Archive
Twitter: Little Statements with Big Consequences for Companies, cont.
Earlier this week, I gave some advice on how to protect your business’s Twitter account. The hijacking of a Twitter account can have an incredibly negative impact on your business. If you missed it, review the advice I offered in my earlier post and consider these additional steps.
Watch out for strange emails
Twitter will never ask you to provide your password via email, a direct message, or @reply. Twitter will never ask you to download something or sign-in to a non-Twitter website. So, if you get an email or message prompting you to do any of these things, don’t. If you receive a suspicious email, delete it (preferably without opening) and immediately visit https://Twitter.com to change your password. Emails like this are “phishing” for personal, online information that they can use to hack into your accounts. If the folks at Twitter believe your account has been phished or hacked, they may reset your password to prevent access. In this event, they will email you a link to where you can reset the password on your own. The password reset link is always available on the Twitter website, so you can visit it directly.
In addition to watching out for strange emails, be sure to use caution when sending your own. It is good practice to verbally communicate the log-in information with those who have user-access. If your name and password are in an email, the email may be sent to the wrong person internally or may be accessed externally via hackers.
Keep your computer up-to-date
Company browsers and operating systems should always be updated with the most current versions. All computers should have some kind of program which protects against viruses, spyware, and adware. By keeping your software in good overall health, you make the chance of a Twitter hack less likely.
Be on the lookout for two-factor authentication
There are online accounts (Facebook, for example) which require or offer users the option of two-factor authentication. With the slew of recent Twitter hackings, Twitter will no doubt soon be offering two-factor authentication to increase its security. This two-factor authentication should be used by all businesses, if not also for personal accounts. Two-factor authentication is a process in which a user is sent a randomly generated code to enter along with their user name and password when logging in. This code can be sent via text message to users’ mobile phones. Thus, even if a hijacker discovers your password, access will be denied without the random code. Think of it as another lock on your company’s social media door.
_______________
If an errant tweet does make it onto your company’s Twitter feed, swift action is necessary. You should have a social media crisis plan in place so that the problem can be handled immediately and effectively. The plan may involve steps such as changing passwords, sending an email to clients and customers explaining your account has been compromised, or tweeting out an apology to followers.
A 140-character message can do a lot of damage to your business. Take preventive steps to curb the likelihood of this happening. Just like every company should have a lock on the front door, every social media account should be bolted with security to keep out evil-doers.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of state and federal law and does not constitute legal advice.
Twitter: Little Statements with Big Consequences for Companies
Twitter is under attack. In recent months, accounts belonging to media giants CBS, BBC, and NPR have all been temporarily taken over by hackers. The Associated Press is the most recent victim. On April 23, 2013, a false statement about explosions at the White House and the President being injured sent shock waves through the Twitter-sphere. The real surprise is the effect the single tweet had in the real world: the Standard & Poor’s 500 Index dropped so sharply moments after the frightening tweet that $136 billion in market value was wiped out. While the hacking of these massive media outlets make headlines, everyday businesses are not safe from the threat, either. In February of this year, a hacker changed the @BurgerKing feed to resemble that of McDonald’s, putting the McDonald’s logo in place of Burger King’s. The hackers posted offensive claims about company employees and practices. If accounts belonging to well-established companies like these are vulnerable, so is yours. If a tweet can have a profound impact on the nation’s stock market, imagine what an ill-contrived tweet could do to your business.
Business owners may have the knee-jerk reaction to delete their Twitter account, but despite the recent blemishes to its security, Twitter remains one of the most important social media sites out there. Just recently, the Securities Exchange Commission made clear that companies could use social media like Twitter when announcing key information in compliance with Regulation Fair Disclosure. Twitter is not just a marketing or PR tool—Twitter is business. And you should never turn your back on existing business. So instead of hanging up your hashtags, consider some steps that can make your Twitter account safer.
Limit Access
Not every employee should have access to the company’s Twitter account. In fact, hardly anyone should, except a few designated employees like the marketing director or business owner. While those with access may never do anything harmful to the account, the more people who have the log-in information, the more likely it is to fall into the wrong hands.
