Attorneys

Practice Areas

What's Working: E-Discovery Procedures and Liability for Blogging, Twittering, E-mail and other Social Communications

Todd Shill, Kevin Gold and John Martin (The authors would like to thank Amanda Lavis, Summer Associate 2009, for her contributions to this article.)

I.          INTRODUCTION

            Advancements in technology have given employers the opportunity to improve efficiency in the workplace.  The Internet and e-mail, unheard of just one generation ago, are now workplace mainstays providing fast and effective means of communication and access to vital information.  Even more recently, Twitter and instant messages have rapidly been integrated into the corporate world as an effective, immediate form of communication.  These advantages do, however, come at a price.  In addition to concerns over the decrease in worker productivity (irony be thy name), employers are now facing potential liability for their employees’ improper use of technology.

            The information superhighway is starting to look more like a traffic jam.  Consider the following statistics:

·                    On average, a typical employee spends 21 hours per week online while at work—but only 9.5 hours per week at home.

·                    30% to 40% of Internet use in the workplace is not business related.

·                    60% of all online purchases are made during work hours.

·                    70% of all Internet pornography traffic occurs between 9:00 a.m. and 5:00 p.m.

            What’s more, employers and employees are facing ethical and professional dilemmas thanks to the ever-increasing popularity of social networking sites.  The explosion of social networking sites, such as MySpace and Facebook, has provided employers with a new method of conducting hiring due diligence.  Employees, however, call this practice of “e-snooping” unfair.

            The most effective response to these (and other) alarming statistics is to adopt and consistently enforce a formal policy that outlines the employer’s expectations with respect to the use of the Internet, e-mail, and similar electronic media.  But even then, several questions remain.  The purpose of this article is to alert you to the various technologies that have arisen and are being used on a daily basis in the workplace, and identify the numerous ways in which these technologies may land employers in hot water if they are not careful… and prepared.

II.        E-MAIL/INTERNET

A.        Overview

1.        Over the past several years, e-mail and the Internet have become integral and indispensable aspects of the typical employee’s daily routine. 

a.        Thanks in large part to its speed and convenience, e-mail has replaced the inter-office memorandum as the preferred method of communication in the workplace.  In fact, the estimated number of e-mails sent per day in 2008 was around 210 billion (up to 70% of those e-mails were spam).  Although some employees understand the importance of maintaining a certain level of professionalism when communicating via e-mail, the vast majority do not view e-mail in the same manner as a traditional paper memorandum.

b.        The Internet, by the same token, has revolutionized business operations to the point where it is difficult to remember how things were even accomplished before the introduction of the information superhighway.  Similar to most roads, however, this highway is a two-way street: employers enjoy greater work productivity due to the increased accessibility of information, but also confront problems with disgruntled employees abusing this technology to the employer’s detriment.

2.        Due to their ever-increasing importance in the business world, e-mail and the Internet have become an unavoidable way of life for all employers.  While convenient (and in most cases, necessary), these tools have also given rise to a host of new employment-related problems and potential liability.

B.        What are the potential threats/issues that employers face?

1.        Exposure to legal liability:  An employer may be held accountable for the information transmitted by its employees over an employer-provided computer network.  Offensive, harassing, or defamatory e-mails can, as a result, subject an employer to liability for inappropriate communications.  Because today’s workplace is technologically driven, it should come as no surprise that technology—and in particular, e-mail—plays a starring role in most sexual harassment claims.  “E-harassment” is evolving into one of the most prevalent types of harassment in the workplace.

a.        Chevron was one of the first large employers to learn this lesson the hard way.  In 1995, the company settled a lawsuit filed by four female employees for $2.2 million.  In their suit, the employees alleged that sexually harassing e-mails, sent through Chevron’s e-mail system, created a hostile work environment.  The offending e-mail in question?  “25 Reasons Why Beer is Better than Women.”

b.        Conversely, e-mails can provide employers with valuable evidence for proving prohibited inter-office affairs or other misconduct.  In 2006, Wal-Mart fired marketing executive Julie Roehm.  Roehm filed suit and claimed that she was improperly denied severance.  Wal-Mart countered with evidence, in the form of e-mails, which showed that Roehm participated in a romantic relationship with a subordinate and thus, had been terminated “for cause.”  Roehm dropped her lawsuit shortly thereafter.

c.        A former employee sued Best Buy for “blackballing” him from future employment with similar companies/competitors.  To prove his claim, the employee created a phony e-mail accounting asking his former HR Manager for a reference.  Here was the response:

I will give you the skinny on him but you can’t say you got any info from Best Buy or we can be sued.  Just don’t hire him and say you went with a better candidate.

He was hired as GM and demoted after 12 months or so because he sucked.  He is desperate for a job because supposedly his wife left him because he has no job.  I would not touch him.

Again, do not forward this e-mail to anybody or say where you heard the info from because we are not allowed to give this info out, but I would hate you to get stuck with this guy!

d.        A former manager at Staples filed a lawsuit claiming that he was humiliated after Staples sent out a mass e-mail to approximately 1,500 employees explaining that the manager had been terminated for violating the company’s travel and expense policy.  The First Circuit Court of Appeals allowed the case to proceed past summary judgment after determining that the e-mail was meant to single him out and humiliate him.  Noonan v. Staples, 556 F.3d 20 (1st Cir. 2009) (applying Massachusetts law).

2.        Confidentiality breaches:  Confidentiality breaches, e.g., disclosure of an employer’s trade secrets, can occur accidentally (for example, where an employee selects the wrong contact in the “To:” field when sending an e-mail).  On the other hand, confidentiality breaches can, unfortunately, also be the result of an employee’s intentional and premeditated actions.  There is cause for alarm: upwards of 60% of employees being laid off or fired admit to stealing company data. 

