It’s generally a good practice to set standards of online employee conduct to prevent the social media activity of employees from disrupting the workplace or tarnishing your organization’s reputation. But the mere fact that an employee comments on controversial subjects on social media doesn’t necessarily justify disciplinary action. That’s especially true in the case of a public employer. Disciplining a government employee for posting social media messages about a topic of public concern could violate the First Amendment, as illustrated by a recent Ohio decision. Hamm v. Williams, Case No. 1:15CV273 (N.D. Ohio, Sept. 29, 2016).
Hamm centered around the controversy over the fatal police shooting of two unarmed African-Americans following a high-speed car chase. The incident — sometimes known as the “137 shots” in reference to the number of bullets that were fired at the couple — was highly publicized and the target of protests by the Black Lives Matter movement. Seven Cleveland police officers were indicted as a result. While off-duty, a Cleveland police officer (Hamm) used his home computer to post Facebook comments criticizing the indictments and showing support for his colleagues. Approximately one week later, Hamm wrote on Facebook that an unidentified individual found his original comments offensive and had reported the first post to his supervisors.
After conducting an investigation, the supervisors determined that Hamm had breached department rules against using social media to discuss a criminal investigation involving the department or posting material that would “tend to diminish” public esteem for the department. The department suspended Hamm for 10 days. Hamm sued the city for retaliating against him for exercising his First Amendment right to free expression.
Under U.S. Supreme Court precedent, government employees have a First Amendment right to speak as private citizens on matters of public concern. However, an employee’s constitutionally protected right to free expression must be balanced against a public employer’s interest in efficient delivery of public services.
The court determined that Hamm was speaking as a private citizen, as he had posted the Facebook comments while he was off-duty using his home computer. The subject of his comments – a highly publicized police shooting and the aftermath – was a matter of “political, social or other concern to the community” and not just a “quintessential employee beef.”
The city argued that a police department, as a paramilitary organization charged with maintaining public safety and order, had a greater interest in regulating the speech of its employees than an ordinary public employer. The city contended that it was justified in ensuring that officers are not publicly criticizing an investigation or placing a stigma on the criminal justice system or internal police operations.
The court rejected the city’s arguments because it found no evidence that Hamm’s posts actually resulted in work stoppages or that any officers declined to fulfill his or her duties because of Hamm’s posts. The court therefore allowed Hamm to proceed to trial on his First Amendment retaliation claim.
Hamm is a good reminder that discipline should not be a knee-jerk reaction to controversial social media posts of an employee. Conduct an investigation and collect evidence of the actual or potential disruptive impact of the comments before taking disciplinary action. If you’re a public employer, the First Amendment adds an extra layer of protection for employees. Consult experienced counsel to help you analyze the impact of constitutional protections for online employee speech.
Six years ago, the National Labor Relations Board (NLRB) became one of the first governmental agencies to regulate social media use in the workplace. In 2010 and 2011, the NLRB issued a series of guidance memos and decisions sketching the contours of acceptable limitations on social media conduct of employees. Largely aimed at protecting the right of employees to act together to improve their working conditions and terms of employment – what Section 7 of the National Labor Relations Act (NLRA) calls “protected concerted activity” – the NLRB’s social media guidelines can be downright frustrating for employers. Conduct that might seem proper to ban, like making defamatory comments about management personnel or discussing confidential company information online, could be protected under Section 7, according to the NLRB.
Little has changed after six years. Three recent cases show that the NLRB is still as confounding as ever when it comes to regulating social media work rules.
- In Chipotle Services LLC d/b/a Chipotle Mexican Grill, Case No. 04-CA-147314 (Aug. 18, 2016) the NLRA struck down parts of Chipotle’s “Social Media Code of Conduct” that prohibited employees from posting “incomplete, confidential or inaccurate information” and making “disparaging, false, or misleading statements” about Chipotle, other employees, suppliers, customers, competitors, or investors. Chipotle fired an employee for violating this rule by posting tweets that criticized Chipotle’s hourly wage. The NLRA concluded that the rule was unlawful because it could reasonably chill employees in the exercise of their Section 7 rights.
