Six years ago, the National Labor Relations Board (NLRB) became one of the first governmental agencies to regulate social media use in the workplace. In 2010 and 2011, the NLRB issued a series of guidance memos and decisions sketching the contours of acceptable limitations on social media conduct of employees. Largely aimed at protecting the right of employees to act together to improve their working conditions and terms of employment – what Section 7 of the National Labor Relations Act (NLRA) calls “protected concerted activity” – the NLRB’s social media guidelines can be downright frustrating for employers. Conduct that might seem proper to ban, like making defamatory comments about management personnel or discussing confidential company information online, could be protected under Section 7, according to the NLRB.
Little has changed after six years. Three recent cases show that the NLRB is still as confounding as ever when it comes to regulating social media work rules.
- In Chipotle Services LLC d/b/a Chipotle Mexican Grill, Case No. 04-CA-147314 (Aug. 18, 2016) the NLRA struck down parts of Chipotle’s “Social Media Code of Conduct” that prohibited employees from posting “incomplete, confidential or inaccurate information” and making “disparaging, false, or misleading statements” about Chipotle, other employees, suppliers, customers, competitors, or investors. Chipotle fired an employee for violating this rule by posting tweets that criticized Chipotle’s hourly wage. The NLRA concluded that the rule was unlawful because it could reasonably chill employees in the exercise of their Section 7 rights.
- In G4S Secure Solutions (USA) Inc., 364 NLRB No. 92 (Aug. 26, 2016), the NLRB ruled that a private security company’s policies concerning confidentiality and social media postings violated Section 7 rights of employees. The confidentiality policy prohibited employees from making “public statements about the activities or policies of the company[.]” The NLRB found this rule overbroad because it could be understood to prohibit discussion of rules concerning employee conduct, which is a term and condition of employment. Also unlawful was a social media policy banning social media postings of pictures of employees dressed in their security guard uniforms. The NLRB rejected the company’s argument that the policy protected a legitimate privacy interest.
- In Laborers’ International Union of North America and Mantell, Case No. 03-CB-136940 (NLRB Sept. 7, 2016), the NLRB found that a union violated the Section 7 of the NLRA by disciplining a union member who criticized union leadership for giving a journeyman’s book to a mayoral candidate who had not gone through the union’s 5-year apprenticeship program. The comments were posted on a Facebook page accessible to approximately 4,000 people, some of whom were union members. Even though certain aspects of his comments were false, they did not lose protection because they were not “knowingly and maliciously untrue.”
Does your organization have similar social media rules concerning anti-disparagement, confidentiality, or privacy? If so, it might be time to freshen up your social media policy with the help of experienced counsel.
You’ve heard the buzz about Pokemon GO and decide to give it a try. After installing the game on your phone and moving past the initial splash screen, you’re presented with the game’s Terms of Service, which you may “Accept” or “Decline.” Just a single click stands between you and Pokemon-hunting goodness!
If you clicked the “Accept” button, you just entered into a “clickwrap” agreement. Does that mean you’re now bound by everything stated in the Terms of Service? The answer to that question is important from an HR perspective because work forms are increasingly being digitally executed by current and prospective employees over a computer network. Thankfully, the answer is yes, as a recent New Jersey decision confirmed.
In ADP, LLC v. Lynch (D.N.J. June 30, 2016), a business outsourcing company (ADP) sued two former employees to enforce non-compete, non-disclosure, and non-solicitation provisions in a restrictive covenant agreement. The defendants had enrolled in ADP’s stock award program electronically. In order to receive awards in the program, they were required to click an “Accept Grant” button. The option to click this button was unavailable until they affirmatively check a box acknowledging that they had read a collection of documents, including the restrictive covenant agreement. The defendants had checked the box and clicked on the “Accept Grant” button.
The significance of this fact became apparent when the defendants, who were not residents of New Jersey, argued that the New Jersey court lacked personal jurisdiction over them. The court noted that defendants had consented to the personal jurisdiction of New Jersey courts in the restrictive agreements. The defendants argued that that the forum selection clause in the restrictive covenant agreement was unenforceable because they did not receive adequate notice of the clause. The court rejected this argument as well, noting other cases in which clickwrap agreements incorporating additional terms by reference were regarded as providing reasonable notice that additional terms apply. Some courts have even enforced clickwrap agreements that do not require affirmative confirmation that the signatory reviewed the terms before agreeing to them. ADP was therefore allowed to pursue its lawsuit.
ADP confirms that electronic consent to agreements incorporated by reference into a clickwrap agreement is legally valid, assuming the agreements are supported by adequate consideration. To build an even better case for enforceability, employees should be required to confirm their agreement with (not just acknowledgment of) the incorporated documents. But beware of the clickwrap agreement’s close cousin—the “browsewrap” agreement, which states that continued action (like browsing the contents of a web page) constitutes agreement with certain terms. Courts routinely refuse to enforce browsewrap agreements. Requiring employees to manifest their agreement through affirmative conduct – like clicking on a button – is essential.
Since the Americans with Disabilities Act (ADA) was passed in 1990, businesses have been vulnerable to “drive-by lawsuits” alleging that their facilities are physically inaccessible to disabled customers or guests. The new trend in ADA litigation is the “surf-by” lawsuit—disabled individuals who sue under the ADA because a business website they visited was allegedly inaccessible to them. The U.S. Department of Justice also has been aggressively enforcing website inaccessibility violations even though it won’t issue regulations until 2018.
If you’re still not convinced that the threat of website accessibility lawsuits is real, consider that in March, a California trial court became the first in the nation to rule on summary judgment that a retailer’s website violated the ADA and California’s anti-discrimination law (the Unruh Act). The court determined that the website was inaccessible to visually impaired individuals. The judge slapped the retailer with $4,000 in statutory damages under the Unruh Act, ordered it to either modify or remove the website, and awarded the plaintiff its attorneys’ fees, which are estimated to be in the six-figure range.
