About Us  |  About Cheetah®  |  Contact Us

Employers pay the price while the legal profession struggles to keep pace with employees’ improper use of advancing technologies

December 28th, 2011  |  Lorene Park

The widespread use of the Internet has given employees a powerful tool to vent unhappiness with their employers and to potentially harm business operations by disseminating confidential information. Breaches of confidentiality, cybersmear, and other attacks on employers through the use of mass emails, chat rooms, Twitter, Facebook, and other social media, have become much more common. While the legal profession struggles to keep up, employers face costly litigation. As evidenced by several recent cases, employers have used a variety of approaches in response to Internet and email attacks by employees, with varying success.

For example, in Veolia Trans Servs, Inc v Evanson (November 28, 2011, Wake, N) a former employee sent anonymous emails criticizing her former employer to current employees, the city council, and media organizations. The employer filed suit against John Doe defendants alleging tortious interference, defamation, conversion, and other state law claims. Through early discovery, it was disclosed by Yahoo! Inc. that the former employee owned one of the IP addresses from which the emails were sent and she was served with a subpoena that requested inspection and copying of her computer hard drives, email files and other devices. In response, she deleted emails and her browsing history and then destroyed her hard drive. Given the deliberate nature of her actions, and the risk of substantial prejudice to the company if it had to litigate without the destroyed evidence, the court granted default judgment against her and in favor of the employer as a remedy.

In other cases, employees have been terminated for posting disparaging remarks on Facebook pages. Some of these terminations have resulted in legal actions against the employer. For example, a public employee recently alleged that her Facebook post addressed a matter of public concern and the termination violated her First Amendment right to free speech (Mattingly v Milligan, November 1, 2011, Holmes, J). In the private employment context, there have been concerns that such terminations violated the NLRA. In three advice memos (TAW, Inc; Copiah Bank; Intermountain) recently released by the NLRB, the General Counsel’s Division of Advice recommended dismissing charges against employers alleged to have unlawfully fired employees over Facebook posts. In each case, the General Counsel found no evidence that the posts were protected, concerted activity. Other statutory claims have also been asserted. In one case, an employee who complained on her Facebook page that Morgan Chase did not pay her overtime alleged that the banking giant unlawfully retaliated against her in violation of the FLSA when it fired her (Morse v JP Morgan Chase & Co, June 23, 2011, Whittemore, J). The court rejected her claim, finding that her Facebook post was not a “complaint” within the meaning of the FLSA.

Other cases demonstrate that laws are failing to keep pace with changing technologies. For example, in Obsidian Fin Group, LLC v Cox (November 30, 2011, Hernandez, M), a blogger who criticized a company was not entitled the protection of Oregon’s defamation laws that shield media outlets because the legislature had not yet expanded the list of publications or broadcasts to include Internet blogs. Although the blogger was not an employee, the same rationale would likely apply to an employee blogger. In another recent case, a former employee did not attack the employer, but did take his employer’s Twitter account (PhoneDog v Kravitz, November 8, 2011, James, M). The employee’s job was to provide commentary via a variety of media, including the employer’s website and Twitter account. When the employee left, he changed the Twitter account’s handle to his name and took his 17,000 followers with him. To the employer, all Twitter accounts used by its employees, including the passwords, were proprietary, confidential information. The court upheld the employer’s misappropriation and conversion claims, finding that the numerous thorny issues, including how to value the account for damages purposes and the impact of Twitter’s prohibition against purchasing and selling accounts, precluded any resolution on a motion to dismiss.

Because technology is rapidly advancing, and litigation is an expensive and often ineffective method for addressing breaches of confidentiality, cybersmear, and related issues, it is clear that prevention is the best approach for employers. Possible ways to minimize the risks posed by social media and other electronic communications include the following:

  • Give employees alternative meaningful ways to air their grievances within the company so there is less of a need to “vent” elsewhere.
  • Train managers and HR staff on the importance of open communication with employees but also on how to deal with social media issues.
  • Implement clear computer and Internet use policies that, at a minimum, clearly communicate to employees that they do not have an expectation of privacy when accessing email or social media at work and prohibit employees from discussing the company’s confidential information online. However, be aware that policies banning the use of company images or disrespectful language could be considered a violation of the NLRA, so consider including a disclaimer stating that such policies do not apply to conduct protected by the NLRA.
  • Use confidentiality and non-disclosure agreements. With respect to severance agreements, consider including a non-disparagement provision.
  • Monitor employee computer use, including email access. Limit access to the company’s server or email system to current employees and disable old email accounts, particularly after an employee is terminated. Monitor the Internet for company-related posts or chat rooms.
  • Develop strategies for responding to cybersmear. Identify the risks associated with different types of attacks and determine how to handle each. Employers may want to limit discipline or other responses due to NLRA Sec. 7 concerns and public relations issues. In some cases, the best response may be to do nothing.
  • When developing policies and procedures for limiting and monitoring access to the company’s computers, email systems, or intranet, as well as files containing confidential information, include independent contractors. Although independent contractors may be given the same access as employees, they may not be subject to the same policies and procedures as employees.

Before taking any of these actions, employers would be well-advised to consult with both legal and technological experts, so that the approach taken is one tailored to the employer’s specific needs.