Six years ago, the National Labor Relations Board (NLRB) became one of the first governmental agencies to regulate social media use in the workplace. In 2010 and 2011, the NLRB issued a series of guidance memos and decisions sketching the contours of acceptable limitations on social media conduct of employees. Largely aimed at protecting the right of employees to act together to improve their working conditions and terms of employment – what Section 7 of the National Labor Relations Act (NLRA) calls “protected concerted activity” – the NLRB’s social media guidelines can be downright frustrating for employers. Conduct that might seem proper to ban, like making defamatory comments about management personnel or discussing confidential company information online, could be protected under Section 7, according to the NLRB.
Little has changed after six years. Three recent cases show that the NLRB is still as confounding as ever when it comes to regulating social media work rules.
- In Chipotle Services LLC d/b/a Chipotle Mexican Grill, Case No. 04-CA-147314 (Aug. 18, 2016) the NLRA struck down parts of Chipotle’s “Social Media Code of Conduct” that prohibited employees from posting “incomplete, confidential or inaccurate information” and making “disparaging, false, or misleading statements” about Chipotle, other employees, suppliers, customers, competitors, or investors. Chipotle fired an employee for violating this rule by posting tweets that criticized Chipotle’s hourly wage. The NLRA concluded that the rule was unlawful because it could reasonably chill employees in the exercise of their Section 7 rights.
- In G4S Secure Solutions (USA) Inc., 364 NLRB No. 92 (Aug. 26, 2016), the NLRB ruled that a private security company’s policies concerning confidentiality and social media postings violated Section 7 rights of employees. The confidentiality policy prohibited employees from making “public statements about the activities or policies of the company[.]” The NLRB found this rule overbroad because it could be understood to prohibit discussion of rules concerning employee conduct, which is a term and condition of employment. Also unlawful was a social media policy banning social media postings of pictures of employees dressed in their security guard uniforms. The NLRB rejected the company’s argument that the policy protected a legitimate privacy interest.
- In Laborers’ International Union of North America and Mantell, Case No. 03-CB-136940 (NLRB Sept. 7, 2016), the NLRB found that a union violated the Section 7 of the NLRA by disciplining a union member who criticized union leadership for giving a journeyman’s book to a mayoral candidate who had not gone through the union’s 5-year apprenticeship program. The comments were posted on a Facebook page accessible to approximately 4,000 people, some of whom were union members. Even though certain aspects of his comments were false, they did not lose protection because they were not “knowingly and maliciously untrue.”
Does your organization have similar social media rules concerning anti-disparagement, confidentiality, or privacy? If so, it might be time to freshen up your social media policy with the help of experienced counsel.
You’ve heard the buzz about Pokemon GO and decide to give it a try. After installing the game on your phone and moving past the initial splash screen, you’re presented with the game’s Terms of Service, which you may “Accept” or “Decline.” Just a single click stands between you and Pokemon-hunting goodness!
If you clicked the “Accept” button, you just entered into a “clickwrap” agreement. Does that mean you’re now bound by everything stated in the Terms of Service? The answer to that question is important from an HR perspective because work forms are increasingly being digitally executed by current and prospective employees over a computer network. Thankfully, the answer is yes, as a recent New Jersey decision confirmed.
In ADP, LLC v. Lynch (D.N.J. June 30, 2016), a business outsourcing company (ADP) sued two former employees to enforce non-compete, non-disclosure, and non-solicitation provisions in a restrictive covenant agreement. The defendants had enrolled in ADP’s stock award program electronically. In order to receive awards in the program, they were required to click an “Accept Grant” button. The option to click this button was unavailable until they affirmatively check a box acknowledging that they had read a collection of documents, including the restrictive covenant agreement. The defendants had checked the box and clicked on the “Accept Grant” button.