Create a strong password
I know, you already have too many passwords to remember. But a creative password is your best defense against someone seeking to break into your account. Employers should, at minimum, have unique passwords for their most commonly used media sites; please do not use the same word for your Facebook, LinkedIn, and Twitter account. Once a hacker figures it out, they have control of your entire social media presence.
When creating a password, avoid using anything that would be too common. “Password,” “1234,” or the business’s name should never be the only thing standing between you and a hacker. The longer the password, the better. Use a mix of uppercase and lowercase letters, numbers, and symbols.
Don’t stop here! There are more steps you can take to protect your business’s account. Check back on Wednesday when I’ll offer some more helpful tips.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of state and federal law and does not constitute legal advice.
For the Record—What Document Retention Policy Does Your Business Have in Place?
Business owners know that paperwork can be a lot of work. There are personnel files, insurance and benefit records, investigative files, government forms, payroll— and the list seemingly never ends. As a result, it is imperative that employers have a record retention policy in place before a mountain of paperwork overruns the office. All employers, and especially their Human Resources departments, should know not only where to store documents, but also how long to keep them and who is in charge of necessary cataloging.
I recommend that you consider each piece of paper in your business as a piece of evidence that may be needed in the future. In the event of a wrongful discharge case, for example, what records will evidence your action with respect to that employee? In addition, if you do find yourself in court without relevant records, a formal destruction policy that shows why the records are no longer in existence is much less suspicious than an unexplained disappearance.
Each state and federal agency has its own set of document retention timelines. While getting rid of a document before its time can be extremely detrimental, keeping records past the necessary period can lead to messy, overly voluminous files. Records should be streamlined and easy to find; if you have records dating back decades (and no applicable law requires such preservation), you are wasting valuable operating space and perhaps creating a “needle in the haystack” scenario. The best practice is to seek counsel for an individualized policy and specific preservation requirements.
If your current policy does not address electronic documents such as emails, web pages, or social media snippets, then it is time for an updated policy. In addition, new software may be extraordinarily beneficial to preserve electronic data. For example, it is now possible to use electronic imaging to record and store digital records. Online storage of records may cost more and require professional services, but it will save storage room and protect against loss or damage of information in the long run.
Attorneys at McBrayer, McGinnis, Leslie & Kirkland, PLLC, can help employers with the preparation, development, and implementation of a preservation policy or the revision of an existing policy.
Brittany Blackburn Koch, Esq., is an associate attorney practicing in the Lexington office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She is a native of Pikeville, Kentucky, and a graduate of Centre College and the University of Kentucky College of Law. Ms. Koch’s practice focuses primarily on family law, employment law, criminal law and civil litigation. Ms. Koch has served in numerous public service roles, including representation for Fayette County Bar Association Domestic Violence Pro Bono Advocacy Program. She is actively involved in various organizations and committees, including the Board of Directors for Court Appointed Special Advocates (CASA), Young Professional Committee of Lexington Public Library Foundation, Fayette County and Kentucky Bar Associations, and Centre College Alumni Association.
She may be reached at bkoch@mmlk.com or at (859) 231-8780, ext. 300
This article is intended as a summary of federal law and does not constitute legal advice.
Can Having Employees Pose for the Camera Pose Problems for You?
Employers have a variety of reasons for using employee photos, including:
- internal company use (for a company directory or in the break room);
- external use (such as the company website or a blog post—you’ll find my picture below);
- for safety precautions (name badges or scan cards); and
- for commercial use in advertisements or marketing.
Employees are usually amendable to having their picture taken. But, there may be a few who express their genuine disinterest in being photographed. Such employees could simply be camera shy; others may have a more serious reason to refuse to have an image published. Some may need to protect anonymity for personal reasons, such as past domestic abuse. Others may adhere to religions forbidding taking pictures.
There are generally no legal ramifications for using employee photos, unless it is for commercial purposes. Most states, including Kentucky, have laws that require permission before using an individual or their “likeness” for commercial purposes. This is due to the commonly held notion that a person has property rights in his or her name and likeness and those rights should be shielded from exploitation. Kentucky’s law is codified in KRS 391.170.
If you need to use employee photos for a commercial use, there is a simple solution. Have employees sign releases in which they acknowledge that their picture may be used in a company advertisement and they will receive no compensation for the use of their photo. Keep these releases on file.
