Facebook and Privacy, Quirky Question # 129
Quirky Question # 129:
One of our company’s employees apparently has a Facebook account. Many of her co-employees are her Facebook “friends.” One of our managers heard that at least some of these employees used the Facebook account to post very negative comments about the company and our managers, including him. Consequently, he persuaded one of the employees who was a Facebook “friend” to the person who originated the account to provide him access to review the information that had been posted. Offended by the content, particularly the portrayal of him and some of the other managers, he fired the employee who started the account and disciplined others who had posted negative information about him or the company.
The discharged employee has retained counsel and is threatening to sue us for invasion of privacy and other unspecified claims. Are there any risks?
Dorsey’s Analysis:
The direct response to your question is: “Yes, there are risks, but the severity of the risks depends on a variety of factors that are not self-evident in the question.” The factors bear upon how, when and on what equipment the account was created, as well as how and when the information was posted and accessed. Then, of course, I would need to know more about the content of the postings. But, I would start my analysis with the following questions, which apply not only to the specific facts of the question but also to many other contexts involving computer use and social networking.
First, what computer was used to create the Facebook account? Was it a work computer? Or, was the Facebook account created on your employee’s privately owned computer?
Second, assuming (perhaps erroneously) that the computer used was a company-owned computer, does the company have any written policies regarding the use of its computers for non-work related activities? Even more specifically, does your company have any policies regarding social networking or creating or accessing social networking sites. (If your company does not have policies addressing these areas, you should give serious consideration to establishing and publicizing such policies among your employees.)
Third, when did the originator of the site create the content your manager found offensive? Did she draft the troublesome content during work hours? Did she do so when she was supposed to be focused on work assignments?
Fourth, when did the other employees access the site and/or add content to it? Did they do so during the work day?
Fifth, before actually accessing the account, what had your manager heard about the information displayed on the account? Before making the decision to try to gain access to the account, did he discuss his concerns with anyone in your human resource or employee relations groups? Did he discuss his plans for how he could access the account?
Sixth, what was your manager’s motivation to review this material? Was he concerned about negative information being displayed about the company or was his interest primarily in how he was portrayed? (Of course, he could have been interested in both topics.)
Seventh, how did your manager who heard about the account “persuade” one of your employees to allow him access? Did he simply request the employee to provide him access? Did he threaten any adverse consequences if the employee did not provide access?
Eighth, did your manager make his request to be provided access to the site in writing? Did the employee agree, again in writing, to allow the manager access to the site? (Once again, even assuming there was a written request, the nature of the request could vary widely, either providing some protections to your company, or not.)
Ninth, what was the nature of the content that was displayed? You stated in your question that the employees posted “very negative comments about the company and about [its] managers.” What specifically was posted about the company? What specifically was posted about your managers?
Tenth, who made the decision to terminate the employee? Was HR or employee relations consulted? Did these groups have any input into the decision?
Finally, how did this termination decision compare to other decisions involving parallel facts? Are there any useful precedents that have occurred at your company that guided the company’s decision-making in this instance?
Your responses to each of these topical areas would influence heavily whether your company is confronting any serious risks with regard to your manager’s behavior. Let me illustrate that point by reviewing briefly these general subject areas.
Issues 1 – 4: Clearly, if the computer used to create the Facebook account was a computer issued by your company, and if the account was created and accessed during the work-day, your company will have a more compelling argument that the employee acted inappropriately in setting up the account and posting negative comments to it during her working hours. Similarly, if your other employees accessed the Facebook account and posted their negative comments during the work-day, your company’s position will be stronger. If your company also had (as it should) written policies that have been disseminated to your employees, apprising them of the proper use of your workplace computers and the company’s rights to review materials created on those computers, your company’s actions will be more defensible. If your firm’s policies also addressed what the company considered proper and improper in terms of accessing/using social networks, even better.
But, if the employee used her own home computer and posted the content in the evening, and if her co-workers accessed the Facebook page from their own computers, not during working hours, this could complicate your company’s defense to her potential claims.
Issues 5 – 6 & 9: These subjects focus on what your manager knew and what he was trying to learn by seeking access to the page. Again, in the absence of specific facts, it’s difficult to offer too many insights. For example, if your manager had heard that the comments on Facebook regarding the company claimed that it was a sexist or racist work environment where women and people of color had little chance for advancement, one could certainly make an argument that your company needed to ascertain precisely what had been posted. Similarly, if the comments about your company extended to its products and made claims that the products were dangerous to the consumer, again it would be critical for your firm to determine the content on the Facebook page. Even the comments about the managers may have been the type that warranted prompt investigation, including accessing the account. For example, if the employees claimed that certain managers engaged in sexually harassing conduct and this allegation filtered back to the manager who accessed the account, his need to review the content would be easy to justify.
In contrast, if the information that had filtered back to your manager did not implicate any serious issues relating to product safety, working conditions, or other important issues about the company, and if the information did not raise broad concerns about the managers, it may be far more difficult to justify the company’s access of the Facebook material.
