A party’s right to privacy has always been an important and sometimes limiting factor in the resolution of discovery disputes. Social media platforms, which allow users to select the extent with whom they share their network, posts and photos, inevitably create a conflict between what users perceive as “private” content (based on settings used to control who they share information with) and the fact that all content that is relevant to a particular lawsuit may be discoverable. Litigants are finding that in resolving discovery disputes involving social media, the technological platforms may be new but traditional discovery rules still apply. Below are four cases that have helped establish a familiar patch of terrain in a legal landscape that has been remade in so many other ways by social media.
Last week, in Bland v. Roberts, the U.S. Court of Appeals for the Fourth Circuit handed a constitutional victory to Facebook and two plaintiffs who lost their jobs after displaying online support for the incumbent’s opponent in a sheriff’s election. Reversing the district court decision, which said that “liking” a Facebook page was not sufficient “expressive speech” to warrant First Amendment protection, the appellate court ruled that the act was “pure speech,” as well as symbolic expression.
On August 29, 2013, Gov. Chris Christie signed New Jersey’s social media privacy law, making New Jersey the twelfth state to enact such laws governing employers. (Various states have enacted similar laws governing institutions of higher education.)
Christie’s signature ends an approximately year and a half long legislative process: the bill was first introduced on May 10, 2012. As discussed in prior posts on this blog (New Jersey Assembly Unanimously Passes Revised Social Media Bill, New Jersey Senate Unanimously Passes Revised Social Media Bill), the bill was conditionally vetoed by Christie in May of 2013, then passed again by the Assembly in May and the Senate in August.
New Jersey should be the last state to enact such a law until the various state legislatures begin their next sessions. But with 24 states having proposed – but not enacted – social media laws in 2013, more can be expected in the future.
On August 19, 2013, the New Jersey Senate passed – by a vote of 36 to 0 – a revised bill barring employers from seeking access to employees’ social media accounts. The bill was previously approved by the New Jersey Assembly on May 20, 2013, as discussed in a prior post on this blog.
A prior version of the bill also passed both houses but was conditionally vetoed by Gov. Chris Christie, who expressed concerns about some of the bill’s employee-friendly provisions. Among Christie’s recommended changes was the removal of a private cause of action by employees.
The bill now awaits Christie’s signature. Though the legislature adopted all of the Governor’s recommendations, it remains to be seen whether Christie has additional concerns about the new law.
On May 21, 2013, Washington’s governor signed a new law protecting employee social networking accounts.
The new law, which goes into effect on July 28, 2013, prevents employers from requesting, requiring or coercing an employee or applicant to disclose login information for the employee’s personal social networking account. Employers also may not ask employees to access such accounts in the employer’s presence; add the employer to the employee’s contacts; or alter third party access settings. Work-related accounts and devices paid for or supplied by the employer are exempt.
If an employer inadvertently receives login information, it is not liable for possessing the information but may not use it to access the employee’s account.
Importantly, employers may still:
- Comply with the requirements of state or federal law;
- Conduct investigations to comply with laws against work-related employee misconduct based on receiving information about the employee’s activity; and
- Conduct investigations based on receiving information about the unauthorized transfer of proprietary or confidential information or financial data.
The law creates a private cause of action for employees and applicants. Prevailing plaintiffs may be awarded equitable relief, actual damages, a $500 penalty, and reasonable attorneys’ fees and costs. However, a court may also award reasonable expenses and attorneys’ fees to a prevailing defendant if the judge determines that the action was frivolous and without reasonable cause.
Washington joins Maryland, Illinois, California, Michigan, Utah, Arkansas, and Colorado in enacting such laws. New Mexico has enacted similar legislation, but it prohibits access only to the accounts of prospective employees.
To read more about this law, see Substitute Senate Bill 5211.
