Disclosure of confidential client information on the Internet by attorney violates Rule 1.6 of the Rules of Professional Conduct – In re Skinner, 740 S.E.2d 171 (Ga. Mar. 18, 2013)
A Georgia attorney recently learned the hard way that the Internet is no place to vent about a client. The attorney (Skinner) received negative comments from a client on consumer review websites. In response, Skinner posted personal and confidential information about the client on the Internet. After a formal complaint was filed against Skinner by the State Bar of Georgia, Skinner filed a petition for voluntary discipline admitting that she violated Rule 1.6 of the Georgia Rules of Professional Conduct. Rule 1.6 requires a lawyer to maintain the confidentiality of all information gained in the professional relationship with a client unless the client consents to disclosure after consultation. The client obviously did not consent to Skinner sharing her private information on cyberspace.
Skinner filed a motion for voluntary discipline in the form of a reprimand, which is the mildest form of discipline authorized for Rule 1.6 violations. The Georgia Supreme Court rejected Skinner’s petition despite recommendations by the Office of General Counsel of the State Bar and a special master to accept it. As a result, Skinner could face stricter disciplinary measures for her violations.
LegalTXT Lesson: Posting confidential information on the Internet is generally a bad idea. Especially if the information concerns somebody else. And you’re a lawyer. If you’re a professional who has an ethical duty to preserve confidences, like a lawyer, sharing confidential information about a client online is an invitation for trouble.
On a related note, responding to negative online comments with more criticism or hurtful actions (like revealing personal information about the commenter) is rarely an effective means of repairing reputation. The meltdown on the Facebook page of Amy’s Baking Company is an extreme example (although the owners claim the page was hacked). As the adage goes, don’t fight fire with fire.
Google acted as a “publisher” for CDA purposes for including third-party content in search results — Mmubango v. Google, Inc., 2013 WL 664231 (E.D. Pa. Feb. 22, 2013)
Google successfully obtained dismissal of a defamation lawsuit filed by a person (Mmubango) who found derogatory comments about him posted online. Mmubango discovered anonymous statements about himself on the “Wikiscams” website. Mmubango asked Google to remove the statements from its search engine and to give him information about the poster of the comments. Google refused.
Mmubango sued Google and others for defamation, and Google defended by moving to dismiss the claim based on Communications Decency Act (CDA) immunity. The federal district court for the Eastern District of Pennsylvania agreed that Google met the requirements for CDA immunity. First, Google is an interactive computer service provider. Second, Google did not author the allegedly defamatory content, but instead, was provided with it by another information content provider (i.e., Wikiscams). The defamation claim alleged that Google was liable for storing and broadcasting the derogatory comments about Mmubango. Third, Mmubango was seeking to treat Google as the publisher of third-party statements. Deciding whether to provide access to third-party content or, alternatively, to delete the content is an act of publishing. Under section 230 of the CDA, Google could not be held liable for defamation based on its decision to publish a third party’s statements. The court dismissed Google from the case.
Hawai‘i has jumped on the bandwagon of states (along with 31 other states, according to the National Conference of State Legislatures) introducing legislation to ban employers from requesting access to social media accounts of job applicants. Several bills on the subject were introduced in this year’s legislative session, but the one that appears to have the best chance of becoming law is HB713 H.D. 2 S.D. 1 (HB713). The bill has passed the House and gained the approval of two Senate committees. Next up for the bill is review by the Senate Judiciary Committee. As HB713 gains traction, let’s take a look at what it says and some issues it raises in its current form.
SUMMARY OF HB713, H.D. 2
HB713 would insert a new section into the Hawai‘i statute governing discriminatory employment practices, Hawai‘i Revised Statutes (HRS) chapter 378, part I. The proposed law would apply to both job applicants and existing employees. Employers are prohibited from gaining access to a “personal account,” which is defined as:
An account, service, or profile on a social networking website that is used by an employee or potential employee exclusively for personal communications unrelated to any business purposes of the employer. This definition shall not apply to any account, service, profile, or electronic mail created, maintained, used, or accessed by an employee or potential employee for business purposes of the employer or to engage in business-related communications.
Specifically, an employer may not “require, request, suggest, or cause” an employee or job applicant to: (1) turn over access to his or her personal account; (2) access his or her personal account while the employer looks on; or (3) divulge any personal account. An employer also may not fire, discipline, threaten, or retaliate against an employee or job applicant for turning down an illegal request for access.
There are exceptions, however.
- An employer may conduct an investigation to ensure compliance with law, regulatory requirements, or prohibitions against work-related employee misconduct based on receipt of specific information about activity on a personal online account or service by an employee or other source.
- An employer may conduct an investigation of an employee’s actions based on the receipt of specific information about unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to a personal online account or service.
- An employer may monitor, review, access, or block electronic data (a) stored on an electronic communications device that it pays for in part or in whole, or (b) traveling through or stored on an employer’s network, in compliance with state and federal law.
- An employer may get an employee’s login credentials to access an electronic communications device supplied or paid for in whole or in part by the employer.
- An employer may get an employee’s login credentials to access accounts or services provided by the employer or “by virtue of the employee’s employment relationship with the employer” or that the employee uses for business purposes.