The significance of this fact became apparent when the defendants, who were not residents of New Jersey, argued that the New Jersey court lacked personal jurisdiction over them. The court noted that defendants had consented to the personal jurisdiction of New Jersey courts in the restrictive agreements. The defendants argued that that the forum selection clause in the restrictive covenant agreement was unenforceable because they did not receive adequate notice of the clause. The court rejected this argument as well, noting other cases in which clickwrap agreements incorporating additional terms by reference were regarded as providing reasonable notice that additional terms apply. Some courts have even enforced clickwrap agreements that do not require affirmative confirmation that the signatory reviewed the terms before agreeing to them. ADP was therefore allowed to pursue its lawsuit.
ADP confirms that electronic consent to agreements incorporated by reference into a clickwrap agreement is legally valid, assuming the agreements are supported by adequate consideration. To build an even better case for enforceability, employees should be required to confirm their agreement with (not just acknowledgment of) the incorporated documents. But beware of the clickwrap agreement’s close cousin—the “browsewrap” agreement, which states that continued action (like browsing the contents of a web page) constitutes agreement with certain terms. Courts routinely refuse to enforce browsewrap agreements. Requiring employees to manifest their agreement through affirmative conduct – like clicking on a button – is essential.
Whether it’s the secret recipe for your gourmet cupcakes or a unique process for manufacturing your best-selling product, trade secrets are valuable company assets. When an employee leaves, there’s a risk they will take your trade secrets with them to a competitor or to start their own business. So what relief is available if you’re a victim of trade secret theft? Hawai‘i companies already can seek relief from the Hawaii Uniform Trade Secrets Act, but now there’s another tool to combat trade secret theft. On May 11, 2016, President Obama signed the Defend Trade Secrets Act (DTSA) into law, which adds a federal layer of protection for trade secrets.
Here are the highlights of the new law:
What does DTSA do? The DTSA creates a new federal remedy for trade secret misappropriation. Prior federal trade secrets law only criminalized certain misappropriations of trade secrets. The DTSA allows victims of trade secret misappropriation to sue in federal court.
Is the DTSA my exclusive remedy? No. The DTSA creates a national standard of trade secret law and gives you more options for seeking relief, but it doesn’t pre-empt state law. You may still take advantage of trade secret protections under state laws like the Hawaii Uniform Trade Secrets Act.
What’s so special about the DTSA? One feature of the DTSA is that it allows a court to grant an “ex parte seizure order.” This new remedy lets trade secret owners seek a court order to seize allegedly stolen trade secret items in the accused wrongdoer’s possession without first giving them notice. Seizure orders are granted only in “extraordinary circumstances.” To safeguard against abuse of seizure orders, the DTSA entitles victims of wrongful seizure to damages, punitive damages in cases of bad faith, and attorneys’ fees. It remains to be seen how courts will apply the ex parte seizure provisions of the DTSA and how often the remedy will be used.
What do employers need to know about the DTSA? Injunctive relief granted under the DTSA may not “prevent a person from entering into an employment relationship” and must be consistent with state law “prohibiting restraints on the practice of a lawful profession, trade, or business.” In other words, the DTSA does not override state law governing non-compete covenants. Claims under state law may need to be included in the lawsuit to enforce non-compete provisions in an employment agreement.
The DTSA also provides immunity for whistleblower employees (which the DTSA defines broadly to include independent contractors and consultants) who disclose trade secrets to any government official solely for the purpose of reporting or investigating a suspected violation of law or in a court filing made under seal. Notice of the whistleblower immunity provisions must be given in every agreement entered into after May 11, 2016 that restricts the employee’s use of a trade secret or other confidential information. The notice requirement may be satisfied by referencing the immunity provisions in a policy document (like an employee manual) rather than inserting the provisions into each employment agreement.
For more specific information on how the DTSA affects you, consult experienced legal counsel.
