by ·1 Comment

The steady flow of memos and decisions on social media from the NLRB in the last two years regarding social media has left many employers bewildered about the do’s and don’ts of social media policies.  The NLRB has been rather active in striking down social media policies for unlawfully restricting activity protected by Section 7 of the National Labor Relations Act (NLRA).  In the midst of this confusion, allow me to direct your attention to a little feature with a heroic name – the Savings Clause.  A Savings Clause is a statement that sets boundaries around a social media policy.  It’s basically a disclaimer.  It says something along the lines of, “this policy should not be interpreted to prohibit X,” and theoretically, that clarification should “save” a rule from being illegal. Pretty nifty, eh?

Now, before you think popping a Savings Clause into a social media policy will magically shield you from legal trouble, it’s a bit more complicated than that.  The NLRB has spoken on Savings Clauses in social media policies since its Office of the General Counsel (OGC) issued the third memo on social media on May 30, 2012.   The NLRB also weighed in on Savings Clauses in its September 18, 2012 decision striking down Costco’s social media policy (the first NRLB decision addressing social media issues); its September 25, 2012 decision striking down Echostar Technologies’ social media policy; and the OGC’s Advice Memorandum issued on October 19, 2012.  The fact that the NLRB has issued all this “guidance” should give employers pause about thinking that Savings Clauses are simple to write.  They’re not.  But NLRB guidance suggests that Savings Clauses can be effective if written well.

Here are some tips on using Savings Clauses drawn from NLRB decisions and memos.

1.  Having a Savings Clause is a good idea.

This might seem obvious, but it’s generally a good idea to include a Savings Clause in your social media policy.  The NLRB was critical of Costco’s social media policy for not including any type of disclaimer stating that the policy was not intended to interfere with the employees’ rights to engage in activity protected by the NLRA.  The NLRB did not go as far as to say that the policy’s other defects would have been cured by a Savings Clause, but the fact that it criticized a social media policy for not having any Savings Clause strongly suggests that having one could only help.

2.  Savings clauses don’t save rules that explicitly prohibit concerted, protected activity.

There are some policies even a Savings Clause can’t make better.  For example, the OGC’s May 30, 2012 Memo examined a policy that prohibited employees from posting information about employer shutdowns and work stoppages, and from speaking publicly about the workplace, work satisfaction or dissatisfaction, wages, hours, or work conditions.  The Savings Clause in the policy stated:

This policy will not be interpreted in a way that would interfere with the rights of employees to self organize, form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, or to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection or to refrain from engaging in such activities.

The NLRB said that an employee reading the policy would reasonably conclude that the policy prohibited protected activities despite what the Savings Clause said.  The lesson here is that a policy can’t forbid activity protected by the NLRA and then expect a Savings Clause to rescue the policy from being unlawful.

3.  Use terms your employees can understand. 

The Savings Clause in the policy we looked at in the last bullet point suffered from the additional problem of using the term “concerted activities.”  The NLRB criticized the clause for not explaining to a layperson what the right to engage in “concerted activity” entails.  Lawyers might understand what “concerted activity” or “protected activity” refer to, but employees without legal training might not.  Avoid using legal terminology in the Savings Clause.  Use plain English instead.

4.  Don’t be vague.

A Savings Clause can’t be too vague, or it won’t end up “saving” anything.  So what’s considered vague?

A Savings Clause stating that if the policy conflicts with law, “the appropriate law shall be applied and interpreted so as to make the policy lawful” is too vague, according to the NLRB’s Echostar decision.  A good Savings Clause must be specific enough to give employees an idea of how the social media policy will be interpreted.  A generic statement that the policy is intended to comply with the law means little unless the employer provides some context for the statement.

What if the Savings Clause made the policy subject to a specific law, like the NLRA?  That’s better, but still not good enough.  The OGC’s May 30, 2012 Memo disapproved of two Savings Clauses, one stating that the policy “will be administered in compliance with applicable laws and regulations (including Section 7 of the National Labor Relations Act),” and another stating that the policy “will not be construed or applied in a manner that improperly interferes with employees’ rights under the National Labor Relations Act.”  The NLRB found both Savings Clauses too vague to cure the policies from being overbroad.