3.        Lost productivity:  Although studies vary on just how much e-mail and Internet access affect workplace productivity, the result remains the same, and a marked decrease in productivity is a growing cause for concern.

a.        The NCAA’s “March Madness” has been estimated to cost U.S. companies billions of dollars in lost productivity on an annual basis.  Recognizing this productivity issue, CBS Sports shrewdly allows the tournament games to be viewed online with a “Boss Button” that, when clicked, displays a spreadsheet covering the computer screen.

b.        Online social networking sites are even more costly.  According to a U.K.-based employment law firm, approximately £130 million ($264 million U.S.) is lost per day by British corporations due to workers accessing their Facebook accounts.  British companies, unsurprisingly, are not alone.  An Australian study estimates that Facebook swallows approximately $5 billion (Australian) every year ($4 billion U.S.).

c.        And the Holiday Season is anything but cheerful when it comes to employee productivity.  One study estimates that online shopping during the month of December costs American businesses over $500 million.  In fact, the Monday following Thanksgiving (for many employees, the first day back to work after a four day break) is referred to as “Cyber Monday,” a one-day event during which online retailers hold sales akin to those offered in traditional brick and mortar stores on “Black Friday.”

4.        E-mail retention/retrieval:  E-mail is the de facto standard for workplace communication.  Conversations/transactions that had traditionally been handled over the phone are now being conducted via email.  It should come as little surprise, then, that e-mail has quickly become a vital component to the discovery process in various types of litigation. 

a.        One study has found that 24% of all business organizations have been served with subpoenas to produce employee-generated e-mails.  There is no denying that e-mail now plays a strategic role as evidence in almost every single employment lawsuit.

b.        Employers must also be mindful of the electronic-data discovery amendments to the Federal Rules of Civil Procedure:

i.          The amendments recognize that electronically stored information can be difficult to retrieve and, in fact, may have been discarded as part of the routine operation of a computer system. Thus, amended Rule 26(b) makes clear that a party need not produce electronically stored information “from sources that the party identifies as not reasonably accessible because of undue burden or cost.” However, the producing party bears the burden of showing such undue burden or cost when confronted with the requesting party’s motion to compel. 

ii.        Amended Rule 37(f) similarly provides that a court may not impose sanctions on a party “for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.”  Comments to this rule explain that data may be considered not to have been lost in “good faith” if that loss follows an event triggering the duty to preserve data. 

iii.        Thus, prudence would dictate that, upon the receipt of a “preservation letter,” an employer should halt any routine or automatic data loss and/or removal because, after receiving a preservation letter, any such loss may not be considered to have occurred in “good faith.”

iv.        Employers should also develop, audit, and monitor their record retention policies to make sure employment records, including those that are electronically stored, are properly preserved.

C.        Monitoring an employee’s e-mail and Internet access

1.        In light of the foregoing issues, it has become essential for employers to monitor their employees’ e-mail and Internet activity.  Despite arguments that such “Big Brother” oversight should be prohibited, courts have declared that private employers are entitled to monitor their employees’ e-mails and Internet activity. 

2.        In Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996), the U.S. District Court for the Eastern District of Pennsylvania, in a landmark case, declared that, notwithstanding an employer’s repeated assurances that it would not monitor or intercept e-mails, an employee does not have a reasonable expectation of privacy in e-mails that are sent, stored, or received at work.

a.        The Smyth court noted that the computer and software belonged to the employer and, consequently, so did the information stored thereon.  Moreover, the e-mails at issue in Smyth were sent voluntarily by the employee; that is, unlike a urinalysis or similar invasive procedure, the employer was not requiring nor compelling the employee to disclose any personal information.     

b.        Notably, the Smyth court held that an employer’s interest in preventing inappropriate and unprofessional comments (or even illegal activity) over its e-mail system far outweighed any privacy interest that an employee may have in his or her e-mail.  See also United States v. Ziegler, 474 F.3d 1184 (9th Cir. 2007) (holding that an employer that has announced a policy that employee computer use is subject to electronic monitoring has a right to access an employee’s workplace data and voluntarily turn such data over to the FBI).

3.        Regardless of the Smyth court’s decision, however, employers should be mindful of the statutory provisions that prohibit the interception of electronic communications.

a.        The Electronic Communications Privacy Act of 1986, as amended, 18 U.S.C. § 2510, et seq., and 18 U.S.C § 2701 et seq. (“ECPA”), is an extension of the Federal Wiretapping Act and prohibits the intentional and nonconsensual interception of any electronic communication, the unauthorized access of stored communications, or the disclosure or use of any information from an illegally intercepted communication.  Fortunately, the ECPA provides three exceptions that, under certain situations, permit employers to monitor their employees’ e-mails:

i.          Consent exception: A violation of the ECPA (and, likewise, the Wiretapping Act) does not occur where one of the parties to the communication has given prior consent to the interception.  To that end, an employer should obtain written consent from employees regarding its e-mail monitoring policy.  Id. § 2511(2)(d).

ii.        Business extension exception: The Wiretapping Act exempts from its coverage certain types of equipment furnished and used in the ordinary course of business.  For example, an employer is permitted to monitor business-related phone calls (because telephones are used in the ordinary course of business).  However, once an employer understands that a call is personal, the monitoring must cease.  Id. § 2510(5).

iii.        Service provider exception: Although not entirely clear, this exception may apply to an employer-provided e-mail system, which in turn, would allow the employer to intercept electronic communications on that system so long as doing so is necessary to ensure the protection of the employer’s rights and/or property.  Id. § 2511(2)(a)(i).

b.        The Pennsylvania Wiretapping and Electronic Surveillance Control Act, 18 Pa. C.S. § 5701, et seq., contains many of the same prohibitions as its federal counterpart.  Notably, the state statute contains a stricter “consent exception,” which requires all parties to a communication to consent to its monitoring in order to avoid liability.  Id. § 5704(4).  Due to the underdeveloped legal precedent on this issue, it is important for employers to make sure that its employees understand that they have no reasonable expectation of privacy concerning their use of the employer’s e-mail and Internet systems.  This can be accomplished through the adoption and distribution of a well-defined electronic communications policy (discussed below) before the employer begins monitoring its employees’ online activities.

