Most Recent Articles

Login Lessons From the Hawaii Missile Alert Fiasco

Posted by on Feb 7, 2018 in Employment and Labor, Social Media

Phones across Hawaii lit up at 8:07 a.m. on January 13, 2018 with an alert that a ballistic missile was hurtling toward the state.  Two minutes later, Governor David Ige learned that the alert was mistakenly sent.  But it took another excruciating 15 minutes before the governor took to Twitter to clarify that there was “NO missile threat to Hawaii.”  Why the delay?  Governor Ige later confessed that he forgot his Twitter password.

Companies can learn a lesson or two from the governor’s login woes.  Ready access to login credentials for your company’s online assets is crucial.  Being locked out of your website, social media accounts, cloud services, and other digital assets can seriously damage your company’s operations and reputation.  Securing usernames and passwords is just as important as keeping track of the keys to your office or company safe.

Here are some tips for keeping company login credentials safe and accessible:

1.  Designate a location for storing login credentials.

Employees authorized to set up or modify an online account on behalf of the company should be instructed to store the login credentials in a designated location.  This will prevent a frantic search for account information in mission-critical situations.  The designated location can be a file stored in a specific drive or folder.  If the file is encrypted – a highly recommended practice – make sure the encryption code is stored in a safe place.  In some situations, simply writing down login credentials on a piece of paper can work.  Just make sure the paper is stored in a safe and identified location.

2.  Ensure access to login credentials to those who need it.

Employees who need access to the company’s online accounts should be told where the login credentials for those accounts are stored.  Supervisors of employees who regularly use the account should know where the credentials are stored in case those employees separate from the company.

3.  Develop a protocol for modifying login credentials.

Company policy should clearly articulate procedures for modifying login credentials to company accounts.  For example, employees who make the modifications should be required to inform their supervisor in writing about the change and update the account information stored in the designated location.

4.  Set up accounts with company email addresses.

Employees should not be allowed to use personal email addresses to register online accounts on behalf the company.  Only company email addresses should be used to register accounts.  If the login name or password for the account needs to be reset, a reset confirmation email is typically sent to the email address under which the account is registered.  If the registered email address belongs to an employee, the company might not be able to complete the reset process if the employee (or ex-employee) refuses to cooperate.

5.  Specify ownership of online assets.

Company policy should clearly specify that any online accounts created for the company are owned by the company, not the employee who registered them.  Such a policy is especially necessary for social media accounts, which might seem like they belong to the employee promoting the company using the accounts.

Having login credentials at your fingertips is important to your company’s success, even if the stakes don’t involve warnings of impending disaster.

Read More

Vision-Impaired Customer of Grocery Chain Becomes First Plaintiff to Win ADA Website Accessibility Claim After Trial

Posted by on Sep 14, 2017 in Employment and Labor, Litigation

A lawsuit against grocery chain Winn-Dixie became the first case of its kind to produce a decision holding, after a trial, that a public accommodation violated the Americans With Disabilities Act (ADA) because its website was inaccessible to a customer with a disability.  Not only does the case drive home the threat of website accessibility claims, but the court’s order provides valuable guidance on bringing websites into compliance with the ADA.

Accessibility of the Winn-Dixie Website

The plaintiff (Juan Carlos Gil) is legally blind.  He began shopping at Winn-Dixie because of its low prices and convenience to his home.  Gil learned from Winn-Dixie television ads that he could visit the Winn-Dixie website to access coupons and fill prescriptions.  However, he often found the website difficult to navigate with special software designed to assist vision-impaired individuals in using computers.  The Winn-Dixie website did not work well with the software 90% of the time.  As a result, Gil could not access coupons or order his prescriptions online.  Gil sued Winn-Dixie for violating the ADA by denying him goods and services based on his disability.