Since the Americans with Disabilities Act (ADA) was passed in 1990, businesses have been vulnerable to “drive-by lawsuits” alleging that their facilities are physically inaccessible to disabled customers or guests. The new trend in ADA litigation is the “surf-by” lawsuit—disabled individuals who sue under the ADA because a business website they visited was allegedly inaccessible to them. The U.S. Department of Justice also has been aggressively enforcing website inaccessibility violations even though it won’t issue regulations until 2018.
If you’re still not convinced that the threat of website accessibility lawsuits is real, consider that in March, a California trial court became the first in the nation to rule on summary judgment that a retailer’s website violated the ADA and California’s anti-discrimination law (the Unruh Act). The court determined that the website was inaccessible to visually impaired individuals. The judge slapped the retailer with $4,000 in statutory damages under the Unruh Act, ordered it to either modify or remove the website, and awarded the plaintiff its attorneys’ fees, which are estimated to be in the six-figure range.
What can business owners do to prevent being sued for website accessibility violations? Start with these steps:
- Determine if the ADA applies to you. Title I of the ADA applies to private employers with 15+ employees. Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them. In addition, accessibility may be an issue for business websites that allow job applicants to apply online. Title II applies to State and local governments. Under Title III, the website of an organization that qualifies as a “public accommodation” must be accessible to individuals with disabilities. Courts are split on whether “pure Internet” organizations (i.e., those without a bricks-and-mortar presence) are subject to website accessibility requirements.
- Identify accessibility issues. If the ADA applies to you, determine if your website poses accessibility problems to disabled individuals. The DOJ has not yet officially adopted rules for website accessibility, but is considering two sets of standards – the Web Content Accessibility Guidelines (WCAG) 2.0 created by the World Wide Web Consortium and the Electronic and Information Technology Accessible Standards published by the U.S. Access Board for compliance with Section 508 of the Rehabilitation Act. Common accessibility barriers include lack of closed-captioning for audio and video content, a site navigation structure unfriendly to keyboard-only users, and failure to provide descriptive text for images and non-text content.
- Get expert help. Web accessibility standards are highly technical. Consider consulting an IT expert with web accessibility experience to help you identify accessibility problems and solutions. You should also consult a lawyer with ADA experience to help you evaluate and mitigate legal risk, or to devise a defense strategy if you’ve already received a demand letter threatening litigation.
Digital privacy versus national security. That’s how scores of articles have framed the controversy over Apple Inc.’s refusal to cooperate with the FBI in bypassing the security features of an iPhone used by Syed Farook, one of the deceased shooters in the San Bernardino terrorist attack. Largely overlooked is the fact that Farook’s employer could’ve prevented the whole controversy had it installed common software on the phone.
Syed worked for the County of San Bernardino as a health inspector. The county issued the iPhone in question to Farook to help him do his job. Farook signed an agreement giving the county the right to search the contents of the phone, but the county did not take measures to ensure its could enforce that right. Employers who allow their employees to use mobile devices for work typically install mobile device management (MDM) software on the device. MDM allows the employer to unlock a mobile device phone remotely, wipe the contents of the device, push software updates, and track the device’s location. According to an AP report, the county had a contract with a MDM provider, but it never installed the MDM software on Farook’s phone. The MDM service costs $4 per month per phone.
There are HR and IT lessons to be learned from this incident. One lesson is that employees should be required to grant their employers access to their mobile devices as a condition of using them for work-related purposes. Specifically, management should obtain an employee’s signed written agreement authorizing the company to access the contents of a mobile device that is connected to the company network. The County of San Bernardino did it at least obtain this kind of authorization.
A second lesson is that the right to access an mobile device is useless if you have no practical way of gaining access. This is where technology like MDM software is useful. Installation of MDM controls should be standard operating procedure in any Bring Your Own Device program. MDM software doesn’t have to be expensive either. Popular email server platforms like Microsoft Exchange have MDM controls built in. For more robust functionality, consider investing in specialized MDM solutions.
It shouldn’t take the prospect of a terrorist attack to highlight the importance of taking these lessons seriously.