California Employers May Be Barred from Requiring Disclosure of Social Media Passwords

share print

Last week, we posted about the recent uproar over employers and colleges seeking to require applicants to surrender their Facebook passwords as a condition of hiring/admission and how that practice may be analyzed by the courts under an invasion of privacy challenge. 

California employers should also note that the California legislature has proposed a bill that would specifically outlaw the practice.   AB 1844, proposed by Assemblywoman Nora Campos (D), if enacted as currently drafted:

(a)  would prohibit an employer from requiring an employee or prospective employee to disclose a user name or account password to access social media used by the employee or prospective employee; and

(b) would also provide that an employer does not fail to exercise reasonable care to discover whether a potential employee is unfit or incompetent by the employer’s failure to search or monitor social media, as defined, before hiring the employee.

The bill would add sections 980-982 to the California Labor Code to read as follows:

980.  As used in this chapter, "social media" means an electronic medium where users may create and view user-generated content, including uploading or downloading videos or still photographs, blogs, video blogs, podcasts, or instant messages.

981.  For purposes of a claim of negligent hiring, an employer does not fail to exercise reasonable care to discover whether a potential employee is unfit or incompetent by the employer's failure to search or monitor social media before hiring the employee.

982.  An employer shall not require an employee or prospective employee to disclose a user name or account password to access social media used by the employee or prospective employee.

This bill is a mixed bag, as currently drafted.  Proposed section 982 of the Labor Code would make it impossible for those California employers who wish to require applicants to surrender their Facebook and other social media passwords to engage in this conduct.  Certain employers would see this as an unfair restriction.  However, proposed section 981 of the Labor Code would protect California employers from negligent hiring lawsuits that are based on an employer's failure to search or monitor an applicant's social media profile and this would likely be seen as a positive piece of legislation by many California employers. 

AB 1844 was referred to the Assembly Committee on Labor and Employment on March 5.  We would not be surprised if this bill gained some traction as it may end up getting support from both employers and employees.  We will continue to keep you updated on this and other important California legislative developments.

Facebook Offers Advice About Employers Requiring Applicants to Surrender Their Facebook Passwords

share print

Over the last week or two, there have been many articles written about private employers and colleges that are requiring applicants to surrender their Facebook password as part of the hiring/admissions process.  Today, Facebook's chief privacy officer published Facebook's position on this practice on its website.  Click here for the details. 

What is interesting about this, is that the position statement, published by Facebook's chief privacy officer, Erin Egan, a former Covington and Burling attorney, offers her legal opinions to try to convince employers (private and public), colleges, and others not to engage in this practice.  Egan, offers the following legal analysis in the position statement:

"We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do.  But it also may cause problems for the employers that they are not anticipating.  For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person."  "It also potentially exposes the employer who seeks this access to unanticipated legal liability."
"Employers also may not have the proper policies and training for reviewers to handle private information.  If they don’t—and actually, even if they do--the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime)."

Setting aside whether or not private employers in California should be getting their legal advice from Facebook's chief privacy officer, Ms. Egan's advice that engaging in this practice is subject to challenge is accurate.  However, Egan's statement fails to address the biggest problem for California employers (and colleges) who engage in this practice: the California Constitution's privacy protections.

In California, individuals have a constitutional right of privacy that is provided by the California Constitution.  Article I, Section I of the California Constitution provides:   "All people are by nature free and independent and have inalienable rights.  Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy."   California courts have further held that this provision gives rise to the independent tort of invasion of privacy. 

The California Supreme Court has held that to determine whether an individual's constitutional right of privacy has been violated the court must balance the compelling need for the information against the reasonable expectation of privacy the person has in the information.  Most jurors and many judges have Facebook accounts, or at least have password protected information on the internet.  Their expectation of privacy with respect to the information behind the password is almost always going to be very high.  It will be difficult for most employers (other than perhaps those hiring for national security or other related positions where they are exposed to extremely sensitive information), or any college, to demonstrate a compelling or strong need for this information.  Employers have been hiring employees without detailed personal information for hundreds of years.  In most cases, it will be extremely difficult for an employer to demonstrate a new and sudden compelling need to get behind an applicant's Facebook password to be able to evaluate that individual.  When that is measured against a practice that many view as highly offensive and a significant intrusion into personal privacy (requiring someone to give up their personal password), this practice would likely be found improper by our courts and is likely to give rise to an independent tort.