D.        Noteworthy examples/cases

1.        Doe v. XYC Corp., 887 A.2d 1156 (N.J. Super. App. Div. 2005).

a.        The court held that an employer who is put on notice that an employee is using a workplace computer to access pornography (including child pornography) has a duty to investigate the employee’s activities and to take prompt action to stop any unauthorized (or unlawful) conduct, lest it result in harm to innocent third-parties.

b.        The employee used his employer’s computer network to share nude and semi-nude pictures of his 10 year-old stepdaughter over the Internet.  The employer was aware that this employee had, in the past, viewed pornographic websites on company time.  The employer had reprimanded the employee on two occasions, but failed to take any further disciplinary action.  The mother of the 10 year-old (and wife of the employee) brought a civil action against the employer.  The mother claimed that the employer should be held accountable for the harm caused to her daughter and based her cause of action on § 317 of the Restatement (Second) of Torts, which concerns the duty of a master to control the conduct of its servant.

c.        Because the employer was aware that the employee may have visited child pornography websites in the past, the court declared that the employer had a duty: (1) to investigate further; (2) to report the employee’s activities to the appropriate law enforcement authorities; and (3) to take effective internal action to stop those activities.  Moreover, the employer had, in fact, promulgated an electronic resources policy which provided that all e-mails were subject to inspection and that an employee’s Internet access was restricted to business-related purposes only. 

2.        Pacenza v. IBM Corp., No. 04-5831-PGG, 2009 U.S. Dist. LEXIS 29778 (S.D.N.Y. April 1, 2009).

a.        The employee was terminated for visiting an adult chat room on company time.  The employee sued his employer, inter alia, on the novel theory of “Internet addiction.”  Specifically, he claimed protection under the Americans with Disabilities Act (“ ADA”) and argued that he visited adult chat rooms in order to treat the post traumatic stress disorder (“PTSD”) that he incurred during his time in the Vietnam War.

b.        The court granted the employer’s motion for summary judgment because the employee failed to show that the employer was even aware of his PTSD.  While the employee alleged that he had told his supervisor about his “longstanding Internet sexual addition,” the court refused to find that such a comment would put anyone on notice about the employee’s PTSD.

c.        Moreover, the court was careful to note that the employee was not alleging his “Internet sexual addiction,” itself, was a disability under the ADA, likely because such an addiction is not recognized under the ADA.  See 29 C.F.R. § 1630.3(d)(1) (explaining that a “disability” under the ADA does not include “sexual behavior disorders”).

3.        Blakey v. Continental Airlines, Inc., 751 A.2d 538 (N.J. 2000).

a.        A female employee sued her employer for sexual harassment in federal court.  While the federal suit was pending, however, her co-workers continued to post derogatory and insulting remarks about her on the company “Forum,” i.e. an Internet-based, electronic message board provided by the employer.  After an unsuccessful attempt at amending her federal complaint to include allegations concerning these postings, the employee brought suit in state court.  

b.        The employer argued that it should not be held liable for these postings, as they were not made within the workplace.  The New Jersey Supreme Court disagreed.  According to the court: “Although the electronic bulletin board does not have a physical location within a terminal, hangar or aircraft, it may nonetheless have been so closely related to the workplace environment and beneficial to Continental that a continuation of harassment on the forum should be regarded as part of the workplace.”  Blakey, 751 A.2d at 543.

E.        Web-based e-mail accounts

1.        As employers increase their monitoring of company e-mail accounts, employees inevitably feel more secure using their personal e-mail accounts (such as GMail, Yahoo, or Hotmail) for personal use while at work.  Unlike company e-mail accounts, web-based e-mail accounts do not automatically store all messages sent and received on the company server.  They are, instead, stored on the Internet company’s server that provides or hosts the account.  If employees wish to access these personal accounts at work, however, they must use their employers’ computers and Internet connections to do so.

2.        When an employer provides access to the Internet at work, it is presumably for work purposes.  It is well-settled that an employee’s expectation of privacy in using company-provided work tools is lower than it is for conveniences that are provided for personal use (such as storage space in a personal work locker).  Using this logic, and as the court in Smyth held, an employee using a computer—a company-provided work tool—will have a lowered expectation of privacy.  It then follows that employees accessing personal web-based e-mail accounts via employer-provided computers and Internet access will also have a lowered expectation of privacy.  This conclusion is, of course, based on the assumption that the Internet access and company computer are tools provided for work, not simply for purposes of convenience.

