Happy Holidays From The NLRB: Your Carefully Crafted Social Media Policy May Amount To A Per Se Violation Of The National Labor Relations Act
Posted by Roy Ginsburg on December 21, 2010 · Leave a Comment
[Readers: As promised, set forth below is the article from my partner, Mike Iwan, regarding the recent NLRB Complaint, stemming from a posting on Facebook. If you would like to discuss this article, don't hesitate to contact Mike at 612.340.5613, or via email at iwan.michael@dorsey.com. Additional information about Mike is available at: http://www.dorsey.com/iwan_michael/. Regards, Roy]
Happy Holidays from the NLRB
By: Mike Iwan
Depending on the study cited, as many as:
• 79% of people in the U.S. age 18 and older were on-line in some fashion as of May 2010
• Of those on-line adults, 61% used social networking sites (up from 46% of on-line adults just last year)
Source: PEW Internet and American Life Project
• Approximately one-third of U.S. companies have a social media policy (other surveys report more than one-half their respondents have such policies)
Source: Manpower Social Media Survey, January 2010
• More than one-half of U.S. companies block access to social media sites from work
Source: Robert Half Social Media Monitoring Tools Survey, October 2009
• As many as 15% of U.S. companies have disciplined employees over social media issues
• 8% of U.S. companies have reported discharging someone over social media issues (up from 4% in the same survey in 2009)
Source: Proofpoint Outbound E-mail and Data Loss Prevention, 2010
The ease of use and dissemination, the spontaneity of communications, the perceived anonymity of on-line personas – in other words, all the things that likely attract people to social media – also present real challenges for employers. Whereas before, employers had to concern themselves only with the occasional improper e-mail that might be seen by a handful of individuals, Facebook posts, Twitter feeds, and other on-line content can quickly “go viral” and be seen by tens or hundreds or thousands of people. With the stakes raised, employers are growing increasingly vigilant and decreasingly tolerant of careless social media behavior. As a result, both corporate policies and the law are struggling to keep pace with the social media age. Read more
Filed under Facebook, National Labor Relations Act, Social Networks · Tagged with
Facebook and Privacy, Quirky Question # 129
Posted by Roy Ginsburg on January 11, 2010 · Leave a Comment
The discharged employee has retained counsel and is threatening to sue us for invasion of privacy and other unspecified claims. Are there any risks?
Second, assuming (perhaps erroneously) that the computer used was a company-owned computer, does the company have any written policies regarding the use of its computers for non-work related activities? Even more specifically, does your company have any policies regarding social networking or creating or accessing social networking sites. (If your company does not have policies addressing these areas, you should give serious consideration to establishing and publicizing such policies among your employees.)
Third, when did the originator of the site create the content your manager found offensive? Did she draft the troublesome content during work hours? Did she do so when she was supposed to be focused on work assignments?
Fourth, when did the other employees access the site and/or add content to it? Did they do so during the work day?
Fifth, before actually accessing the account, what had your manager heard about the information displayed on the account? Before making the decision to try to gain access to the account, did he discuss his concerns with anyone in your human resource or employee relations groups? Did he discuss his plans for how he could access the account?
Sixth, what was your manager’s motivation to review this material? Was he concerned about negative information being displayed about the company or was his interest primarily in how he was portrayed? (Of course, he could have been interested in both topics.)
Seventh, how did your manager who heard about the account “persuade” one of your employees to allow him access? Did he simply request the employee to provide him access? Did he threaten any adverse consequences if the employee did not provide access?
Eighth, did your manager make his request to be provided access to the site in writing? Did the employee agree, again in writing, to allow the manager access to the site? (Once again, even assuming there was a written request, the nature of the request could vary widely, either providing some protections to your company, or not.)
Ninth, what was the nature of the content that was displayed? You stated in your question that the employees posted “very negative comments about the company and about [its] managers.” What specifically was posted about the company? What specifically was posted about your managers?
Tenth, who made the decision to terminate the employee? Was HR or employee relations consulted? Did these groups have any input into the decision?