Winn-Dixie’s vice president of IT (Rodney Cornwell) testified that the company was building an ADA policy for its website but had not completed it.  Part of the challenge appeared to be getting third party vendors that interface with Winn-Dixie’s website (like Google and American Express) to ensure that their websites are accessible.  Cornwell admitted that it was feasible to modify the website for accessibility, and that the company had budgeted $250,000 to make the modifications.  An expert on website accessibility testified that his firm could make Winn-Dixie’s site accessible for $37,000.

The Court’s Decision

After a bench trial, the court determined that Winn-Dixie violated Title III of the ADA because its website was inaccessible, and included a draft injunction in its order that would require the company to make the website accessible and post an accessibility policy on the site.  The court did not consider the $250,000 cost to make the website accessible too high, noting that Winn-Dixie spent $2 million to launch the website initially and another $7 million to adapt it for use in the Plenti rewards program.

The court adopted the Web Content Accessibility Guidelines (WCAG) 2.0 as the standard Winn-Dixie must meet to make its website accessible.  WCAG 2.0 is a set of guidelines developed by a private group of accessibility experts.  Although the standard has been used in consent decrees and settlement agreements, and the Department of Justice has referenced the standard in the Title II rulemaking process, this marks the first time that it is formally adopted as the legal standard for public accommodation websites.

The court also held that Winn-Dixie is responsible for accessibility of its entire site, including parts of it operated by third party vendors.  The court reasoned that Winn-Dixie has a legal obligation to require third party vendors to be accessible if they choose to operate within the Winn-Dixie website.

The injunction was entered on July 6, 2017.  Winn-Dixie is appealing the trial court’s decision.


The Winn-Dixie order is significant in several respects.

  • Plaintiffs in ADA website accessibility lawsuits now have legal precedent that websites are places of public accommodation and therefore must be accessible to individuals with disabilities. The decision, which is not binding, does not mean that all consumer facing websites are places of public accommodation.  The Ninth Circuit, of which Hawai‘i is a part, requires a “nexus” between a website and the physical place of public accommodation for an ADA violation to occur.
  • Although this case involved a public accommodation, it can have implications on website accessibility claims against employers.  Title I of the ADA applies to private employers with 15+ employees.  Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them.  In addition, accessibility may be an issue for business websites that allow job applicants to apply online.
  • The court adopted WCAG 2.0 as the legal standard for accessibility. Still uncertain is what level of compliance is required, as WCAG 2.0 has multiple levels of conformance (A, AA, AAA).   Also unclear is whether substantial compliance with the standard is enough or 100% compliance—which may be impossible—is required.
  • Website owners should develop a website accessibility policy and link to it on their website.
  • One factor in determining the burden of the cost of compliance is its proportionality to the overall cost of developing the website, including past modifications.
  • Website owners are responsible for the accessibility of third party vendors that interface with their site. This requirement can be challenging to satisfy, especially if a website uses smaller third party vendors who might lack resources to ensure accessibility of their applications and websites.

Consult a lawyer with website accessibility experience to help you evaluate and mitigate the risk of ADA liability.

Read More

Firing of Employee For Posting Profanity-Laced Facebook Comments Ruled Illegal

Posted by on Jun 22, 2017 in Employment and Labor, Social Media

Social media seems to be a favorite forum for employees to complain about their workplace.  Firing employees for posting work-related social media messages can land an employer in trouble.  But is management absolutely forbidden from firing employees for making offensive comments on social media?  Is there a line employees may not cross?  The Second Circuit Court of Appeals took up this question recently in NLRB v. Pier Sixty, LLC, 855 F.3d 115 (2d Cir. 2017).

The Facebook Firing

In early 2011, New York catering company Pier Sixty was in the middle of a tense organizing campaign that included management threatening employees who might participate in union activities.  Two days before the unionization vote, Hernan Perez was working as a server at a Pier Sixty Venue.  His supervisor, Robert McSweeney, gave him directions in a harsh tone.  On his next work break, Perez posted this message on his Facebook page:

Bob is such a NASTY MOTHER FUCKER don’t know how to talk to people! ! ! ! ! ! Fuck his mother and his entire fucking family! ! ! ! What a LOSER! ! ! ! Vote YES for the UNION! ! ! ! ! ! !