Even in a state where consent is not required, it is always a smart approach to use a release so that employees will not be surprised when they see their face plastered on a promotional piece. If minors appear in the commercial materials always use extra caution. Use a consent form, whether required or not, to be signed by the child’s parents.
A warning about taking photos of potential employees: if you take photographs of applicants applying for a job (to help remember who’s who), it may put you at risk for a discrimination claim. A photograph creates a record of certain protected characteristics (i.e., sex, race, or the presence of a disability) that employers generally cannot use in hiring considerations. If this information is collected and a discrimination claim arises, the burden will be on the employer to prove the photographs were not used to make a discriminatory employment decision.
I will leave you with a little common sense about employee photos. Always remember to publicize when the office picture day will be; no one likes showing up ill-prepared. Offer a “redo day” for those who are truly unhappy about how their picture turned out. If all else fails, resort to photoshopping. A little lighting adjustment or cropping can work wonders for a shutterbug humbug.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of state and federal law and does not constitute legal advice.
Internet Defamation—What Can You Do When You Are the Target?
We’ve all seen them. Anonymous spewing hate-filled, defamatory statements on Facebook and Twitter, as well as in the comment pages of news stories on both local and national news. The commenters have a certain entertainment value, until you or your business are in their sights. So what do you do? The answer is not always so simple, especially when you don’t even know who is speaking.
Internet freedom has allowed for an unprecedented expansion in opportunities for the Average Joe to speak, but that expansion has come with a price for those defamed on the internet. In order to foster a free and expansive internet, in 1996 Congress enacted Section 230 of the Communications Decency Act, 47 U.S.C. § 230. Section 230 grants interactive internet service providers (such as Facebook, Yelp, YouTube, and Twitter) immunity from civil defamation claims for user-created content.
There are very few exceptions to Section 230 immunity, with the only one recognized in case law being a case in which provider Roommates.com directed the posts to a certain extent using drop-down menus. See Fair Housing Council v. Roommates.com, LLC, 521 F.3d 1157 (9th Cir. 2008). Providers have learned from Roommates.com’s example and are careful to maintain their Section 230 immunity.
What this means in simple terms is that if you or your business is defamed on Facebook or Twitter, you can’t sue Facebook or Twitter, and you can’t force Facebook or Twitter to remove the defamatory postings. Section 230 forces you to attempt to track down the user who originally posted the speech—often a virtual impossibility in this day and age when the vast majority of defamatory postings on the internet are done anonymously.
So what can you do? First, don’t give up on social media and its ability to deal with at least some of the problems. Interactive internet service providers are aware of the damage defamatory statements can do, and know that they risk losing their Section 230 immunity if they don’t self-police to a certain extent. All interactive internet service providers have terms of service, and the majority ban defamatory and harassing speech. Most will delete the offending material upon a showing that the material is indeed defamatory (i.e., not protected opinion), and most providers include a function allowing you to report the post directly from the webpage, without the need to send a demand letter from an attorney.
Furthermore, interactive internet service providers realize that though anonymity enjoys protections under the First Amendment, it also feeds a great deal of the ugliness seen on the internet today. Facebook, for instance, requires posters to use their real names, and if Facebook is informed that a person is using a pseudonym, Facebook will disable the account. Likewise, news sites are increasingly requiring commenters to link their comments to their Facebook accounts in order to provide a measure of accountability that anonymous posts lacked. YouTube also recently began asking posters to use real names, though that is not currently a requirement. Not all interactive internet service providers eschew anonymity – Twitter and Tumblr still tout the user’s ability to post anonymously – but increasing numbers of providers are requiring that speakers stand behind their comments.
If you can’t get posts removed through the interactive internet service provider, you still have legal options available. Of course, quite often the best action at this point is no action. Often defamation lawsuits are counterproductive in that they simply bring more attention to the posts than if the posts are simply ignored. While difficult to do, sometimes ignoring a simply nasty post is the best policy.
If the post can’t be ignored but is not worth litigation, you can engage with the poster on the interactive site. If someone posts a negative review on Yelp, address the review and contest any factual misrepresentations. If someone posts on your Facebook wall or sends an angry or defamatory Tweet, address the poster’s concerns. You have the right to speak too, and quite often thoughtful, careful engagement is the best remedy.