Finally, how did this termination decision compare to other decisions involving parallel facts? Are there any useful precedents that have occurred at your company that guided the company’s decision-making in this instance?
Your responses to each of these topical areas would influence heavily whether your company is confronting any serious risks with regard to your manager’s behavior. Let me illustrate that point by reviewing briefly these general subject areas.
Issues 1 – 4: Clearly, if the computer used to create the Facebook account was a computer issued by your company, and if the account was created and accessed during the work-day, your company will have a more compelling argument that the employee acted inappropriately in setting up the account and posting negative comments to it during her working hours. Similarly, if your other employees accessed the Facebook account and posted their negative comments during the work-day, your company’s position will be stronger. If your company also had (as it should) written policies that have been disseminated to your employees, apprising them of the proper use of your workplace computers and the company’s rights to review materials created on those computers, your company’s actions will be more defensible. If your firm’s policies also addressed what the company considered proper and improper in terms of accessing/using social networks, even better.
But, if the employee used her own home computer and posted the content in the evening, and if her co-workers accessed the Facebook page from their own computers, not during working hours, this could complicate your company’s defense to her potential claims.
Issues 5 – 6 & 9: These subjects focus on what your manager knew and what he was trying to learn by seeking access to the page. Again, in the absence of specific facts, it’s difficult to offer too many insights. For example, if your manager had heard that the comments on Facebook regarding the company claimed that it was a sexist or racist work environment where women and people of color had little chance for advancement, one could certainly make an argument that your company needed to ascertain precisely what had been posted. Similarly, if the comments about your company extended to its products and made claims that the products were dangerous to the consumer, again it would be critical for your firm to determine the content on the Facebook page. Even the comments about the managers may have been the type that warranted prompt investigation, including accessing the account. For example, if the employees claimed that certain managers engaged in sexually harassing conduct and this allegation filtered back to the manager who accessed the account, his need to review the content would be easy to justify.
In contrast, if the information that had filtered back to your manager did not implicate any serious issues relating to product safety, working conditions, or other important issues about the company, and if the information did not raise broad concerns about the managers, it may be far more difficult to justify the company’s access of the Facebook material.
Of course, what your manager suspected might be on the Facebook page and what actually was on the page are critical for you to compare. Although a post-hoc analysis justifying the decision to access the account would not, in most instances, be particularly persuasive in explaining one’s actions, in some circumstances it could be. For example, if upon reviewing the content, your manager had discovered that the employee posting the information had made serious and frightening threats of workplace violence, even a post-hoc explanation of why the account was accessed may well have some persuasive force.
Issues 7 – 8: These questions go to the manner in which your manager “persuaded” the employee to allow him to access the Facebook account. Was any pressure applied? If so, what kind? Was any promise made to the employee for cooperating? Was any threat made, explicitly or implicitly, if the employee refused to cooperate? You can tell where these inquiries are going – to the extent that your manager pressured the employee to allow him access to the account, you may have a problem.
One way to minimize at least the appearance of undue pressure is to provide the employee with a written document in which the employee authorizes access. The more specific, the better. For example, you could include statements specifically disclaiming that the employee provided management access because of pressure applied, either in the form of inducements or threats. You could allow the employee to take the document home with him or her to cogitate about it overnight. The fairer the document, and the fairer the process it reflects, the better.
Issues 10-11: These issues also go to the underlying fairness of the process. Did HR or Employee Relations have an opportunity to weigh in on the decision to access the account? Were they able to compare this type of access with other kinds of past managerial conduct. Although new technologies and new social networking issues seem to implicate “novel” or “unique” issues for management, I’m not convinced they do. Guidance on how to treat some of these situations may be derived from parallel situations your company already has addressed.
Here, for example, you have the issue of negative comments being made about the company and its management team. Has your company ever addressed negative oral comments about the company’s products, working conditions, or management? Who knows – your company may even have a section in your employee handbook addressing these types of potentially disruptive comments.