Perez knew that his Facebook friends, including ten coworkers, could see the post, although he allegedly thought his Facebook page was private.  Perez removed the post three days later, but not before it came to management’s attention.  Perez was fired after an investigation.

The National Labor Relations Board (NLRB) decided that Pier Sixty unlawfully terminated Perez in retaliation for “protected, concerted activities.”  Pier Sixty appealed to the Second Circuit and the NLRB filed an application for enforcement of its decision.

Evolving Standards of Whether Obscene Comments Lose Protection

Employees have the right to engage in “concerted activities for the purpose of collective bargaining or other mutual aid or protection” under Section 7 of the National Labor Relations Act (NLRA).  But if an employee’s actions lose NLRA protection if they are “so opprobrious and egregious as to render him or her ‘unfit for further service.’”  See Atlantic Steel Co., 245 NLRB 814 (1979).  Pier Sixty argued that Perez engaged in “opprobrious” conduct by posting obscenities on Facebook.

The Second Circuit noted that the test for opprobrious conduct was unsettled.  The NLRB traditionally used the Atlantic Steel four-factor test that considers the location and subject matter of the discussion, the nature of the employee’s outburst, and if the outburst was provoked by an employer’s unfair labor practice.  But in 2012, the NLRB began using a “totality of the circumstances” test in social media cases to address the unique context of social media and allay concerns that the Atlantic Steel test did not adequately consider employers’ interests.

Second Circuit Sidesteps Review of NLRB’s New Test

Without addressing the validity of the “totality of the circumstances” test, the Second Circuit found “substantial evidence” that Perez’s comments were not so egregious as to lose NLRA protection.  Perez’s message, though vulgar, included workplace concerns and was part of a “tense debate over managerial mistreatment in the period before the representation election.”  Pier Sixty also did not previously discipline employees for widespread profanity in the workplace.  Finally, Perez’s comments were not made in the immediate presence of customers and did not disrupt the catering event.  Despite deciding that Perez’s conduct was not “opprobrious,” the court noted that the case sat “at the outer-bounds of protected, union-related comments” and reminded the NLRB to develop a test giving weight to employers’ legitimate disciplinary interests in preventing employee outbursts in the presence of customers.


Pier Sixty teaches that an employee may not be fired simply for making profanity-laced comments on social media if the comments are related to the workplace.  The fact that the comments are accessible to members of the public, including customers, is not determinative.  So at what point do an employees’ obscene comments lose protection?  That remains an open question after Pier Sixty, but the court’s comments inspire hope that the NLRB will craft a more employer-friendly standard in the future.


Read More

Take Control of Negative Online Comments

Posted by on Apr 19, 2017 in Advertising and Marketing, Employment and Labor, Social Media

“Why did you fire my wife?”  Bradley Reid Byrd posted this question on the Facebook page of Cracker Barrel.  Byrd wanted to know why his wife was let go after working for the restaurant chain for 11 years.  The post remained largely unnoticed for about a month until a comedian uploaded a screenshot of it to his Facebook page and his 2.1 million followers.  The internet outrage machine then kicked into high gear.  Multiple hashtags were created (#JusticeForBradsWife, #BradsWifeMatters, #NotMyCountryStore).  Someone started a “Brad’s Wife” Facebook page.  A petition demanding answers from Cracker Barrel was launched.

Social media makes it easy to channel the furor of the masses against an organization.  The instigator could be anyone with some connection to the organization – a former or current employee, their relatives, or a customer.  What should an organization do if it finds itself at the center of an internet controversy?

Responding to negative online comments is a delicate exercise, and missteps early on can  damage an organization’s reputation tremendously.  From a human resources perspective, the first step is to control who, if anyone, should respond.  Employees should be prohibited from making “rogue” responses on behalf of the organization.  Employers should state this restriction clearly in their social media policy and train employees on the importance of compliance.