3.        As the following case illustrates, however, the law surrounding this area might not be so clear cut.

a.        Stengart v. Loving Care Agency, Inc., 2009 N.J. Super. LEXIS 143 (N.J. Super. June 26, 2009).

i.          The court held that e-mails between an employee and her attorney, through the employee’s personal e-mail account, are protected by the attorney-client privilege—despite the fact that the employee used her employer’s computer and Internet server to send the e-mails.

ii.        According to the court, the fact that the employer owned the computer and provided the Internet service was not wholly determinative as to whether an employee’s personal e-mail sent using a web-based, password-protected account can be considered the employer’s property.

iii.        The court also discussed the “Electronic Communication” policy issued by the employer, which informed employees that electronic communications should not be considered private.  The policy also stated, however, that “occasional personal use” was permitted.  Moreover, the policy did not specifically address the use of personal e-mail accounts.  Thus, the court concluded that a reasonable employee could believe that the policy applied only to his or her work-based e-mail account, and not e-mails sent by way of a personal, web-based e-mail account.

F.        Instant Messaging (IM)

1.        Another technology that presents challenges for employers is instant messaging or “IM.”  IM involves short messages exchanged between users in real time.  Over 43 million employees use IM at work, but fewer than one-third of all employers have policies that specifically address the use of IM.

2.        IM, like the other technologies discussed in this article, has played an important role in employment litigation:

a.        Kraus v. Howroyd-Wright Empl. Agency, Inc., 2008 U.S. Dist. LEXIS 1254 (E.D. Pa. Jan. 8, 2008).

i.          The court granted the employer’s summary judgment motion and dismissed the plaintiff’s claim for sexual harassment.

ii.        The plaintiff alleged that her supervisor subjected her to a sexually-charged hostile work environment.  However, IM transcripts between the plaintiff and her supervisor revealed that she actively participated (and, in some instances, solicited) the remarks that she later alleged to be harassing and unwelcome.  Such evidence of “inter-sexual flirtation,” the court reasoned, could not support the plaintiff’s claim for sexual harassment.

G.        Adopting an e-mail/Internet use policy

1.        An effective e-mail/Internet policy should address the following areas:

a.        Expectation of Privacy: The policy should include a clear and concise statement informing employees that: (1) they shall have no expectation of privacy with regard to anything that is placed on the employer’s computer network; (2) the computer network is owned by the employer; and (3) a password is no indication of personal privacy.  Moreover, it should be expressly stated in the policy that access to private web-based e-mail accounts (e.g., Hotmail or GMail) from workplace computers is similarly considered to be non-private activity.

b.        Code of Conduct: The policy should make clear what type of conduct is expressly prohibited on the employer’s computer systems (via e-mail or otherwise).  Such prohibited conduct would necessarily include, among other things: (1) threatening and/or harassing comments; (2) using obscene or vulgar language; (3) displaying (e.g., on a computer’s desktop wallpaper and/or screensaver) or sending offensive or derogatory images or comments that would violate the employer’s discrimination and/or harassment policies; (4) creating or transmitting “junk” e-mail; and (5) transmitting confidential information to anyone outside the company or in an unauthorized manner.   

c.        E-mail Retention: The policy should clearly indicate that when an e-mail is “deleted,” it is not actually removed from the system, but rather resides in the computer’s unallocated memory.  Moreover, the policy should include a retention policy so as to comply with the electronic-data discovery amendments to the Federal Rules of Civil Procedure (e.g., halting all automatic data loss upon receipt of a preservation letter).

d.        Monitoring: Employers must be open with employees regarding the monitoring/oversight of e-mail activity and Internet access.  Obtaining an employee’s consent (e.g., written acknowledgment) is a vital first step in this process.  Moreover, employers should send out periodic reminders to their employees that anything created, sent, received, or stored on their computer systems is subject to review at any time without prior notice.     

e.        Training, Awareness, and Enforcement: Employers should ensure that any e-mail/Internet policy is effectively disseminated and enforced.

2.        In December 2007, the National Labor Relations Board (NLRB) held that an employer may prohibit a union, or employees seeking to solicit or organize, from using company e-mail systems, thus permitting employers to control access to its systems.

a.        The NLRB affirmed a policy that prohibited employees from sending non-business-related e-mails; the NLRB also noted that an employer does not have to prohibit all forms of non-business email.

b.        However, if e-mails involving non-charitable organizations or clubs (as opposed to charitable or fund-raising activities) are permitted, then union-related messages cannot be singled out for exclusion.

III.       BLOGGING

A.        Overview

Blog · noun [short for Weblog] (1999): a website that contains an online personal journal with reflections, comments, and often hyperlinks provided by the writer.  (Merriam-Webster’s 2004 word of the year)

1.        By now, it is safe to assume that most (if not all) people are aware of the blogging phenomenon.  In the employment context, a blog can become a virtual union hall, where employees can interact socially and discuss work and personal issues.  (Two entertaining law-related blogs worth noting are: “The Anonymous Lawyer” – http://anonymouslawyer.blogspot.com; and “That’s What She Said” – http://www.hrheroblogs.com.)

2.        Nothing is off-limits in a blog, including malicious and/or damaging statements made by an employee about his or her employer.  As a result, employers should understandably be concerned due to the potential for a blog to reach a global audience at virtually no cost to the blogger.  As one state supreme court remarked, anyone with a telephone line can “become a town crier with a voice that resonates farther  than it could from any soapbox … speakers can bypass mainstream media to speak directly to an audience larger and more diverse than any the Framers could have imagined.”  Doe v. Cahill, 884 A.2d 451, 455 (Del. 2005).