So just how specific should a Savings Clause be?  That leads us to–

5.  Identify the kind of activity being “saved.” 

The OGC’s October 19, 2012 Advice Memo emphasized the importance of drafting rules that provide employees with context.  “[R]ules that clarify and restrict their scope by including examples of clearly illegal or unprotected conduct, so that they would not be reasonably construed to cover protected activity, are not unlawful,” the Advice Memo explained.  A Savings Clause can help provide the needed context.  The Advice Memo approved of Cox Communications, Inc.’s social media policy, which contained the following Savings Clause:

Nothing in Cox’s social media policy is designed to interfere with, restrain, or prevent employee communications regarding wages, hours, or other terms and conditions of employment.  Cox Employees have the right to engage in or refrain from such activities.

This Savings Clause specifically identified the kind of activity that is permitted—employee communications regarding wages, hours, or other terms and conditions of employment—so as to eliminate any doubt that other rules in the policy might prohibit activity that is protected by the NLRA.

In sum, I hope these tips will help you get the most out of Savings Clauses.

by ·3 Comments

Sutton v. Bailey, 2012 WL 5990291 (8th Cir. Dec. 3, 2012), is the latest reminder that private Facebook postings can lead to professional consequences.   Sutton was hired as a Funeral Science Director at Arkansas State University–Mountain Home for the 2010-11 academic year.  His employment contract provided that he could be terminated at any time “for adequate cause.”  A month after Sutton got hired (but apparently before he began teaching), he posted on his Facebook page: “Toby Sutton hopes this teaching gig works out.  Guess I shouldn’t have cheated through mortuary school and faked people out.  Crap!”

University officials somehow learned about the post and asked to meet with Sutton about it.  At the meeting, the university’s vice-chancellor (Bailey) and director of instruction (Thomas) confronted Sutton with the post.  He admitted to making the post.  Bailey then told Sutton that he was fired.  Sutton asked if it mattered that the statement was a joke, and that he posted the statement before he began teaching.  Baily replied “no” to both questions.  Sutton then received an Employee Counseling Statement form stating that he was being dismissed for an incident of “Academic Fraud and unprofessional conduct.”  The “Supervisor Statement” portion of the form explained: “Mr. Sutton posted material on Facebook indicating he had ‘cheated’ his way through mortuary school.  There are multiple other class related issues.”  Bailey told Sutton he had an opportunity to make a statement before signing the form.  Sutton declined and signed the form without further comment.  Sutton later sued Bailey and Thomas in their individual capacities, alleging that he was deprived of procedural due process in connection with his firing.

The bulk of the Eighth Circuit Court of Appeals’ opinion addressed the defendants’ defense of qualified immunity, which the court found to have merit.

LegalTXT Lesson: This case has two important, if obvious, takeaways.  First, employees need to remember that whatever content they share on their private social media networks could come back to haunt them professionally.  Employees need to be reminded constantly that social media blurs the line between personal and public, private and professional.

Second, Sutton answers a question I often get asked by employers: Can employees be disciplined or even terminated for their private social media conduct?  The answer is yes.  (For another example, read my post on the Careflite case, which recently settled).  There are limits, of course (and the NLRB Acting General Counsel has waxed long about many of them), but there are circumstances in which it is proper to discipline or terminate an employee for his or her private social media activity.  Now, it would help greatly if an employer sets standards of employee conduct clearly identifying the kinds of social media conduct that could lead to adverse employment action.  We don’t know what was in the employee handbook of the university in this case, but a rule that could’ve come in handy is one instructing faculty members not to endorse or make light of academic dishonesty.

by ·1 Comment

An NLRB administrative law judge ruled on November 28 that a union did not engage in unlawful labor practices by failing to disavow threatening comments posted on its Facebook page.  In addition to finding that the Facebook page was not an extension of the picket line, the judge concluded that, under Section 230 of the Communications Decency Act (CDA), the union was not responsible for the comments posted on the page.  The case is Amalgamated Transit Union, Local Union No. 1433 v. Weigand, 28-CB-78377 (NLRB Nov. 28, 2012).   (Read the decision here)

A union representing public bus drivers went on strike.  Several months earlier, the union set up a Facebook page, which the union’s vice-president administered.  The union accepted “friend requests” only from union members in good standing.  Friends of the union Facebook page could see messages posted on the union’s “wall” and “like” such posts.