In sum, Egan's conclusion that requiring applicants to surrender their facebook password as a condition of employment or admission is a legally risky practice, appears to be very accurate.  However, for California employers or employers hiring California applicants, the risks are even higher, due to the privacy protections of the California Constitution.

NLRB Issues Report on its Activities Related to Social Media

share print

Last week, NLRB's Acting General Counsel, Lafe Solomon, issued a comprehensive report on NLRB cases involving social media over the last year. In issuing the report, Solomon stated: "As Acting General Counsel, I have endeavored to keep the labor-management community fully aware of the activities of my office. It is my hope that this openness will encourage complaince with the Act [NLRA} and cooperation with Agency personnel."

The report summarizes fourteen different NLRB matters and explains the position taken by the NLRB and the rationale for the NLRB's decision. A review of the report definitely helps the reader get a better understanding for how the NLRB will analyze Facebook and other social media postings in making the determination as to whether or not they constitute concerted activity.
We would advise any employer faced with trying to determine if an employee's social network activity would be considered protected concerted activity to review the report before making their determination (or consult an attorney who has read the report). You can obtain a copy of the report online here.

The Emerging Right to Trash Talk—Social Media and the NLRB

share print

As the universe of social media continues to explode at a dizzying pace, employers are struggling to keep up with and control the content of what their employees, among others, are posting on the internet for all to see. Many employers have reacted, understandably, by adopting highly restrictive policies threatening discipline or even termination of employees who post unflattering content about the employer, its products or services, management and/or fellow employees. In some contexts, such as the prevention of discriminatory, harassing or retaliatory conduct, such policies are both legal and advisable. However, to the extent they infringe on employees' rights to engage in protected concerted activity, many such policies potentially violate the National Labor Relations Act. Many non unionized employers are surprised to hear that their employees have rights under the National Labor Relations Act, even in a non union environment. Section 7 of the National Labor Relations Act provides ALL employees, regardless of union membership, the right to engage in "protected concerted activity" for the purpose of "mutual aid and protection." The law is quite clear that even one employee can engage in "protected concerted activity," provided that activity has the result or even the possibility of effecting change for other employees.

Last month, the NLRB sued a non union car dealership which fired a salesman who used his Facebook page to complain about the food the dealership served to its customers during a recent promotional event. Importantly, this Facebook posting also mentioned the salesman's fear that the perceived lousy food (hot dogs and bottled water) would impact sales commissions, and thus, alleged the NLRB, such posting constituted protected concerted activity, rendering the salesman's termination a violation of his Section 7 rights. Similarly, the NLRB has ruled that employers violate their employees' Section 7 rights by disciplining employees who post comments on the internet which are critical of their terms and conditions of employment. Conversely, in other cases, the NLRB has refused to proceed in other cases where the discipline resulted not from the complaints or concerns about terms and conditions of employment, but instead from disparaging comments about the products or services provided by the employer. For instance, the NLRB has specifically upheld Sears and K-Mart's social media policy, even though it restricted employees from complaining about Company management, because the context in which such restrictions appear make it evident the intent of the policy is not to infringe on employees' Section 7 rights. Given the disparity of conclusions drawn by the NLRB concerning various social media policies, it is difficult to predict how it might rule on any particular policy's application to a particular termination or disciplinary action. Indeed, as in other areas, the law is evolving a few steps behind the evolving technology, leaving employers on uncertain ground in the meantime.

Before rushing to discipline or terminate an employee who has posted negative comments about the Company, well advised employers should carefully review their social media policies and determine whether taking such action might result in violating the employee's Section 7 rights.

Non-Union Employees Entitled to Opt-Out Notice Before Disclosure of Personal Information to Union

share print

ByAlison Tsao

Employers and plaintiffs' attorneys in putative class action matters frequently disagree over whether and the type of notice that is required to be given to putative class members before their personal contact information is disclosed to Plaintiffs' counsel before a class is certified. In County of Los Angeles v. Los Angeles County Employee Relations Commission, Service Employees Int'l Union Local 721, the Second Appellate District held that non-union members are entitled to receive notice and be given an opportunity to object before their personal contact information is released to the union.

