On Oct. 27, 2010, the National Labor Relations Board issued an unfair labor practice complaint alleging that a company illegally fired an employee for posting negative comments about her supervisor on the social networking site Facebook. See Am. Med. Response of Conn., NLRB Reg. 34, No. 34-CA-12576 (Oct. 27, 2010). This action highlights the many risks employers face in accessing and using information obtained from various online sites when making employment decisions.
In the American Medical Response case, the terminated employee had posted negative comments about a supervisor on her personal Facebook page from her home computer. Her co-workers had made critical remarks in response to her posting.
The NLRB is asserting that the company violated the employee's rights to engage in concerted activity. Section 7 of the National Labor Relations Act (NLRA) protects an employee's right to discuss wages and working conditions with other employees. These protections extend to union employees as well as to non-union employees who are eligible to form and join unions, but not to supervisory and other professional employees who are not entitled to form or join unions. These protections only extend to employees' discussions with other employees regarding wages and other working conditions. They likely do not protect one-sided online postings or critical discussions about the company or a supervisor which do not relate to wages or other working conditions.
The NLRB has also alleged that American Medical Response's Internet and blogging policies further violated the NLRA by prohibiting employees from publicly depicting the company in any way without permission and from making disparaging remarks about the company or supervisors. American Medical will likely argue that the terminated employee's postings threatened to damage the company's reputation and should not be considered protected concerted activity, as the employee was likely Facebook "friends" with many non-employees who also saw the postings. Only a complaint has been issued thus far, so this case is in the early stages. A hearing has been set for Jan. 25 before an NLRB administrative law judge. It is unclear whether an administrative law judge ruling finding American Medical Response in violation of the NLRA would be upheld by the full NLRB or an appellate court.
The NLRB's ruling in American Medical Response is consistent with the 9th U.S. Circuit Court of Appeals' decision in Konop v. Hawaiian Airlines, Inc., wherein the court found that an airline may have interfered with a pilot's organizing activity in violation of the Railway Labor Act (RLA) when it viewed the pilot's secure website without authorization, communicated the contents of that website to the incumbent union, and threatened to file a defamation suit against the pilot based on his statements on his website. See 302 F.3d 868 (9th Cir. 2002). Like the NLRA, the RLA prohibits employer interference in any way with employee organizational efforts. See 45 USC §§151-188. In Konop, the pilot's website included bulletins critical of the airline, its officers, and the incumbent union. Unlike the employee in American Medical Response, the pilot in Konop restricted access to his website to other pilots and excluded others by requiring visitors to log in with a user name and password, so the pilot's negative comments were apparently only accessible to other co-workers. A vice president of the airline accessed the site after he requested that other pilots allow him to utilize their user names. The 9th Circuit concluded that fact issues precluded summary judgment in favor of the employer with regard to whether the pilot's development and maintenance of his website constituted protected activity under the RLA, whether the airline interfered with the pilot's union organizing activity in violation of the RLA, whether airline officials improperly assisted one union faction over another, and whether airline officials engaged in coercion and intimidation by threatening to sue the pilot for defamation.
On Oct. 22, 2010, the Canadian Labor Board (CLB) reached a result contrary to the NLRB, upholding an employer's right to terminate two employees for making derogatory comments on Facebook about their employer and supervisors. See Lougheed Imports Ltd. Operating West Coast Mazda d/b/a West Coast Detail & Accessory Ctr. & UFCW Local 1518, B.C.L.R.B., No. B190/2010 (Oct. 22, 2010). In that case, the terminated employees were Facebook "friends" with a manager, who saw their Facebook postings, which were critical of supervisors and managers and which the company felt created a hostile work environment. The two employees were also Facebook "friends" with many other employees of the company. The CLB held that the employees had no expectation of privacy with regard to their Facebook postings and that a reasonable relationship existed between their misconduct and the penalty imposed.
An employer's termination of a union employee based on the employee's postings on a social media network can also form the basis for a grievance alleging unjust termination. In Washington-Baltimore Newspaper Guild, Local 32035 & Radio Free Asia, Arb. (Fishgold, Nov. 9, 2010), for example, a reporter who was terminated for insubordination and for violating Radio Free Asia's code of journalistic ethics based on his Twitter posts directed toward two subjects of a story he had written filed a grievance alleging unjust termination. After the employee posted several tweets responding to postings made by the subjects of his story, his supervisor instructed him to stop tweeting on the issue. Subsequently, the employee sent a final tweet stating that his boss had instructed him to stop tweeting. Finding that the supervisor's instructions lacked clarity and that the supervisor had aggravated the situation by refusing to allow the employee to change portions of his story, the arbitrator ordered reinstatement with back pay, seniority and benefits.
Employer access and use of information obtained on applicants and employees through online searches also poses other legal risks. Online searches can reveal information regarding protected status under federal anti-discrimination statutes such as Title VII of the Civil Rights Act of 1964, as well as information protected by state laws which often provide broader protections than Title VII. For example, such online searches may reveal an applicant or employee's race, national origin, age, sexual orientation, disability or genetic information, providing a basis for a claim that a subsequent adverse employment action was based on that otherwise unknown status.
Similarly, an employer's inconsistent enforcement of an Internet or blogging policy can form the basis for a disparate treatment discrimination lawsuit. For example, in Marshall v. Mayor & Alderman of the City of Savannah, a probationary firefighter challenged her termination for MySpace postings that included pictures of other firefighters which she had obtained without permission from the city's website and pictures of herself scantily clad. See 366 Fed. Appx. 91 (11th Cir. 2010).