In the fact pattern you described, the comments were not oral, but in writing. Here, too, however, your company may have addressed analogous situations in the past. For example, how would your company address the situation where an employee posted harshly critical written comments on a company bulletin board or in a company intranet? How would company have addressed a situation where your employees sent out negative information to co-workers via email? Somewhat differently, how would your company have handled a situation where an employee sent another employee a letter, or sent a group of employees a letter – think, Holiday letters – that contained negative information about the company. These letters are, for the most part, private. Yet they also have a public component and can be copied and/or forwarded to others. Would your company have had concerns about your manager’s behavior if he had compelled the recipient of a letter from another employee to make a copy of the letter for him? Would you have been concerned if he had then fired the author of the letter because it contained content critical of him?
While other contexts may not be completely parallel to your immediate problem, they should provide meaningful guideposts to help you analyze the problem you currently are confronting. They also should enable your company to place the alleged transgressions of the Facebook page creator into a broader context.
Similarly, as in any workplace situation involving discipline or discharge, your company would benefit from seeking guidance from HR, Employee Relations, or in-house counsel regarding how others have been treated for engaging in similar conduct. Discrimination cases are grounded on the notion of differential treatment, so it is critical for your company to examine how others whose behavior may have been similar were treated in the past. Likewise, it is important for you to assess how the various contributors to the Facebook page have been treated in this instance. You stated in your question that the creator of the Facebook page was discharged. How did the company treat others who contributed to the originator’s Facebook page? Were the comments they posted on the fired employee’s “Wall” even harsher condemnations of the company? What principled bases did the company have for firing one but not others?
Finally, even if your company may never have confronted this type of problem, other companies may have and some of these disputes may have reached the courts. I have not seen a fact pattern that precisely mirrors your own, but there is a pretty close case that was decided by a jury in 2009. That case, Pietrylo vs. Hillstone Restaurant Group, Case No. 06-5754 (D.N.J.), involved a similar situation – a manager who “encouraged” an employee to provide him a passcode to access a password protected page on My Space that was used by several employees of the restaurant to vent about management. Indeed, the initial posting on the account stated specifically that the purpose of the private site would be to “vent about any BS we deal with at work without any outside eyes spying in on us. This group is entirely private and can only be joined by invitation.” Ultimately, an employee provided two managers with her password, enabling them to access the account. They did so, and later terminated the creator of the account and one of the contributors.
This action led to litigation involving claims of federal Wiretap violations, New Jersey wiretap violations, violations of the federal Stored Communications Act, a parallel New Jersey stored communications statute, wrongful discharge in violation of public policy, and invasion of privacy. Four of these claims survived summary judgment – the Stored Communications Act (both federal and state claims) and two invasion of privacy counts. The jury that decided these issues found that the plaintiffs’ rights had been violated.
In short, the Hillstone Restaurant case demonstrates that employers need to move carefully when addressing these kinds of issues. The case also highlights the fact that when electronic communications are at issue, employers may have to consider statutory schemes with which it has not previously had much experience. Good luck.
Filed under Facebook, Invasion of Privacy, Social Networks · Tagged with
Employees’ Use of Facebook, Quirky Question # 115
Posted by Roy Ginsburg on October 5, 2009 · Leave a Comment
One of our employees signed the company up for Facebook. We thought that it was just a website where teenagers posted embarrassing photos of each other and people organized college reunions. Are there rules for how we can use Facebook? What are we getting ourselves into?
[Readers: The question regarding an employee’s use of Facebook implicated issues beyond my areas of expertise. Therefore, I asked my partner, Jamie Nafziger, who works in Dorsey’s Trademark, Copyright, Advertising and Brand Management Practice Group, to address this inquiry. If you have any questions about this rapidly developing area of the law, I hope that you will reach out to Jamie. Her phone number is 612.343.7922 and her email address is nafziger.jamie@dorsey.com nafziger.jamie@dorsey.com nafziger.jamie@dorsey.com. Additional information regarding Jamie is available at: http://www.dorsey.com/nafziger_jamie/.