B.        What are the potential threats/issues that employers face?

1.        Many of the potential threats/issues discussed in the previous section are equally applicable to the issue of employee blogging.  The most obvious problem is, of course, reduced worker productivity if blogs are created on company time (and with company resources).  Other problems, similar to those previously discussed, can include: (a) disclosing confidential information or trade secrets (intentionally or inadvertently); (b) posting defamatory, offensive, or inappropriate comments that may subject an employer to liability; and (c) posting information or opinions that tend to have a disparaging effect on a company’s products, services, goodwill, or overall image (referred to as “cyber-smearing”).

2.        Not surprisingly, bloggers are facing legal action for defamation, invasion of privacy, and even copyright infringement.  A recent study indicates that over 106 lawsuits were filed against bloggers in 2007, and damage awards against bloggers have topped $17 million.  Bloggers can actually purchase insurance plans that specifically cover blogging-related activities; most personal liability insurance will not cover blogs if the blogs generate any revenue.

C.        Tracking down the anonymous blogger

1.        The first hurdle many employers face when trying to stop or shut down a damaging blog is identifying the person responsible for its creation.  As one might expect, anti-employer bloggers, more often than not, choose to blog anonymously.

2.        The most commonly used mechanism for uncovering the identity of an anonymous blogger involves filing a “John Doe” lawsuit and then serving a subpoena on the Internet Service Provider that hosts the blog in order to obtain documents needed to ascertain the blogger’s identity.  Different standards apply depending on your jurisdictions, however, when it comes to prevailing on a “John Doe” blog case.  Compare Dendrite Intern., Inc. v. Doe No. 3, 775 A.2d 756 (N.J. Super 2001) (plaintiff must show that the underlying action can survive a motion to dismiss); with Doe v. Cahill, 884 A.2d 451 ( Del. 2005) (plaintiff must show that the underlying action can survive a motion for summary judgment).

D.        Discipline

Dooced · adj. (2002): getting fired for blog-related activity; usually by making disparaging comments about one’s employer.  Coined by the website dooce.com.  Ex: I was dooced when someone sent my boss a link to my blog.

1.        A recent study reveals that nearly one out of ten companies have fired an employee for violating corporate blogging or message board policies, and nearly one in five have disciplined an employee for the same infractions.

2.        Upon discovering inappropriate blogging activity, an employer should first determine whether the blog was created and/or maintained during company time with the use of company resources.  If an employee posts a blog when he or she should be working, the employer will most likely be entitled to discipline that employee.  Posting a blog that could subject an employer to liability (e.g., via defamatory or harassing comments) will also provide ample grounds for employee discipline.

3.        Many employees feel that their blogs are protected by the seemingly ubiquitous “freedom of speech.”  However, the First Amendment only limits the government’s restriction of free speech; it generally does not restrict a private employer’s ability to discipline or terminate an employee.  But while discipline may be a lawful response to inappropriate employee blogging (even if done on personal time) due to the “at-will” nature of most employment relationships, employers should be mindful that there are other laws protecting employee speech in certain circumstances:

a.        The National Labor Relations Act, 29 U.S.C. § 151 et seq. (“NLRA”), provides that an employee may not be disciplined for discussing wages, hours, or other terms and conditions of employment.  Id. §§ 157, 158.  As a result, a blog that encourages other employees to lodge complaints or that discusses certain employment policies, such as compensation, may be protected under the NLRA.  Notably, these provisions of the NLRA protect both unionized and non-unionized employees.

b.        An employee’s blogging activity may also be protected under the various “whistleblower” statutes, i.e. Section 806 of the Sarbanes-Oxley Act of 2002, 18 U.S.C. 1514A, and Pennsylvania’s Whistleblower Law, 43 P.S. § 1421, et seq.  It should be noted that Pennsylvania’s Whistleblower Law only applies to “public bodies.”  See 43 P.S. § 1422.  However, private entities will also be subject to its provisions by accepting any amount of public funding.  See Riggio v. Burns, 711 A.2d 497, 500 ( Pa. Super. 1998).

c.        Employers should also be mindful of any state law which prohibits discrimination against employees for the “lawful use of lawful products.”  See, e.g., N.C. Gen. Stat. § 95-28(2)(b).  While these laws are primarily targeted at preventing discrimination against smokers, a creative employee may contend that blogging is akin to the use of a “lawful product,” and thus, he or she may not be unjustly terminated for his or her lawful use of the blog.

d.        An employee can also argue that his or her termination violates public policy, and thus, constitutes an exception to the traditional standard of at-will employment.  To establish that the termination violates public policy, an employee may allege, for example, that the blog (for which he or she was “dooced”) discusses the employer’s violation of certain statutory safety codes.  Public policy can also be violated if an employee is terminated for political reasons.  See e.g., Novosel v. Nationwide Ins. Co., 721 F.2d 894 (3d Cir. 1983) (applying Pennsylvania law) (holding that “an important public policy is in fact implicated wherever the power to hire and fire is utilized to dictate the terms of employee political activities”).

E.        Noteworthy examples/cases

1.        Simonetti v. Delta Airlines, Inc., U.S. District Court, No. 1:05-cv-2321 (N.D. Ga. 2005).

a.        A former Delta Airlines flight attendant alleged discrimination on the basis of sex after the airline fired her for posting provocative pictures of herself in a Delta Airlines uniform on her blog, “Diary of a Flight Attendant” (upon her termination, the blog was aptly renamed “Diary of a Fired Flight Attendant”).

b.        The flight attendant argued that male flight attendants had posted comparable pictures of themselves wearing their uniforms without suffering any adverse consequences.  The case is still pending, but has been stayed in light of Delta Airlines’ Chapter 11 bankruptcy filing. 

c.        Even though no known resolution was reached, “Diary of a Fired Flight Attendant” is one of the most well known examples of an employee being fired for blog-related activity.  The flight attendant even got a book deal; her book (on sale now!) is titled: “Diary of a Dysfunctional Flight Attendant: The Queen of Sky Blog.”

