Not only have technology and social media permeated political and pop culture, but they have also entered the workplace. Consequently, employers and employees are embroiled in a constant battle over Internet use in the workplace.
Some employee Internet use is for legitimate business purposes, but a significant portion is for personal reasons (e.g., communicating with friends and family, planning social events, or posting comments on social media). Accordingly, employers have rightfully developed certain suspicions about employees’ Internet use. Are employees using the Internet to browse inappropriate content? Are they posting derogatory comments about their employer? Because the questions don’t stop there, employers must decide whether there’s a reason to search employees’ accounts and, if incriminating information is discovered, discipline employees for their inappropriate communications or posts.
However, before you go digging for offensive tweets or disparaging Facebook posts, it’s important to remember that the law limits how you can obtain electronic communications, including text messages, e-mails, and social media posts, and what you can and can’t do once you read those communications.
Before you pick up the ’shovel’
In 1986, Congress passed the Electronic Communications Storage Act, commonly known as the Stored Communications Act (SCA). According to the SCA, it is unlawful for anyone to access “without authorization a facility through which an electronic communication service is provided and thereby” obtain, alter, or prevent “authorized access to a wire or electronic communication while it is in electronic storage in such system.”
Although that’s a less-than-clear mandate from Congress, it’s important to attempt to comply with the law because a violation of the SCA can result in civil penalties of $1,000 or actual damages, whichever is greater. Moreover, courts have struggled with whether they should interpret statutory damages as a flat $1,000 or as $1,000 for each electronic communication that was accessed. So, depending on the violation and the court hearing the case, damages could accrue quite rapidly. Notably, the statute also provides for the recovery of litigation costs and attorneys’ fees.
In contemplating the severity of the potential sanctions under the SCA, employers should consider the following “don’ts”:
- Do not allow employees to mix personal e-mail accounts with business e-mail accounts.
- Do not request passwords for employees’ personal accounts.
- Do not allow employees to use saved logins.
- Do not share passwords or allow employees to share passwords.
Business e-mail. First, and most important, employers shouldn’t allow employees to mix personal e-mail accounts with business e-mail accounts. When you hire employees, it’s a best practice to issue them a company e-mail address. Likewise, you should prohibit employees from conducting company business from any personal e-mail accounts.
Personal passwords. Second, employers shouldn’t request employees’ passwords for personal accounts. More than 18 states have enacted laws—or have case law on the books—prohibiting employers from requiring employees or job applicants to provide personal account passwords. Even if your state doesn’t have such a law—yet—you should still avoid requesting employee passwords for personal accounts.
The SCA expressly prohibits someone from accessing an “electronic communication” without authorization. Courts in some jurisdictions have held that the act of requiring an employee to provide her login information as a condition of hire or continued employment amounts to coerced consent.
Saved logins. Third, employers shouldn’t allow employees to use saved logins. Often, employees will save login IDs and passwords for ease of access on company-issued devices. But when the employee separates from the company, he may neglect to remove his saved login information from the device. At that point, it becomes tempting for the employer to access the contents of the former employee’s returned device. However, the employee’s mistake doesn’t imply consent for the employer to review e-mails, text messages, or other communications on the device.
Password sharing. Fourth, employers shouldn’t share passwords with employees or allow employees to share passwords with each other. Not only should employees have their own company e-mail address, but they should have separate and unique login information. That will help you avoid a situation in which managers or coworkers have access to information they don’t have express authorization to view.
Make sure access is authorized
The SCA protects electronic communications that were intended to be private (e.g., Facebook posts protected by privacy settings). The Act isn’t applicable to information that is made publicly available (e.g., Facebook posts not protected by privacy settings). If you do find it necessary to access employees’ electronic communications, you should follow three important rules:
- Do not request or require that anyone turn over personal posts or e-mails.
- Do not create fake accounts to access employees’ personal posts.
- Take advantage of publicly available information.
These three rules relate directly to the issue of authorization given by the employee that allows you to view certain personal communications. Authorization in this context means the employee or another authorized individual has voluntarily and knowingly given you permission to access the subject information.
For instance, if an employee knowingly “friends” his supervisor on Facebook, he has given the supervisor authorization to view his posts, even if the supervisor has made the request only to monitor the employee’s Facebook page. However, rather than going down the “rabbit hole” of attempting to obtain employee authorization, it’s usually advisable to view publicly available information.
Look before you discipline
Keep in mind that there are limitations to workplace policies you can implement and disciplinary actions you can take against employees based on their electronic communications. Under Section 7 of the National Labor Relations Act (NLRA), employees have the right to criticize or protest the terms and conditions of their employment, including employer policies and treatment.
The General Counsel of the National Labor Relations Board (NLRB) has stated that:
A rule [or policy] that prohibits employees from engaging in “disrespectful,” “negative,” “inappropriate,” or “rude” conduct toward the employer or management, absent sufficient clarification or context, will usually be found unlawful. Moreover, employee criticism of an employer will not lose the [NLRA’s] protection simply because the criticism is false or defamatory, so a rule that bans false statements will be found unlawfully overbroad unless it specifies that only maliciously false statements are prohibited.
However, courts have construed employer policies prohibiting conduct that amounts to insubordination as lawful—i.e., such policies do not limit protected employee activity. Also, as part of your policies, you may set forth your expectation that employees cooperate with each other and the company in the performance of their work.
Bottom line
If you discover employee electronic communications before taking disciplinary action, you should ensure that you aren’t punishing the employee for engaging in protected activity under the NLRA. Further, you should never take disciplinary action against an employee for failing or refusing to grant you access to any private e-mail, text message, password, or social media post.
Maggie A. Hanson is an attorney with Davis Brown Law Firm, practicing in the firm’s Des Moines, Iowa, office. She may be contacted at maggiehanson@davisbrownlaw.com.
May 09, 2017 at 09:18PM
from Iowa Employment Law Letter
No comments:
Post a Comment