After deciding who will handle the response, the next step is figuring out what to say.  The knee-jerk reaction to inflammatory or untrue online comments might be to threaten a defamation suit against the posters, but that can backfire and damage the organization’s reputation even more.  Sometimes the best response is to say nothing and let the controversy pass.

If a response is warranted, consider who the audience will be and how they might respond to it.  Pointing out flaws in the negative comments could be perceived as overly defensive.  On the other hand, respectfully acknowledging the negative comments or posting positive content about to organization could defuse the controversy.

Whatever the response, it should be the product of careful consideration.  On the internet, it takes just a few clicks to set off a firestorm.



Read More

NLRB Advice Memorandum Provides Guidance on How to Revise an Illegal Social Media Policy

Posted by on Mar 22, 2017 in Employment and Labor, Social Media

On January 1, 2017, the National Labor Relations Board (NLRB) Office of the General Counsel released an advice memorandum (dated September 22, 2016) reviewing the social media policy in Northwestern University’s revised Football Handbook.  The memorandum contains valuable guidance in an area full of uncertainty, as the NLRB has struck down seemingly common sense social media policies because of their potential to chill employees’ rights under Section 7 of the National Labor Relations Act (NLRA) to engage in “concerted protected activities.”  Section 8 of the NLRA prohibits employees from restraining employees from exercising their Section 7 rights.

According to the memorandum, Northwestern voluntarily revised its Football Handbook after receiving a charge alleging that the handbook violated the NLRA.  The advice memorandum reviewed the revised handbook for compliance with the NLRA.  Assuming for the purpose of the review that Northwestern’s football players are “employees” under the NLRA, the advice memorandum concluded that the revised social media policy passed muster.

The memorandum reprinted the original language of the policies along with the revisions in redline, as follows (deleted language in strikeout and new language in bold):

[W]e are concerned about… protecting the image and reputation of Northwestern University and its Department of Athletics and Recreation. . . .

Publicly posted information on social networking websites can be seen may be regularly monitored by any person with a smart phone or internet access, including individuals a number of sources within Northwestern University (e.g., Athletics Department, Student Affairs, University Police). . . .

Northwestern student-athletes should be very careful when using online social networking sites and keep in mind that sanctions may be imposed if these sites are used improperly or depict inappropriate, embarrassing harassing, unlawful or dangerous behaviors such as full or partial nudity (of yourself or another), sex, racial or sexual epithets, underage drinking, drugs, weapons or firearms, hazing, harassment, unlawful activity or any content that violates Northwestern University, Athletics Department or student-athlete codes of conduct and/or state or federal laws.


Do not post any information, photos or other items online that contain full or partial nudity (of yourself or another), sex, racial or sexual epithets, underage drinking, drugs, weapons or firearms, hazing, harassment or unlawful activity could embarrass you, your family, your team, the Athletics Department or Northwestern University.

Although the advice memorandum did not elaborate on why the original policy could violate the NLRA while revised policy would not, it provides important clues on drafting lawful social media policies.  The modifications to the policy generally substituted vague terms like “inappropriate” and “embarrassing” with descriptions of the content that the policy prohibits.  For example, the revised policy specifically prohibits social media posts depicting “nudity,” “racial or sexual epithets,” and “underage drinking,” among other things.  The revised policy also eliminated protection of the employer’s “image and reputation” from the description of the policy’s purpose.  In previous guidance, the NLRB has determined that employers may not require employees to refrain from engaging in activity that generally damages the employer’s reputation because that could be construed to prohibit “concerted protected activity” such as criticism of work conditions or compensation policies.

The recent advice memorandum reinforces the need to be precise when drafting a social media policy.  Experienced counsel can assist in identifying the types of social media content that the NLRB has allowed employers to prohibit employees from posting.

Read More
%d bloggers like this: