Employees can get carried away on social media. US Airways learned this the hard way when its employee responded to a customer complaint on Twitter with an obscene picture of a woman and a toy jet. An apology and deletion of the tweet followed an hour later (an eternity in cyberspace). US Airways claims its employee made an “honest mistake,” and the incident has not spawned a lawsuit, but one can imagine situations in which the malicious online statements of an employee land the employer in legal trouble.
So what’s an employer to do? Thankfully, employers can find some solace in Section 230 of the federal Communications Decency Act (“CDA”), as a recent Indiana case illustrates. In Miller v. Federal Express Corp., an employee of a non-profit organization, 500 Festival, Inc. (“500 Festival”), and an employee of FedEx separately posted comments on media websites criticizing the plaintiff’s leadership of Junior Achievement of Central Indiana, which he ran from 1994 to 2008. Although the employees posted the comments using aliases, the plaintiff traced the comments back to IP addresses assigned to 500 Festival and FedEx and sued them for defamation.
The Indiana Court of Appeals affirmed the trial court’s dismissal of the defamation claims against 500 Festival and FedEx based on the Section 230 of the CDA. Congress passed Section 230 to protect companies that serve as intermediaries for online speech from liability for harmful content posted by third parties. A defendant claiming Section 230 immunity must show that: (1) it is a provider or user of an interactive computer service; (2) the plaintiff’s claim treats it as the publisher or speaker of information; and (3) another information at issue was provided by another content provider. Satisfying these three elements immunizes the defendant from suit, although the author of the offensive content could still be held liable.
It’s not difficult to see how Section 230 applies where, for instance, the operator of an online discussion forum is sued for defamation based on a comment posted by a forum member. The operator easily qualifies as an “interactive computer service” and can argue it is not liable for content that someone else published. But could a corporate employer qualify for Section 230 immunity? The court in Miller said yes, siding with precedent set by California and Illinois courts. An employer that provides or enables multiple users on a computer network with Internet access qualifies as a provider of an interactive computer service. Since the defamation claims tried to hold 500 Festival and FedEx liable for allegedly publishing statements made by their employees, Section 230 barred the claims.
Controlling what employees say online can be a daunting task, but it’s nice to know that employers have some protection from legal liability for the “honest” (or not so honest) mistakes of employees.
With a single tweet, an employee of IAC (owner of websites like Match.com and Vimeo) went from relative obscurity to the target of an Internet inquisition. Before boarding a plane, Justine Sacco posted this message on Twitter: “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white!” The tweet went viral while Sacco was en route to South Africa, oblivious to the controversy brewing online. Death threats landed in her inbox. Someone opened a parody Twitter account for Sacco. A hashtag (#HasJustineLandedYet) was created to help people keep track the arrival of her plane. IAC quickly condemned Sacco’s tweet in a press release and on social media. The New York Times published an article about the controversy later the same evening. The next day, IAC fired her. Sacco issued an apology on Sunday.
Social media meltdowns are nothing new, but the story highlights four myths that can get professionals into social media trouble.
- “I’m a pro—I know what I’m doing.” Sacco worked as a communications director for IAC. One might expect a PR professional to be sensitive about what their public expression, but Sacco’s expertise apparently didn’t save her from posting a message that many found offensive. Before posting, think twice (or thrice) about how the message will be received by the public.
- “No one will ever find out.” Sacco’s Twitter account didn’t have many followers at the time she posted the controversial tweet—less than 200. Having a small following can create a false sense of security that the public will never see the contents of the account. But one doesn’t need to be an Internet rockstar to get into trouble. Posts can go viral if a follower shares it with someone else, who in turn shares it with another person, and so on …
- “No worries, it’s my personal account.” Just because a social media account is designated as personal doesn’t mean it should have no filter. Although Sacco used her personal Twitter account to make the infamous post, her account profile listed IAC as her employer. This made it easy for readers to associate IAC with Sacco’s post. As a result, IAC was involuntarily drawn into the controversy. The moral of the story is that the lines between personal and professional are very blurry on the Internet.
- “Just this one time.” Bad judgment on social media is seldom an isolated incident. Earlier in 2013, Sacco had tweeted: “I can’t be fired for things I say while intoxicated right?” Because social media extends brand management beyond official company channels, companies should keep track of employees who publicly identify their employer and periodically check if those employees regularly interact in ways that damage the company brand.
The Sacco incident teaches that the value of training on good social media practices cannot be overemphasized. The old adage about an ounce of prevention is no less true in the digital age.
I’ll be speaking on December 18 at a half-day seminar on “Ethics and Social Media: What Attorneys Need to Know.” The seminar is good for 3.0 hours of Hawaii MCPE credit and 3.0 hours of California CLE credit. You might be interested in attending if you have questions like:
- What are the rules on legal advertising on social media?
