Disclosure of confidential client information on the Internet by attorney violates Rule 1.6 of the Rules of Professional Conduct – In re Skinner, 740 S.E.2d 171 (Ga. Mar. 18, 2013)
A Georgia attorney recently learned the hard way that the Internet is no place to vent about a client. The attorney (Skinner) received negative comments from a client on consumer review websites. In response, Skinner posted personal and confidential information about the client on the Internet. After a formal complaint was filed against Skinner by the State Bar of Georgia, Skinner filed a petition for voluntary discipline admitting that she violated Rule 1.6 of the Georgia Rules of Professional Conduct. Rule 1.6 requires a lawyer to maintain the confidentiality of all information gained in the professional relationship with a client unless the client consents to disclosure after consultation. The client obviously did not consent to Skinner sharing her private information on cyberspace.
Skinner filed a motion for voluntary discipline in the form of a reprimand, which is the mildest form of discipline authorized for Rule 1.6 violations. The Georgia Supreme Court rejected Skinner’s petition despite recommendations by the Office of General Counsel of the State Bar and a special master to accept it. As a result, Skinner could face stricter disciplinary measures for her violations.
LegalTXT Lesson: Posting confidential information on the Internet is generally a bad idea. Especially if the information concerns somebody else. And you’re a lawyer. If you’re a professional who has an ethical duty to preserve confidences, like a lawyer, sharing confidential information about a client online is an invitation for trouble.
On a related note, responding to negative online comments with more criticism or hurtful actions (like revealing personal information about the commenter) is rarely an effective means of repairing reputation. The meltdown on the Facebook page of Amy’s Baking Company is an extreme example (although the owners claim the page was hacked). As the adage goes, don’t fight fire with fire.
UPDATE: On April 30, 2013, a three-member panel of the NLRB adopted the ALJ’s decision in this case. Read the board decision here (the ALJ decision and the Dish Network social media policy that got invalidated are attached).
The NLRB recently dealt another blow to the ability of employers to prohibit employees from engaging in disparaging speech on social media. On November 14, 2012, an Administrative Law Judge (“ALJ”) of the NRLB issued a decision striking down two rules in Dish Network’s employee handbook dealing with social media use. The first rule prohibited employees from making disparaging or defamatory comments about their employer. The ALJ found that the rule could unlawfully chill employees in the exercise of their Section 7 rights to engage in concerted activity. The second rule prohibited employees from engaging in “negative electronic discussion” during company time. This rule could effectively ban union activities during breaks and other non-working hours at the workplace, the ALJ concluded.
This was not the first time Dish Network’s social media policy came under fire. On May 31, 2012, the Acting General Counsel of the NLRB issued a memo criticizing provisions of actual social media policies. Dish Network was one of the companies whose policies were scrutinized in the memo. But while the memo was merely advisory, the latest ALJ ruling is not.
Recent NLRB rulings like this one leave behind a wake of confusion for employers. Provisions that are commonplace in employee handbooks, like non-disparagement rules, are being invalidated when applied in the social media context. To add to the confusion, the NLRB can seem inconsistent. For example, the May 30 memo approved Wal-Mart’s social media policy, which includes an instruction to “refrain from using social media while on work time” or on company equipment. However, the NLRB struck down Dish Network’s practice of banning social media activity on company time. What’s an employer to do? Few definitive answers are available, but here are a few ideas to help you survive in this uncertain environment:
- Stop treating social media as a novelty. Employers who still regard social media as a frivolous activity tend to use draconian measures (like categorical bans) to regulate it. The reality is that social media has become part of everyday life, nearly as much as cellphones and texting has. The point is not to restrict social media use per se, but to manage the consequences of such use. Which leads us to . . .
