EVERYTHING (WELL ALMOST EVERYTHING) EMPLOYERS AND ...



right180975EVERYTHING (WELL ALMOST EVERYTHING) EMPLOYERS AND EMPLOYEES (AND THEIR COUNSEL) NEED TO KNOW ABOUT ELECTRONIC COMMUNICATION POLICIES AND SOCIAL MEDIAbyYvette D. Everhart, EsquireSara J. Geenen, EsquireBethanie Barnes, EsquireEric Akira Tate, EsquireSection of Labor and Employment LawAmerican Bar Association14th Annual Labor and Employment Law Conference (Virtual)November 12, 2020Available Courtesy of: SASS LAW FIRM 601 West Dr. Martin Luther King Jr. Boulevard Tampa, Florida 33603 813.251.5599 ?202000EVERYTHING (WELL ALMOST EVERYTHING) EMPLOYERS AND EMPLOYEES (AND THEIR COUNSEL) NEED TO KNOW ABOUT ELECTRONIC COMMUNICATION POLICIES AND SOCIAL MEDIAbyYvette D. Everhart, EsquireSara J. Geenen, EsquireBethanie Barnes, EsquireEric Akira Tate, EsquireSection of Labor and Employment LawAmerican Bar Association14th Annual Labor and Employment Law Conference (Virtual)November 12, 2020Available Courtesy of: SASS LAW FIRM 601 West Dr. Martin Luther King Jr. Boulevard Tampa, Florida 33603 813.251.5599 ?2020EVERYTHING (WELL ALMOST EVERYTHING) EMPLOYERS AND EMPLOYEES (AND THEIR COUNSEL) NEED TO KNOW ABOUT ELECTRONIC COMMUNICATION POLICIES AND SOCIAL MEDIA Yvette D. Everhart, EsquireSass Law Firm601 West Dr. Martin Luther King Jr. Boulevard Tampa, Florida 33603813.251.5599 AS SOCIAL MEDIA PERVADES EVERYDAY LIVING, IT HAS CREATED PRIVACY CONCERNS AND OTHER WORKPLACE ISSUES. Social media has come a long way from dial-up Internet and clunky chat rooms. As the cost of technologies, such as phones and laptop computers, has decreased, and access to the Internet has become inexpensive and accessible via mobile devices, the ability to communicate and disseminate information virtually has grown exponentially. Social media fuels this kind of communication.“Social media” is a broad concept that includes web- and mobile-based technologies that virtually distribute user-generated content to create an interactive dialogue. Over 90% of adults in the United States are now online. Whereas 5% used social media in 2005, of those adults online, nearly 90% (around 75% of all adults in the U.S.) use at least one form of social media, including nearly 90% of “millennials” (ages 24-39). Not only are more people using social media, people are using social media more often and in more physical places. Over 90% of adults age 55 or under have and use smart phones to access the Internet and communicate, while a large portion of that group also own tablet computers. “Boomers” are also, undeniably, heavy adopters of mobile technology and social media. As a result, access to social media is no longer tied to a desk. Instead, information may be streamed from anywhere or tweeted out at a moment’s notice. The number of mobile applications have exploded and the types of users of particular apps and platforms often vary. While some early forms of social media, like MySpace have disappeared, Facebook? remains, while new applications like SnapChat, Instagram, YouTube, TikTok, Reddit, and WhatsApp, to name a few, are constantly being released. Whatever the app or device, four simple truths generally remain. 1.First, once content is released into the Internet, it cannot be pulled all the way back out. 2.Second, a user loses control over the information they post on social media as soon as it is posted. 3.Third, it is available anywhere and everywhere. 4.And, fourth, a huge amount of inaccurate data is routinely disseminated via social media.As a result of the increased use of social media and corresponding technological advancements in cellular technology and tablet devices, there has been an explosion in concerns about privacy, data security, and proprietary information. Websites and phones collect data about a person’s online habits, the websites they visit, what they purchase, and often where they are located. Credit card information is stored online. Businesses and law firms may store their work – confidential, privileged, proprietary, or otherwise – in a cloud. People can be tracked by their phones or other general geo-location software, or by failing to account for the time and location stamps on posts. The issues surrounding social media crept into the workplace early on. In the labor and employment sphere, many of us first saw these issues in on-duty employee use of social media, when an employee’s “friend” shared an off-duty post with management or, even worse, when a post showed an employee doing “something” or posting about something that reflects poorly on the employer and goes viral. The risk of damage to an employer’s property interests and/or reputation led to new employer policies addressing employee social media use and the other issues that arise in an increasingly digital workplace, including minimizing digital distractions, compensation issues, digital and proprietary provisions such as ownership of a carefully curated social media account that was used in the course of business. These policies often reflect an attempt to control the employer’s property and image concerns by limiting on- and off-duty social media use and what employees say and/or post, while addressing the employer’s right to monitor and/or search employee digital data, and disputes over same. There has been a significant amount of push and pull between employers who want to monitor employees’ on-duty and off-duty social media habits and use the information they collect versus employees who expect some level of privacy in their online activity, particularly where that activity is off-duty and on a personal device. Significant legal developments have resulted as courts try to sort out the sometimes-inherent conflict between individuals’ privacy interests and employers’ property interests. Some of these developments are new takes on basic legal principles related to the expectation of privacy and electronic communications regulation which existed before the widespread use of social media, as well as, in public workplaces, First and Fourth Amendment concerns. In addition, the law has and continues to evolve alongside social media applications and other factors that routinely come into play when balancing employer’s and employee’s interests which ‘involve whether the device was personally or employer owned, the Internet network used to access or post social media, the content posted, and the privacy settings; and the employer’s social media/technology policy, as well as policies about ownership of digital data and information (usernames, accounts, “friends” and connections). The reasonableness of that expectation further depends on the “Terms of Use” – the little box you click on and agree to in order to access the Internet, or the workplace policy distributed to employees.Benefits of Using Social Media/Networking.Recruiting. Social networking sites such as LinkedIn? can prove an inexpensive and efficient way for employers to identify potential job candidates. Investigative Tool in Hiring Process – Identifying Strengths and Potential Red Flags of Applicants. With the popularity of social media, many employers check job candidates’ social media and networking profiles to screen out certain candidates or to inform as to the ultimate employment decision. An employer may spot potential red flags, such as pictures of the applicant engaged in drug use or other illegal acts, or may use professional networking sites to research a candidate’s professional reputation.Identifying Untruthfulness, Misuse of Sick Time, and/or Violations of Policies or Agreements. Investigate Abuse of Sick and/or FMLA Leave. An employer may discover that an employee was really at the beach or an amusement park on a day the employee called in sick.Jaszczyszyn v. Advantage Health Physician Network, 504 F.3d 440 (6th Cir. 2012) (employer lawfully terminated employee for fraud when pictures of the employee drinking at a festival were posted on Facebook? when employee was on FMLA leave and allegedly incapacitated).Evidence of Policy Violation. An employee’s comment or post on social media may reveal that the employee is violating one of the employer’s policies while at work (e.g., a tweet saying, “took a one-hour nap in the supply room again today” while on company time).Evidence of Violation of Agreements. Employers can use social media to research whether employees or former employees are complying with their employment and/or post-termination obligations, such as non-compete agreements, non-solicitation agreements, and confidentiality agreements. Activity on Social Media/Networking Sites May Implicate Restrictive Covenants. Connecting with people on social media/networking sites, or updating or posting on social media/networking sites, may implicate restrictive covenants. BTS, USA, Inc. v. Executive Perspectives, LLC, 2014 WL 6804545 (Conn. Super. 2014) (defendant who left plaintiff-employer to work for competitor did not violate non-compete or non-solicitation agreement by updating his LinkedIn? profile and encouraging his “connections” – which included clients of plaintiff – to check out competitor’s new website; court noted that plaintiff “had no policies or procedures regarding employee use of social media,” did not request or require ex-employees to delete their clients from LinkedIn? accounts, and did not discuss with defendant his LinkedIn? account in any fashion).Pre-Paid Legal Servs., Inc. v. Cahill, 924 F. Supp. 2d 1281, 1291-94 (E.D. Okla. 2013)?(collecting cases and finding that Facebook? posts were not solicitation)KNF&T Staffing, Inc. v. Muller, No. 13-3676-BLS1 (Mass. Sup. Ct. Oct. 24, 2013) (former employee changing the employment information on his LinkedIn? profile did not constitute solicitation in violation of his non-compete and non-solicitation agreements). Invidia, LLC v. Difonzo, 2012 WL 5576406 (Mass. Super. 2012) (plaintiff hair salon sued its former hair stylist for breach of a non-solicitation agreement, citing that defendant had become Facebook? “friends” with eight of the plaintiff’s clients since leaving and her Facebook? page announced her new employment with competitor; Court held defendant’s conduct did not violate the non-solicitation agreement).Coface Collections North America Inc. v. Newton, 430 Fed. Appx. 162, 164-165, 165 n 2 (3d Cir. 2011) (granting employer a preliminary injunction against former employee who sent Facebook? friend requests to his former co-workers and directed them to his Facebook? post encouraging people to apply to employer’s competitor).Enhanced Network Solutions Group, Inc. v. Hypersonic Tech. Corp., 951 N.E. 2d 265 (Ind. Ct. of App. 2011) (defendant company’s job posting on LinkedIn? did not violate non-solicitation agreement with plaintiff company where defendant’s public posting could be viewed by people other than plaintiff’s employees; court noted that if plaintiff wished to eliminate the possibility of similar conduct in the future, it should provide a definition of “solicit” in future agreements that clearly specifies the kind of activity it wished to prohibit).TEKSystems, Inc. v. Hammernick, No. 10-CV-00819 (D. Minn. Oct. 18, 2010) (employer sued former employee for solicitation based on former employee’s LinkedIn? connection; case was dismissed without decision pursuant to parties’ settlement).Thus, employees’ use of social media/networking may reveal potential violations of employment agreements or inform employers of what conduct to protect against in future employment agreements with employees and departing employees.Risks of Use of Social Media/Networking.Potential for Discrimination. By reviewing various social media and networking sites, employers can discover a wealth of information about an applicant or employee that they would not otherwise have, including:Race/ColorAgeReligious BeliefsSexual OrientationMemberships/AffiliationsPolitical AssociationsMarital StatusParental StatusAn employer’s access to this information increases the likelihood of illegal discrimination against an applicant or employee and strengthens potential claims of such discrimination.Nieman v. Grange Mutual Casualty Co., 2012 U.S. Dist. LEXIS 59180 (C.D. Ill. Apr. 2012) (allowing a plaintiff to proceed with an age discrimination claim where the plaintiff alleged that the employer learned of his age based on his graduation date listed on his LinkedIn? page).C. Martin Gaskell v. University of Kentucky, No. 5:09-cv-00244-KSF (E.D. Ky. 2009) (employer elected not to hire highly qualified candidate after performing an Internet search and discovering the candidate’s religious beliefs; the resulting discrimination case settled for $125,000 in 2011).Potential for Cyberbullying and Harassment. Employees, including managers, may use social media outlets to harass or cyberbully their fellow co-workers. A 2017 survey found that 63% of working adults were aware of workplace bullying, 19% witnessed bullying in the workplace and 19% were bullied or experienced bullying in the workplace. See Section III outlining cases on employee’s use of social media and other electronic sources can raise liability issues.Employees’ Online Complaints. Employees may use social media to complain or make disparaging remarks about their working environment, supervisors, or co-workers. Employers may discover these employee complaints through their use of, or access to, social media. However, employers must exercise caution if using such complaints to form the basis for discipline because some conduct may be protected activity under the National Labor Relations Act (“NLRA”) as discussed in Section IV of this outline. False Information. An employer cannot be certain that the information it obtains from Internet sources is accurate. The profiles of potential candidates may contain undeserved glowing recommendations or harsh criticisms from friends and foes alike. Further, a candidate’s online self-description may be inaccurate and misleading to an employer relying on such information. Employee Disclosure of Proprietary Information.Employees may use social media/networking to disclose an employer’s proprietary information or other information that the employer may not want publicly available. However, the rise in social media and networking makes it more difficult to protect client contacts or customer lists, because websites such as LinkedIn? and Facebook? can provide public access to client and customer contact information.Sasqua Group, Inc. v. Courtney, 2010 U.S. Dist. LEXIS 93442 (E.D. N.Y. Aug. 2010) (finding that where contacts and customer information could be ascertained through an Internet search, such as LinkedIn?, Facebook?, etc., there was no protection to the customer list as a trade secret, especially if the employer does not take any steps to protect its customer lists).Employees may also use social media/networking to disclose proprietary or confidential information about the employer’s clients, customers, or other employees. Such employee disclosures may give rise to employer liability, particularly where the employer does not have a policy in place prohibiting and/or monitoring for such disclosures.Employer Liability for Non-Disclosure. The Federal Trade Commission Guidelines state that when there is a connection between a person endorsing a product and the seller of the product “that might materially affect the weight or credibility of the endorsement,” the connection must be fully disclosed. 16 C.F.R. §255.5.Thus, an employer may be liable when its employees comment on the employer’s services or products on blogs or social media/networking sites if the employment relationship is not disclosed.EXAMPLE: When an employee posts favorable or promotional messages to an online message board discussing the employer’s product, knowledge of the poster’s employment would likely affect the weight or credibility of the endorsement. Therefore, the poster should clearly and conspicuously disclose his or her employment relationship to the employer. Otherwise, the employer may face liability for the post. See 16 C.F.R. §255.5.Minimizing Risks of Use of Social Media/Networking in the WorkplaceThe best way to minimize risks is to implement and enforce a well-written electronic communications policy and/or social media policy as discussed in this outline.Give appropriate weight to information obtained from social networking sites based on the likelihood of reliability. If certain opinions or recommendations seem extraordinarily positive or negative, they may be unreliable.Google? Alerts is a service offered by the search engine company Google? that allows a user to monitor any content that is posted in news, blogs, or the web regarding a specific list of search terms which the user provides. Google? Alerts can be used to monitor potential employees, clients, references to the company, etc. Perform a search of candidates’ social media in-house. This will eliminate the need to comply with the Fair Credit Reporting Act’s requirement to inform the candidate before performing the search.Have someone other than the decision-maker pre-screen the information and provide the decision-maker with only job-related information. This process will take advantage of the benefits of social networking research without exposing the company to liability for discrimination based on protected characteristics obtained from the search.Make sure the employer is able to provide a legitimate, non-discriminatory reason for denying an applicant employment or taking certain employment actions. Address ownership of social media accounts, the contents of the social media site as well as contacts at the time of hire, including an explanation regarding who owns the social media. Several courts have recently addressed whether an employer can assert an interest in social network accounts maintained by employees.Int’l Bhd. of Teamsters Local 651 v. Philbeck, No. CV 5:19-105-DCR, 2020 WL 2950350 (E.D. Ky. June 3, 2020) (finding that a former president of a local union was required to relinquish control of the social media pages he made for the union while he was in power, despite his contention that he “created to communicate with Union members, held out as official Union pages, promoted on business cards and the official website, and other members of the Union had administrative privileges.”).Mattocks v. Black Entertainment Television LLC, 43 F. Supp. 3d 1311 (S.D. Fla. 2014) (finding that “likes” were not a property interest belonging to the employee who created the page but promoted the employer’s business). In re CTLI, LLC, 528 B.R. 359 (Bankr. S.D. Tex. 2015) (finding that former majority owner of a firearm business undergoing a Chapter 11 bankruptcy reorganization must relinquish control of the social media accounts, even though he created them himself and used them as an extension of his “personality” and personal social media account).Eagle v. Morgan, 2011 WL 6739445 (E.D. Pa. Dec. 22, 2011); 2012 WL 4739436 (E.D. Pa. Oct. 4, 2012); 2013 WL 943350?(E.D. Pa. Mar. 12, 2013) (finding that former employee owned content to LinkedIn? account, but suffered no damages).Christou v. Beatport, LLC, 849 F. Supp. 2d 1055 (D. Co. Mar. 14, 2012); 2013 U.S. Dist. LEXIS 9034 (D. Co. Jan. 23, 2013) (employee maintained MySpace? page for employer during employment, employer sued for theft of MySpace? friends after employee left and opened competing business; in July 2013, jury found in favor of defendant).PhoneDog, LLC v. Kravitz, Case No. C11-03474, 2011 U.S. Dist. LEXIS 129229 MEJ (N.D. Cal. Nov. 8, 2011), 2012 U.S. Dist. LEXIS 10561 (N.D. Cal. Jan. 30, 2012) (involving Twitter account and employer’s allegation that it owned the account upon employee leaving its employ; case settled and left question unanswered as to who owned the Twitter content).Include social media policies in handbooks. See Section IV on the NLRA and drafting considerations. When using social media as an investigative tool to obtain evidence of improper behavior justifying adverse employment actions, be sure to enforce the rules evenly. Use of social media investigative tools to punish one employee while not similarly punishing a similarly situated employee who engages in the same behavior can be used as evidence of discrimination. Follow record retention requirements for applicants and/or employee files. Federal Requirements. These remain unchanged even with the new advent of social media and online recruiting. See 29 C.F.R. §1602.12 (governing Title VII of the Civil Rights Act of 1964, 42 U.S.C. §2000e, et seq., the Americans with Disabilities Act of 1990, as amended by the ADAAA, 42 U.S.C. §12101, et seq., and Genetic Information Nondiscrimination Act of 2008, 42 U.S.C. §2000ff, et seq.); 29 C.F.R. §1627.3 (governing the Age Discrimination in Employment Act of 1967, 29 U.S.C. §621, et seq.); see also FLSA, 29 U.S.C. §201, et seq. (providing that every covered employer must keep certain personnel records for all non-exempt employees.).Online Recruitment and/or Use of Social Media. The use of online recruitment or social media does NOT alter the employer’s responsibility to preserve electronic data just as it would hard copies of employment applications, resumes, interview records, etc.State Law Requirements. An employer may also have record retention requirements under state law as well. For example, many states have open or public records laws that would require retention of such records. Incorporate language in social media policies as it relates to non-competition and/or non-solicitation activities after an employee’s separation of employment. Maintain confidentiality agreements and social media policies that explicitly address employee use of social media and confidential information.EXAMPLE: Define what information constitutes confidential and/or proprietary information and restrictions for sharing on social media.Provide examples of both good and bad practices when using social media in the workplace. Refer employees to one specific company official to discuss social media issues or answer questions. Train all employees on the social media policies.Make sure that the any social media policy, as well as the consequences for violation of the social media policy, does not violate the NLRA, as discussed below.EMPLOYEES, MONITORING, AND THE REASONABLE EXPECTATION OF PRIVACY.If 2020 is an indicator of things to come, the future of work is virtual. Both employers and employees recognize the benefits and consequences that come from a distributed workforce. On the one hand, employees are able to spend more time with their families and avoid long commutes. Yet, when the home base is also the workplace, it becomes increasingly difficult for employees to create a distinction between work and their personal affairs. For employers, distributed work offers decreased spending on physical spaces and social events. However, with the economic strain of a global pandemic, employers are concerned about managing productivity, enforcing their workplace policies and other risk management considerations. Many employers are relying on electronic monitoring to achieve these objectives, but without instituting a well-defined policy and obtaining employee consent, employers may be creating more problems than solutions.The “reasonable expectation of privacy” and an employer’s ability to monitor or search employee social media use or devices (which store digital data, electronic communications, and Internet usage data, or access cloud-based servers or applications) or electronic communication is highly circumstantial. The reasonableness of an expectation depends on whether the use or action occurs on duty or off duty, who owns the equipment posting and accessing social media. It also involves the third-party service providers and platforms being monitored and/or searched. Finally, it involves the consistency of an employer’s actions related to the social media policy. As a general rule, “employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.” City of Ontario v. Quon, 560 U.S. 746, 760, 130 S. Ct. 2619 (2010). Thus, the expectation of privacy and extent of permissible monitoring or searching of employee social media use is governed by the employer’s reasonable policy which must also comply with various state and federal laws and regulations which establish baseline data privacy, monitoring, and workplace rules. First and Fourth Amendment considerations also apply in public workplaces. The basic principles of the laws are set forth herein. The cited cases are far from all of the cases on the particular topic and it is important to note that for nearly every decision cited in this outline, there is another decision that found to the contrary. There is far from uniformity in how these laws have been interpreted and applied by the courts considering them. Key Federal Legal Considerations. Data monitoring may take the form of live monitoring of employee activity, keyloggers which log activity, reviewing e-mails or Internet activity that is logged and stored on a physical or cloud server or on a computer, accessing employees’ private or business pages, groups, profiles, and/or accounts, recovering backup or discarded or deleted documents or metadata, or searching/monitoring memory storage on hard devices. Different rules apply depending on whether the information was obtained while it was being transferred or disseminated or whether it was stored, if the data was stored on a device or in a cloud or web-based program, and whether and how access to the device was authorized. Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2510, 2511. The ECPA prohibits intentional interception of wire, oral, and electronic communications while in transmission and the intentional “disclosure” or “use” of the contents of an unlawfully intercepted electronic communication.? “Interception” must occur contemporaneously with transmission under the ECPA because other laws and regulations deal with stored communications or data. As a practical matter, this means that an e-mail or phone call (FaceTime, WhatsApp) is either redirected to or also directed to, and received by another account/person than the intended recipient. Epstein v. Epstein, 843 F.3d 1147, 1150 (7th Cir. 2016). Wife accessed husband’s e-mail accounts during/before divorce proceedings and set up auto-forwarding rule to copy her on all e-mails. ECPA may apply depending on whether the e-mails were intercepted before reaching its intended recipient. There are three exceptions codified in the ECPA that are pertinent to workplace monitoring.“Course of Business” Exception. An employer can monitor oral and electronic communications as long as the employer can cite to a legitimate business reason for its monitoring.Legitimate examples include managing productivity, data loss prevention, workplace investigations, compliance with workplace rules (time tracking, safety, anti-harassment/discrimination).Monitoring should be narrowly tailored and justified by a legitimate business reason.Consent Exception. An employer can monitor communications if it has the employees’ informed consent of the monitoring; This is not limited to business communications. Problems may arise when using company systems to conduct private business (e.g. logging into personal e-mail and social media accounts on company device or company WIFI network).Consent forms and policies are a way to notify employees that they should not have an expectation of privacy if they are using company devices and/or networks. “Provider” Exception. An employer that provides the wire or electronic communications services can retrieve information stored on its own system if such access is necessary to protect its rights as the provider of this electronic service.Stored Communications Act (“SCA”), 18 U.S.C. 121 §§ 2701-2712. The SCA provides that it is unlawful to intentionally access without authorization a facility through which an electronic service is provided and thereby obtain access to a wire or electronic communication while it is in an electronic storage system. Electronic services include network service providers, telephone companies, Internet or e-mail service providers, and bulletin board services, but not personal computing devices. Electronic storage begins after transmission is complete, thus applies to “searches” of data that have already been published or that are stored for backup protection (copies stored on servers). E-mail is electronic storage, as are some social media posts. “[T]he sort of trespasses to which the Stored Communications Act applies are those in which the trespasser gains access to information to which he is not entitled to see, not those in which the trespasser uses the information in an unauthorized way.”? Yukos Capital S.A.R.L. v. Feldman, No. 19-1109, 2020 WL 5948910, at *9 (2d Cir. Oct. 8, 2020). Generally, the SCA covers “temporary, immediate storage” of a communication incidental to its transmission; and storage for purposes of backup. “Facebook wall posts [and now Twitter, IG, chat lots, etc.] are electronic communications … users transmit writing, images, or other data via the Internet from their computers or mobile devices to Facebook’s servers. Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 961 F. Supp. 2d 659 (D.N.J. 2013). There is no protection for information that is “configured [to be] readily accessible to the general public.” 18 U.S.C. § 2511(2)(g)(i).Congress crafted the SCA to protect information held by centralized communication providers....The SCA “creates a set of Fourth Amendment-like privacy protections... [by] regulating the relationship between government investigators and service providers in possession of users’ private information.” ... It provides this enhanced privacy protection by limiting the government’s ability to compel providers to disclose their users’ information, and by limiting the providers’ ability to disclose such information to the government... In addition to enhancing privacy rights, the SCA also prohibits certain forms of electronic trespass…. section 2701 prohibits intentionally accessing without authorization, or accessing beyond authorization, a service provider in order to obtain, alter, or prevent authorized access to an electronic communication,” but it does not cover nonintrusive procurement of communications. Walker v. Coffey, 956 F.3d 163, 167 (3d Cir. 2020). This has implications where an employer’s e-mail is cloud-based or backed up via cloud storage.Authorization Must be Voluntary. Authorization for some searches of employer property/equipment may be granted via a employee handbook or policy for an employer to search its own equipment/devices, subject to some circumstances. However, an employer cannot force an employee to provide authorization. In Pietrylo v. Hillstone Rest. Group, No. 06-5754, 2008 WL 6085437 (D.N.J. Jul. 25, 2008), a group of employees created private, invitation-only group to “vent.” Management leaned on a new employee for password, and the employee eventually and reluctantly provided it. Because the employee was pressured to permit the employer access, the court found that the authorization was not voluntary.Authorization May be Implied. A person who leaves an e-mail account open or other page/use information available to others, though, via failing to close the browser or application, for instance, may have tacitly authorized the access and snooping. Lazette v. Kulmatycki, 949 F. Supp. 2d 748 (N.D. Ohio 2013); Marcus v. Rogers, No. A2937-0973, 2012 WL 2428046 (N.J. Super. App. Div. Jun. 28, 2012) cert. denied 59 A.3d 602 (N.J. 2013). However, the general consensus is that stored passwords or good guesses do not amount to implied authorization. Pure Power Boot Camp v. Warrior Fitness Boot Camp, 587 F. Supp. 2d 548 (S.D.N.Y. 2008).Authorization Does Not Exceed Intended Purpose. When an employee gave his (then-)girlfriend access to his Gmail account for a specific purpose, it did not authorize continued access for her or anyone else with whom she shared the password. Anzaldua v. Ne. Ambulance & Fire Prot. Dist., 793 F.3d 822, 838 (8th Cir. 2015). This has important implications for monitoring – an employee who authorizes access for one purposes or even several purposes does not authorize access that would be unreasonable or exceed the intended scope of authorization. It may also create issues for post-employment searches, depending on the initial authorization. What is covered by “stored communications” is still heavily litigated and depends on “transmission” and “storage” (cloud, backup copy, file). Although it appears that most circuits have determined that, once delivered to the recipient’s e-mail address, an e-mail has been transmitted and is therefore in storage – whether the e-mail has been opened or not, Hately v. Watts, 917 F.3d 770, 785 (4th Cir. 2019), Vista Mktg., LLC v. Burkett, 812 F.3d 954, 963 (11th Cir. 2016). In some courts, however, whether the e-mail has been opened is a determinative factor.E-mails downloaded onto a computer are no longer in electronic storage. Yukos Capital S.A.R.L. v. Feldman, No. 19-1109, 2020 WL 5948910, at *9 (2d Cir. Oct. 8, 2020), Garcia v. City of Laredo, 702 F.3d 788, 793 (5th Cir. 2012).Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”). The CFAA prohibits any person from “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtains ... information from any protected computer.”?18 U.S.C. § 1030(a)(2)(C). The act was aimed at “hackers who accessed computers to steal information or to disrupt or destroy computer functionality, and to deter and punish high tech crimes and penalize thefts of property via computer that occur as parts of a scheme to defraud.” Originally, it was solely a criminal statute but has since been amended to include civil penalties. While many of the concepts of the CFAA are similar to those in the SCA, there is an apparent disagreement among courts about the application in the context of the employment relationship. The Ninth Circuit has held that “a person uses a computer ‘without authorization’ under [the CFAA] ... when the employer has rescinded permission to access the computer and the defendant uses the computer anyway.”?United States v. Nosal, 844 F.3d 1024, 1029 (9th Cir. 2016). The Second and Fourth Circuits have held otherwise. In WEC Carolina Energy Solutions, LLC v. Miller, 687 F.3d 199, 206-07 (4th Cir. 2012), the Fourth Circuit held that an employee who accessed his former employer’s computers and transmitted information to his new employer was not liable under the CFAA, nor was the new employer liable even if it encouraged the defendant, because it was “unwilling to contravene Congress’s intent by transforming a statute meant to target hackers into a vehicle for imputing liability to workers who access computers or information in bad faith, or who disregard a use policy.”?See also Exec. Trim Constr., Inc. v. Gross, No. 120-CV- 544MADDJS, 2020 WL 5232049, at *9 (N.D.N.Y. Sept. 2, 2020) (The CFAA “does not apply to a ‘so-called faithless or disloyal employee’ — that is, an employee who has been granted access to an employer’s computer and misuses that access, either by violating the terms of use or by breaching a duty of loyalty to the employer.”?).?Federal Trade Commission Guidelines for Employee “Brand Ambassadors”. Federal Trade Commission (“FTC”) Endorsement Guidelines regulate an employer’s ability to ask employees to promote the company’s products or services or engage with the company’s social media page. Thus, employees promoting content on a personal page, posting a positive review, or even “liking” a company’s page could be viewed as an advertisement or endorsement, and thus subject to regulations regarding unfair and deceptive acts in commerce. Requiring or suggesting that an employee promote their employer’s products or services on the employee’s personal social media account could violate the FTC rules and regulations on advertising. If an employee is asked to endorse a product through social media the endorsement message must disclose when the promoter/influencer has a “material connection” with the brand.The FTC expects employers to establish policies that require employees to clearly identify their relationship to the company in the post. Yet, ensuring compliance of this requirement creates a slippery slope for employers, by imposing an obligation to monitor the employee’s personal and off-duty conduct online to ensure that the promotion post is in line with the FTC regulations and the company’s policies.The FTC is concerned that consumers may not realize the relationship between the employee who posted the review and the company thus creating a deceptive practice.In 2015, FTC settled charges against Sony Computer Entertainment America and its advertising agency Deutsch LA related to the promotion of a new gaming console. The FTC alleged the advertising agency sent an e-mail to its employees encouraging them to tweet about the new Sony product on their personal social media accounts to help with the ad campaign. The employer allegedly failed to instruct employees to disclose their employment relationship in their online posts. The FTC alleged that the employees posted positive tweets about the gaming console and that the tweets were misleading because they did not reflect the views of actual consumers.In 2017, the FTC reached a settlement with the owners of CSGO Lotto over charges alleging deceptive advertising, which marked the first FTC action targeting individual influencers. As part of the Consent Order, the company is required to “monitor and review the representations and disclosures” of employees or other endorses with a material connection to the company. State Law Considerations. Social Media Privacy Laws. Alongside the rise of social media, some private employers incorporated into their hiring process or routine HR monitoring the requirement that employees provide the employer with their social media passwords so that the employer could review the pages and content. With social media becoming a central tenet of employees’ daily habits, and employees “friending” co-workers, employers found the need to monitor employee’s online activities. On the one hand, employers have a legitimate concern in ensuring that employees are productive and not engaging in any unlawful conduct. However, this was a hotbed for discriminatory activity, and there was also a lot of push back from employees, legislatures, labor unions and workers’ rights groups. Twenty-six (26) states have law that prohibit an employer from requesting and/or requiring that employees or prospective employees provide their employer with passwords to personal social media accounts. These