Regards, Roy]
Jamie’s Analysis:
Yes. There are lots of rules that govern how your company can use Facebook – way too many to describe in a single Blog post. To keep the discussion length manageable, we’ve picked out the top five issues companies might encounter when they start to use Facebook for their business.
The issues we discuss here are based on the August 28, 2009 revision to the Facebook Statement of Rights and Responsibilities (which most sites call their Terms of Use), so please bear in mind that Facebook may have made one of its frequent revisions since the time of our writing. The date of the latest revision appears at the top of the Statement of Rights and Responsibilities page. If you want to stay up-to-date on changes to Facebook’s policies governing users in general and Pages in particular, add yourself as a fan of the Facebook Site Governance Page and the Facebook Pages / Public Profiles Page. (As you will see in the discussion of Issue 4 below, this can only be done via a personal account with a Profile, and not via a business account.)
Issue 1: Did your employee set up a Page, a Group, or a Profile?
We hope your answer is a Page. We will explain the terminology and then the reason why a Page is the best option for business use.
Facebook Pages provide a way for “[a] public figure, business, or brand … to share information, interact with their [sic] fans, and create a highly engaging presence on Facebook.” Private individuals create Profiles to share information with their Friends. Businesses create Pages, and instead of Friends, Pages have Fans. Anyone can create a Group and can set it up to have open or closed membership.
Pages have a Wall, where the owner and Fans can, if the owner allows it, post content including comments, photos, and videos. (For an example of a Page with only basic content, check out the Procter & Gamble Page; for a Page with some extra content, check out the Coca-Cola Page.) Unlike a Profile, a Page must be publicly available and must share all content with all Facebook users. Pages can only be created and maintained by an official representative of an organization, and Profiles can only be created and maintained by a private individual.
For a number of reasons, businesses will usually want to have a Page rather than a Group. For example, Pages can communicate with an unlimited number of Fans; Group messages are limited to 5,000 people. Page administrators’ identities are shielded; Group administrators’ identities are disclosed. When the administrator of a Page posts a comment, it appears to come from the company; when a Group administrator posts a comment, it appears to come from that individual.
The way this issue can trip up your company is that a Group can never be converted into a Page. If your employee sets up a Group and gets lots of people to join it and sets up a great infrastructure for your company on Facebook, but then your company realizes that it really would prefer to have a Page, it cannot convert the Group into a Page. Its only option is to set up a Page and notify the Group members and have them re-join as Fans – a sure way to lose some people in the process.
Issue 2: Will your company be liable for user-generated content?
Once you launch your Page, Fans may be allowed to post comments, photos, and videos. What if one of those comments, photos, or videos infringes someone else’s copyright? If your company has allowed user-generated content on its main website, it has probably protected itself by complying with the safe harbor provisions of the Digital Millennium Copyright Act (DMCA). It may want to consider protecting itself under the same law on its Facebook Page.
The safe harbor requires your company to provide contact information for someone who can take down allegedly infringing material, to take down allegedly infringing material upon request, and to comply with some other requirements. Generally, DMCA compliance is described in a website’s Terms of Service. If you operate a Page that allows users to post anything at all, you should consider posting a Terms of Service for your Page that includes DMCA compliance, along with the other terms usual for a website that allows users to post content. As of now, most Facebook Pages do not have Terms of Service, partially because Facebook appeared to take responsibility for Pages’ DMCA take-down notices in the past. Facebook’s Statement of Rights and Responsibilities now makes it clear that Pages must have their own DMCA policies. Examples of Page Terms of Use can be seen on the Coca-Cola Page and the 1-800-FLOWERS.COM Page.
