Facebook comments about condition of company vehicles are protected under the NLRA; a Facebook rant about fake problems with the company car, not so much – Butler Medical Transport, LLC, 2013 WL 4761153 (N.L.R.B. Div. of Judges)
A recent decision by a National Labor Relations Board (NLRB) Administrative Law Judge (ALJ) gives employers insight on when they can and cannot fire an employee for their social media conduct outside of work. Particularly interesting is the fact that this decision involved two separate terminations, one of which the ALJ found illegal, and the other not.
The Norvell Termination
William Norvell worked as an emergency medical technician for an ambulance company, Butler Medical Transport (Butler). While on his personal computer at home, Norvell read a post by a co-worker (Zalewski) on her Facebook page stating that she had been fired. Zalewski attributed the firing to a patient report to management that she complained about the condition of Butler’s ambulances. Several people, including another Butler employee, posted comments inquiring into the incident, to which Zalewski responded with more posts about the patient’s report. Norvell responded to Zalewski with this comment:
“Sorry to hear that but if you want you may think about getting a lawyer and taking them to court.”
Another person posted a comment suggesting that Zalewski find a job with another ambulance company. After Zalewski asked where the company was located, Norvell posted the location and added, “You could contact the labor board too.”
Butler’s HR director obtained hard copies of these posts, and in consultation with the COO, decided to terminate Norvell. The HR director told Norvell that he was being terminated for violating Butler’s bullet point list of work rules, one of which prohibited employees from using social networking sites that could discredit Butler or damage its image.
The ALJ determined that Norvell’s Facebook posts were protected concerted activity. By advising Zalewski to see a lawyer or contact the labor board, Norvell was “making common cause” with a co-worker about a matter of mutual concern to the employees, i.e., the condition of Butler’s ambulances. Norvell’s posts had protected status even though they were accessible to people outside of the company because Section 7 of the National Labor Relations Act (NLRA) extends to employee efforts to improve the terms and conditions of employment through channels outside of the employer-employee relationship. The ALJ did not find posts to be so disloyal, reckless, or maliciously untrue as to lose their protected status. The termination of Norvell based on his Facebook posts therefore violated Section 8(a)(1) of the NLRA.
The Rice Termination
Another Butler employee, Michael Rice, posted this comment on Facebook:
“Hey everybody!!!!! Im fuckin broke down in the same shit I was broke in last week because they don’t wantna buy new shit!!!! Cha-Chinnngggggg chinnng-at Sheetz Convenience Store,”
Butler terminated Rice for making this post. At the trial hearing before the ALJ, Butler produced maintenance records showing that Rice’s vehicle was not in disrepair when he made the post. Rice had also testified at his unemployment insurance hearing that his post referred to a private vehicle rather than a Butler ambulance. There being no evidence to the contrary, the ALJ determined that Rice’s post was not protected by Section 7 because it was maliciously untrue and made with the knowledge of its falsity. As a result, Rice’s termination was not illegal.
Legality of Work Rules
Also under scrutiny was the legality of two of Butler’s work rules, one prohibiting the “unauthorized posting or distribution of papers,” and the other requiring employees to acknowledge that they “will refrain from using social networking sights [sic] which could discredit Butler Medical Transport or damages its image.” Butler argued that the rules were not official company policy because they were stated in a bullet point list. The ALJ rejected the argument as making a distinction without a difference. Butler relied on the bullet point rules in terminating Norvell and Zalewski, and new employees were required to acknowledge receipt of the list. As such, employees could reasonably understand that they would be disciplined for failing to follow the rules on the list. The ALJ found that the rules violated Section 7 activity because they prohibited employees from communicating to others about their work conditions.
LegalTXTS Lesson: This case doesn’t break new ground, but it does contain a few important reminders for employers grappling with how far they can go in regulating the social media activity of employees.
1. A policy by any other name … is still a policy. Butler’s failure to convince the ALJ that the bullet point list was not company policy should serve as a reminder that if a company communicates a rule to its employees in writing, expects them to follow the rule, and disciplines them if they don’t, the rule is effectively a policy. It doesn’t matter that the rule appears in a document whose title doesn’t include the word “policy,” or that the wording of the rule is informal.
2. Write it right. Given how easily a supposedly informal rule could qualify as a policy, a company should take care in articulating its work rules in the form of an official written policy. Consult with counsel to make sure the wording doesn’t inadvertently violate the law.
3. Don’t go overboard. The NLRB has consistently frowned upon work rules that flat out prohibit employees from posting content on social media that damages the reputation of their employer, or worse yet, bars them completely from speaking to others about work-related issues, whether on social networking sites or other media. (For examples, see the related posts below). Reject categorical bans on employee speech in favor of rules that focus on creating or avoiding specific results.
4. Context matters. Before disciplining an employee for a social media post, understand the context in which the post was made. Is the post about a work-related issue that other employees have discussed before? Does the post call for co-workers to take action? Asking such questions helps management determine if the post is protected under the NLRA.