- Focus on outcomes. Dish Network very well could have intended its non-disparagement work rule to protect its brand and reputation rather than prohibit employee discussion about their work conditions or compensation. However, the rule did not clearly spell out its objectives. Tell employees the outcomes you want to avoid. If what you want to prevent are discriminatory remarks that create a hostile work environment, say so. This was one of the features of the Wal-Mart policy that the NLRB’s May 30 memo approved. In a section of the policy entitled “Be Respectful,” Wal-Mart states that if an employee decides to post complaints or criticism, they should ” avoid using statements, photographs, video or audio that reasonably could be viewed as malicious, obscene, threatening or intimidating, that disparage customers, members, associates or suppliers, or that might constitute harassment or bullying.” The policy then listed examples of such conduct, such as “offensive posts meant to intentionally harm someone’s reputation or posts that could contribute to a hostile work environment on the basis of race, sex, disability,religion or any other status protected by law or company policy.”
- Stay positive. Rather than just banning certain kinds of conduct on social media, consider setting affirmative guidelines that employees should adhere to when communicating with others, whether on social media or other communication channels. For example, do you want your organization to be portrayed in a certain way? Then describe the image you would like your employees to convey to others in their communications when talking about the organization.
- It’s not over. The NLRB rulings are not the final word on how broadly employers may regulate social media activity of employees. Although ALJ decisions and even those of NLRB panels are more authoritative than guidance memos, courts have yet to weigh in.
Employers who discipline employees for their social media activity could unwittingly violate protections under the National Labor Relations Act (NLRA) for employees who engage in “protected concerted activity.” An employee engages in protected concerted activity when acting together with other employees, or acting alone with the authority of other employees, for the mutual aid or protection of co-workers regarding terms and conditions of employment. Since social networks by nature connect people, online gripes about work—which could be read by co-workers of the author within the same social network—could constitute protected concerted activity. Three recent National Labor Relations Board (NLRB) decisions highlight this risk.
In Hispanics United of Buffalo, Inc., 359 NRLB No. 37 (Dec. 14, 2012), an employee at a domestic violence relief organization posted on Facebook about a co-worker (Cruz-Moore) who threatened to complain about the work habits of other employees to the executive director of the organization. The employee wrote: “Lydia Cruz, a coworker feels that we don’t help our clients enough . . . . I about had it! My fellow coworkers how do u feel?” Four off-duty employees responded to this post with disagreement over Cruz-Moore’s alleged criticisms. Cruz-Moore saw these posts, responded to them, and brought them to the attention of the executive director. The employee who authored the original post and the employees who responded were fired. Two NLRB members of a three-person panel found the termination to be a violation of Section 8(a)(1) of the National Labor Relations Act (NLRA). The NLRB found the posts to be “concerted” because they had the “clear ‘mutual aid’ objective for preparing coworkers for a group defense to [Cruz-Moore’s] complaints.” The NLRB also considered the posts “protected” because they related to job performance matters.
In Pier Sixty, LLC, 2013 WL 1702462 (NLRB Div. of Judges Apr. 18, 2013), the service staff of a catering company were in the process of taking a vote on union representation when a staff member (Perez) got upset by what he perceived as harassment by his manager. During a break, Perez went to the bathroom and posted on Facebook: “Bob is such a NASTY M***** F****R don’t know how to talk to people!!!!! F**k his mother and his entire f*****g family!!!! What a LOSER!!!! Vote YES for the UNION.” Various co-workers responded to the post. The company fired Perez after learning about the post. An administrative law judge of the NLRB held that the employer violated Section 8(a)(1) of the NLRA. The judge found the post to constitute “protected activity” because it was part of an ongoing sequence of events involving employee attempts to protest and remedy what they saw as rude and demeaning treatment by their managers. The post was also “concerted” because it was activity undertaken on behalf of a union.