2.        Now you’re (no longer) playing with power

a.        In August 2007, technical recruiter Jessica Zenner was fired by Nintendo because her supervisors discovered her personal blog, “Inexcusable Behavior,” which contained some nasty commentary about some of her supervisors and co-workers.

b.        Although Zenner did not refer to herself, her employer, or her co-workers by name, the pictures she posted of herself may have led Nintendo to discover the blog.  A Nintendo spokesperson stated that although employees are not barred from having blogs, they are “expressly discouraged” from posting the type of content that was posted by Zenner.

3.        Google tells employee to “search” for a new job

a.        Mark Jen began working at Google in January 2005 and started a blog that same day to document his personal experiences as a Google employee.

b.        Jen’s blog became extremely popular, but his superiors at Google, as owners of Blogger service that housed Jen’s blog, also read his blog.  Among other things, Jen wrote that he was asked by Google to remove “sensitive information” about the company’s finances and products from earlier postings.

c.        Jen was fired eleven days after he started working for Google.  Although Google gave him no explanation, Jen believes that he was fired for his blog.  To his credit, Jen admits to learning a valuable lesson from his experience, such as being more sensitive to corporate culture and communicating with an employer before blogging about work.

4.        This… is CNN (… and that is the door)

a.        Chez Pazienza, a CNN producer, was fired in early 2008 for blogging about current events.  Pazienza never identified himself as a CNN employee, but CNN stated company policy requires permission to write for an outside entity.

F.        Adopting a blogging policy

1.        Employers should adopt a policy that prohibits employees from blogging during work hours.  Moreover, employers should specifically address the issue of private blogging, whether this is done during company time or personal time. 

2.        An effective blogging policy should include the following instructions to employees:

a.        Explain that the views expressed in the blog are yours alone and do not necessarily represent the views of your employer.

b.        Respect the company’s confidential and proprietary information.

c.        Be sure to ask your manager or supervisor if you have questions about what is and is not an appropriate topic for your blog.

d.        Be respectful to the company, other employees, customers, and competitors.

e.        Understand when the company requests that certain topics not be discussed on your blog for confidentiality or legal compliance reasons.

f.          Ensure that your blogging activities do not interfere with your work commitments.

3.        Of course, much like the e-mail/Internet policy discussed in the previous section, employers should ensure that its blogging policy is effectively disseminated and consistently enforced, and that all employees undergo some form of training on the topic.  Employees should also be informed that discipline, including termination, may be imposed for blogging, just as it would for other forms of communication.

4.        If the company sponsors a blog that is linked to its website, the blog policy should require company approval before it is posted.  Uncensored blogging could lead to claims against the company based on the employee’s blog postings.  Companies may be held responsible for the contents of the blog if it is linked to their website. 

5.        Some companies, such McDonald’s and its “Station M” website, actually encourage blogging by employees to improve internal communications and improve sales.  Likewise, Sun Microsystems, with its nearly 4,000 employee-strong blog network, is an excellent example of this trend.

6.        A step toward adopting good corporate blogging practices was taken in 2007 with the creation of the “Blog Council,”  an initiative comprised of twelve multi-national corporations, such as Nokia, Microsoft, General Motors, The Coca-Cola Company, Cisco Systems, and Dell.  The Blog Council’s aim is to develop best standards for corporate blogs.

IV.       SOCIAL NETWORKING

A.        Overview

1.        Social networks, such as MySpace or Facebook, are being used by millions of people every day.  The main types of social networking services are those that contain directories of some categories (such as former classmates) and a means to connect with friends (usually with self-description pages).  

2.        Job candidates who maintain personal sites on Facebook or MySpace are learning—sometimes the hard way—that the image they present to their friends on the Internet may not be the image they want to present to their boss or prospective employer.

B.        Social networks and the hiring process

1.        Although many employers are too old to qualify as members of the “Facebook Generation,” they are becoming increasingly savvy about using social networking sites in their hiring due diligence.  As a consequence, both job candidates and HR professionals are debating the ethics and effectiveness of “e-screening” on the Web for the kind of information that may not come up in a job interview (like, for example, those pictures from last year’s spring break that were posted on an applicant’s MySpace page).

2.        Recent studies indicate that approximately 35% of hiring managers use Google to do online background checks on job candidates, while 23% look applicants up on social networking sites.  And although social networking research is becoming increasingly popular with employers, some potential employees may not even realize it.  One recent study showed that 66% of Generation Y respondents were not aware that the information they posted online can be factored into hiring decisions; 56% believe such a practice to be unfair.

3.        Of those hiring managers who have screened job candidates through social networking profiles, one in three reported that they discovered content which caused them to dismiss the candidate from consideration.  Some of the more noteworthy areas for concern included: (i) posting information about drinking or using drugs; (ii) posting provocative or inappropriate photographs or information; and (iii) demonstrating poor communication (writing) skills.

4.        Conversely, some employers are finding positive candidate information.  For example, the following areas weighed heavily in the hiring managers’ decisions to grant an applicant further consideration: (i) background information that tends to support the qualifications for the job; (ii) posts that demonstrated great communication skills; and (iii) any information to indicate that the applicant would be a good fit with the company’s culture.