The U.S. District Court for the Northern District of
Illinois has held that a company’s alleged use of an employee’s Facebook and Twitter
pages without her permission to post marketing messages that looked like they
were written by the employee may be liable under the Illinois Right to Publicity
Act and the Lanham Act for false endorsement.
In this case, the employee, Jill Maremont, worked for an
interior design firm in Chicago. As part of her job, Maremont created a
work-related blog that was hosted on her employer’s website. She also frequently
posted to both her Facebook page and Twitter, which both included her picture
and were, according to her, personal accounts.
In September 2009, Maremont was in an automobile accident
and was seriously injured. During Maremont’s convalescence, her employer posted
company messages to Maremont’s Facebook page and Twitter account, writing posts
that claimed to be from Maremont.
When Maremont found out about the substitute posts, she
asked her employer to stop because, among other things, it made it seem like she
was already back and work and her injuries were less severe than they actually
were. However, the posts allegedly continued until Maremont changed the
passwords to her Facebook and Twitter accounts.
The court held that those allegations were sufficient to
proceed under the theories of false endorsement and breaches of her right to
publicity. However, the court dismissed the plaintiff’s common law
misappropriation of likeness claim, noting that the tort was replaced by the
state’s Right to Publicity Act, and rejected the plaintiff’s unreasonable
intrusion upon seclusion claim.
Full text of the court’s opinion in Maremont v. Susan
Fredman Design Group, N.D. Ill., No. 10-7811, 3/15/11, is available at Maremont v Fredman 110315.pdf.
This case deals with
something employers should deal with in their social media policy – personal
social media accounts. Like most other issues regarding social media, how a
given employer deals with a given question depends a lot on the employer, its
industry and its culture. Some businesses prohibit employees from having
personal work-related social media accounts, while some encourage it. Consider
what the right position is for your business, discuss it with your employees who
are active in social media, and document the decision in your social media
According to a recent study by OpenDNS,
Facebook is both the most widely blocked site in enterprises today and the second most widely allowed site in enterprises today. The study goes on to report that more than 14 percent of all enterprises that block websites on their networks choose to block Facebook, and MySpace and YouTube round out the top three most commonly blocked websites for business users.
The OpenDNS findings are consistent with those reported in ProofPoint’s 7th Annual Survey on Outbound Messaging and Content Security, which broke the blocking statistics down by company size:
And there’s a good reason for companies to be blocking that access. According to the ProofPoint report, in 2010:
of US companies investigated exposure of confidential/proprietary info via blogs/message boards
- 24% disciplined employee for violation of blog policy w/in last 12 months
- 11% terminated employee for violation
- 20% of US companies investigated exposure of confidential/proprietary info via social networks
- 20% disciplined employee for violation of social network policy w/in last 12 months
- 7% terminated employee for violation
of US companies investigated exposure of confidential/proprietary info via video/audio sharing services
- 21% disciplined employee for violation of media sharing/posting policy w/in last 12 months
- 9% terminated employee for violation
of US companies investigated exposure of confidential/proprietary info via SMS/web-based messaging
So what should your company be doing?
First, have a social media policy. Talk to employees and solicit ideas for the corporate social media policy. You want to encourage all personnel to think and act like an official company spokesperson, but make sure they know they are not an official company spokesperson and cannot claim to be. The company should designate social media representatives and give them limitations what they are and aren’t supposed to do.
Identify off-limit subjects ahead of time and share that with your company’s social media representatives. Employee training and communication are key to compliance.
Second, have a monitoring policy. From a company perspective, the policy should state that all use of company-provided equipment or services can be monitored, but limit searches of communications/devices to where there is suspicion of misconduct, and limit those searches so that they are consistent with the purpose of the investigation.
Third, make disciplinary consequences clear in your policies, and be consistent in application of the policies. Turning a blind eye to executive violations of the policies, or applying different disciplinary consequences to executives who violate policies can undercut both the company’s moral authority in the eyes of the employees who are subject to those policies and the company’s legal ability to enforce those policies.