Of course, what your manager suspected might be on the Facebook page and what actually was on the page are critical for you to compare. Although a post-hoc analysis justifying the decision to access the account would not, in most instances, be particularly persuasive in explaining one’s actions, in some circumstances it could be. For example, if upon reviewing the content, your manager had discovered that the employee posting the information had made serious and frightening threats of workplace violence, even a post-hoc explanation of why the account was accessed may well have some persuasive force.
Issues 7 – 8: These questions go to the manner in which your manager “persuaded” the employee to allow him to access the Facebook account. Was any pressure applied? If so, what kind? Was any promise made to the employee for cooperating? Was any threat made, explicitly or implicitly, if the employee refused to cooperate? You can tell where these inquiries are going – to the extent that your manager pressured the employee to allow him access to the account, you may have a problem.
One way to minimize at least the appearance of undue pressure is to provide the employee with a written document in which the employee authorizes access. The more specific, the better. For example, you could include statements specifically disclaiming that the employee provided management access because of pressure applied, either in the form of inducements or threats. You could allow the employee to take the document home with him or her to cogitate about it overnight. The fairer the document, and the fairer the process it reflects, the better.
Issues 10-11: These issues also go to the underlying fairness of the process. Did HR or Employee Relations have an opportunity to weigh in on the decision to access the account? Were they able to compare this type of access with other kinds of past managerial conduct. Although new technologies and new social networking issues seem to implicate “novel” or “unique” issues for management, I’m not convinced they do. Guidance on how to treat some of these situations may be derived from parallel situations your company already has addressed.
Here, for example, you have the issue of negative comments being made about the company and its management team. Has your company ever addressed negative oral comments about the company’s products, working conditions, or management? Who knows – your company may even have a section in your employee handbook addressing these types of potentially disruptive comments.
In the fact pattern you described, the comments were not oral, but in writing. Here, too, however, your company may have addressed analogous situations in the past. For example, how would your company address the situation where an employee posted harshly critical written comments on a company bulletin board or in a company intranet? How would company have addressed a situation where your employees sent out negative information to co-workers via email? Somewhat differently, how would your company have handled a situation where an employee sent another employee a letter, or sent a group of employees a letter – think, Holiday letters – that contained negative information about the company. These letters are, for the most part, private. Yet they also have a public component and can be copied and/or forwarded to others. Would your company have had concerns about your manager’s behavior if he had compelled the recipient of a letter from another employee to make a copy of the letter for him? Would you have been concerned if he had then fired the author of the letter because it contained content critical of him?
While other contexts may not be completely parallel to your immediate problem, they should provide meaningful guideposts to help you analyze the problem you currently are confronting. They also should enable your company to place the alleged transgressions of the Facebook page creator into a broader context.
Similarly, as in any workplace situation involving discipline or discharge, your company would benefit from seeking guidance from HR, Employee Relations, or in-house counsel regarding how others have been treated for engaging in similar conduct. Discrimination cases are grounded on the notion of differential treatment, so it is critical for your company to examine how others whose behavior may have been similar were treated in the past. Likewise, it is important for you to assess how the various contributors to the Facebook page have been treated in this instance. You stated in your question that the creator of the Facebook page was discharged. How did the company treat others who contributed to the originator’s Facebook page? Were the comments they posted on the fired employee’s “Wall” even harsher condemnations of the company? What principled bases did the company have for firing one but not others?
Finally, even if your company may never have confronted this type of problem, other companies may have and some of these disputes may have reached the courts. I have not seen a fact pattern that precisely mirrors your own, but there is a pretty close case that was decided by a jury in 2009. That case, Pietrylo vs. Hillstone Restaurant Group, Case No. 06-5754 (D.N.J.), involved a similar situation – a manager who “encouraged” an employee to provide him a passcode to access a password protected page on My Space that was used by several employees of the restaurant to vent about management. Indeed, the initial posting on the account stated specifically that the purpose of the private site would be to “vent about any BS we deal with at work without any outside eyes spying in on us. This group is entirely private and can only be joined by invitation.” Ultimately, an employee provided two managers with her password, enabling them to access the account. They did so, and later terminated the creator of the account and one of the contributors.
This action led to litigation involving claims of federal Wiretap violations, New Jersey wiretap violations, violations of the federal Stored Communications Act, a parallel New Jersey stored communications statute, wrongful discharge in violation of public policy, and invasion of privacy. Four of these claims survived summary judgment – the Stored Communications Act (both federal and state claims) and two invasion of privacy counts. The jury that decided these issues found that the plaintiffs’ rights had been violated.
In short, the Hillstone Restaurant case demonstrates that employers need to move carefully when addressing these kinds of issues. The case also highlights the fact that when electronic communications are at issue, employers may have to consider statutory schemes with which it has not previously had much experience. Good luck.