- In G4S Secure Solutions (USA) Inc., 364 NLRB No. 92 (Aug. 26, 2016), the NLRB ruled that a private security company’s policies concerning confidentiality and social media postings violated Section 7 rights of employees. The confidentiality policy prohibited employees from making “public statements about the activities or policies of the company[.]” The NLRB found this rule overbroad because it could be understood to prohibit discussion of rules concerning employee conduct, which is a term and condition of employment. Also unlawful was a social media policy banning social media postings of pictures of employees dressed in their security guard uniforms. The NLRB rejected the company’s argument that the policy protected a legitimate privacy interest.
- In Laborers’ International Union of North America and Mantell, Case No. 03-CB-136940 (NLRB Sept. 7, 2016), the NLRB found that a union violated the Section 7 of the NLRA by disciplining a union member who criticized union leadership for giving a journeyman’s book to a mayoral candidate who had not gone through the union’s 5-year apprenticeship program. The comments were posted on a Facebook page accessible to approximately 4,000 people, some of whom were union members. Even though certain aspects of his comments were false, they did not lose protection because they were not “knowingly and maliciously untrue.”
Does your organization have similar social media rules concerning anti-disparagement, confidentiality, or privacy? If so, it might be time to freshen up your social media policy with the help of experienced counsel.
You’ve heard the buzz about Pokemon GO and decide to give it a try. After installing the game on your phone and moving past the initial splash screen, you’re presented with the game’s Terms of Service, which you may “Accept” or “Decline.” Just a single click stands between you and Pokemon-hunting goodness!
If you clicked the “Accept” button, you just entered into a “clickwrap” agreement. Does that mean you’re now bound by everything stated in the Terms of Service? The answer to that question is important from an HR perspective because work forms are increasingly being digitally executed by current and prospective employees over a computer network. Thankfully, the answer is yes, as a recent New Jersey decision confirmed.
In ADP, LLC v. Lynch (D.N.J. June 30, 2016), a business outsourcing company (ADP) sued two former employees to enforce non-compete, non-disclosure, and non-solicitation provisions in a restrictive covenant agreement. The defendants had enrolled in ADP’s stock award program electronically. In order to receive awards in the program, they were required to click an “Accept Grant” button. The option to click this button was unavailable until they affirmatively check a box acknowledging that they had read a collection of documents, including the restrictive covenant agreement. The defendants had checked the box and clicked on the “Accept Grant” button.
The significance of this fact became apparent when the defendants, who were not residents of New Jersey, argued that the New Jersey court lacked personal jurisdiction over them. The court noted that defendants had consented to the personal jurisdiction of New Jersey courts in the restrictive agreements. The defendants argued that that the forum selection clause in the restrictive covenant agreement was unenforceable because they did not receive adequate notice of the clause. The court rejected this argument as well, noting other cases in which clickwrap agreements incorporating additional terms by reference were regarded as providing reasonable notice that additional terms apply. Some courts have even enforced clickwrap agreements that do not require affirmative confirmation that the signatory reviewed the terms before agreeing to them. ADP was therefore allowed to pursue its lawsuit.
ADP confirms that electronic consent to agreements incorporated by reference into a clickwrap agreement is legally valid, assuming the agreements are supported by adequate consideration. To build an even better case for enforceability, employees should be required to confirm their agreement with (not just acknowledgment of) the incorporated documents. But beware of the clickwrap agreement’s close cousin—the “browsewrap” agreement, which states that continued action (like browsing the contents of a web page) constitutes agreement with certain terms. Courts routinely refuse to enforce browsewrap agreements. Requiring employees to manifest their agreement through affirmative conduct – like clicking on a button – is essential.