What can business owners do to prevent being sued for website accessibility violations? Start with these steps:
- Determine if the ADA applies to you. Title I of the ADA applies to private employers with 15+ employees. Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them. In addition, accessibility may be an issue for business websites that allow job applicants to apply online. Title II applies to State and local governments. Under Title III, the website of an organization that qualifies as a “public accommodation” must be accessible to individuals with disabilities. Courts are split on whether “pure Internet” organizations (i.e., those without a bricks-and-mortar presence) are subject to website accessibility requirements.
- Identify accessibility issues. If the ADA applies to you, determine if your website poses accessibility problems to disabled individuals. The DOJ has not yet officially adopted rules for website accessibility, but is considering two sets of standards – the Web Content Accessibility Guidelines (WCAG) 2.0 created by the World Wide Web Consortium and the Electronic and Information Technology Accessible Standards published by the U.S. Access Board for compliance with Section 508 of the Rehabilitation Act. Common accessibility barriers include lack of closed-captioning for audio and video content, a site navigation structure unfriendly to keyboard-only users, and failure to provide descriptive text for images and non-text content.
- Get expert help. Web accessibility standards are highly technical. Consider consulting an IT expert with web accessibility experience to help you identify accessibility problems and solutions. You should also consult a lawyer with ADA experience to help you evaluate and mitigate legal risk, or to devise a defense strategy if you’ve already received a demand letter threatening litigation.
Digital privacy versus national security. That’s how scores of articles have framed the controversy over Apple Inc.’s refusal to cooperate with the FBI in bypassing the security features of an iPhone used by Syed Farook, one of the deceased shooters in the San Bernardino terrorist attack. Largely overlooked is the fact that Farook’s employer could’ve prevented the whole controversy had it installed common software on the phone.
Syed worked for the County of San Bernardino as a health inspector. The county issued the iPhone in question to Farook to help him do his job. Farook signed an agreement giving the county the right to search the contents of the phone, but the county did not take measures to ensure its could enforce that right. Employers who allow their employees to use mobile devices for work typically install mobile device management (MDM) software on the device. MDM allows the employer to unlock a mobile device phone remotely, wipe the contents of the device, push software updates, and track the device’s location. According to an AP report, the county had a contract with a MDM provider, but it never installed the MDM software on Farook’s phone. The MDM service costs $4 per month per phone.
There are HR and IT lessons to be learned from this incident. One lesson is that employees should be required to grant their employers access to their mobile devices as a condition of using them for work-related purposes. Specifically, management should obtain an employee’s signed written agreement authorizing the company to access the contents of a mobile device that is connected to the company network. The County of San Bernardino did it at least obtain this kind of authorization.
A second lesson is that the right to access an mobile device is useless if you have no practical way of gaining access. This is where technology like MDM software is useful. Installation of MDM controls should be standard operating procedure in any Bring Your Own Device program. MDM software doesn’t have to be expensive either. Popular email server platforms like Microsoft Exchange have MDM controls built in. For more robust functionality, consider investing in specialized MDM solutions.
It shouldn’t take the prospect of a terrorist attack to highlight the importance of taking these lessons seriously.
Anyone with a smartphone has the ability to record sound and video. This can raise privacy concerns as well as create a record of events without others’ knowledge. For these reasons, companies may prohibit employees from making workplace recordings. If your employee handbook contains such a rule, consider giving it a second look because the National Labor Relations Board (NLRB) recently struck down “no recording” rules implemented by Whole Foods.
A three-member panel of the NLRB reviewed two workplace policies: one prohibiting employees from making audio or video recordings of company meetings without prior management approval or the consent of all parties to the conversation, and the second prohibiting employees from recording conversations without prior management approval. The stated purpose of both policies was to foster open and honest communication, a free exchange of ideas, and an atmosphere of trust. Allowing employees to record conversations in secret, the policies explained, would deter employees from holding frank discussions about sensitive and confidential matters in the workplace.
The NLRB saw the “no recording” rules differently. In a NLRB Whole Foods Decision, the NLRB ordered Whole Foods to rescind the rules because they effectively violate employees’ rights under Section 7 of the National Labor Relations Act to engage in protected concerted activity. A majority of the NLRB panel expressed concern that the rule would prohibit employees from engaging in protected activities such as “recording images of protected picketing, documenting unsafe workplace equipment or hazardous working conditions, documenting and publicizing discussions about terms and conditions of employment, documenting inconsistent application of employer rules, or recording evidence to preserve it for later use in administrative or judicial forums in employment-related actions.” The majority noted that covert recordings were an essential element in vindicating Section 7 rights in many cases. The employer’s interest in encouraging open and frank communications did not override the Section 7 rights of employees.
One member of the NLRB panel dissented, arguing that employees would reasonably interpret the “no recording” rules to protect, not prohibit, Section 7 activity. However, the majority found the blanket prohibition on all recordings troubling. A witness for Whole Foods testified that the rules would apply “regardless of the activity that the employee is engaged in, whether protected concerted activity or not.” According to the majority, employees would reasonably read the broad and unqualified language of the rules to prohibit recording Section 7 activity.
The decision suggests that a “no recordings” rule that exempts protected activities could be valid. But where to draw the line between protected and unprotected activities remains an open question. Given the NLRB’s tendency to construe the scope of Section 7 activities broadly, a wide range of business discussions could be considered to involve protected activity and thus exempt from a “no recordings” rule. This would make the rule virtually useless. The NLRB’s decision may not be last word on recording rules, however, as Whole Foods has appealed the decision to the Second Circuit Court of Appeals.