C.        Noteworthy examples/cases

1.        Hello from Bozeman! (please leave all free speech rights at the door)

a.        The City of Bozeman, Montana attempted to take investigation of social networking sites one step further.  Specifically, the City asked all applicants for employment to “list any and all current personal or business websites, web pages, or memberships on any Internet-based chat rooms, social clubs or forums, to include but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.”

b.        The result was a media frenzy.  Although the City had used the same policy for several years, it promptly rescinded the foregoing requirement as soon as the issue attracted national media attention.  Groups such as the Electronic Frontier Foundation derided the practice as an invasion of privacy and a violation of the applicants’ First Amendment rights.

2.        Facebook status update: [insert name here] got fired!

a.        NFL Cheerleader:  A New England Patriots cheerleader was booted from the squad after pictures of her surfaced on Facebook posing over a friend who had passed out and was covered with obscene words and pictures (and swastikas) in permanent marker.

b.        Flight Attendants:  Thirteen Virgin Atlantic flight attendants were fired after they posted Facebook comments describing passengers as “chavs.”  (The term “chav” is akin to the American term “white trash.”)  A spokesman for the airline said: “There is a time and a place for Facebook.  But there is no justification for it to be used as a sounding board for staff of any company to criticise the very passengers who pay their salaries.”

c.        E-A-G-L-E-S:  In March 2009, Lincoln Financial Field employee and avid Philadelphia Eagles fan, Dan Leone, was fired from his job of six years after posting the following comment on Facebook: “Dan is [expletive] devastated about Dawkins signing with Denver … Dam [sic] Eagles are retarded!!”  The organization terminated Leone for the inappropriate post.

3.        Social networking and education: learning the hard way

a.        Social networking sites like Facebook and MySpace are populated with students, invariably resulting in numerous cases addressing the concept of student free speech.

b.        The Drunken Pirate (“Arrrr….”) a/k/a Snyder v. Millersville Univ., 2008 U.S. Dist. LEXIS 97943 (E.D. Pa. Dec. 3, 2008).

i.          Before enlisting in its student teacher program, Millersville University specifically cautions its students not to refer to any of their students or mentors/teachers on their personal webpages.  The University makes it clear that “schools have the prerogative to remove student teachers” for such conduct.  Contrary to the instructions she received, Stacy Snyder actively discussed her MySpace page with her students, and she frequently blogged about her student teaching experiences.

ii.        Included on her MySpace page was a photograph of her wearing a pirate hat and holding a plastic cup, with the caption “Drunken Pirate.”

iii.        Citing Snyder’s unprofessional behavior, Millersville and the school to which she had been assigned did not permit Snyder to complete the teaching program.

iv.        Snyder sued and alleged that her MySpace blog and photos were protected under the First Amendment.  Finding no violation of Snyder’s First Amendment rights, the court ruled in favor of Millersville.  (As a preliminary matter, the court determined that Snyder was not a “student” for First Amendment considerations, but rather a “teacher” or “public employee.”)  Speech of public employees is only protected by the First Amendment if it relates to matters of public concern.  During the two-day bench trial, Snyder admitted that the blog and photos only concerned personal matters, and thus was not protected speech.

c.        To be sure, however, not all cases have been treated the same as the Snyder decision.  Within Pennsylvania alone, there is a split in the district courts regarding the issue of students creating “parody” profiles.  Compare Layshock v. Hermitage Sch. Dist., 2007 U.S. Dist. LEXIS 78524 (W.D. Pa. Oct. 23, 2007) (holding that school officials improperly suspended a student for creating a fake profile of the principal, which portrayed the principal as a “big steroid freak” and “big whore” who smoked a “big blunt”), with J.S. v. Blue Mt. Sch. Dist., 2008 U.S. Dist. LEXIS 72685 (M.D. Pa. Sept. 11, 2008) (upholding the suspension of a student who posted a MySpace profile with a picture of the principal, describing him as a pedophile and sex addict).

D.        Adopting a social networking policy

1.        The use of Facebook and MySpace has become so prevalent that many employees are finding it difficult to balance the personal and professional aspects of their lives.  The varying attitudes towards social networking does little to help clarify the matter.  For example, many corporations, such as Wal-Mart, Johnson & Johnson, and Dunkin Donuts, not only have Facebook pages, but actively integrate social networking sites into their marketing campaigns.  How should an employer encourage professional social networking activity amongst its employees?  The answer remains the same—create and disseminate a clear policy.

2.        An effective social networking policy should include the following:

a.        Position on Social Networking:  The policy should begin with a discussion of the company’s official position on social networking.  Create a non-exclusive list of risks that are posed by uncontrolled postings on social networking sites.

b.        Policy Compliance:  Reiterate current codes of conduct or codes of ethics and emphasize that social media should not be used as a means to avoid current policies. 

c.        Company E-mail Addresses:  Clearly state that company e-mail and company e-mail addresses may not be used for personal matters, and specifically note that company e-mail addresses should not be used in social networking sites.

d.        Disclaimer:  Draft a mandatory disclaimer that employees should include on their individual sites if they choose to identify their employer.

e.        Confidentiality:  Remind employees of privacy and confidentiality concerns.

E.        Corporate Facebook?

1.        Even if a company will never use Facebook or MySpace, it should still address the issue of registering an official site.  With increasing frequency, individuals are registering corporate names on Facebook, MySpace, and Twitter to pose as a corporate representative.  Recently, Facebook started allowing users to adopt unique username URLs and has urged companies to register their corporate URLs to prevent “cybersquatting.”

2.        Companies can check to see if their brand name or corporate name is available (or has been taken) on various social networking sites by using companies such as www.Namechk.com or Knowem.com.  These sites allow companies to check name availablility on almost all the social networks.

3.        What if someone has taken your URL?  No worries.  Facebook has created a grievance procedure which allows brand owners to file a complaint when a username infringes on their brand or trademark.