The department had learned of the postings through an anonymous tip, and was able to access the postings because the employee had not restricted her MySpace account to a private setting. The fire department maintained that the postings violated its rules regarding unbecoming conduct and conflicts of interest. When confronted with the conduct and asked to remove the pictures, the employee denied she had violated any policy, became defensive and insubordinate, and refused to provide the names of other firefighters she claimed had made similar postings. After she was terminated, she brought suit alleging race, gender and national origin discrimination, claiming that other firefighters had made similar postings and were not fired. The 11th U.S. Circuit Court of Appeals affirmed the lower court's decision rejecting the employee's claims of discrimination, finding that the employee had failed to show that similarly situated employees outside the protected class were treated more favorably. Although the employer prevailed, the case highlights risks that employers can face when making employment decisions based on information obtained online.
The Equal Employment Opportunity Commission's Nov. 9, 2010, regulations enforcing the Genetic Information Nondiscrimination Act of 2008 (GINA), which took effect on Jan. 10, 2011, highlight another area where employers face risk when accessing and making decisions based upon information obtained over the Internet. GINA prohibits employers from "acquiring" genetic information regarding applicants and employees, with certain limited exceptions. Under the new regulations, employers are expressly prohibited from conducting Internet searches on employees or applicants in a way that is likely to result in obtaining genetic information. See 29 CFR §1635.8(a). If a company acquires genetic information through social networking sites and other media sources, a violation of GINA has occurred unless the employer can show that access is routinely granted to all who request it or that access was otherwise authorized. Id. at §1635.8(b)(4)(ii). The new regulations explain that GINA's exception for inadvertent acquisition of genetic information extends to situations where a manager inadvertently learns genetic information about an employee or applicant from a social media site for which the manager had been given permission to access by the employee or applicant. Id. at §1635.8(b)(1)(ii)(D). Thus, when a supervisor and employee are "friends" on a social networking site and the employee posts an update on her family medical history, there is no violation of GINA. Id. Again, employers should exercise caution when conducting searches which may reveal an applicant or employee's genetic information and should not access password-protected or other invitation-only online sites without authorization from the employee or applicant.
In addition to creating risk under the NLRA and anti-discrimination statutes, an employer's online searches of applicants and employees can create liability under other federal and state statutes which prohibit employers from taking adverse employment actions on the basis of an individual's bankruptcy filings, criminal history, credit history, political or social activity, and lawful off-duty conduct, all of which could be revealed through such online searches.
Employers can also run afoul of the Stored Communications Act if they intentionally access stored communications without authorization or in excess of any authorization granted to them. See 18 U.S.C. §§2701-11. The SCA provides an exception for conduct authorized by a user with respect to communication intended for that user. Id. at §2701(C)(2). Accessing an employee's private social network or other restricted online postings by requesting that an employee's co-worker provide access to the restricted site may expose an employer to liability under the SCA. For example, in Pietrylo v. Hillstone Restaurant Group, No. 06-5754 (FSH), 2008 WL 6085437 (D.N.J. July 25, 2008), an employee created a MySpace group where he posted complaints about the restaurant and customers and solicited other employees and former employees who were invited to participate in the private group to do likewise. A co-worker showed the postings to a manager, who subsequently requested that the co-worker provide him with her password so that he could continue to access the site. The restaurant terminated two employees for their offensive postings on the MySpace group. The employees filed suit alleging violation of the SCA. The restaurant maintained that it was an authorized user of the website because the employees' co-worker had provided management with access to the site. The court denied summary judgment to the restaurant, finding that fact issues existed as to whether the co-worker had provided her password voluntarily, as she testified that she felt pressured into providing the password and believed that something negative could happen if she refused to provide it. Id. at *4. A similar conclusion was reached in Konop, 302 F.3d at 880, when the 9th Circuit reversed summary judgment in favor of the airline because other pilots who provided management with access to the website were not "users" of the website at the time they authorized management to view it.
Invasion of privacy claims have also been brought against employers who inappropriately access employees' websites. For example, in Pietrylo, 2008 WL 6085437 at *6, the employees also alleged wrongful termination in violation of public policy for invasion of privacy under state common law. Finding that the employees had an expectation that only invited users would be able to read their postings on their invitation-only online discussion space, and that a disputed issue of fact existed regarding whether a co-worker voluntarily provided management with authorization to access the site, the court denied the employer's motion for summary judgment on the wrongful termination claims, as well as the invasion of privacy claims for intrusion into seclusion or private affairs. Id. at *6-7.
Employers can also face liability under the Fair Credit Reporting Act if they use a third-party consumer reporting agency (CRA) to conduct background checks and an adverse employment decision is made based on information obtained by the CRA through online searches, unless the employer complies with the FCRA's strict notice and disclosure requirements prior to taking adverse employment action based on such information. See 15 U.S.C. §1681 et. seq.
To minimize the various risks discussed above, employers should exercise caution when conducting online searches of applicants and employees and when taking adverse employment action on the basis of information obtained online. Otherwise, they could face significant legal exposure under various federal, state and common laws.
Carla J. Rozycki is a partner with Jenner & Block and chair of the firm's Labor and Employment Practice. She can be reached at email@example.com. Emma J. Sullivan is of counsel in Jenner & Block's Chicago office, where she is a member of the Labor and Employment Practice. She can be reached at firstname.lastname@example.org.