Shortly before and during the strike, union members posted comments on the union’s Facebook page threatening retaliation against workers who crossed the picket line.  The comments threatened less favorable union representation for those crossing the line, more aggressive reporting of workplace violations against line-crossers, and even violence.  Several comments suggested that line-crossers would be physically beaten.  Another comment announced the location where employer’s replacement drivers were allegedly being housed, to which a rank-and-file member commented: “Can we bring the Molotov Cocktails this time?”  At least one other union member “liked” this comment.

The NLRB Acting General Counsel issued a complaint alleging that the union violated Section 8(b)(1) of the Act by failing to disavow the threatening comments.  Rather than alleging that the members posting comments acted as the union’s agents, the Acting General Counsel relied on the theory that a union is responsible for the coercive acts of its pickets on a picket line when the union fails to take corrective action or disavow the actions.  The Acting General Counsel argued that the union’s Facebook page is an “electronic extension” of the picket line.

The judge rejected the “electronic extension” theory, noting initially that the Facebook page existed well before the picket line.  Moreover, unlike a picket line, a Facebook page does not force union members to make a public and immediate decision to cross the picket line.   The Facebook page did not serve to communicate a message to the public, as it is private in nature.

In a somewhat surprising twist, the judge further ruled that the CDA immunized the union from liability for the comments on its Facebook page–an argument neither side had raised.  Often invoked in online defamation cases, Section 230(c)(1) of the  CDA states that  “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided.”  The judge regarded the union as merely the “provider” of the Facebook page, not the “publisher or speaker” of the comments posted on the page by its rank-and-file members.  Thus, the union itself could not be held liable for the comments posted on the page.

by ·0 Comments

Employers should clarify ownership and control over social media accounts by which their employees promote the organizationInsynq v. Mann, No. 3:12-cv-05464 RBL, 2012 WL 3763550 (W.D. Wash. Aug. 29, 2012)

Earlier this year, the Phonedog v. Kravitz case attracted buzz on the issue of who owns a social media account that’s started by an employee, purportedly to promote his employer’s organization.  In PhoneDog v. Kravitz, the former editor-in-chief (Kravitz) of an online news service refused to relinquish the Twitter account on which he posted content promoting the company.   Kravitz argued that he owned the Twitter account because he personally opened the account and amassed its sizeable following of approximately 17,000 followers.  PhoneDog sued Kravitz for ownership of the Twitter account.

The issue hasn’t gone away.  The most recent case is Insynq v. Mann.  In that case, the employee (Mann) of an application service provider (Insynq) registered three domain names during her employment and began writing three blogs associated with each domain name.  After Insynq terminated Mann, it claimed ownership of the blogs.  Mann refused to give her former employer the credentials to the blog.  In the lawsuit that followed, Insynq sued Mann for breach of her non-compete agreement, misappropriation of trade secrets, and unfair competition.

Cases like PhoneDog and Insynq are a good reminder that if an organization has its employees managing its social media activity, it needs to clarify who owns the social media account used by the employee and the contents of the account.  Otherwise, an organization might find itself fighting for control over a social media account after the departure of the employee responsible for managing the account.  Not having such control could lead to alienation of a painstakingly developed community of customers or fans, or worse, the inability to exercise editorial discretion over content about the organization being pushed out to the community.