Some posts are simply so egregious and damaging that they must be addressed in a court of law. If action is warranted, and you are lucky enough to have the name of the poster, you can pursue traditional legal avenues available to victims of defamatory speech.
If you do not have the name, however, if you want to take action you will need to file a civil defamation lawsuit naming as defendant a John Doe. Unfortunately, even though many interactive internet service providers will remove defamatory posts upon request, none will give up the names, email addresses, or IP addresses of posters without a subpoena. Once litigation is filed, you and your legal counsel will have subpoena power to require the interactive internet service provider to give up the names, emails and IP addresses associated with the poster. Normally the providers will still put up a fight even in light of a subpoena, but this is the only way available to obtain the identity of an anonymous poster so that you can hold them responsible for their defamatory speech.
While we have the right to free speech in the United States, our laws require us to take responsibility for what we say when we are wrong and our speech causes damage. In the case of internet-based speech, it may be difficult to vindicate your rights and hold speakers responsible, but with persistence and a clear understanding of how interactive internet service providers work you can protect your good name on the internet.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of newly enacted federal law and does not constitute legal advice.
Will a Savings Clause Save Your Social Media Policy?
Could a savings clause salvage an otherwise invalid social media policy? Maybe. There is no definitive answer to this question, as savings clauses have been portrayed as both a potential asset for employment handbooks and a non-factor in acting as a loophole for Section 7 of the National Labor Relations Act (NLRA). Thus, it is important to view savings clauses as one tool in your arsenal and not as a panacea for an overly-broad social media policy.
A well-written savings clause is a provision added to your employment handbook as a legal catchall disclaimer that informs employees that any and all rules encompassed in the company’s social media policy do not infringe upon the rights of employees to engage in group activity that is protected by federal law – i.e., the policy is not meant to discourage the activities protected by Section 7 of the NLRA. It seems these broad disclaimers, when coupled with a broadly written policy, may not be the answer.
As we discussed in NLRB and ALJ Decisions Continue to Refine Social Media Policy Parameters earlier this week, Administrative Law Judge Clifford H. Anderson ruled against EchoStar Corporation finding their social media policy restricting employees from making critical comments illegal, even though EchoStar’s handbook did have a savings clause. Prior to the EchoStar decision, the National Labor Relations Board (NLRB) issued its first decision and order on social media policies in the Costco Wholesale Corporation’s case. The NLRB found that the policy which prohibited employees from posting damaging comments about the company or employees that would be harmful to their reputations was unlawful. Both policies were found to be too broad and could lead to impeding employees’ rights to engage in protected concerted activities, as outlined in Section 7 of the National Labor Relations Act (NLRA). The Costco policy was criticized for not only being too broad, but also for not providing specific examples of activity that would constitute a violation. Essentially both decisions pressed for more specific terms in social media policies. Where they differ is in the existence of a savings clause. Costco did not include a savings clause in their employee handbook, and the NLRB indicated a possibility that a savings clause may have neutralized the policy’s shortcomings, whereas the EchoStar’s savings clause was not enough to protect the policy.
It is fairly clear by these two rulings that a savings clause is not going to fix an already flawed social media policy. That is not to say that you should not include one in your social media policy and employee handbook. Savings clauses are helpful and important disclaimers to have in general. However, it seems that both the social media policy and the savings clause need to be detailed in addressing the intended terms of the employer. Specific language is the key. Before updating or adding a savings clause to your handbook, have it reviewed by an attorney. Make sure that your social media policy includes examples of violations and precise language, and keep abreast of the developments in policy law, as it will likely continue to change as quickly as social media itself.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of newly enacted federal law and does not constitute legal advice.
NLRB and ALJ Decisions Continue to Refine Social Media Policy Parameters
National Labor Relations Board (NLRB) judgments continue to refine the parameters of the social media policies landscape, offering more insight for employers who are developing policies and procedures that attempt to protect both the company and the employees. Two recent decisions by the NLRB illuminate the legality of social media policies or policies addressing any and all electronic communications. These decisions further set expectations of what is acceptable online behavior by employees, and more clearly define what an employer can and cannot restrict in the language of the policy.