- HB713 specifies that the proposed law is not intended to prevent an employer from complying with other law or the rules of self-regulatory organizations, and that the proposed law should not be construed to conflict with federal law.
OBSERVATIONS AND CONCERNS
Shoulder surfing nixed. The bill appears to make “shoulder surfing” by an employer illegal per se. Suppose an employee tells his boss, “Man, you cannot believe the whales my friend saw on her boat this weekend! She sent me a video of it on Facebook.” Intrigued, the boss says he wants to see the video. The employee obliges by logging on to her Facebook account while her boss watches over her shoulder. Did the boss unlawfully “request” that the employee grant him access to her “personal account”? Technically, yes. Note that HB713 has no exception for voluntary consent of the employee.
“Friending” employees might become illegal. Employers and employees sometimes connect on the same social network. While it isn’t always a good idea for an employer to “friend” an employee, it’s not illegal to do so—unless, perhaps, HB713 becomes the law. HB713 bans an employer from requesting that an employee “divulge any personal account.” Yet, that’s exactly what a friend request does—it requests access to portions of a social media account that can be viewed only by the account owner’s “friends.” The “divulge” language probably was intended to reach situations where an employer demands that an employee hand over access to another employee’s personal account. But as written, HB713’s prohibition against divulging any personal account could be interpreted to apply to innocent “friending.”
The line between personal and private is blurry. In a perfect world, employees would use business social media accounts strictly for business purposes and conduct all of their personal social media activity using separate social media accounts. That’s a best practice, not necessarily reality. The line between personal and business can get blurry in the social media space. It’s not unusual for employees to talk about work or promote their company within their personal social networks. If the employee uses his or her personal account for work purposes, shouldn’t the employer, who might have responsibility for the actions of its employee, be entitled to access the employee’s personal account in certain circumstances? On the other hand, to what extent must an employee use his or her personal account for work-related interactions before the employer should be allowed access to the account? These are difficult issues.
To address the issue, the latest draft of the bill tightens up the definition of “personal account” a bit and specifies that an employer may obtain login credentials from an employee to access “[a]ny accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes.” This language is somewhat vague. For example, what does “by virtue of the employer’s employment relationship with the employer” mean? It might well be that HB713 is trying to draw artificial distinctions between personal and work social media accounts when in practice, the distinction is sometimes fuzzy at best.
HB713 still has a few hurdles to overcome before it becomes law. Here at LegalTXTS, we’ll keep an eye out for the status of the bill.
Federal court has no jurisdiction over PeopleBrowsr’s lawsuit against Twitter for shutoff of the “Firehose” – PeopleBrowsr, Inc. v. Twitter, Inc., 2013 WL 843032 (N.D. Cal. Mar. 6, 2013)
Big Data equal big assets, and in 2012, Twitter made significant moves toward putting a premium on its assets by restricting access to its data to third-party services (count Instagram and Tumblr among those affected). Social analytics provider PeopleBrowsr was one of the services affected by the changes in Twitter’s data access policies. In 2012, Twitter shut off PeopleBrowsr’s access to the “Firehose,” the nickname for the full stream of every tweet posted on Twitter. PeopleBrowsr mines data from the Firehose to derive insights about consumer reactions and identify social influencers for its clients. PeopleBrowsr fought back against the impending Firehose shutoff by suing Twitter in California state court and successfully obtaining a temporary restraining order to stop the shutoff.
The next chapter in the lawsuit unfolded in federal court. Twitter removed the lawsuit to federal court and then filed a motion to dismiss the action. But the lawsuit’s stay in federal court will be brief because federal district judge Edward Chen recently issued a decision sending the lawsuit back to state court. Twitter invoked federal jurisdiction on the ground that PeopleBrowsr’s claim for violation of California’s Unfair Competition Law (UCL) is based in part on the Sherman Act, over which federal courts have exclusive jurisdiction. Not so fast, said Judge Chen. At best, the Sherman Act might give Twitter a defense to the UCL claim. Unlike an affirmative claim for relief, a defense under federal law is not enough to support federal jurisdiction. The alleged violations of the UCL were based entirely on California law. Since federal courts have no jurisdiction over the lawsuit, the fight over the Firehose will continue in California courts. The court awarded attorneys’ fees to Peoplebrowsr for opposing the removal of the case to federal court.
UPDATE 2/19/13: HB713 has been scheduled for decision making on February 21. Its companion bill, SB207, passed second reading and has been referred to the Senate committee on Judiciary and Labor. Also, an updated chart of all Internet-related legislative proposals in the 2013 Hawaii legislative session is available here.
Two Hawaii bills that would ban employers from requesting employees or job applicants to disclose access information to their personal Internet accounts moved forward today. The House committee on Labor and Public Employment voted to recommend passage of HB713 with the amendments reflected in the HD1 version of the bill. HD1 amended the original bill to replace the term “social media” with “personal account”; define “personal account”; place the new legislation under the employment practices statute, HRS chapter 378; create an exception for law enforcement agencies conducting background checks of applicants for employment). HB713 now goes to the House Judiciary committee for review.
SB207, a companion bill to HB713, was also recommended for passage with amendments by the Senate committee on Technology & the Arts.