To avoid messy disputes over ownership and control over social media assets, organizations should consider the following guidelines when developing social media policies:

  • Specify that only authorized employees may publish social media content on behalf of the organization, and that employees must use the organization’s official social media accounts when publishing such content.
  • Specify who owns the login credentials to the social media accounts used to promote the organization, as well as the content published on such accounts.
  • Require an employee who is responsible for managing the organization’s social media activity to disclose to his or her manager the login credentials for the accounts used for that purpose.  The employee should also be required to disclose any changes to the login credentials.
  • Prohibit employees from using the organization’s official social media accounts for their personal use.

by ·0 Comments

Courts continue to read the CFAA narrowly to limit criminal liabilityWentworth-Douglass Hospital v. Young & Novis Prof’l Ass’n, 2012 WL 2522963 (D.N.H. June 29, 2012), and Dana Ltd. v. American Axle & Mfg Holdings, Inc., 2012 WL 2524008 (W.D. Mich. June 29, 2012)

Suppose a terminated employee logs in to her work account one last time (just to copy and delete her personal files, she promises), which the company allows her to do, but she ends up copying files containing the company’s trade secrets and taking them to her new job at a competing company. Employers dealing with this kind of scenario increasingly seem to be turning to the Computer Fraud and Abuse Act (CFAA) for relief (see the post on a recent case just last week).  Under the CFAA, “[w]hoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer” is exposed to both criminal penalties and civil liability.  18 U.S.C. § 1030(a)(2)(C).  Since the CFAA is a criminal statute, a growing number of courts have been reluctant to read the CFAA too broadly.  These courts limit the kind of conduct that would qualify as “access[ing] a computer without authorization” and “exceed[ing] authorized access.”  Case in point is the Ninth Circuit’s en banc decision in United States v. Nosal issued in April of this year.  And last week, two trial courts issued decisions continuing that trend.

In Dana Limited, employees of the plaintiff copied company files and took them with them to their new jobs with a competing company.  Wentworth-Douglass Hospital similarly involved a scenario where ex-employees of a hospital copied data from the hospital’s computers onto portable storage devices.  In both cases, the courts decided there was no criminal liability under the CFAA because there was no evidence that the former employers were unauthorized to access the computer systems in the way that they did.  How they used the information they obtained might have violated company policy, but the act of access itself was not unauthorized.

Wentworth-Douglass Hospital is noteworthy also because it involved an additional scenario that the court did find to be a violation of the CFAA — another ex-employee of the hospital used her wife’s password to access the hospital’s computers.  Although the hospital had issued him his own password, apparently his wife’s account provided access to certain data to which he was not given access.  The court granted judgment as a matter of law on the CFAA claim based on those facts.

Two technical comments in the decisions are worth noting.  The court in Dana Limited addressed the argument that the ex-employees accessed computer files in an unauthorized manner because they deleted files while logged on, which the company argued amounted to unauthorized “altering” of information.  (Note: the CFAA defines “exceeds authorized access” as using unauthorized access to a computer “to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”)  The court rejected the argument because there was no proof that the ex-employees deleted original files.  The company had backups of the deleted files and was able to function without difficulty despite the deletions.  Whether any “altering” occurred was speculative.

The second comment of interest concerns the employer’s argument inWentworth-Douglass Hospital that a company policy stating that employees “are to access only information necessary for completing job responsibilities and to ensure the integrity of the information in their work areas” limited access and use.  The court was unpersuaded by this argument, reasoning that an employer cannot convert a use policy into an access restriction simply by calling it one.  In the court’s view, an access restriction limits the degree of access an employee has to certain systems and data, while a use restriction limits the varying uses to which such systems and information, once access, can be put to legitimate use.  As an example, the court said that a policy prohibiting employees from accessing company data for the purpose of copying it to an external storage device is not an access restriction because its true purpose is to forbid employees from putting company information to personal use.  In other words, the policy does not bar the employee from accessing the information; it just says he cannot copy it on to a personal device, presumably for uses unrelated to his job.

LegalTXT Lesson: This recent line of cases provides two quick takeaways for employers.  First, be intentional in phrasing internal policies relating to use of company computers and other forms digital technology.  Know the difference between an access restriction and a use restriction and be sure the wording of the policy clearly spells out the type of restriction intended.   Second, a CFAA claim may not be the best avenue for getting relief.  Other claims could be more suitable, such as breach of an employment contract, violation of a trade secrets act (if your state adopts one), and unfair competition.