also generally prohibit employers from “shoulder surfing” – requiring that an employee take the employer through the social media pages. However, most of these laws recognize that in limited instances, an employer may have a valid reason to access employee’s personal social media accounts and do not limit employers’ ability to (a) search for publicly accessible information; (b) conduct investigations; and/or (c) take disciplinary action against employees who have divulged trade secrets or proprietary information.Other State Laws on Monitoring or Privacy. Monitoring employee conduct online can also trigger common law privacy claims and the constitutional right to privacy.Trespass Invasion of PrivacyIntrusion upon SeclusionState Computer Fraud, Wiretapping ActsRegulation of Off-Duty Conduct. Employers could face liability for its employees’ off-duty conduct and postings on social media or other electronic or Internet forums. Facebook?. Summa v. Hofstra University, 708 F.3d 115 (2d Cir. 2013) (in plaintiff’s gender discrimination and harassment case against the university where the football players (non-employees) made harassing posts on Facebook? page regarding a university employee, among other behavior, the granting of summary judgment for the employer was proper because the employer took prompt action by removing the offender, addressing all complaints and providing sexual harassment training to stop and/or prevent the harassing conduct by non-employees). Terry v. Borough, 2013 U.S. Dist. LEXIS 174584 (E.D. Pa. Dec. 13, 2013) (denying motion to dismiss race discrimination claim where plaintiff alleged that the employer treated him different after learning about his interracial relationship from wedding ceremony photographs plaintiff posted on his Facebook? page).Amira-Jabbar v. Travel Services, Inc., 726 F. Supp. 2d 77 (D. Puerto Rico 2010) (plaintiff sued for hostile work environment based on a racist Facebook? photo comment made by a co-worker. The court held that the comment was sufficiently work-related because the photo was taken of a work-related outing to give rise to employer liability irrespective of whether the comment was posted during work hours or off duty).Blogs. Stewart v. CUS Nashville, LLC, 2013 U.S. Dist. LEXIS 16035 (M.D. Tenn. Feb. 6, 2013) (denying summary judgment to employer for plaintiffs’ retaliation claims where supervisors and management made negative and defamatory statements on a blog after the employees engaged in protected activity).Espinoza v. County of Orange, 2012 Cal. App. Unpub. LEXIS 1022 (Cal. Ct. App. Feb. 9, 2012) (a co-worker at a juvenile detention center started a blog on which other employees harassed plaintiff based on his disability. The jury awarded $820,700 in damages based on the employer’s failure to take action against the blog following plaintiff’s complaint).Surfing the Web. Burchell v. Unemployment Compensation Bd. of Review, 848 A.3d 1082 (Pa. Commw. Ct. 2004) (finding plaintiff ineligible for unemployment where the employer terminated the plaintiff for putting pornography on employer’s computers irrespective of whether they were placed on the computer during off-duty time). Company Bulletin Boards. Blakely v. Continental Airlines, Inc. et al., 751 A.2d 538 (N.J. 2000) (Continental operated a website where employees could log on to find flight times, schedules, etcetera. There was also a message board where co-workers posted derogatory and harassing messages about Blakely. The court stated, “employers do not have a duty to monitor private communications of their employees; employers do have a duty to take effective measures to stop co-employee harassment when the employer knows or has reason to know that such harassment is part of a pattern of harassment that is taking place in the workplace.” The message board was found sufficiently related to the workplace in order to hold the employer liable). Off-Duty Conduct Statutes. Many states have laws regarding off-duty conduct. It is important to check whether the state where the employer has employees working has such off-duty conduct statutes that protect employees from discipline for engaging in lawful off-duty conduct, like drinking or smoking, or for lawful use of social media outside the workplace. For example, states like California, Minnesota, Nevada, New York and Tennessee prohibit employers from firing an employee for engaging in lawful off-duty conduct. However, some states like Colorado recognize an exception when the employee’s off-duty activities relate to a bona fide occupational requirement or is reasonably and rationally related to their work activities.Potential Tort Claims.Intrusion Upon Seclusion. Restatement (Second) of Torts Section 652B provides that “[o]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” To prove this, the plaintiff must show a reasonable expectation of privacy. This cause of action is available to both public and private employees.In Stengart v. Loving Care Agency, Inc., 973 A.2d 390 (N.J. 2009), the court utilized the common law tort of “intrusion on seclusion” as the source of the reasonable expectation of privacy standard. The court held that an employee can expect privacy as well as confidentiality in e-mails with her attorney, which she sent and received through her personal, password-protected, web-based e-mail account using an employer-issued computer. The court found that the employee had a subjective expectation of privacy because she took steps to protect the privacy of the e-mails and shield them from her employer. She used a personal, password-protected e-mail account instead of her company e-mail address and did not save the account’s password on her computer. The court also reasoned that language used in the employer’s Internet-use policy created an objectively reasonable expectation of privacy because it permitted some personal use of the employer’s Internet and equipment.Employee Monitoring Issues in the Government/Public Sector.First Amendment. ‘When speech relates both to an employee’s private interests as well as matters of public concern, the speech is protected if it is primarily motivated by public concern.’”?McCullough,?559 F.3d at 866 (quoting?Altonen v. City of Minneapolis,?487 F.3d 554, 559 (8th Cir.2007)). “If the main motivation for the speech was furthering [the employee’s] ‘private interests rather than to raise issues of public concern, her speech is not protected, even if the public would have an interest in the topic of her speech.’ Anzaldua v. Ne. Ambulance & Fire Prot. Dist., 793 F.3d 822, 833 (8th Cir. 2015).Fourth and Fourteenth Amendments. The 4th and 14th Amendments of the U.S. Constitution guarantee the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” “[A]lthough the Fourth Amendment ‘protects people not places,’ the caselaw consistently recognizes that objective expectations of privacy in the workplace are distinct from those in other contexts.” Walker v. Coffey, 905 F.3d 138, 145 (3d Cir. 2018). City of Ontario v. Quon, 560 U.S. 746 (2010) (discovery of personal text messages from an employer-owned pager resulted in disciplinary action against the officer. The court found that the employer’s investigation was incident to a reasonable work-related audit (employee data overages) because there was a reasonable justification at its inception and the review was not “excessively intrusive.” The Court noted that caution was warranted in evaluating privacy rights in the areas of technology since “[t]he judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.” Id. at 760.). “[A] work-related ‘workplace’ search is lawful if the search is ‘reasonable [ ] under all the circumstances.’ The plurality explained that a search is reasonable if it is ‘justified at its inception’ and if it is ‘reasonably related in scope to the circumstances’ that justified it. A workplace search to investigate work-related misconduct ordinarily is ‘justified at its inception’ if reasonable grounds exist to suspect that the search will turn up evidence of the employee’s misconduct.” Gustafson v. Adkins, 803 F.3d 883, 891 (7th Cir. 2015) (approvingly quoting the plurality decision in O’Connor v. Ortega, 480 U.S. 709, 107 S. Ct. 1492, 94 L.Ed.2d 714 (1987)). In its decision, the Seventh Circuit rejected a broader test proposed by Justice Scalia in his O’Connor concurrence, that “would hold that government searches to retrieve work-related materials or to investigate violations of workplace rules—searches of the sort that are regarded as reasonable and normal in the private-employer context—do not violate the Fourth Amendment. The O’Connor case involved the appropriate expectation of privacy in an employee’s office. At that time, the office was physical, but as we shift toward virtual workplaces, what is considered the employee’s “office” may evolve.Providers of electronic/digital communication services act as third parties that store and process their users’ private files, meaning the provider-maintained files fall outside Fourth Amendment protection. Because most electronic communication providers serve the public but are themselves private actors, they could potentially search files held under their control and disclose their users’ information to the government without violating the Fourth Amendment. Walker v. Coffey, 956 F.3d 163, 166 (3d Cir. 2020) (also noting, though, that the SCA provides some additional protections from overreach).What is a Reasonable Expectation of Privacy? Employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.” City of Ontario v. Quon, 560 U.S. 746, 760, 130 S. Ct. 2619 (2010).“[The employer’s] policy reserving the right to access and monitor employee accounts is sufficient to support a finding that an employee has no reasonable expectation of confidentiality in e-mails transmitted over an employer’s e-mail system.” Bingham v. Baycare Health, No. 8:14-CV-73-T-23, 2016WL3917513, *2 (M.D. Fla. July 17, 2016).But employers are limited to that policy and inconsistent enforcement can create a more expansive expectationThe policies are not read expansively. Although the employee handbook provides plaintiff “the right to monitor, intercept, and/or review all data transmitted, received, or downloaded over Company IT resources and communications systems,” it is unclear at this point whether the e-mails at issue were actually “transmitted, received, or downloaded over Company IT resources.”?Exec. Trim Constr., Inc. v. Gross, No. 120CV544MADDJS, 2020 WL 5232049, at *4 (N.D.N.Y. Sept. 2, 2020).Some jurisdictions have recognized an exception for communications that are otherwise privileged. In Stengart v. Loving Care Agency, the New Jersey Supreme Court held that an employee’s e-mail communications with her counsel through her personal e-mail account would remain private even though she used a company laptop to transmit the messages from her counsel; employer’s electronic communications policy could not overcome the privacy expectation in communications with her legal counsel. 