By: Alan E. Seneczko, Esq.
My teenage daughters refer to adults who monitor their Facebook pages as "creepers." (I suspect at least some of them may more appropriately fall into the category of "parents.") Can an employer be considered a "creeper?" More importantly, can an employer face liability for being a "creeper?" Perhaps not surprisingly, the answer to both of these questions is "yes."
As social networking websites like Facebook and MySpace have become increasingly ubiquitous as a means of communication (at least for some members of the workforce) - and for publicizing thoughts and actions formerly kept private - it is only natural that the information posted on these websites has raised issues in the workplace. Background checks often include searches of MySpace and Facebook pages. Employees post information about their employers and/or things that happen at work. "Groups" form to discuss issues of common concern...and so on.
Can an employer review this information? Should it review this information? Does any law govern such action? Where is the line between permissible review and prohibited access? Although many laws may be tangentially affected by the content of an employee's website (e.g., monitoring or acting upon employee discussions of their wages, hours and working conditions may interfere with the employees' Section 7 rights under the National Labor Relations Act; posting confidential or defamatory information may implicate State trade secret or defamation laws), the first and foremost consideration is whether access to that information violates the Electronic Communications Privacy Act, 18 U.S.C. §2701 ("Stored Communications Act").
The Stored Communications Act is a federal law that prohibits a person from accessing, without authority, "a facility through which an electronic communication service is provided and thereby obtaining... access to... [an] electronic communication while it is in electronic storage in such system." This prohibition does not apply to conduct authorized by the person or entity providing the wire or electronic communications service. The law allows "aggrieved persons" to pursue civil actions to recover actual damages, punitive damages, statutory damages, and costs and attorney fees. It also provides criminal penalties.
Under the Stored Communications Act, an employer is permitted to access and/or monitor electronic communications sent or stored in the service that it provides - such as emails sent through a company system and stored in a company server, but not information stored in remote web-based servers such as yahoo.com, Gmail, Facebook and Myspace - without "authorization."
What constitutes "authorization" to access an employee's Facebook page? This is where "friendship" becomes important. In the world of social networking, there are two types of websites - public and private. If the information is public (i.e., it is posted on the web for all the world to see without any password or invitation), the "authorization" is universal because it is essentially non-existent. On the other hand, if the information is "private" (i.e., it requires a password or invitation), then "authorization" is required. In the world of Facebook, this means an invitation to become a "friend," which grants you access to that person's website.
Employers have faced liability under the SCA when they correctly guessed employees' passwords to access their Hotmail and AOL accounts, see, Fischer v. Mt. Olive Lutheran Church Inc. (W.D. Wis. 2002), Van Alstyne v. Electronic Scriptorium Ltd. (4th Cir. 2009); used the name of an authorized employee to access the website, see, Konop v. Hawaiian Airlines (9th Cir. 2002); and, pressured an employee to provide the password to access a MySpace chat group, see, Pietrylo v. Hillstone Restaurant Group (D. N.J. 2009).
The "line" is thus pretty clear. If an employer can access the information because it is stored on the company server or published on the web, then it will generally be free to review it. On the other hand, if a special password or invitation is required, an employer may not access the information unless it is "invited" or authorized to do so.
The moral of the story: "Creepers" face liability. "Friends" do not. [Note to parents: Do not allow your teenage child to read this article.]
Questions? Please contact WS Shareholder and Senior Attorney Alan Seneczko in our Oconomowoc office at (262) 560-9696, or alseneczko@wesselssherman.com.