During the collective bargaining process, the union demanded that the employer provide the contact information (home addresses and telephone numbers) of county employees who chose not to join the union but otherwise pay their fair-share fee, an agency-shop fee, or pay the agency-shop fee to a charitable fund based on a claim of religious exemption. While part of the union's asserted need for this information was to more efficiently provide them with necessary annual notices about their fees and the reasons for the fees, the other reasons were to facilitate the union's communications with these non-union members about union activities, layoffs, job-related activities, and recruitment. The County employer objected to these requests based on the non-union members' constitutional privacy interests, and proposed that an opt-out form be used so the members can object to the provision of their contact information. The union rejected this proposal and filed an unfair employee-relations practice charge, arguing that under both the National Labor Relations Board and the state's Public Employee Relations Board have ruled that unions are entitled to personal information of non-members who are part of the bargaining unit. The administrative hearing officer agreed with the union and recommended to the Employee Relations Commission that the information be disclosed without notice to the non-union members, which was adopted by the Commission. The County then appealed this decision to the trial court under a writ of mandamus. While the trial court held that the Commission erroneously applied federal labor law to the issue and that it should have been decided under California's privacy laws, it nevertheless held that the union's right to communicate with all represented employees outweighed the employee's privacy interest. The County thereafter appealed this ruling to the Court of Appeal.

The Court of Appeal agreed that California law applied to this question, but reversed the trial court's ruling. In reviewing the text and history of the Privacy Initiative that led to the amendment to the California Constitution, the Court recognized that "the residential privacy interest includes the right not [to] be disturbed in one's home by unwanted advertising and solicitation by mail . . . [and] the disclosure of names, addresses, and telephone numbers of association members implicates the privacy interest in the sanctity of the home." Further, the Court reasoned that employees who give their home address and home telephone numbers as a condition of employment have a reasonable expectation of privacy that the information will remain confidential and will not be disseminated except as required by governmental agencies or benefit providers. The Court reviewed the California Supreme Court's decision in Pioneer Electronics v. Sup. Ct., 40 Cal.4th 360, 371-72 (2007) and its progeny in balancing individual privacy rights in the context of consumer and employment class actions against the need for disclosure of this information by developing procedural safeguards such as opt-out notices when these safeguards are warranted. The Court concluded that, unlike employment and consumer class actions where there could be a presumption that disclosure of contact information might lead to affirmative relief or vindication of statutory rights, that same presumption would not apply to non-union members because they would not necessarily perceive a benefit to having their information disclosed. As a result, the opt-out procedural safeguard used in Pioneer was appropriate and necessary to protect the privacy rights of these non-union members. A copy of the case can be found here.

This case is a positive development for employers who seek to assert the right to privacy of personal contact information of its employees and former employees. However, the Court was quick to point out that trial courts are granted discretion to consider whether procedural safeguards such as those used in Pioneer are always required in other class action contexts, and this issue therefore remains far from settled.

Supreme Court Upholds Public Employer’s Search of Employee Text Messages

share print

In City of Ontario v.Quon, the Supreme Court overturned a Ninth Circuit Court of Appeals decision and ruled in favor of the employer, the City of Ontario, ruling that the employer's search of anemployee's text messages was reasonable and not in violation of the Fourth Amendment.

Quon worked for the City of Ontarioas a police sergeant and was a member of the Ontario Police Department's SWAT Team. The City issued two-way pagers to Quon and other officers in the department. Prior to acquiring the pagers, the City instituted apolicy that informed employees that they should have no expectation of privacy or confidentiality when using these resources. Quon signed a statement acknowledging his receipt and understanding of the policy. In addition, the City informed employees, including Quon, that it would treat text messages the same way as it treated e-mails.

When Quon and other officers exceeded their monthly character limits for several months in a row, the department Chiefsought to determine whether the character limit was too low. The wireless provider gave the City transcripts of Quon's and another employee'stext messages for a two month period. After reviewing the transcripts, it was discovered that many of Quon's messages were not work-related, and some were sexually explicit. Aninternal investigator redacted Quon's messages that were communicated during non-work hours, however, the majority of his messages transpired while he was on duty. Quon was disciplined for violatingdepartment rules.

Quon suedthe departmentand the Cityalleging violation of his Fourth Amendment rights. The district court grantedsummary judgment in favor of the City, finding no Fourth Amendment violation. The Ninth Circuit reversed.

The Supreme Court reversed the Ninth Circuit decision and held that Quon's Fourth Amendment rights were not violated. More specifically, the Courtheld that the City's review of Quon's text messageswas reasonable because it was motivated by a legitimate work-related purpose and because it was not excessive in scope.Thus, assuming Quon had some privacy expectation in his messages, that privacy was not unreasonably violated.