NLRB dishes out confusion on social media policies
NLRB sanctions employees who fire employees for online “protected concerted activity”
DirectTV’s work rules invalidated by NLRB
No, it’s not an acronym advising you to come to dinner with your favorite vintage of pinot noir. BYOD stands for Bring Your Own Device, a movement that’s changing the landscape of information technology at workplaces across the globe. In the “old days,” companies issued electronic equipment to employees for work use. Today, employees want to use the latest electronics of their own choice for both work and play. Surveys consistently show that companies are giving in to such requests, citing the benefits of increased productivity and morale, as well as cost savings from not having to buy the equipment themselves. However, BYOD programs also create legal risks for companies, including:
- Violation of labor laws like the Fair Labor Standards Act due to the ability of workers to rack up overtime by doing work on personal devices practically anywhere and at any time, whether or not such overtime is authorized by management
- Violation of laws prohibiting disclosure of the private information of customers, clients, or patients, such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act
- Inadvertent disclosure of proprietary company information, which jeopardizes their confidentiality, and as a result, their status as protected trade secrets
- Complicating the e-discovery process, because electronic data that fall within the scope of a discovery request may reside on devices besides those under the direct control of the company
In light of these risks, the knee-jerk response of management might be to forbid BYOD entirely, but that is not necessarily the best approach. BYOD is more prevalent than one might think. A form of BYOD is in play whenever someone stores work data on a personal cloud storage account, uses a personal laptop to draft a memo for work, or forwards work-related word processing files to a private email account for easy access from home. A company need not officially adopt a BYOD program to have one, which is all the reason why management should be proactive about putting BYOD policies in place.
Learn about the specific risks that a BYOD program creates for your company. Develop guidelines on acceptable and unacceptable use of personal devices for work-related purposes. Notify employees of the policies in writing and provide training. Don’t wait until it’s too late!
Want more tips on BYOD? Come to the Advanced Employment Issues Symposium in Las Vegas from November 13-15, where I’ll be giving a presentation on “BYOD Challenges: When Employees Bring Their Own Devices to Work.” Registration information is available at www.aeisonline.com.
Disclosure of confidential client information on the Internet by attorney violates Rule 1.6 of the Rules of Professional Conduct – In re Skinner, 740 S.E.2d 171 (Ga. Mar. 18, 2013)
A Georgia attorney recently learned the hard way that the Internet is no place to vent about a client. The attorney (Skinner) received negative comments from a client on consumer review websites. In response, Skinner posted personal and confidential information about the client on the Internet. After a formal complaint was filed against Skinner by the State Bar of Georgia, Skinner filed a petition for voluntary discipline admitting that she violated Rule 1.6 of the Georgia Rules of Professional Conduct. Rule 1.6 requires a lawyer to maintain the confidentiality of all information gained in the professional relationship with a client unless the client consents to disclosure after consultation. The client obviously did not consent to Skinner sharing her private information on cyberspace.
Skinner filed a motion for voluntary discipline in the form of a reprimand, which is the mildest form of discipline authorized for Rule 1.6 violations. The Georgia Supreme Court rejected Skinner’s petition despite recommendations by the Office of General Counsel of the State Bar and a special master to accept it. As a result, Skinner could face stricter disciplinary measures for her violations.
LegalTXT Lesson: Posting confidential information on the Internet is generally a bad idea. Especially if the information concerns somebody else. And you’re a lawyer. If you’re a professional who has an ethical duty to preserve confidences, like a lawyer, sharing confidential information about a client online is an invitation for trouble.
On a related note, responding to negative online comments with more criticism or hurtful actions (like revealing personal information about the commenter) is rarely an effective means of repairing reputation. The meltdown on the Facebook page of Amy’s Baking Company is an extreme example (although the owners claim the page was hacked). As the adage goes, don’t fight fire with fire.
Google acted as a “publisher” for CDA purposes for including third-party content in search results — Mmubango v. Google, Inc., 2013 WL 664231 (E.D. Pa. Feb. 22, 2013)
Google successfully obtained dismissal of a defamation lawsuit filed by a person (Mmubango) who found derogatory comments about him posted online. Mmubango discovered anonymous statements about himself on the “Wikiscams” website. Mmubango asked Google to remove the statements from its search engine and to give him information about the poster of the comments. Google refused.
Mmubango sued Google and others for defamation, and Google defended by moving to dismiss the claim based on Communications Decency Act (CDA) immunity. The federal district court for the Eastern District of Pennsylvania agreed that Google met the requirements for CDA immunity. First, Google is an interactive computer service provider. Second, Google did not author the allegedly defamatory content, but instead, was provided with it by another information content provider (i.e., Wikiscams). The defamation claim alleged that Google was liable for storing and broadcasting the derogatory comments about Mmubango. Third, Mmubango was seeking to treat Google as the publisher of third-party statements. Deciding whether to provide access to third-party content or, alternatively, to delete the content is an act of publishing. Under section 230 of the CDA, Google could not be held liable for defamation based on its decision to publish a third party’s statements. The court dismissed Google from the case.