Another copyright issue Page owners face is that there are no technological blocks to users taking and re-using all content posted on Pages. This includes your company’s photos, posts and comments, as well as your Fans’ photos, posts and comments. There are also “Share” links for most items on Facebook, which allow users to repost content to their own Walls in their Profiles, thereby sharing that content with their own Friends. This poses a bit of a copyright conundrum. Under copyright law, if a Fan posts something to your Page, no one can use it in any way except to view it on your Page. Other Fans cannot repost it; you or other Fans cannot incorporate it into other works; you cannot use it in your advertising within or outside Facebook. If the Fan who owns the copyrighted material gets wind of certain kinds of use by others (particularly uses outside Facebook), or simply decides that s/he regrets having shared the material in the first place, you or your other Fans can face liability for re-using the material in ways that are expected within the world of Facebook. You may want to consider including license provisions in your Terms of Use for your Facebook Page. Some Page owners make all materials posted to the Page subject to a Creative Commons Copyright license. Essentially, that license allows anyone to re-use the material in any way so long as they aren’t making any money directly off of it. Other types of licenses can also be included in Terms of Use for a Page.
As for defamatory or other illegal content that users might post, in most cases, your company would be protected by the Communications Decency Act. However, you can remove offensive user posts, and you can set up user rules and expectations in your Page’s Terms of Use to reduce your risk. If you plan to set up a Page that you expect will provoke controversial posts by users, you should discuss this issue with your attorney.
Issue 3: Does your company have to do anything to protect its Fans’ privacy?
Facebook requires a Page to have a privacy policy if the Page “collect[s] user information.” Facebook defines information as “facts and other information about you, including actions you take.” A Page inevitably collects user information when a user becomes a Fan (including the fact that the user has become a Fan, the user’s full name, and, depending on the user’s privacy settings, the user’s profile photo) and may collect additional information (for example, when a user makes a Wall post or posts a Fan photo), so this policy seems to require that all Pages have their own privacy policies. However, currently, most Pages do not maintain privacy policies.
In the outside world, the Children’s Online Privacy Protection Act (COPPA) has stringent requirements for websites directed to children under age 13, including that they must have a privacy policy and what that privacy policy must contain. Many activities that are fine offline are restricted online due to COPPA. Furthermore, many sites that are not directed to children choose to have a privacy policy with a statement that they are not directed to children and will delete any information about a child under age 13 that they may have inadvertently collected. The Federal Trade Commission, which enforces COPPA, has been pursuing violators recently to the tune of over $1 million in fines in the past year, and state Attorneys General also have enforcement authority. A website (or Facebook Page) may expose its owner to liability in all fifty states.
“But,” you may say, “Facebook prohibits children under 13 from using the site, and I can age-restrict who is able to see my Page via the Edit Page Settings menu. So why should I worry about COPPA?” Facebook’s age restrictions give only false comfort. Anyone can sign up for the site using any date of birth; Facebook does nothing to verify identities or ages. In addition, people who may or may not be the parents of the children in question post information about children under age 13 often, both in their personal Profiles and on Pages. We have seen, for example, videos of children posted to Pages, with tags or comments containing identifying information about the children. The person posting the video generally says he or she is the child’s parent, but there is no way to verify this within Facebook. A child’s full name alone is enough to trigger a COPPA violation, so the risk of inadvertently violating the law is high, especially for companies whose products are marketed to the under-13 set in the real world.
Privacy considerations bring up one more issue on Facebook related to Issue 1 above: organizations are prohibited from maintaining a Profile instead of a Page. This is for the very good reason that the owner of a Profile has access to a great deal of personal information about any Friend, depending partially upon the Friend’s privacy settings. A Page, however, has access only to Fans’ names, possibly their photos, and the fact that they are Fans, unless the Fan affirmatively chooses to provide additional information. Your organization could inadvertently collect information from Facebook users that it cannot use and does not want, if it maintains a Profile instead of a Page.
Issue 4: Is there anything special your company should consider before setting up an account?
Facebook is not designed for businesses: as the Privacy Policy says, “We built Facebook to make it easy to share information with your friends and people around you.”