In September, the NLRB partially reversed an Administrative Law Judge’s (ALJ) 2010 decision against Costco Wholesale Corporation regarding their electronic communications policy. The NLRB held that the policy prohibiting employees from posting negative statements about the company online was a violation of Section 7 of the National Labor Relations Act (NLRA). The decision did not specifically mention social media nor was the recently released social media policy guidance referenced. However, it was clear that the issue at the center of this decision was online activity including social media.
On the heels of this NLRB decision, Administrative Law Judge Clifford H. Anderson ruled against EchoStar Corporation, in a similar case involving the restriction of employees making critical comments about the company on social media sites. The EchoStar policy broadly banned employees from “disparaging” comments and accessing social media sites with company resources on company time. In the ruling Judge Anderson found that an employee would reasonably interrupt “disparaging” as interference with Section 7 protected activities. As well, the ban on accessing social media sites on “company time,” was too all-encompassing and could include smart phones and employee’s personal time such as breaks and lunch.
In the Costco case, the NLRB cited the fact Costco’s policy contained no savings clause protecting Section 7 activities, suggesting that the decision might have been different if such a clause had been included. However, EchoStar did have a savings clause included in their employee handbook, which Judge Anderson did not think would counteract the language in the EchoStar policy. So, this begs the question: what are savings clauses and are they helpful in protecting employers carefully developed policies and procedures? It is a subject worth exploring. We will discuss savings clauses on Friday in relation to these cases and your own electronic communication policy. However, what we take away from these recent decisions is again, social media policies need to be clear and concise. Over-broad generalizations make policies vague and leave too much for interpretation, and it is obvious from these rulings that broad social media and electronic communications policies will fail in front of the NLRB.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of newly enacted federal law and does not constitute legal advice.
Social Media: The New Harassment Landscape Continued
A recent government study uncovered that 23% of harassment victims were targeted through text messaging, email or other digital forms. Not so long ago, the only evidence human resources had to investigate in harassment claims were the face-to-face comments of the parties involved, making the truth sometimes difficult to determine. With a digital trail of comments to follow, the investigation of harassment claims no longer relies on hearsay, recollection and “he said, she said” testimony, because nothing can refute written proof.
Even though there are pitfalls in allowing employees to use social media in the workplace, there are also very positive effects. Giving employees the ability to interact via social media keeps morale high, and can be a platform for work related resources. The marketing benefits of social media connections alone can outweigh the risks. The main objective of a social media policy should not be to ban social media usage on the job, but to protect itself through clear and concise social media policies. For example, a company’s anti-harassment policy should include social media and clearly state that derogatory comments about co-workers are prohibited and should be reported. Employers should offer training, not only to managers and supervisors, but to all employees about what is appropriate for online postings, and what is not. Perhaps most importantly, as illustrated in Espinoza v. County of Orange, etc. al. No. G043067, 2012 WL 420149 (Cal. App. 2012), employers have an obligation to investigate complaints and reports of suspect social media abuse just as it would with traditional harassment claims.
Crafting social media policies can be tricky business. Finding the right balance between being overly broad and infringing on worker’s rights is a struggle. Recently the National Labor Relations Board (NLRB) found that social media policy of Costco Wholesale Corporation violated Section 7 of the National Labor Relations Act because it too broadly limited employees’ on-line comments and conduct. Complete restriction is not the path to fairness and protection. Rather finding a balance in a carefully worded policy that provides examples and avenues for employees to safely report any suspect activity.
The laws concerning harassment, especially online, are complex due to the intersection of longstanding legal principles and with technological proliferation. The best course of action in a harassment claim will vary greatly depending on the circumstances of the case. Our attorneys have established a reputation for providing honest, practical advice. To discuss how best to develop policies that protect your business or address harassment that has already occurred, contact our attorneys today.
Benjamin L. Riddle is an associate in the Louisville, Kentucky office. Mr. Riddle is a member of the firm’s Litigation team, where he focuses his practice on employment law, commercial disputes and personal injury matters. Mr. Riddle can be reached at (502) 327-5400, ext. 305 or briddle@mmlk.com
Social Media: The New Harassment Landscape
Social media is changing the landscape of the internal workplace, providing a new way for employees to socialize and interact with one another. The online workplace is rooted in conversation which is casual, revealing and often deeply personal. The direct connection of social media is akin to an invitation into your home. It allows co-workers to share in your personal life with an instant sense of closeness and propels the relationship forward quicker than a traditional office friendship. The boundaries of conduct can become easily blurred and potentially dangerous when this complicated overlapping of private and professional relationships intersect online. Whenever the parameters get ambiguous, the probability of inappropriate behavior occurring increases, creating a growing employer concern for protecting employees from the potential of social media harassment.
