New Jersey Law Journal: Court Provides Guidance on Restricted Social Media Content
The meteoric rise of social media has brought to the forefront issues of employee privacy and the rights of an employer to discipline its employees and manage its workforce. When does a private Facebook rant to hundreds of “friends” become legitimate justification to discipline an employee? A recent District of New Jersey case provides some clarification of what is public versus private under federal law.
In Ehling v. Monmouth-Ocean Hospital Service Corp., Civ. No. 2:11-cv-03305, 2013 WL 4436539 (D.N.J. Aug. 20, 2013), the plaintiff, a registered nurse and paramedic for the Monmouth-Ocean Hospital Service Corp. (MONOC), maintained a Facebook account and had approximately 300 Facebook friends. Although she did not add any MONOC managers, she did add many of her colleagues as Facebook friends. The plaintiff selected privacy settings for her account that limited access to her Facebook wall postings only to her Facebook friends.
In June of 2009, after a media report about an assailant at the Holocaust Museum, the plaintiff posted the following to her Facebook wall:
An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards…. Go to target practice.....
Unbeknownst to the plaintiff, one of her Facebook friends who was also a coworker provided a screenshot of this post to a MONOC manager. As a result, the plaintiff was temporarily suspended with pay and was provided with a memorandum, stating that MONOC management was concerned that her comment reflected a “deliberate disregard for patient safety.” The plaintiff then filed a complaint with the National Labor Relations Board (NLRB), which concluded that MONOC did not violate the National Relations Labor Act (NRLA) and that there was no privacy violation because the post was sent, unsolicited, to MONOC management. Ultimately, the plaintiff, who had an extensive disciplinary record and also took numerous medical leaves for various medical conditions, was terminated after she failed to return to work following a leave of absence and failed to return certain leave-related forms.
The plaintiff instituted an action alleging violations of the Family and Medical Leave Act, the New Jersey Law Against Discrimination and the Conscientious Employee Protection Act. In addition, although the NLRB found that the disciplinary action in connection with the Facebook post did not violate the NLRA, the plaintiff also asserted claims under the federal Stored Communications Act (SCA) and invasion of privacy. In her complaint, the plaintiff alleged that MONOC gained access to her restricted Facebook webpage because a “member of upper management summoned a MONOC employee, who was also one of [plaintiff’s] Facebook friends into his office and coerced, strong-armed and/or threatened this employee into accessing his Facebook account on the work computer in the supervisor’s presence.” Not only did the district court find that this allegation was false, since the plaintiff’s Facebook friend and coworker voluntarily shared the posting with MONOC management, the district court granted summary judgment in favor of MONOC on all claims. In its decision, the district court provided useful guidance for employers regarding access to employees’ restricted social media content.
In assessing the plaintiff’s claims, the court evaluated the SCA, which prohibits access to stored wire and electronic communications and transactional records. Pursuant to the law, it is a violation of the SCA to “intentionally access…without authorization a facility through which an electronic communication service is provided;” or to “intentionally exceed…an authorization to access that facility….” 18 U.S.C. §2701(a).
In evaluating the plaintiff’s claim under the SCA, the court first considered whether the plaintiff’s private Facebook posts fell under the purview of the SCA. In determining whether the SCA applied to nonpublic Facebook wall posts, the district court addressed four issues: (1) whether the wall post constituted electronic communications; (2) whether the wall posts were transmitted via an electronic communication service; (3) whether the wall posts were maintained in electronic storage; and (4) whether the wall posts were private and not accessible to the general public.
The court acknowledged that the SCA defines an “electronic communication” as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photo-optical system.” 18 U.S.C. § 2510(12). Since creating posts requires Facebook users to transmit text, photos, images or other electronic data through the Internet from either a computer or a mobile device to a Facebook server, the district court concluded that Facebook wall posts were electronic communications as contemplated by the SCA. Additionally, the court determined that the plaintiff established the second criterion since Facebook is an electronic communication service provider and the wall posts are transmitted through the Facebook service. The court, in considering the third prong, distinguished between the two types of electronic storage addressed under the law—temporary intermediate storage of an electronic communication, versus backup protection storage of such communication. The court ultimately determined that the type of storage implicated in the Facebook platform is backup protection storage. The court noted that, in the context of social media sites such as Facebook and MySpace, “the website itself is the final destination for the [electronic communication]” but that all comments and information posted to a user’s wall are ultimately saved and archived to a Facebook server. Most importantly, since Facebook saves and archives wall posts and comments indefinitely, the court concluded that the wall posts are stored for backup purposes. Finally, the district court concluded that Facebook wall posts that are configured through Facebook’s privacy controls to be private “are, by definition, not accessible to the general public” and, consequently, constitute nonpublic communications falling under the protective purview of the SCA. In reaching this conclusion, the district court made it clear that whether a wall post is considered “nonpublic” depends upon whether the Facebook user took steps to limit access to the information by the general public on her Facebook wall by adjusting the privacy settings to the account. The fact that the user has a large number of Facebook friends and that a wide number of users may have access to the electronic communication does not make it any less “nonpublic.”
Once the district court found that the plaintiff’s nonpublic wall posts were protected by the SCA, it then evaluated whether the SCA’s authorized user exception applied. Under this exception, the provisions of the SCA do not “apply with respect to conduct authorized (1) by the person or entity providing a wire or electronic communications service; [or] (2) by a user of that service with respect to a communication of or intended for that user.” 18 U.S.C. § 2701(c). In the case at hand, the employer became aware of the plaintiff’s comments through one of the plaintiff’s co-workers, who was lawfully granted access to the plaintiff’s Facebook page as one of her Facebook friends, and who willingly and of his own accord brought such information to the attention of the plaintiff’s managers. For this reason, the court concluded that the SCA had not been violated by the employer because the information posted on the plaintiff’s Facebook page had been brought to its attention by the plaintiff’s co-worker, without any coercion, solicitation or pressure from the employer. The court also granted summary judgment on the plaintiff’s claim for invasion of privacy. In order to prevail on such a claim under New Jersey law, a plaintiff must prove that: (1) there was an intentional intrusion “upon the solitude or seclusion of another or his private affairs”; and (2) this intrusion would highly offend the reasonable person. Inasmuch as the record revealed that the employer was the passive recipient of unsolicited information that it did not seek out or request, the plaintiff did not have a viable invasion of privacy claim.
The Ehling decision demonstrates that private Facebook posts enjoy protection under the SCA, unless someone with lawful access elects to share the information. Given the substantial communications that employees routinely share on social media, employers may be tempted to utilize such information to make employment-related decisions. Although the employer in this case prevailed based upon the authorized user exception, employers should always consider the SCA and other privacy issues when considering employees’ social media use. Furthermore, according to recent NLRB rulings, social media postings between employees concerning the terms of conditions of employment may constitute concerted protected activity under the NLRA.
In addition, as of Dec. 1, 2013, New Jersey employers are prohibited from requesting or requiring an applicant to disclose any user name or password or to provide the employer access to restricted social media content. See N.J.S.A. 34:6B-6. This recently enacted legislation, however, does not “prevent an employer from viewing, accessing, or utilizing information about a current or prospective employee that can be obtained in the public domain.” N.J.S.A. 34:6B-10.
Given the tension between employees’ privacy rights and employers’ right to manage their workforce, as well as the myriad applicable federal and state laws, attorneys should counsel clients and employers should tread carefully when making employment decisions based upon an employee’s social media use.