When Houston’s restaurant manager TiJean Rodriguez browsed through a MySpace group created in March 2006 so employees could trash-talk their workplace, he was appalled. The password-protected group, named “The Spectator,” was rife with raunchy, offensive and sometimes violent commentary about work life in the Hackensack, N.J., restaurant.

Houston’s employee and authorized Spectator member Karen St. Jean showed the site to Rodriguez while eating dinner at his house. Rodriguez thought other supervisors should see it, too. Several days later, another manager, Robert Anton, asked St. Jean for the password so he too could read the insulting messages. Anton shared The Spectator with regional supervisor Robert Marano, who fired Brian Pietrylo, the group’s creator, and participant Doreen Marino in May 2006. Marano claimed the forum’s contents contradicted Houston’s core operating principles. Pietrylo and Marino sued Houston’s owner, the Hillstone Restaurant Group, alleging the company violated the Stored Communications Act (SCA) as well as their privacy by accessing the password-protected group without permission. The complaint claimed St. Jean gave Anton the password under duress.

In June, a federal jury in New Jersey found for the plaintiffs, ruling that Houston’s management violated the SCA by accessing The Spectator without proper authorization. The jury in Pietrylo v. Hillstone Restaurant Group awarded Pietrylo and Marino back pay from the time they were fired until they found new jobs.

Pietrylo highlights a dilemma facing many employers as workers dump nasty work-related comments onto password-protected social networking sites such as MySpace, Facebook or Twitter. When an employee’s Web writings violate company policy, his employer needs to know–even if it’s on a “private” site. But accessing those musings without proper authorization can leave a company in hot water.

“It’s a pretty troubling situation for employers to evaluate,” says Matthew DelDuca, a partner at Dechert. “If an employer finds out there’s a [social networking] group in which things are being said that could create a cause of action by an employee, the company needs to take appropriate action. But in this case, the company was liable for the action that it took. The company was damned if it did and damned if it didn’t.”

Involuntary Sharing

While the SCA protects Web scribes who secure their writing with a password, the statute permits an authorized user to show the comments to whomever she wants, DelDuca says. Originally, St. Jean showed The Spectator to Rodriguez voluntarily, according to court documents.

The sharing became involuntary when Anton asked for the password, St. Jean testified. While he didn’t threaten her job, she said she still thought her employment could be imperiled if she denied Anton access.

“The case would have gone completely differently if she permissibly allowed someone to access the group,” says Mark McCreary, a partner at Fox Rothschild. “Then there’s no real issue as far as gaining improper access.” The fact St. Jean felt even an intangible pressure led the jury to determine her consent was not willful.

“The jury sent a very strong message to employers,” says the plaintiffs’ attorney, Fred Pisani of Ramp & Pisani. “You can try to protect your business, but you better not engage in surreptitious or covert operations where you’re basically monitoring and spying on your employees.” Houston’s attorney did not respond to a request for comment.

Essential Access

It’s likely that liability concerns compelled management to read all of the Spectator postings, DelDuca says. He points to the 2000 New Jersey Supreme Court case Blakey v. Continental Airlines, in which a female pilot sued the airline for sexual harassment after co-workers made inappropriate comments about her in an online company forum and the company failed to address the matter.

“If a company throws up its hands and says, ‘Hey, I can’t do anything about it; it’s private,’ it’s a risky path,” DelDuca says. “As a company, you’re trying to do the right thing, and I think [Houston's] was trying to do the right thing here.”

Harassment isn’t the only circumstance that demands an employer seek access to online communications. Employers should request access if they suspect workers are participating in illegal activities or sharing confidential company information online, says Philip Gordon, chair of Littler Mendelson’s privacy and data protection group.

Employers who need to read the contents of employees’ password-protected sites should explain the nature of the review when asking for an employee’s consent to access the site, he says. “Let the employee know there will be no negative repercussions if the employee does not agree to assist the employer in accessing the site,” he adds.

Pisani says there’s no evidence the commentary in The Spectator affected work life at Houston’s. But if the managers did suspect inappropriate behavior, he says they could have handled the situation better.

“If you’re doing a legitimate examination, call the site’s creators and say, ‘Tell us about this site. If you have an issue, we don’t want it to affect the restaurant, so could you show us the site?’” he says.

Most importantly, McCreary says employers must do their research before even attempting to gain access.

“If you suspect there’s some wrongdoing, then you better have your facts straight,” he says. “You need to document it well and set forth the basis for why [the investigation] needs to happen so it doesn’t appear to be a witch hunt.”