990 A.2d 650 (2010). Some do not and find that waiver occurred. A recent decision in a Michigan Court of Appeals provides a nice summary and proposes a test in cases involving claims of privilege but that is also more broadly applicable that will “strike an important balance between an individual’s right to privacy, an employer’s right to limit that privacy in the workplace under certain circumstances, and the indelible value of the attorney-client privilege to our legal system.” In balancing these considerations, it stated its preference of “emphasis on the employer’s policy and the employee’s understanding of that policy over whether the employer tended to actually carry out the policy. In determining whether an employee has a reasonable expectation of privacy in an employer-provided e-mail or computer system, it is relevant to consider (1) whether the employer maintains a policy with respect to the use of those systems and what that policy entails, and (2) whether the employee was ever notified or made aware of the employer’s policies and practices with respect to computer privacy and monitoring. Stavale v. Stavale, No. 349472, 2020 WL 3107691, at *5 (Mich. Ct. App. June 11, 2020) (limited precedent).Where employer maintained no policy and accessed former employee’s personal, web-based e-mail post-termination, the employer had the right to access and search its computer’s hard files but was not authorized to access the web-based e-mail account. Owen v. Cigna, 188 F. Supp. 3d 790 (N.D. Ill. 2016).Privacy Settings and Passwords Matter.Generally, an employee must have some subjective expectation of privacy and show a willingness of society to recognize that expectation as reasonable. The lack of privacy afforded by the “semi-private” Facebook? setting did not permit a reasonable or legitimate expectation of privacy of the content of her posts. “While [one] may select her Facebook friends, she cannot select her Facebook friends’ friends. By intentionally selecting the broadest privacy setting available to her at that time, [she] made her page available to potentially hundreds, if not thousands, of people whom she did not know (i.e., the friends of her Facebook friends).” Chaney v. Fayette Cty. Pub. Sch. Dist., 977 F. Supp. 2d 1308, 1315 (N.D. Ga. 2013).A person surrenders his expectation of privacy in content posted to his Facebook? profile… “[W]hen an individual shares a photograph with his friends on Facebook, that individual “has no justifiable expectation that his ‘friends’ would keep his profile private,” … those ‘friends’ were free to use the information however they wanted.” US v. Meregildo, 883 F. Supp. 2d 523 (S.D.N.Y. 2012).The reason for access may cause courts to justify and permit the use of information obtained via otherwise bad behavior.Scherer Design Group, LLC v. Ahead Engineering LLC et al., 764 Fed. Appx. 147 (3d Cir. 2019) [not precedential, hotly divided court] – Employer conducted post-employment social media search of the accounts of 4 former employees; employer accessed employees’ bank and Facebook? accounts from company computers after employees wiped the browsing data and passwords from those computers when they quit. The majority was not convinced the search was unlawful enough to prohibit issuing the TRO sought by the employer to prohibit the ex-employees from soliciting the firm’s clients and destroying company information even though a lengthy dissent was issued about why “it is unlawful to access a former employee’s password-protected bank account and actively monitor his private digital communications after he resigned.” Implementation. The reasonable expectation of privacy is shaped, unsurprisingly, by employee expectations and relevant, applicable law. “Employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.” Quon, at 760. In addition to being clearly communicated, an employer’s inconsistent enforcement of policies broadens the expectation of privacy in some jurisdictions. Finally, in addition to communication and consistency, many courts apply a kind of objective consideration of reasonableness (for instance, that employees should have at least some privacy, etcetera).Employer Monitoring & Union Organizing Campaigns.NLRB v. Pier Sixty LLC (2nd Cir. 2017) – upholding the Board’s decision that an employee who made a post on Facebook?, encouraging employees to vote to unionize and also deriding his boss and his boss’ family, engaged in protected and concerted activities. Court found social media is an essential medium for union organizing activities among employees. BRING YOUR OWN DEVICE OR “BYOD” AND TRENDING LEGAL CONSIDERATION.Bring Your Own Device (“BYOD”) has been a growing element in the workforce for many years, but has taken on a greater relevance in the COVID-19 era, where most of the workforce has been compelled to work from home. BYOD continues to present potential legal pitfalls for both employees and employers, as the review of recent illustrative case law examples reflects. Examples of Where Employers Were Entitled To Search Employee Personal Devices.Private Employers.Canada v. Samuel Grossi & Sons, Inc., WL 4436855 (E.D. Pa. Aug. 3, 2020). Canada, a former employee of Samuel Grossi & Sons, brought an action against the employer alleging invasion of privacy and various employment discrimination and retaliation. Canada was fired based on text messages found on his personal cell phone in a shop floor locker. While Canada was on vacation, the employer needed to move a locker that was blocking a surveillance camera. An employee cut the lock on the locker used by Canada and found a Samsung cell phone among tools and clothes. The employee believed the cell phone was a company cell phone because it was the same brand and other devices had gone missing. To verify this, the employee unlocked the device on her first attempt and discovered text messages that appeared to solicit prostitutes. The employer’s handbook stated that it may conduct inspections and searches on company premises—including lockers—to prevent harmful materials from appearing on company premises. The court found that the employer’s version of the facts believable, in part because the search of Canada’s cell phone was not an intentional intrusion. There was no need to use a less intrusive mode of determining the owner of the phone. Canada’s invasion of privacy claim failed as a matter of law. A pending appeal awaits.See also Hawn v. Vitas Hospice Servs. LLC, 2020 U.S. Dist. LEXIS 160166 (S.D. Ohio 2020). In the context of her employment discrimination lawsuit against Vitas, Hawn issued a subpoena to AT&T to produce the contents of “any and all” text messages sent or received from several Vitas employees over a two-year period, including the CEO, EVP, CIO, CTO. None of the employees were individual defendants and all but two of them only used a personal cell phone for work. The Court granted Vitas’ motion to quash, noting, in particular, that “there are no allegations that suggest the relevancy of text messages or other electronic data sent or received” by any of the employees over the two-year period. Loucks v. Illinois Inst. of Tech., 2012 WL 5921147 (N.D. Ill. Nov. 20, 2012). As part of his employment, Jonathan Loucks, an employee at the university’s Office of Residence and Greek Life, used Google Voice on his personal cell phone. Loucks claimed that text messages from his cell phone to a fellow student were recorded and logged by Google Voice and were used to terminate him after they revealed a drug deal on campus. The court found that the Fourth Amendment did not apply to the case, despite Loucks’ attempt to implicate the Chicago Police Department as public actors. Any allegedly wrongful search or seizure by a private party did not violate the Fourth Amendment and does not deprive the government of the right to use evidence that it has acquired lawfully. Loucks’ claims were dismissed without prejudice. Sitton v. Print Direction Inc., 312 Ga. App. 365 (2011). Print Direction fired Larry Sitton from his job after the employer discovered that he was also involved in a competing side business. The employer confirmed this by accessing Sitton’s private e-mail account on the personal computer he brought to the office for work. Sitton sued for invasion of privacy, among other claims, after the employer entered his office, moved the mouse, and printed e-mails relating to the side business. The Georgia Court of Appeals affirmed the trial court’s decision that the employer’s use of Sitton’s personal laptop to obtain e-mails was not an invasion of privacy under the law. Notably, Print Direction’s computer usage policy was not limited to employer-owned equipment. As such, the employer’s retrieval of an e-mail from an employer-owned laptop was not unlawful. The court affirmed the employer’s breach of duty of loyalty claim against Sitton. Public Employers.Larios v. Lunardi, 442 F. Supp. 3d 1299 (E.D. Cal. 2020). Timothy Larios, a former highway patrol officer in California, filed a Section 1983 action against his former employer and individual officers under various legal theories. Larios used his personal cell phone to communicate with an informant with whom he became romantically involved. California Highway Patrol policy indicates that officers may use their personal devices for business, but it prohibits them from storing state work on their personal phones. Instead, they must transfer all work to an electronic storage device, which is property of the state. Following the Supreme Court’s advice from City of Ontario v. Quon, 560 U.S. 746 (2010), the court avoided “broadly prescribing the scope of a person’s privacy expectations when work content and personal content coexist on one device.” Like Quon, the court assumed arguendo, that the department conducted a search, but that the search was reasonable under the Fourth Amendment. While warrantless searches are per se unreasonable, a work-related purpose or investigation of work-related misconduct justifies the search at its inception. Larios could not provide any evidence that the search was pursuant to a criminal investigation instead of a work-related misconduct investigation. Larios’ Fourth Amendment claim failed. The case is currently pending appeal.See also ACLU of Tennessee, Inc. v. City of Memphis, WL 4819544 (W.D. Tenn. Aug. 19, 2020).? The City of Memphis used undercover social media accounts to conduct its investigations, many times on city employees’ personal cell phones. The court ordered that the city comply with its order to disclose the social media search terms used by city employees on their personal devices (and their personal social media accounts). While the city employees had a reasonable expectation of privacy in their personal devices, searches of public employees’ workplaces is an exception under the special needs doctrine and no warrant is required to search.? Because the officers used search terms related to city investigations, they qualified as “workplace items” and are “within the employer’s control.” Citing Larios (above), the court found that the disclosure was justified when public employees comingled work life and personal life on a single device.???? Hoke v. Swender, 421 F. Supp. 3d 1164 (D. Kan. 2019). A group of community college employees brought an action against the college president in his individual and official capacities, alleging an unlawful search and seizure under the Fourth Amendment after employees were instructed to unlock their phones and give them to the person next to them during a staff meeting. The employees claim to have complied out of fear because the president assumed someone at the meeting had told the media about the school’s accreditation issues. The court agreed that the president was entitled to qualified immunity on the Fourth Amendment claims because “federal courts have not clearly established the parameters of reasonable searches of electronic communications or searches in the workplace.” The court noted that the employees failed to identify any Tenth Circuit cases suggesting that a government employer’s search of an employee’s personal cell phone was clearly unconstitutional. Moreover, the unique facts featuring “no overt threat of negative employment consequences” in a meeting of over 250 adult employees underscored the need for particularized precedent. The employees could not provide such precedent.Espinoza v. City of Tracy, 2018 WL 2318335 (E.D. Cal. May 22, 2018). Juan Espinoza, a former police officer in Tracy, California, brought an action against the city alleging unconstitutional discharge and retaliation under Section 1983. As part of his claims, Espinoza asserted that the defendants illegally seized and searched his iPhone. The city argued that Espinoza had no reasonable expectation of privacy in the phone as it was property of the city, even if Espinoza paid a small amount of money each pay period to use the phone for personal purposes. The police department’s policies notified employees that they had no expectation of privacy when using phones provided by the department. The court went further, noting that even if Espinoza had a reasonable expectation of privacy, the department’s search of his phone was reasonable as a matter of law. Espinoza was being investigated for unauthorized disclosure of a peace officer information and the department suspected Espinoza used his cell phone to send confidential work files to a third party. That the search revealed “intimate details” of Espinoza’s life did not make the search unreasonable. His Fourth Amendment claim failed and the department was granted summary judgment.See also United States v. Hill, 319 F. Supp. 3d 44 (D.D.C. 2018). Finding that a federal employee had no reasonable expectation of privacy in the personal information stored on a government-issued cell phone and tablet because an employer policy stated that devices were subject to search. The employer also warned the employee that she had no reasonable expectations of privacy in devices, even though the device had a “personal space,” with a separate password, that did not use the government’s network).Huff v. Harness, 2018 WL 2434329 (E.D. Ark. May 30, 2018). James Huff, a deputy sheriff, was suspended during an internal investigation regarding allegations of sexual harassment at his off-duty job as a security guard. Upon suspension, Huff was required to return his patrol car. The police department searched the vehicle without a warrant and found two personal cell phones inside, each containing pornography. Huff sued the department for violation of his Fourteenth Amendment rights. The court found that, as long as the search was reasonable, no warrant was required. The court noted that a policy providing for the search of personal