The Court did not resolve the parties' disagreement over Quon's privacy expectation or whether the individuals who sent messages to Quon had a reasonable expectation of privacy in their messages. The Court refused to draw any bright lines regarding privacy expectations in electronic communications, noting thatcommunication technology is constantly changing and it's unknown how workplace norms or the law's treatment of them will evolve. However, the Court held that on the facts beforeit, the search was reasonable and there was no Fourth Amendment violation.

In light of this narrowly tailored decision, employers should seek legal counsel before investigating employee communications in order to ensure that theinvestigation is legally sound. Employers should also review their communication policies to ensure that employees are sufficiently informed that they do not have an expectation of privacyin communications sent or received on employer provided systems.

Supreme Court To Address Electronic Privacy in the Workplace

share print

The United States Supreme Court has granted review in Quon v. Arch Wireless, which deals with the increasingly emerging issue of the scope of an employee's privacy in electronic messages sent using employer-provided equipment. Our previous post regarding the Quon case is here. Although the case deals with a public employer and is, therefore,specifically focused on the scope of Fourth Amendment privacy protection involving the use of text messaging in a fairly case-specific factual setting, the case may well provide somebroader insight on theSupreme Court's view toward privacy issues in the electronic era that will be of use to private sector employers as well. In the meantime,employers grappling with monitoring of employee electronic usage are best advised to have clear policies signed off on by employees, making clear that employees do not have an expectation of privacy in their usage of employer provided equipment and that the employer can and will monitor such usage. Because there generally is not a "one-size-fits all" policy for all employment situations, employers are best advised to consult with counsel in drafting a comprehensive policy. We will continue to provide updates regarding significant developments in the Quon case, and similar workplace privacy cases affecting California employers.

California Supreme Court Upholds Limitations On Workplace Right to Privacy

print

Earlier this week, the California Supreme Court issued its decision in Hernandez v. Hillsides, Inc., holding that two employees could not prevail on an invasion of privacy claim against their employer even though the employer had set up hidden video surveillance equipment in their office. The plaintiffs in the case were two clerical employees who shared an office. The employer discovered that someone was accessing pornography sites after hours on one of the plaintiffs' computers. The employer did not suspect either plaintiff of having accessed the pornography because the conduct occurred after hours.In an effort to catch the wrongdoer, the employer set up a hidden camera in the plaintiffs' office.According to the employer, the camera was not activated during business hours and plaintiffs were never actually recorded. The camera was only activated after hours when plaintiffs were not present. However, one day during work, the plaintiffs discovered the hidden camera equipment and complained. They later sued the employer for invasion of privacy.

The California Supreme Court held that plaintiffs could not prevail on their invasion of privacy claim against the employer. Notably, the Court did find that plaintiffs had a reasonable expectation of privacy in their workplace and that their privacy was intruded upon by virtue of the hidden surveillance system. However, the Court held that even though plaintiffs' privacy was intruded upon, this was not enough for them to prevail on their claim against their employer. In order to prevail, plaintiffs would also have to prove that the intrusion would be "highly offensive" to a reasonable person, and "sufficiently serious" and unwarranted as to constitute an "egregious breach of social norms." Based on the facts before the Court, the Court held that the employer's conduct was not highly offensive or sufficiently serious. The Court relied heavily on employer's motivation for installing the equipment, the employer's limited use of the equipment after hours, and the fact that the plaintiffs themselves were never actually recorded (nor did the employer even intend to record them).

This case provides some good guidance on applicable principles for employers to consider when implementing measures that might intrude on employee privacy. Although the employees in Hernandez were unsuccessful on their invasion of privacy claim, the case does not stand for any broad proposition that employees do not have a reasonable expectation of privacy in the workplace. The case in fact makes clear that they do have an expectation of privacy, though that expectation may be diminished by virtue of employer policies making clear that employees should not expect privacy. The bottom line is that there is no "bright line" rule as to when an employee has an expectation of privacy or when an employer's conduct may violate employee privacy. The analysis is very fact specific and employers are cautioned to seek legal advice before implementing measures that may intrude on employee privacy.

Carothers DiSante & Freudenberger LLP Attorneys To Speak on Privacy Issues in the Workplace

share print

On July 24, 2007, Vanessa W. Whang and Jennifer D. Barrera will conduct a seminar for California employers on workplace privacy issues.The seminar will take place in Stockton, California and will cover a variety of topics, including: pre-employment screening, drug testing, monitoring the electric workplace, identity theft, and protecting trade secrets.For more information or to register click here.