In Design Technology Group, LLC d/b/a Bettie Page Clothing, 359 NLRB No. 96 (Apr. 19, 2013), employees of a clothing store repeatedly but unsuccessfully attempted to persuade their employer to close the store earlier so that they wouldn’t have to walk through an unsafe neighborhood at night. The employees posted Facebook messages lamenting the denial of their request and criticizing their manager. In one message, an employee said she would bring in a book on workers’ rights to shed light on their employer’s labor law violations. Another employee saw the messages and sent them to the HR director, who in turn forwarded them to the store owner. The owner fired the employees who posted the messages, allegedly for insubordination. A NLRB administrative law judge found the terminations unlawful because the messages were a continuation of an effort to address concerns about work safety (i.e., leaving work late at night in an unsafe neighborhood) and thus constituted protected concerted activity.
LegalTXTS Lesson: What should employers learn from these decisions? To avoid violating Section 8(a)(1) of the NLRA, employers might consider the following before disciplining employees based on their social media activity:
- Check whether the employee’s post attracted or solicited a response from co-workers. The interactive nature of social networking means that communications via social media are often “concerted.”
- Calls for co-workers to take action likely constitute “protected” activity.
- Complaints about work or co-workers—even if vulgar—can be considered “protected” activity.
- Messages posted outside of the workplace or work hours can still be considered protected concerted activity.
- Be especially sensitive to messages that reference collective bargaining activity or labor requirements. Those are red flags indicating the need to exercise caution.
- Often, social media is not the initial venue for airing work-related complaints. Investigate whether the complaints voiced online were previously brought to the attention of the employer. If they were, the online messages are more likely to be found to be part of a series of protected activity.
Hawai‘i has jumped on the bandwagon of states (along with 31 other states, according to the National Conference of State Legislatures) introducing legislation to ban employers from requesting access to social media accounts of job applicants. Several bills on the subject were introduced in this year’s legislative session, but the one that appears to have the best chance of becoming law is HB713 H.D. 2 S.D. 1 (HB713). The bill has passed the House and gained the approval of two Senate committees. Next up for the bill is review by the Senate Judiciary Committee. As HB713 gains traction, let’s take a look at what it says and some issues it raises in its current form.
SUMMARY OF HB713, H.D. 2
HB713 would insert a new section into the Hawai‘i statute governing discriminatory employment practices, Hawai‘i Revised Statutes (HRS) chapter 378, part I. The proposed law would apply to both job applicants and existing employees. Employers are prohibited from gaining access to a “personal account,” which is defined as:
An account, service, or profile on a social networking website that is used by an employee or potential employee exclusively for personal communications unrelated to any business purposes of the employer. This definition shall not apply to any account, service, profile, or electronic mail created, maintained, used, or accessed by an employee or potential employee for business purposes of the employer or to engage in business-related communications.
Specifically, an employer may not “require, request, suggest, or cause” an employee or job applicant to: (1) turn over access to his or her personal account; (2) access his or her personal account while the employer looks on; or (3) divulge any personal account. An employer also may not fire, discipline, threaten, or retaliate against an employee or job applicant for turning down an illegal request for access.
There are exceptions, however.
- An employer may conduct an investigation to ensure compliance with law, regulatory requirements, or prohibitions against work-related employee misconduct based on receipt of specific information about activity on a personal online account or service by an employee or other source.
- An employer may conduct an investigation of an employee’s actions based on the receipt of specific information about unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to a personal online account or service.
- An employer may monitor, review, access, or block electronic data (a) stored on an electronic communications device that it pays for in part or in whole, or (b) traveling through or stored on an employer’s network, in compliance with state and federal law.
- An employer may get an employee’s login credentials to access an electronic communications device supplied or paid for in whole or in part by the employer.
- An employer may get an employee’s login credentials to access accounts or services provided by the employer or “by virtue of the employee’s employment relationship with the employer” or that the employee uses for business purposes.
- HB713 specifies that the proposed law is not intended to prevent an employer from complying with other law or the rules of self-regulatory organizations, and that the proposed law should not be construed to conflict with federal law.