items found in vehicles diminished, but did not eliminate, Huff’s reasonable expectation of privacy in the cell phones. But, the court still found the search reasonable at its inception because it occurred contemporaneous to the department’s investigation into Huff’s history of sexual harassment. Furthermore, the search was reasonable because it focused only on media files, not e-mail, text, or other applications.Johnson v. Town of Duxbury, 2018 WL 5269989 (D. Mass. Oct. 23, 2018), aff’d sub nom. Johnson v. Duxbury, Massachusetts, 931 F.3d 102 (1st Cir. 2019). Brian Johnson, a retired Duxbury police officer, brought action against his former employer for violating his Fourth Amendment rights. Johnson’s claim stemmed from Duxbury and the Chief of Police requiring that he produce his personal phone records due to an internal affairs investigation related to: (a) an ongoing murder investigation and (b) Johnson’s testimony at a grand jury without notifying his superiors. The court applied a reasonableness standard and found that Johnson had provided voluntary consent, an exception to the Fourth Amendment’s warrant requirement. Johnson was represented by union counsel throughout the entire search and the parties negotiated to define the scope of the search. There was no evidence to support Johnson’s claim that he provided the records based on a threat to his job security. The court also found that Johnson’s consent to produce his phone records bound the other plaintiffs, Johnson’s family members. The First Circuit affirmed and found no reasonable expectation of privacy in Johnson’s phone records.Employer Liability for Employee Cell Phone Use While Driving.Coughlin by & through Coughlin v. Cty. of Colfax, 27 Neb. App. 41, 926 N.W. 2d 675 (2019), review denied (May 23, 2019). Daniel Coughlin was a Colfax County, Nebraska Sheriff’s Department Deputy who was killed when he lost control of his vehicle after hitting a deer carcass in the road. At the time of the crash, which occurred in Coughlin’s personal vehicle after he had clocked out of his shift, Coughlin was talking on his personal cell phone, providing the other deputy with shift-change information. Coughlin’s conservator filed a petition seeking workers’ compensation benefits for Coughlin’s minor daughter. The Workers’ Compensation Court (“WC Court”) denied the petition, finding that the Sheriff’s Department did not cause an employer-created condition leading to Coughlin’s death. The WC Court found that the crash did not arise out of and in the course of Coughlin’s employment, as required by Nebraska statute. Because Coughlin was traveling away from his fixed place of employment, at the end of his shift and in his personal vehicle, the WC Court applied the going to and from work rule, which meant Coughlin’s conservator would need to show a causal connection between an employer-created condition and Coughlin’s death. The WC Court determined that Coughlin’s conservator failed to make such a showing.The Court of Appeals affirmed. It first agreed with the WC Court that the going to and from work rule applied, then proceeded to examine whether an employer-created condition caused the fatal crash. While Coughlin’s conservator argued that Coughlin being on his cell phone to exchange shift-change information was an employer-created condition, the Court of Appeals disagreed. The Court recognized that the Sheriff’s Department expected deputies to exchange shift-change information, “it did not prescribe any one way of doing so.” Sheriff’s Department policy did not instruct deputies to use their cell phones while driving to exchange such information. In fact, Sheriff’s Department policy specifically prohibited them from talking on cell phones while driving county-owned vehicles and instructed deputies to pull over when talking on their phones. Coughlin could have exchanged the shift-change information any number of other ways. Therefore, his choice to do so while driving away from work in his personal vehicle was not an employer-created condition leading to the Sheriff’s Department being liable for workers’ compensation benefits.Denham v. Bark River Transit, Inc., No. 2:18-CV-00246, 2019 WL 4887256 (S.D. Tex. Oct. 3, 2019). Ira Wade Hudson was driving a Bark River Transit, Inc. tractor-trailer on a very rainy morning when he lost control of the tractor-trailer and hydroplaned into the vehicle of Janet Denham, causing her significant injuries. Hudson would communicate with Bark River via his personal flip-style cell phone, putting it on speaker and placing it open on the dash of the tractor-trailer during conversations. Hudson’s supervisor at Bark River, Don Vanenkevort, who is also part owner of Bark River, acknowledged that it was aware Hudson had only a flip phone. While Hudson claimed not to be on his phone at the time of the accident, cell phone records showed that he had received calls from, and placed calls to, Bark River right around the time of the accident. Denham sued Hudson and Bark River, alleging “(1) negligence against Hudson; (2) gross negligence against Hudson; (3) respondeat superior negligence against Bark River; (4) negligent hiring, retention, training, and/or entrustment against Bark River; and (5) gross negligence against Bark River.” Bark River and Hudson filed for summary judgment, which the court denied on all but the negligent hiring, retention, training, and/or entrustment allegations. The court found there were disputed issues of material fact as to whether Hudson and Bark River acted with negligence and/or gross negligence. The court found that Hudson’s statement about not being on his phone was not corroborated and stated that if he was on his phone, he was in violation of federal regulations and potentially disregarding an extreme degree of risk generated by the heavy rain in combination with his phone usage. The court also stated that Vanenkevort knew that Hudson used a flip phone and that it was raining heavily, yet Vanenkevort still placed several calls to Hudson that morning, thus creating a question of Bark River being grossly negligent.Finley v. Vermeer Mfg. Co., No. W-18-CV-00192-ADA, 2019 WL 5058901 (W.D. Tex. July 11, 2019). Daniel Little was driving a truck owned by his employer, Vermeer Manufacturing Co. when he was involved in an accident with Ryan Finley. Finley filed suit against both Little and Vermeer, with his claims against Vermeer consisting of negligence based on respondeat superior, direct negligence for negligent hiring, training, supervision, retention, and entrustment, and gross negligence. Vermeer filed a motion for summary judgment on the direct negligence and gross negligence claims, which the court granted. Finley argued, in part, that Little was on his cell phone at the time of the accident, and because Vermeer did not have a written company policy in place regarding the use of cell phones while driving, Vermeer was negligent and grossly negligent. The court “reject[ed] any claim” that the lack of a written policy rendered Vermeer negligent or grossly negligent. While Vermeer did not have a written policy, it offered evidence demonstrating that its employees were counseled regarding cell phone usage while driving, and Finley presented no evidence showing the lack of a written policy proximately caused the accident between Little and Finley. Summary judgment for Vermeer was thus appropriate.Ayon v. Esquire Deposition Sols., LLC, 27 Cal. App. 5th 487, 490, 238 Cal. Rptr. 3d 185, 187 (2018). Plaintiff Jessica Ayon sued Esquire Deposition Services under a respondeat superior theory of liability after Ayon was hit by the personal vehicle of Brittini Zuppardo, an Esquire employee driving home from her boyfriend’s house. At the time of the accident, Zuppardo, who scheduled court reporters, was talking to another Esquire employee, Michelle Halkett, a court reporter. Both Zuppardo and Halkett stated in deposition that they were not speaking about work-related matters, but their conversation was instead related to their personal friendship outside of work. The trial court granted summary judgment to Esquire and Ayon appealed.On appeal, Ayon claimed that Zuppardo testified that she and Halkett spoke frequently, a claim that was not supported by cell phone records. Ayon argued that this showed Zuppardo and Halkett did not have a personal relationship and therefore must have been discussing work-related topics, thus creating a triable issue of fact as to whether the call was work-related. The Court of Appeal affirmed the grant of summary judgment, stating there was no credible reason to disbelieve Zuppardo or Halkett, both of whom had been subject to cross-examination at their depositions. Ayon submitted no evidence to show that the call was anything other than what Esquire claimed it to be: a personal conversation between employees that occurred after-hours, in the employee’s personal vehicle, while the employee was driving on a personal errand.Camisa v. Rosen, 150 A.D. 3d 809, 810, 54 N.Y.S. 3d 111 (2017). Scott Rosen, an employee of Allan Briteway Electrical Contractors, Inc. hit Dawn Camisa with his vehicle as he pulled into a parking lot on his way home from work, while also talking to a vendor for Briteway on his hands-free Bluetooth. Briteway paid for all of Rosen’s vehicle and cell phone-related expenses. Camisa sued Rosen and Briteway as a result of her injuries and Briteway filed a motion for summary judgment, arguing that Rosen was not acting within the scope of his employment at the time of the accident. The supreme court denied the motion and Briteway appealed. The appellate court affirmed, finding that Briteway “failed to establish, prima facie, that Rosen was not acting within the scope of his employment at the time of the accident.”Security Considerations. While there are many advantages to BYOD policies for companies, there also are security risks with placing and allowing the transmission of information on devices and through media that are not part of a company’s secure network. The Wall Street Journal, reported a December 2015 survey by the Association for Corporate Counsel revealing that one-third of in-house counsel have experienced a corporate data breach and more than half of in-house counsel report that their companies are increasing spending on cybersecurity. Similarly, in its 2018 State of the Industry Report, information security company Shred-It reported that 47% of C-Suite Executives and 42% of Small Business Owners reported that human error or accidental loss by an employee was the cause of the data breach. Similarly, 86% of C-Suite Executives and 42% of Small Business Owners agreed that the risk of a data breach is higher when employees work off-site than when they work at the office. And a Strategy Analytic survey of 1,200 IT decision-makers found that one-third of companies do not manage corporate information on personal devices at all.Perhaps not surprisingly, data breaches have seemingly become commonplace, and the example below highlights the increased risk when BYOD is in play. It was reported in 2017, that the personal information of approximately 30,000 customers of a South Korean cryptocurrency exchange company, one of the world’s largest, was compromised when the home computer of the company employee was hacked. In regards to this data breach, a leading cybersecurity professional noted that:[i]t’s particularly notable that the stolen data was already outside of the company’s control, on an employee’s personal computer.This also brings [up] the question of data security in company and the ability of employees to take sensitive information with them when they’re at home…Part of this is due to the rapidly changing work environment where employees get more remote access to company resources, which poses a challenge to IT security departments. A more detailed treatment of data breaches is outside the scope of this paper. But suffice it to say, employers should be vigilant in the implementation of any BYOD programs.Potential Wage and Hour Claims. A number of states have specific employee expense reimbursement laws that require employers to reimburse employees for certain expenses incurred on behalf of the employer. The scope of the employer’s reimbursement obligation differs from state to state. States like California and Illinois require employers to reimburse employees for all “necessary expenditures or losses” incurred on behalf of the employer. California courts have even suggested that an employer is required to reimburse an employee with a personal unlimited data plan for the employee’s use of a personal cell phone for work. But on the opposite end, Alaska law requires employers to reimburse employees for the purchase of a “uniform or equipment” if the item is “distinctive and advertises or is associated with the products or services of the employer” or “cannot be worn or used during normal