s Wiretap Act forbids the “interception” of private conversations using an “electronic, mechanical, or other device,” unless all of the participants consent to that recording.  State laws like this one, as well as federal wiretapping laws, explain why you have often heard messages from telemarketers informing you that your call may be recorded “for quality assurance purposes.”  Such a warning, and your continued participation in the call, indicates that you have consented to the recording.  Without such consent, the recording of an otherwise private conversation constitutes illegal interception of a conversation, which is a felony criminal offense.

In 2014, in Commonwealth v. Spence, the Pennsylvania Supreme Court departed from this “dual consent” standard, finding that the Wiretap Act does not prohibit the surreptitious interception of private communications, so long as that interception is accomplished using a telephone rather than some other “device.”  In that case, a state trooper used an arrestee’s phone to call his drug dealer, then gave the phone back to the arrestee and instructed him to activate the speaker function.   The drug dealer incriminated himself during the phone call, and was arrested.  Challenging his arrest, the dealer argued that his private conversation with the arrestee had been illegally intercepted by the state trooper.  The court disagreed, finding that Pennsylvania’s General Assembly had deliberately excluded telephones from the definition of “electronic, mechanical, or other device.”  Because the state trooper had not used any “device” other than the telephone itself to record the call, the Wiretap Act did not forbid his actions.

In February, in Commonwealth v. Smith, the Pennsylvania Superior Court considered this exception for use of a “telephone” in light of “evolving technological advances of the modern day smartphone.”  In Commonwealth v. Smith, an employee was charged with interception of oral communications after he recorded a conversation he had with his former boss during a private meeting.  Without the boss’s knowledge or consent, the employee began recording the conversation with his iPhone’s “Voice Notes” app to capture statements regarding an ethics complaint.  After this recording was discovered during the employee’s wrongful termination lawsuit, the employee was charged with a felony violation of the Wiretap Act.

The Superior Court had to decide whether the Act’s exception for interception by use of a “telephone” encompassed today’s smartphone capabilities.  The court found the use of a smartphone app constituted the illegal use of an “electronic, mechanical, or other device” rather than the use of a “telephone” permitted by the exception to the wiretapping law.  The court ruled that, “[a]lthough [the employee] used an app on his smartphone, rather than a concealed tape recorder, to surreptitiously record his conversation with [his former boss], the result is the same. His actions constituted a violation of [the Wiretap Act].”

The case offers another example of the care that must be taken before recording a private conversation in Pennsylvania.  Without explicit consent from the participants, such recording is illegal.  This is true whether the conversation is captured on surveillance video, a tape recorder, or a smartphone app.

Devin Chwastyk is chair of the Privacy & Data Security group at McNees Wallace & Nurick.  He counsels organizations with regard to data security policies and in responding to data breaches.

This post was contributed by Adam L. Santucci, an Attorney in McNees Wallace & Nurick LLC’s Labor & Employment Practice Group in Harrisburg, Pennsylvania.

Stop me if you heard this one: the National Labor Relations Board recently reinstated employees who were discharged for comments made on their Facebook pages and found that the employer’s social media policy was unlawful.

We have covered this topic in detail before (herehere and here for example), and you can check out these posts and others in our Archive for some background information on the Board’s aggressive approach to social media issues. In Triple Play Sports Bar and Grille, the Board made clear its position that under the National Labor Relations Act, employees have the right to act together to improve the terms and conditions of their employment and to "improve their lot." The Board went on to state that this includes the right to use social media to communicate with each other and with the public for this purpose.

On the other hand, the Board also noted that online communications can implicate legitimate employer interests, including the right to maintain employee discipline. The Board noted that the competing interests of the employees and the employer must be weighed carefully (yes, you know where this is headed). In this case, not surprisingly, the Board found that the employees’ interests outweighed the employer’s interests and that the employees’ conduct did not lose the protections of the Act despite the use of some pretty offensive language.

Let’s take a look at the facts.

Continue Reading Board Continues Aggressive Policing of Employee Social Media Use

In a recent decision involving employee social media activity, the National Labor Relations Board held that a high-end clothing boutique in San Francisco violated the National Labor Relations Act when it terminated employees who complained on Facebook about working late at night in an unsafe neighborhood. The Board also found that a policy in the employer’s handbook prohibiting disclosure of wage and compensation information was unlawful.

The employees at issue in Bettie Page Clothing (pdf) raised concerns to the store manager and others about the store’s hours, which required that the employees close the store after dark. The employees were concerned about being harassed by "street people" after closing up. When the employees’ internal complaints were not successful in having the store hours changed, the employees criticized the store manager during multiple discussions on Facebook. Shortly after the posts, the employees were terminated.

The employees filed a complaint with the Board challenging their terminations. The Board affirmed the decision of an Administrative Law Judge (ALJ), holding that the employees’ complaints and sarcastic remarks about the store manager on Facebook were a discussion about the terms and conditions of employment. The Board stated that the discussions about the manager’s refusal to address their concerns over store hours were "classic" concerted protected activities, and therefore, the employees’ terminations based on those discussions were unlawful. The Board ordered the employees reinstated.

In addition, the Board affirmed the decision of the ALJ finding that the policy in the employer’s handbook that prohibited the disclosure of wage and compensation information violated Section 7 of the Act. The Board ordered the employer to rescind the policy.

As we have discussed in the past, the Board continues to take a hard line when it comes to employee discipline for social media activity. The Board has made clear its position that discussions on Facebook are the equivalent to discussions around the water cooler, but I am not sure I agree. For example, discussions around the water cooler typically do not create electronic records and have a worldwide audience. Only time will tell whether the Board’s decisions in this area will be affirmed by the courts.

Please also keep in mind that it appears that the Board has been reviewing employer policies with increased scrutiny. If you haven’t done so already, it is a good time to proactively review your policies to ensure compliance with the Act.

Given the popularity of Facebook, Twitter, and LinkedIn, more and more organizations are resorting to social media sites to promote their brands and manage their public profiles. Employers are also encouraging employees to open social media accounts to carry out marketing and networking objectives. As corporate and professional social media use increases, so is the frequency of lawsuits challenging just who owns such social-networking accounts and content—the company or the employee who maintains them. A federal judge is being asked to address this very issue in a case involving a Pennsylvania woman’s claim that her former employer violated the Computer Fraud and Abuse Act (CFAA) when it took control of her LinkedIn account after she was fired (pdf).

Linda Eagle was co-founder and president of Edcomm, a bank consulting and training company. In 2008, Eagle created a LinkedIn profile; she used the profile to promote Edcomm’s services, foster her reputation, reconnect with friends and colleagues, and build her personal and professional network. Eagle shared the account password with another employee, who assisted Eagle in maintaining the LinkedIn profile. In 2011, following a change in ownership, Eagle was fired. After her termination from Edcomm, Eagle attempted to access her LinkedIn account, but was unsuccessful. Edcomm, using Eagle’s password, had accessed her account and changed her password so as to restrict Eagle’s access. In addition, Edcomm removed Eagle’s name and picture and posted information on the new executive who was hired in her place. Three weeks later, Eagle was able to regain access to her LinkedIn account.

Eagle then sued, claiming that the unauthorized takeover of her LinkedIn account violated the CFAA, caused her to lose potential business contacts and future revenue, and damaged her reputation. In response, Edcomm filed a counterclaim alleging that it had maintained and monitored the LinkedIn profile for the company’s benefit, that it was the rightful owner of the account, and that Eagle misappropriated the account for personal use.

Continue Reading Employer Takeover of Employee’s LinkedIn Account Does Not Violate Federal Computer Hacking Law, Question of Ownership Remains