If nothing else in this post convinces you of this, the rules for administration of Pages via user accounts should. Facebook allows individuals to maintain one of two kinds of accounts: a business account or a personal account. A person’s business account cannot run searches on Facebook and does not have a Profile; it is used only to administer Pages and advertisements on Facebook. A person’s business account can be converted to a personal account by clicking an ever-present “Create Your Profile” button at the top of the page. Once this has been done, the account cannot be converted back to a business account. A person cannot have both a personal account and a business account; as Facebook’s Help section on business accounts says, “[p]lease be aware that managing multiple accounts is a serious violation of Facebook’s Terms of Use. If we determine that an individual has more than one account, we reserve the right to terminate all of their accounts.”
Pages are administered via people’s existing personal or business Facebook accounts. Each Facebook account must be maintained by only a single individual; Facebook’s policies prohibit sharing or transfer of accounts. However, Pages may have multiple administrators. Each administrator has full edit rights and can add or delete other administrators. The only administrator who cannot be deleted is the one who started a Page. So if you have an employee start a Page for your organization, s/he will always have full edit access to your Page, whether the setup is done via a personal or a business Facebook account.
In sum: an account set up to start a Page is the property of the employee who sets it up and cannot be transferred to another employee. Multiple employees also cannot administer a Page via the same account, whether it is a business account or a personal account. Employees who maintain both a personal account for personal use and a business account for use in association with maintaining your Page risk losing both their personal and business accounts.
Companies are currently grappling with who should be the administrator who starts a Page and whether they need a written agreement with that person to protect the company’s interests. Employees are currently grappling with whether they want to use their personal Facebook accounts to manage projects for their employer and/or their employer’s customers.
Issue 5: Are there any quirky rules of which your company should be aware?
Facebook prohibits users from running contests on Facebook without written permission from Facebook. In our experience, Facebook often takes months to respond to inquiries, if it ever does so. Contests are also subject to the Facebook Promotions Guidelines, which are short, sweet and straight to the point: you cannot promote your contest as being on Facebook, indicate that Facebook has approved or is affiliated with your contest, or administer the contest on Facebook unless it is via an Application on the Facebook Platform. We will save the complicated rules governing Applications for another time. If your company wants to run a contest on Facebook, it will require significant lead time and research to comply with Facebook’s rules.
Conclusion
Business adoption of Facebook is moving at light speed. We hope that Facebook will amend some of its rules to make them more realistic and helpful for business use. In the meantime, companies should work closely with their legal advisors to protect themselves to the greatest extent possible as they launch into the social networking world.
Filed under Facebook, Social Networks · Tagged with
Search
View Topic
Posts
Latest Post
Recent Posts
- Quirky Question # 187: When an Employee Is On a Disability Leave, Is It the Employer’s Responsibility to Determine Whether Jobs Are Available for the Employee?
- David’s Analysis of Quirky Question # 186: Can Arbitration Agreements Ban Class Claims?
- Roy’s Analysis of Quirky Question # 185; Accommodating a Disabled Employee Who Only Can Work a Partial Shift
- Employment Trivia Game
- Thanks for a Great 2011!
- Roy’s Analysis of Quirky Question # 184, Should We Offer Mutual Releases to our Ex-Employees?
- Employment Trivia Game Winner
- Quirky Question # 184, Mutual Releases or Not?
- Announcements and Trivia Game Clue
- How to Lose $4 Million When Firing an Executive — What Happens When It All Goes Wrong?
Leadership Series
Leadership Series
Follow
Meta
Links
Blogroll
Dorsey Blogs
H1N1 Resources
H1N1 Resources
- Center for Disease Control's H1N1 Site
- EEOC Guidance on ADA-Compliant Employer Preparedness For the H1N1 Flu Virus
- EEOC Guidance on Employment Discrimination and the 2009 H1H1 Flu Virus
- Federal Emergency Management Agency's Site
- Minnesota Department of Health's H1N1 Site
- Occupational Safety and Health's Pandemic Flu Guidance
- OSHA Guidance on Preparing Workplaces for an Influenza Pandemic
- Pandemic Flu Workplace Questions
- The University of Minnesota Center for Infectious Research & Disease Policy's H1N1 Site
- U.S. Department of Labor Guidance on FMLA and the Flu
- United States Government's Influenza Site
- World Health Organization's H1N1 Site
Resources