V.        TWITTER

A.        What’s a “Twitter”? (and don’t say “microblogging”)

1.        Twitter is the latest Internet craze that has infiltrated the mainstream.  It is a free service that allows users to send very short messages (known as “tweets”) over the Internet to people who care enough to follow along and see what the particular user is doing/thinking/etc. at any given moment.  A “tweet” can comprise no more than 140 characters, including spaces and punctuation.  A “twoosh” is exactly 140 characters long.

2.        Anyone and everyone can jump on the Twitter bandwagon.  Individuals, Fortune 500 companies, and celebrities have all signed on to the Twitter phenomenon.  There are currently over six million registered Twitter users.  Generally speaking, Twitter’s demographic tends to skew older and more professional than the demographics of other social networking sites.

3.        Although Twitter is a rapidly growing trend, statistics reveal that the vast majority of users lose interest in the site after approximately one month.  Currently, the retention rate for Twitter after one year is below 30%.  This does not mean, however, that employers should ignore the issue altogether or simply write Twitter off as a passing fad.  Like its predecessors, e-mail, IMs, blogs, and social networks, an employee’s use of Twitter can have potentially damaging effects on his or her employer.

B.        Twitterjacking

1.        Because all it takes is a valid e-mail account to register any username on Twitter, it has become somewhat commonplace for users to “hijack” an account that would otherwise belong to someone else.  The relative ease of this so-called “Twitterjacking” can pose a unique threat to employers.  For example, not only could an individual pose as a corporation on Twitter, but a Twitter account purported to be that of a potential candidate may not, in fact, be that candidate’s account (thus making any attempt at e-snooping that potential applicant far from helpful).  (No word yet on whether the user known as “God,” having 6,000 followers, has been verified.  Apparently not wanting to miss out on the action, “Satan” is on Twitter, too.)

2.        For obvious reasons, Twitterjacking makes it difficult for corporations and individuals alike to positively represent themselves on the social medium.  As one analyst noted, “The most damaging thing [about Twitterjacking] is that Twitter is the most organic and transparent form of communication available.  Communicating falsely is diametrically opposed to the concept of Twitter.” 

3.        Even law firms are vulnerable to Twitter impersonators.   The law firm of Holland & Knight has been the subject of several negative tweets from a user posting under the name “HKLaw”—the same URL used by the law firm (www.hklaw.com).

C.        Employee tweets

1.        As with any other form of social networking, many employees use Twitter throughout their workday without the knowledge or consent of their boss. Fortunately for the employer, every tweet is accompanied by a time stamp indicating the exact time of posting.

2.        As a result, it is easy to determine when an employee is using Twitter.  For example, it was easily established that many Congressmen (essentially, the employees of the taxpayer) were tweeting away during President Obama’s first address to Congress.  The reaction of constituents was mixed—some applauded the documentation of such an historic event, while others deplored the action as impolite and inconsiderate.

D.        Corporate tweets

1.        Approximately 33% of the Fortune Top 100 companies use Twitter.  Many companies, such as eBay and Johnson & Johnson, tweet about annual meetings or quarterly earnings calls, and Rubbermaid uses Twitter to share “how to” facts to promote its products.

2.        Tweeting about these types of topics provides a quick and efficient means of communicating with shareholders, customers, and other stakeholders.  However, publicly traded companies should tread the Twitter waters lightly, as they could be subjecting themselves to potential SEC liability.  (For example, attorneys for eBay required one of its corporate executives to include regulatory disclaimers on his tweets.)

E.        Noteworthy examples/cases

1.        How to lose your job in one tweet

a.        Employees are quickly learning the ramifications of tweeting about work.  For instance, in only 140 characters, a potential Cisco employee may have “twittered away” his offer of employment.  Twitter user “theconnor” tweeted as follows: “Cisco just offered me a job!  Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work.”  Shortly thereafter, Tim Levad, a “channel partner advocate” for Cisco Alert tweeted the following in response: “Who is the hiring manager.  I’m sure they would love to know that you will hate the work.  We here at Cisco are versed in the web.”

b.        Not surprisngly, “theconnor” set his Twitter account to private and deleted all potentially damaging tweets—but if Mr. Levad was able to track down the hiring manager and determine the identity of “theconnor,” it was likely too little, too late.  In just one tweet, “theconnor” may have thrown away hopes of a successful future with Cisco.

2.        Twitter, libel, and (surprise!) Courtney Love

a.        Although billed as the place where users can let loose with their thoughts, a recent lawsuit highlights the importance of thinking before you tweet.

b.        To the surprise of absolutely no one, the ever outspoken Courtney Love made headlines for being involved in the first Twitter libel case, which arose out of her tweets about her former fashion designer.  The designer filed suit in March 2009 after Love posted tweets calling her a cocaine addict and a “nasty, lying, hosebag thief.”

F.        Adopting a Twitter policy

1.        As with all of the foregoing technologies, employers should strive to create and distribute a social media policy that addresses the issue of Twitter use before its employees tweet away with reckless abandon.

2.        Although the policy can be detail-oriented and focus on the various ways in which the employees’ Twitter habits may have a negative impact on the employer’s business or expose it to liability, when dealing with Twitter, it might actually be more effective (and give the employer an added level of Internet credibility) to play by Twitter’s rules.  What follows is a policy suggested by Jay Sheperd, proprietor of gruntledemployees.com:

Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.”

Source: http://www.gruntledemployees.com/gruntled_employees/2009/03/ a-tweetable-twitter-policy.html.

And yes, that’s a “twoosh.”