Hawai‘i has jumped on the bandwagon of states (along with 31 other states, according to the National Conference of State Legislatures) introducing legislation to ban employers from requesting access to social media accounts of job applicants. Several bills on the subject were introduced in this year’s legislative session, but the one that appears to have the best chance of becoming law is HB713 H.D. 2 S.D. 1 (HB713). The bill has passed the House and gained the approval of two Senate committees. Next up for the bill is review by the Senate Judiciary Committee. As HB713 gains traction, let’s take a look at what it says and some issues it raises in its current form.
SUMMARY OF HB713, H.D. 2
HB713 would insert a new section into the Hawai‘i statute governing discriminatory employment practices, Hawai‘i Revised Statutes (HRS) chapter 378, part I. The proposed law would apply to both job applicants and existing employees. Employers are prohibited from gaining access to a “personal account,” which is defined as:
An account, service, or profile on a social networking website that is used by an employee or potential employee exclusively for personal communications unrelated to any business purposes of the employer. This definition shall not apply to any account, service, profile, or electronic mail created, maintained, used, or accessed by an employee or potential employee for business purposes of the employer or to engage in business-related communications.
Specifically, an employer may not “require, request, suggest, or cause” an employee or job applicant to: (1) turn over access to his or her personal account; (2) access his or her personal account while the employer looks on; or (3) divulge any personal account. An employer also may not fire, discipline, threaten, or retaliate against an employee or job applicant for turning down an illegal request for access.
There are exceptions, however.
- An employer may conduct an investigation to ensure compliance with law, regulatory requirements, or prohibitions against work-related employee misconduct based on receipt of specific information about activity on a personal online account or service by an employee or other source.
- An employer may conduct an investigation of an employee’s actions based on the receipt of specific information about unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to a personal online account or service.
- An employer may monitor, review, access, or block electronic data (a) stored on an electronic communications device that it pays for in part or in whole, or (b) traveling through or stored on an employer’s network, in compliance with state and federal law.
- An employer may get an employee’s login credentials to access an electronic communications device supplied or paid for in whole or in part by the employer.
- An employer may get an employee’s login credentials to access accounts or services provided by the employer or “by virtue of the employee’s employment relationship with the employer” or that the employee uses for business purposes.
- HB713 specifies that the proposed law is not intended to prevent an employer from complying with other law or the rules of self-regulatory organizations, and that the proposed law should not be construed to conflict with federal law.
OBSERVATIONS AND CONCERNS
Shoulder surfing nixed. The bill appears to make “shoulder surfing” by an employer illegal per se. Suppose an employee tells his boss, “Man, you cannot believe the whales my friend saw on her boat this weekend! She sent me a video of it on Facebook.” Intrigued, the boss says he wants to see the video. The employee obliges by logging on to her Facebook account while her boss watches over her shoulder. Did the boss unlawfully “request” that the employee grant him access to her “personal account”? Technically, yes. Note that HB713 has no exception for voluntary consent of the employee.
“Friending” employees might become illegal. Employers and employees sometimes connect on the same social network. While it isn’t always a good idea for an employer to “friend” an employee, it’s not illegal to do so—unless, perhaps, HB713 becomes the law. HB713 bans an employer from requesting that an employee “divulge any personal account.” Yet, that’s exactly what a friend request does—it requests access to portions of a social media account that can be viewed only by the account owner’s “friends.” The “divulge” language probably was intended to reach situations where an employer demands that an employee hand over access to another employee’s personal account. But as written, HB713’s prohibition against divulging any personal account could be interpreted to apply to innocent “friending.”
The line between personal and private is blurry. In a perfect world, employees would use business social media accounts strictly for business purposes and conduct all of their personal social media activity using separate social media accounts. That’s a best practice, not necessarily reality. The line between personal and business can get blurry in the social media space. It’s not unusual for employees to talk about work or promote their company within their personal social networks. If the employee uses his or her personal account for work purposes, shouldn’t the employer, who might have responsibility for the actions of its employee, be entitled to access the employee’s personal account in certain circumstances? On the other hand, to what extent must an employee use his or her personal account for work-related interactions before the employer should be allowed access to the account? These are difficult issues.
To address the issue, the latest draft of the bill tightens up the definition of “personal account” a bit and specifies that an employer may obtain login credentials from an employee to access “[a]ny accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes.” This language is somewhat vague. For example, what does “by virtue of the employer’s employment relationship with the employer” mean? It might well be that HB713 is trying to draw artificial distinctions between personal and work social media accounts when in practice, the distinction is sometimes fuzzy at best.
HB713 still has a few hurdles to overcome before it becomes law. Here at LegalTXTS, we’ll keep an eye out for the status of the bill.