Since the Americans with Disabilities Act (ADA) was passed in 1990, businesses have been vulnerable to “drive-by lawsuits” alleging that their facilities are physically inaccessible to disabled customers or guests. The new trend in ADA litigation is the “surf-by” lawsuit—disabled individuals who sue under the ADA because a business website they visited was allegedly inaccessible to them. The U.S. Department of Justice also has been aggressively enforcing website inaccessibility violations even though it won’t issue regulations until 2018.
If you’re still not convinced that the threat of website accessibility lawsuits is real, consider that in March, a California trial court became the first in the nation to rule on summary judgment that a retailer’s website violated the ADA and California’s anti-discrimination law (the Unruh Act). The court determined that the website was inaccessible to visually impaired individuals. The judge slapped the retailer with $4,000 in statutory damages under the Unruh Act, ordered it to either modify or remove the website, and awarded the plaintiff its attorneys’ fees, which are estimated to be in the six-figure range.
What can business owners do to prevent being sued for website accessibility violations? Start with these steps:
- Determine if the ADA applies to you. Title I of the ADA applies to private employers with 15+ employees. Covered employers may not discriminate against employees with disabilities and must make reasonable accommodations for them. In addition, accessibility may be an issue for business websites that allow job applicants to apply online. Title II applies to State and local governments. Under Title III, the website of an organization that qualifies as a “public accommodation” must be accessible to individuals with disabilities. Courts are split on whether “pure Internet” organizations (i.e., those without a bricks-and-mortar presence) are subject to website accessibility requirements.
- Identify accessibility issues. If the ADA applies to you, determine if your website poses accessibility problems to disabled individuals. The DOJ has not yet officially adopted rules for website accessibility, but is considering two sets of standards – the Web Content Accessibility Guidelines (WCAG) 2.0 created by the World Wide Web Consortium and the Electronic and Information Technology Accessible Standards published by the U.S. Access Board for compliance with Section 508 of the Rehabilitation Act. Common accessibility barriers include lack of closed-captioning for audio and video content, a site navigation structure unfriendly to keyboard-only users, and failure to provide descriptive text for images and non-text content.
- Get expert help. Web accessibility standards are highly technical. Consider consulting an IT expert with web accessibility experience to help you identify accessibility problems and solutions. You should also consult a lawyer with ADA experience to help you evaluate and mitigate legal risk, or to devise a defense strategy if you’ve already received a demand letter threatening litigation.
Digital privacy versus national security. That’s how scores of articles have framed the controversy over Apple Inc.’s refusal to cooperate with the FBI in bypassing the security features of an iPhone used by Syed Farook, one of the deceased shooters in the San Bernardino terrorist attack. Largely overlooked is the fact that Farook’s employer could’ve prevented the whole controversy had it installed common software on the phone.
Syed worked for the County of San Bernardino as a health inspector. The county issued the iPhone in question to Farook to help him do his job. Farook signed an agreement giving the county the right to search the contents of the phone, but the county did not take measures to ensure its could enforce that right. Employers who allow their employees to use mobile devices for work typically install mobile device management (MDM) software on the device. MDM allows the employer to unlock a mobile device phone remotely, wipe the contents of the device, push software updates, and track the device’s location. According to an AP report, the county had a contract with a MDM provider, but it never installed the MDM software on Farook’s phone. The MDM service costs $4 per month per phone.
There are HR and IT lessons to be learned from this incident. One lesson is that employees should be required to grant their employers access to their mobile devices as a condition of using them for work-related purposes. Specifically, management should obtain an employee’s signed written agreement authorizing the company to access the contents of a mobile device that is connected to the company network. The County of San Bernardino did it at least obtain this kind of authorization.
A second lesson is that the right to access an mobile device is useless if you have no practical way of gaining access. This is where technology like MDM software is useful. Installation of MDM controls should be standard operating procedure in any Bring Your Own Device program. MDM software doesn’t have to be expensive either. Popular email server platforms like Microsoft Exchange have MDM controls built in. For more robust functionality, consider investing in specialized MDM solutions.
It shouldn’t take the prospect of a terrorist attack to highlight the importance of taking these lessons seriously.