Employers need to understand that communications through all means, email, text messaging, instant messaging and social networks should be covered in the company harassment policy. Social media runs a very close second to person-to-person interaction in means of building relationships. Consider some of the most common social networking sites, Facebook, LinkedIn and Twitter. There seems to be little doubt that, when used properly, these platforms have great potential benefit for employers. The unusual point regarding social media is that an employee’s virtual comments, even those made in their own time, may constitute actionable harassment in the workplace.
Since Blakely v. Continental Airlines,741 A.2d 538 (N.J. 2000), there has been some debate as what out of work conduct can constitute harassment. In Blakely the Court indicated that a plaintiff can establish an actionable claim for harassment based upon electronic communications made outside the workplace if the electronic medium would be “the equivalent of a bulletin board in the pilot’s lounge.” Perhaps, in today’s market the employee lounge has been replaced by the smartphone and the bulletin board by Twitter. Recently, in Espinoza v. County of Orange, etc. al. No. G043067, 2012 WL 420149 (Cal. App. 2012), the California Court of Appeals upheld a $1.6 million verdict against an employer and in favor of an employee who was being harassed by co-workers on a blog. The employee reported the harassment to his supervisor, who indicated that the complaint would be forwarded through the proper channels, but the employer failed to conduct any official investigation. Ultimately, the Court of Appeals determined it was proper to allow the jury to conclude that the employer was liable for harassment arising from a blog maintained by co-workers outside of the workplace because it was aware of the harassment and did not take action.
Check back on Friday as we continue to traverse this new harassment landscape.
Benjamin L. Riddle is an associate in the Louisville, Kentucky office. Mr. Riddle is a member of the firm’s Litigation team, where he focuses his practice on employment law, commercial disputes and personal injury matters. Mr. Riddle can be reached at (502) 327-5400, ext. 305 or briddle@mmlk.com
Efforts to Restrict Employer Access to Social Media Passwords Pick Up Steam
Legislative efforts to prohibit employers and educational institutions from demanding social media passwords from applicants and employees picked up steam as California became the third state to pass such a law on Thursday, September 27, 2012. California joins Maryland and Illinois as states making this prohibition law, though none of the statutes have yet to go into effect.
The California statute prohibits employers asking for account passwords and from taking any adverse action, including discharge or refusal to hire, against an employee who refuses access to a social media account. The language of the statute appears to reach demands by employers to even review non-public social media posts without a password, such as an “over the shoulder” review at an employee’s desk, but the full contours of the law won’t be known until it is implemented.
In an interesting twist, the California law does not apply to devices issued by employers. So, if an employee accesses a personal social media account such as Facebook or Twitter on an employer-issued device. Thus, an employee who accesses a personal social media account on an employer-issued phone, tablet or laptop might be susceptible to a password demand.
In announcing the passage of the law – via social media, no less – Governor Brown of California emphasized that the law does not impact on employers’ existing rights and obligations to investigate workplace misconduct. For instance, if an employer has knowledge that an employee is harassing another employee via social media, the employer can’t use the new law as a shield to refuse to act. Employers must still abide by all workplace discrimination laws and provide a safe work environment for their employees.
At least twelve other states are considering similar laws, and similar bills have been introduced in both the U.S. House and Senate. Employers across the nation need to be aware of this trend.
If you have any questions regarding potential social privacy laws in your jurisdiction, give us a call.
Amy D. Cubbage is Of Counsel in the Louisville office of McBrayer, McGinnis, Leslie & Kirkland, PLLC. She concentrates her practice in litigation in the areas of employment, complex tort and commercial litigation, including class actions, toxic torts and mass torts. Ms. Cubbage may be reached at (502) 327-5400, ext. 308 or acubbage@mmlk.com.
This article is intended as a summary of newly enacted federal law and does not constitute legal advice.