- Should lawyers even set up a social media account?
- Who should I friend on Facebook?
- What are the do’s and don’ts of tweeting?
For more information or to register, click here.
FC 250 Grand Marshal, Paula Deen (Photo credit: Bristol Motor Speedway & Dragway)
Lisa Jackson’s discrimination and sexual harassment lawsuit against Paula Deen settled last Friday, but not before Deen tried to remove Jackson’s attorney, for publicly disparaging her on social media. A court order filed hours before the settlement reveals that in March, Deen’s lawyers filed a motion for sanctions against Matthew C. Billips, the lawyer who represented Jackson (read the motion here). The motion alleges that Billips made offensive remarks about Deen on Twitter. Some of the more eyebrow-raising tweets included:
“I’ve been doing Paula Deen, in a strongly metaphorical sense”
“I plan on undressing [Deen]” (in reference to an upcoming deposition of Deen)
“Now talk about fun, suing Paula Deen is a hoot!”
In another Twitter conversation about Deen’s diabetes, Billips allegedly referred to Deen’s food with the hashtag #buttercoatedbuttercookies.
Based on Billips’ tweets and his discovery practices, Deen’s lawyers asked the court to disqualify him from continuing to represent Jackson. As the August 23 court order shows, the judge declined to disqualify Billips, but it was open to imposing some form of sanctions against him. The judge has indicated that the settlement will not stop the court from sanctioning Billips despite Deen’s lawyers attempt to withdraw their sanctions motion in light of the settlement. Billips has 20 days as of Friday to show why he should not be sanctioned.
This cautionary tale that teaches litigants (and their attorneys) not to discuss pending cases on social media. Posts on social networks like Facebook and Twitter can be publicly accessible, are potentially discoverable, and can be the basis for a defamation lawsuit. There’s little to be gained and much to lose by talking about a lawsuit online. For that reason, lawyers now commonly instruct their clients in their retainer agreements not to discuss the case with anyone on social media, even family and friends. Lawyers would do well to follow their own advice.
Employer sues ex-employee for not updating his LinkedIn profile — Jefferson Audio Visual Systems, Inc. v. Light, 2013 WL 1947625 (W.D. Ky. May 9, 2013).
What would you do if your ex-employee told everybody he still works for you? One company’s response was to sue. In the first case of its kind, the company decided to sue its former employee for fraud for not updating his LinkedIn profile.
Jefferson Audio Visual Systems, Inc. (JAVS) fired its sales director, Gunnar Light, after he mishandled a potentially lucrative deal and made defamatory statements about JAVS to a prospective customer. Shortly afterwards, JAVS filed a lawsuit against Light alleging various claims, including fraud. JAVS argued that Light was fraudulent in failing to update his LinkedIn profile to reflect that he was no longer a JAVS employee. A Kentucky federal court dismissed the fraud claim because JAVS failed to show that it was defrauded by Light’s LinkedIn profile. At most, JAVS alleged that the profile tricked others. Under Kentucky law, a party claiming fraud must itself have relied on the fraudulent statements.
LegalTXTS Lesson: JAVS’ actions against its ex-employee might have been rather extreme, but the case is a reminder that ex-employees can leave behind an electronic wake that is damaging. Because computer technology is an integral part of work life, management needs to be intentional in disengaging ex-employees from the electronic systems and online persona of the organization. Each organization must determine for itself what measures for dealing with such post-termination issues are feasible, effective, and consistent with its objectives, but here are some suggestions:
1. Promptly update the organization’s website, social media profiles, and any other official online presence to reflect that the former employee no longer works for the organization.
2. Specify who owns Internet accounts handled by the ex-employee for the organization’s benefit and the information stored in the accounts. This includes social media accounts and cloud storage accounts (e.g., DropBox, Google Drive, SkyDrive) to the extent they contain proprietary data. As part of this measure, be sure to obtain the information needed to access the accounts, including any updates to login credentials.
3. Restrict the amount of access to which former employees, as well as current employees whose departure is imminent, have to workstations, databases, and networks of the organization. Limiting access helps to prevent theft of trade secrets and proprietary information. Many CFAA lawsuits have been spawned by a failure to take this precaution.
4. Check if the employee left behind anything that would enable him or her to gain unauthorized access to company systems, like malware, viruses, or “back doors.”
5. Enable systems that allow of erasure of the organization’s data from electronic devices used by the ex-employee to remotely access the work network, such as smartphones, laptops, and tablet computers.
6. Establish guidelines on employee use of the company’s intellectual property on personal internet profiles (e.g., Facebook, Twitter, LinkedIn), including trademarks and trade names.