To a certain extent, employers have always tried to monitor their employee’s conduct outside of the workplace. Many employers require employees to disclose criminal charges or convictions, and to refrain from other off-work conduct which might embarrass the company. Further, we have all heard the stories of private investigators photographing employees working on their house or windsurfing while they were supposedly on medical leave.
The advent of social media, however, has made stalking employees far easier than it ever has been before. Rather than paying a private eye, employers can find out a good deal about their employees’ non-work activities at the click of a mouse. There are stories of employers requiring employees to provide them with their social media passwords as a condition of employment. The question is, though, how much of this snooping is legal?
The answer boils down to whether your social media is public or private. A good way to understand the legality of online snooping is to think of it in terms of a physical search. If you are on a public roadway or in your front yard visible from the street, you have no expectation of privacy. A private investigator has the right to follow your car or take pictures of you in your visible yard, because you are intentionally exposing yourself to public view.
It is not legal, however, to peek over your privacy fence or to come onto your property and look into your windows. This is because you have a right to privacy in areas that you reasonably expect to be private. If someone physically invades your private area, they may be subject to a civil suit for invasion of privacy, as well as criminal prosecution for trespassing. It is also important that you took steps to keep your private areas private, for example putting up curtains.
In the 2013 case of Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 872 F. Supp. 2d 373, a New Jersey Federal District Court found that social media accounts are internet service providers (ISP’s) under the Federal Stored Communication Act, 18 U.S.C. § 2701, and thus are subject to that Act. With respect to sites like Facebook and MySpace, Ehling found that they are ISP’s with respect both to private messages and “wall posts.”
Under the FSCA, it is illegal to intentionally access without authorization a facility through which an electronic communication service is provided; or to intentionally exceed an authorization to access that facility. In addition to criminal penalties, the FSCA provides a civil action for anyone whose information is illegally accessed in section 18 U.S.C. § 2707. A plaintiff in an FSCA case may obtain actual damages or $1,000.00 per violation, whichever is greater, punitive damages, attorney fees and costs.
Ehling, however, drew a distinction between private information stored by the ISP, which is protected by the FSCA, and public information which is not. Similar to the front lawn in the physical example above, a public social media account is likely fair game for employers. The Court held that “it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information in an indisputably public medium, such as the internet, without taking any measures to protect the information.”
With many social media sites, you have a good deal of control over what information about you is disclosed, and who it is disclosed to. Facebook, for example, allows you to set your profile to public or private and to control the audience for various posts. A tremendous amount of people, however, have either a fully or partly public account, which means that information can be seen by anyone who has a Facebook account.
In addition to public accounts, social media information is typically shared with other users. Using the example of Facebook again, some or all information is shared with “friends,” which probably includes some friends from work. Unsurprisingly, work friends from time to time willingly or unwillingly disclose your social media information to management.
A typical reaction to this is to point out that disclosing information to a friend is not the same thing as disclosing it to your boss, and this is very true. In Ehling, however, the Court found that once you disperse your information to your friends they are free to do anything with it that they like, including giving it to your employer. Ehling requires that giving this information to any employer must be voluntary, without any coercion or pressure. Basically, if your “friend” decides on their own to provide information to your employer it is voluntary, but employer is going around asking if anyone has access to your social media account this is coercion.
Coerced or underhanded access to social media information will likely violate the FSCA. In addition to requesting access from other employees, this would include setting up phony accounts or using the saved login data of either the employee in question or another employee.
Accessing social media data by any method is exceedingly dangerous for an employer. This is in part caused by the fact that you are not just accessing the employee’s information, but that of all their friends and contacts which could well be deeply personal. While they have no right to privacy if the employee voluntarily discloses it, if you access it improperly you may be looking at a lawsuit from not one but potentially hundreds of people. It also has a significant yuk factor – I would not want to be in the position of arguing that because you required an employee to turn over their social media password as a condition of employment in case it was needed for “work reasons,” that you therefore had the right to read private messages from their Aunt Judy in which she reveals she has breast cancer. Remember, exceeding authorization is just as bad as no authorization.
Further, in addition to the FSCA, Ohio law recognizes an invasion of privacy tort claim for the wrongful intrusion into one’s private activities and for the publicizing of one’s private affairs with which the public has no legitimate concern. This protection may actually be broader than the FSCA, and entitles a prevailing plaintiff to compensatory damages and potentially punitive damages.
Finally, reviewing social media accounts – even public accounts – can lead to other trouble. Pictures might reveal that an employee has a disability or is in an interracial relationship. You would not want to be in a position where an employee is terminated the day after a manager viewed a post in which an employee revealed that they were HIV positive.
In sum, although it can be done legally employers should be very careful about using social media to snoop on their employees. While the urge to stalk employees on Workers’ Compensation leave or intermittent FMLA leave can be very strong, the risk may just be too great. Anyway, that picture of your employee windsurfing might be three years old.
Attorney Advertising. This information is designed for general information only. The information presented should not be construed to be formal legal advice nor the formation of a lawyer/client relationship. Past results and testimonials are not a guarantee, warranty, or prediction of the outcome of your case, and should not be construed as such. Past results cannot guarantee future performance. Any result in a single case is not meant to create an expectation of similar results in future matters because each case involves many different factors, therefore, results will differ on a case-by-case basis. By providing certain contact information herein, you are expressly authorizing the recipient of this message to contact you via the methods of communication provided.