OBSERVATIONS AND CONCERNS
Shoulder surfing nixed. The bill appears to make “shoulder surfing” by an employer illegal per se. Suppose an employee tells his boss, “Man, you cannot believe the whales my friend saw on her boat this weekend! She sent me a video of it on Facebook.” Intrigued, the boss says he wants to see the video. The employee obliges by logging on to her Facebook account while her boss watches over her shoulder. Did the boss unlawfully “request” that the employee grant him access to her “personal account”? Technically, yes. Note that HB713 has no exception for voluntary consent of the employee.
“Friending” employees might become illegal. Employers and employees sometimes connect on the same social network. While it isn’t always a good idea for an employer to “friend” an employee, it’s not illegal to do so—unless, perhaps, HB713 becomes the law. HB713 bans an employer from requesting that an employee “divulge any personal account.” Yet, that’s exactly what a friend request does—it requests access to portions of a social media account that can be viewed only by the account owner’s “friends.” The “divulge” language probably was intended to reach situations where an employer demands that an employee hand over access to another employee’s personal account. But as written, HB713’s prohibition against divulging any personal account could be interpreted to apply to innocent “friending.”
The line between personal and private is blurry. In a perfect world, employees would use business social media accounts strictly for business purposes and conduct all of their personal social media activity using separate social media accounts. That’s a best practice, not necessarily reality. The line between personal and business can get blurry in the social media space. It’s not unusual for employees to talk about work or promote their company within their personal social networks. If the employee uses his or her personal account for work purposes, shouldn’t the employer, who might have responsibility for the actions of its employee, be entitled to access the employee’s personal account in certain circumstances? On the other hand, to what extent must an employee use his or her personal account for work-related interactions before the employer should be allowed access to the account? These are difficult issues.
To address the issue, the latest draft of the bill tightens up the definition of “personal account” a bit and specifies that an employer may obtain login credentials from an employee to access “[a]ny accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes.” This language is somewhat vague. For example, what does “by virtue of the employer’s employment relationship with the employer” mean? It might well be that HB713 is trying to draw artificial distinctions between personal and work social media accounts when in practice, the distinction is sometimes fuzzy at best.
HB713 still has a few hurdles to overcome before it becomes law. Here at LegalTXTS, we’ll keep an eye out for the status of the bill.
Federal court has no jurisdiction over PeopleBrowsr’s lawsuit against Twitter for shutoff of the “Firehose” – PeopleBrowsr, Inc. v. Twitter, Inc., 2013 WL 843032 (N.D. Cal. Mar. 6, 2013)
Big Data equal big assets, and in 2012, Twitter made significant moves toward putting a premium on its assets by restricting access to its data to third-party services (count Instagram and Tumblr among those affected). Social analytics provider PeopleBrowsr was one of the services affected by the changes in Twitter’s data access policies. In 2012, Twitter shut off PeopleBrowsr’s access to the “Firehose,” the nickname for the full stream of every tweet posted on Twitter. PeopleBrowsr mines data from the Firehose to derive insights about consumer reactions and identify social influencers for its clients. PeopleBrowsr fought back against the impending Firehose shutoff by suing Twitter in California state court and successfully obtaining a temporary restraining order to stop the shutoff.
The next chapter in the lawsuit unfolded in federal court. Twitter removed the lawsuit to federal court and then filed a motion to dismiss the action. But the lawsuit’s stay in federal court will be brief because federal district judge Edward Chen recently issued a decision sending the lawsuit back to state court. Twitter invoked federal jurisdiction on the ground that PeopleBrowsr’s claim for violation of California’s Unfair Competition Law (UCL) is based in part on the Sherman Act, over which federal courts have exclusive jurisdiction. Not so fast, said Judge Chen. At best, the Sherman Act might give Twitter a defense to the UCL claim. Unlike an affirmative claim for relief, a defense under federal law is not enough to support federal jurisdiction. The alleged violations of the UCL were based entirely on California law. Since federal courts have no jurisdiction over the lawsuit, the fight over the Firehose will continue in California courts. The court awarded attorneys’ fees to Peoplebrowsr for opposing the removal of the case to federal court.