societal activities of the employee.”Perez v. Island Hospitality Mgmt. III, LLC, 2019 WL 3064113 (C.D. Cal. Feb. 8, 2019). Perez, a former front desk supervisor at a hotel, filed a putative wage and hour class action alleging a number of claims, including a claim for failure to indemnify employees for necessary expenditures pursuant to California Labor Code Section 2802. Perez alleged that he and other class members were required to use their personal cell phones for work, including to “text booking reservations for guests” and “text reservations forms for town car or limousine companies.” Perez also alleged that he was required to use his personal vehicle to drop off cash at a bank on behalf of the hotel approximately two times per week. Perez further alleged that he had to clean his “work blazer,” which was part of his “work uniform,” approximately once every two weeks. The defendant moved to dismiss Perez’s Section 2802 claim, arguing that Perez failed to identify what expenses were “incurred and why they were necessary.” However, the court found that Perez’s allegations in support of the Section 2802 claim were sufficient to overcome a motion to dismiss.But see Herrera v. Zumiez, Inc., 953 F.3d 1063 (2020). Herrera, a former sales associate at a Zumiez retail store, filed a putative wage and hour class action alleging that her employer violated California laws by not compensating employees who were scheduled for a call-in shift for the time they were required to call their managers thirty minutes to one hour before the shift or if they work a shift immediately before the call-in shift, contact their managers at the end of the shift. Herrera included an unreimbursed business expenses claim pursuant to California Labor Code Section 2802, but all that she alleged in connection with this claim was that “phone calls pursuant to the Call-In policy were required and occurred when employees not at the workplace.” Herrera did not specifically allege “how she made the calls or what costs she incurred.” The district court denied the defendant’s motion for judgment on the pleadings on this claim, but the Ninth Circuit reversed. However, the Ninth Circuit added that the district court may grant Herrera leave to amend the complaint to include more specific allegations.Castro v. ABM Indus., 325 F.R.D. 332 (N.D. Cal. 2018). Marley Castro and Lucia Marmolejo filed a putative class action against ABM Industries, et al., alleging that defendants required their janitorial employees with the employee master job description “Cleaner” (the “Putative Class Members”) to use personal cell phones for work-related purposes without reimbursement, in violation of California Labor Code Section 2802 and California Business and Professions Code Section 17200, et seq. The Court granted plaintiffs’ motion for class certification, but modified the proposed class and instead certified three classes for employees who, in pertinent part, were not offered an ABM-provided cell phone or two-way radio, and (1) used a personal cell phone to punch in and out of ABM payroll system, (2) used a personal cell phone to report unusual or suspicious circumstances to supervisors, or (3) used a personal cell phone to respond to communications from supervisors.Cochran v. Schwan’s Home Service, Inc., 228 Cal. App. 4th 1137 (2014). Cochran filed a putative class action against Home Service on behalf of customer service managers who were not reimbursed for expenses pertaining to the work-related use of their personal cell phones. He alleged causes of action for violation of Section 2802; unfair business practices under Business and Professions Code Section 17200 et seq.; declaratory relief; and statutory penalties under Labor Code Section 2699, the Private Attorneys General Act of 2004. Home Service opposed Cochran’s motion for class certification. The trial court denied Cochran’s motion, and Cochran appealed. The Court of Appeal reversed the order denying certification to the class and remanded with directions. The court held that Labor Code Section 2802, requires an employer to reimburse an employee for the reasonable expense of the mandatory use of a personal cell phone, regardless of the details of the employee’s cell phone plan, whether the phone bill is paid for by a third person or at all, and whether the employee changed plans to accommodate work-related cell phone usage. To show liability under Section 2802, an employee need only show that he or she was required to use a personal cell phone to make work-related calls, and that he or she was not reimbursed. Because of the differences in cell phone plans and work-related scenarios, the calculation of reimbursement must be left to the trial court and parties in each particular case.Misappropriation of Trade Secrets.Danaher Corp. v. Lean Focus, LLC, 2020 WL 4260487 (W.D. Wis. July 24, 2020). Danaher sued its former employee Damon Baker, who left Danaher and formed his own company Lean Focus, and Lean Focus for trade secret misappropriation, breach of contract, and tortious interference with Danaher’s employment relationships, among other claims. Based on Baker’s pre-departure computer activities, including downloading of Danaher information, retention of certain USB devices, and wiping of external hard drives and his company iPhone before returning them to Danaher, Danaher alleged that Baker may have retained confidential Danaher information. The defendants moved to dismiss Danaher’s complaint, but the court largely denied their motion, including denying the defendants’ request to dismiss the trade secret misappropriation claim because Danaher had sufficiently pleaded this claim.Utex Industries, Inc. v. Wiegand, 2020 WL 873985 (S.D. Tex. Feb. 21, 2020). Utex, a manufacturer of oil-and-gas-pump-related equipment, filed a lawsuit for trade secrets misappropriation, breach of contract, unfair competition, tortious interference, and patent infringement against former employee Troy Wiegand and competitor Gardner Denver. Utex alleged that Wiegand had a large amount of Utex data on his personal devices, “some of which he may have deliberately acquired just prior to his departure [from Utex]” and “took photographs of Utex’s facilities on his personal devices, which may have included Utex’s package methods and processes.” The allegedly misappropriated trade secrets included “methods and systems for packaging the packing assemblies for storage and shipment,” among other things. The court observed that “[e]mails [in evidence] suggest that Wiegand’s knowledge of Utex’s production methods led to Garner’s use of the same cloth vendor” and largely denied the defendants’ motion for summary judgment. With respect to the common law contract and tort claims, the defendants argued that federal copyright law preempted these claims, but the court also rejected this argument.Viken Detection Corp. v. Videray Technologies, Inc., 2020 WL 68244 (D. Mass. Jan. 7, 2020). Viken, which produces and sells handheld x-ray scanners for use in detecting concealed explosives, narcotics, and other contraband, sued its former Director of Engineering, Paul Bradshaw, and Bradshaw’s new company, Videray, which Bradshaw founded after his termination from Viken, for trade secret misappropriation, violation of the Computer Fraud and Abuse Act, breach of contract, breach of the duty of loyalty, and tortious interference. Viken alleged that without Viken’s authorization or knowledge, Bradshaw had downloaded over 1,800 sensitive Viken files to his personal desktop computer, laptop, and personal Dropbox account. These files allegedly contained information about Viken’s alleged trade secrets, such as design files, operating characteristics, and physical optimization of Viken’s product. Bradshaw and his new company argued that Viken had failed to state plausible claims for relief and moved to dismiss all of Viken’s claims, but the court denied their motion.Ocean Tomo, LLC v. PatentRatings, LLC, 375 F. Supp. 3d 915 (N.D. Ill. 2019). Ocean Tomo, which provides financial services and consulting related to patent analytics, sued its former employee Jonathan Barney, who had created a competing firm. Ocean Tomo alleged that Barney misappropriated Ocean Tomo’s trade secrets by copying files from his company laptop to his personal laptop but failed to provide any evidence that Barney’s acquisition or retention of Ocean Tomo files were improper or otherwise contractually prohibited. In a bench trial, the court found that there was insufficient evidence to suggest that Barney had used any Ocean Tomo information for his new competing firm. The court also found for Barney on Ocean Tomo’s Computer Fraud and Abuse Act claim because mere “impermissible copying” does not support liability.Belvedere Hotel Partnership v. Tasco, 2019 WL 6271024 (Cal. Ct. App. Nov. 25, 2019). The operator of the Peninsula Beverly Hills hotel sued a former employee, Houssem Tasco, for allegedly misappropriating trade secrets before leaving the hotel to work for a competitor, the Waldorf Astoria Beverley Hills. The allegedly misappropriated trade secrets consisted largely of Peninsula work e-mails residing on Tasco’s personal devices. The court observed that “Tasco did not steal those e-mails.” Instead, they were on his personal devices because he was required to use those devices to be available outside of the office, as Peninsula did not supply him with a laptop. While the e-mails remained on his personal devices after Tasco left Peninsula, evidence indicated that Tasco did not review, disclose, or otherwise use the e-mails after leaving Peninsula. Nonetheless, approximately seven months after Tasco began working at the Waldorf Astoria, the plaintiff sought a preliminary injunction against Tasco and property developer of the Waldorf Astoria Beverly Hills hotel. The trial court denied Peninsula’s request, observing that it was insufficient for a court to grant preliminary injunction based merely on the evidence that Tasco may have “arguably, inadvertently” retained some of Peninsula’s confidential information after he resigned. The appeals court confirmed.Crom, LLC v. Preload, LLC, 380 F. Supp. 3d 1190 (N.D. Fla. 2019). Crom, a manufacturer of prestressed concrete tanks to store liquids, sued its former employee alleging that the employee misappropriated Crom’s trade secrets and confidential information when she went to work for Preload, a Crom competitor, and Preload. With respect to Crom’s trade secret misappropriation claim, the defendants argued that they were entitled to summary judgment because Crom “presented only speculation to support its assertion that Bacon took, disclosed, retained, or actually used Crom’s confidential or trade secret information to benefit Preload.” The court agreed and summary adjudicated the misappropriation claim. While Crom’s forensic examination of the former employee’s work devices suggested that she might have transferred Crom information to her personal devices, there was no conclusive report on the record. Moreover, although Crom had found Crom information on the former employee’s personal devices through discovery, Crom did not present evidence “to identify the nature of any specific document or file that [the former employee] retained—inadvertently or not.” Crom’s “failure to identify with competent evidence any particular file that [the former employee] failed to return which amounted to legally protected confidential, trade secret, or proprietary information [was] fatal to its claims of misappropriation.”Zitan Technologies, LLC v. Yu, 2018 WL 5045207 (D. Nev. Oct. 17, 2018). Zitan sued its former employee, Liang Yu, who often worked from home and who downloaded Zitan files from Zitan’s Dropbox to his personal computer, allegedly because he was experiencing technical issues, for trade secret misappropriation and breach of contract. Shortly after downloading these files, Yu realized that he “should probably not have” and deleted these files from his personal computer. Zitan moved for a temporary restraining order against Yu, but the court rejected Zitan’s motion. The court explained that Zitan’s evidence merely established that Yu downloaded confidential information that he was permitted to access while working from home on his personal computer and that there was no evidence to suggest that Yu’s misuse or disclosure of this information was likely. Importantly, while “downloading confidential information immediately after termination coupled with efforts to cover up such acts evidences an intent to use data against a company’ interests, [Yu] downloaded the confidential information on March 23, over two weeks before he resigned on April 9.” Accordingly, there was insufficient evidence to indicate that Yu would actually misappropriate Zitan information and thereby cause harm to Zitan. Dana Ltd. v. Am. Axle and Mfg. Holdings, Inc., 2013 WL 4498993 (W.D. Mich. Aug. 19, 2013). Dana, a manufacturer of axles, driveshafts, and chassis for the automotive industry, filed suit against former employees Jacob Adleman and Gary Turner and their new employer American Axle, alleging that the defendants violated the Computer Fraud and Abuse Act, breached contracts, misappropriated trade secrets under Michigan’s Uniform Trade Secrets Act, and breached fiduciary duties. Dana also alleged tortious interference against American Axle and unfair competition against all defendants. Following a trial on the trade secrets misappropriation claim, the court concluded that Dana had failed to prove its claim. Specifically, the court noted that in order for defendants to have misappropriated Dana information, “Dana must show either that Defendants acquired its trade secrets by improper means, or that Defendants used or disclosed the trade secrets.” To show that “improper means” were used, the plaintiff generally needs to prove defendants’ “intentional conduct involving some sort of stealth, deception or trickery.” But Dana’s evidence did not support this prong. In relevant part, “Dana had no policy against employees storing Dana information on their personal computers or personal storage devices, or backing up their work computers.” With respect to the second prong, the evidence showed that the defendant-former employees returned all of the Dana information in their possession within three weeks of leaving their employment and that they did not disclose or use any Dana information. Accordingly, the court found “no basis for holding any of the defendants liable” for trade secrets misappropriation.Lincoln Chemical Corp. v. DuBois Chemicals, Inc., 2012 WL 6553098 (N.D. Ind. Dec. 13, 2012). Edward Dole, a former sales representative of Galaxy Associates (acquired by DuBois Chemicals) in the specialty chemical industry, quit his employment with Galaxy and went to work for Lincoln Chemicals. Galaxy moved for a preliminary injunction against Lincoln Chemical and Dole to enforce Dole’s non-compete agreement with Galaxy. In doing so, Galaxy also alleged that Dole had misappropriated trade secrets from Galaxy. The parties did not dispute that since Dole left Galaxy, Dole had retained on his personal computer “considerable proprietary information of Galaxy and customers that Mr. Dole serviced while he worked for Galaxy.” Dole said that he retained this information because Galaxy never asked for its return or destruction. But Dole’s employment agreement with Galaxy contained a provision requiring Dole to return all Galaxy information upon his termination. As Dole did not do so, the court found that Galaxy had shown “a strong likelihood of success on the merits of its trade secrets claim” and granted Galaxy’s motion for a preliminary injunction.All Leisure Holidays Ltd. v. Novello, 2012 U.S. Dist. LEXIS 168774 (S.D. Fla. Nov. 27, 2012); 2012 U.S. Dist. LEXIS 171835 (S.D. Fla. Dec. 4, 2012). All Leisure, which operates cruise brands, filed suit against its former president, Steven Novello, and DMS, a database marketing and consulting firm that contracted with and had a non-disclosure agreement with All Leisure. All Leisure alleged that soon after deciding to leave All Leisure, Novello instructed DMS to send him a large amount of All Leisure confidential data. DMS, which allegedly knew that Novello was about to leave All Leisure, transmitted the requested data to Novello. All Leisure discovered this data transfer about a month after Novello left All Leisure through a search of Novello’s company e-mail. All Leisure requested a temporary restraining order, prohibiting Novello and DMS from using or disclosing All Leisure information. The court granted All Leisure’s request, finding that All Leisure was substantially likely to prevail on its trade secret misappropriation claim. In a stipulated preliminary injunction as to Novello a few days following the court’s temporary restraining order, the parties noted that “Novello retains on his personal computer much of the information that All Leisure claims is a Trade Secret since he used his personal computer to conduct All Leisure’s business during the course of his employment with the company.” The injunction required Novello to take reasonable measures to protect data in his possession and for the forensic imaging of his personal devices.But Is It Actually a Trade Secret?Abrasic 90 Inc. v. Weldcote Metals, Inc., 364 F. Supp. 3d 888 (N.D. Ill. 2019). Abrasic, a manufacturer of grinding and sanding discs, sued its former president, who left Abrasic to form competitor Weldcote Metals, another former employee who went to work for Weldcote Metals, and Weldcote Metals for trade secrets misappropriation, breach of fiduciary duty, unfair competition, and unjust enrichment. Abrasic moved for preliminary injunction against the defendants to prevent them from working in the abrasives industry and from using Abrasic’s alleged trade secrets, which included information about Abrasic’s pricing, customers, and suppliers. But the court denied Abrasic’s motion largely on the ground that the alleged trade secrets could not legally constitute trade secrets because Abrasic failed to take reasonable steps to protect them. The court explained that Abrasic’s “data security was so lacking that it is difficult to identify the most significant shortcoming.” These shortcomings included: (1) failure to enter into confidentiality agreements with its employees; (2) when employees left Abrasic, the employees were asked to return any company property but were not specifically asked about whether the employees retained company information; (3) the company actually knew that the former employees had retained company information at issue on their personal devices but did not ask the employees to delete them; (4) the company’s IT person in charge of maintaining the security of company information had no training in data security; (5) the company did not restrict the alleged trade secrets to employees on a need-to-know basis; and (6) Abrasic took no measures to protect the alleged trade secrets in any way different than the steps it took to protect non-trade secrets information. The court noted that while some of the fault for these security shortfalls “presumably” lied with the former president, the company’s board “could have insisted on greater protections over [the company’s] purported trade secrets but did not.”Magnesita Refractories Co. v. Mishra, 2018 WL 6435648 (N.D. Ind. Dec. 7, 2018). Magnesita Refractories sued its former vice president, Surendra Mishra, for breach of fiduciary duty and theft of trade secrets after it discovered that he was allegedly “stepping out on them and looking to form a new business that would compete with Magnesita.” The court granted Mishra’s motion for summary judgment on the trade secrets misappropriation claim but not on the breach of fiduciary duty claim. With respect to the misappropriation claim, the court explained that “[a] plaintiff who seeks relief for misappropriation of trade secrets must identify the trade secrets and carry the burden of proving that they exist.” But Magnesita failed to identify any trade secrets with specificity and instead merely argued that Mishra received a PowerPoint presentation from another Magnesita employee who presumably had access to the PowerPoint. The court ruled that this argument “amounts to nothing more than an ipse dixit – it must be theft of trade secret because Magnesita says it is.” The court, however, denied Mishra’s summary judgment motion with respect to the breach of fiduciary duty claim because there were disputed facts about what Mishra was doing in the last two months of his employment at Magnesita.Yellowfin Yachts, Inc. v. Barker Boatworks, LLC, 898 F.3d 1279 (11th Cir. 2018). Yellowfin Yachts, a manufacturer of high-end fishing boats, sued its former vice president of sales, Kevin Barker, and Barker’s new company, Barker Boatworks, for violation of Florida’s Trade Secrets Act, unfair competition, and trade dress infringement under the common law and the Lanham Act. The district court granted the defendants’ motion for summary judgment, and the Eleventh Circuit affirmed. With respect to the Trade Secrets Act claim, Yellowfin Yachts alleged that the defendants had misappropriated its customer list, which contained customers’ names, addresses, contact information, and other information related to the customers’ purchases. But the Eleventh Circuit observed that Yellowfin Yachts could not prove that the list was a trade secret because Yellowfin Yachts “failed to reasonably protect the information.” While Yellowfin Yachts limited employee access to the customer list by password-protecting its computer network, Yellowfin Yachts “compromised the efficacy of these measures by encouraging Barker to keep the Customer Information on his cellphone and personal laptop.” Yellowfin Yachts also did not mark “the Customer Information as confidential nor instructed Baker to secure the information on his personal devices.”HCC Ins. Holdings, Inc. v. Flowers, 237 F. Supp. 3d 1341 (N.D. Ga. 2017). HCC, an insurance company, filed suit against two former employees and a newly formed competitor, alleging that the former employees misappropriated trade secrets in violation of the Georgia Trade Secrets Act, among other claims. HCC specifically alleged that one of these employees, Flowers, misappropriated around 500 “hot sheets” (excel spreadsheets that list prospective new business and existing policies up for renewal) by using his personal thumb drive and laptop. The defendants moved for summary judgment, arguing that these “hot sheets” did not constitute “trade secrets” because HCC failed to take reasonable efforts to maintain their secrecy. The court agreed with defendants, finding that HCC failed to present any evidence that it: (1) labeled the hot sheets as confidential or otherwise communicated the confidentiality of hot sheets directly to its employees; (2) directed its employees to maintain the secrecy of the file other than through a general confidentiality agreement that did not expressly mention the hot sheets; or (3) tracked the use of hot sheets. Accordingly, the court granted the defendants’ motion for summary judgment on HCC’s George Trade Secrets Act claim.Kuryakyn Holdings, LLC v. Ciro, LLC, 242 F. Supp. 3d 789 (W.D. Wis. 2017). A motorcycle aftermarket parts design corporation filed suit against a competing business and its founders, which included the plaintiff’s departing president, the president’s son, and the plaintiff’s former designers. The plaintiff, Kuryakyn, alleged that the defendants had misappropriated the plaintiff’s trade secrets in violation of the federal Defend Trade Secrets Act and Wisconsin Uniform Trade Secrets Act by forwarding confidential company information to their personal e-mail addresses, among other claims. The trade secrets Kuryakyn alleged were misappropriated included in part “[d]esign drawings, specifications, and other engineering information for new products and anticipated changes to current Kuryakyn products,” “market research and information on customer demand for new products and changes to current Kuryakyn products,” and customer and purchase contact information. The defendants moved for summary judgment, arguing that none of the information listed by Kuryakyn could constitute a “trade secret” because the information was publicly available and easily acquired by others. The court agreed with the defendants and granted defendants’ motion for summary judgment on the plaintiff’s trade secret misappropriation claims, observing that “[i]nformation about a third party that is readily ascertainable by simply asking the third party is not a trade secret” and that “[t]o survive summary judgment, Kuryakyn must identify specific documents or information that constitute trade secrets, not simply list categories or general topic of information.”Cyberbullying and Negligence. Employees, including managers, may use their BYOD devices to cyberbully or harass fellow co-workers. If the employer learns of the behavior and does not make efforts to correct, it may be subject to exposure regardless of whether the harassing or bullying was on an employer-hosted site. Violations of Federal and State Computer Trespass Statutes. An employer’s access of an employee’s personal device may violate, or at least implicate, numerous federal and state computer trespass statutes addressed above. BYOD Gives Rise to Concerns about Information Disclosure, Data Breaches, and Privacy Issues.Workplace Technology and Unwanted Information Disclosure.Data Breaches – A Significant Issue for Employers. As recently reported by the Wall Street Journal, a December 2015 survey by the Association for Corporate Counsel revealed that one-third of in-house counsel have experienced a corporate data breach and more than half of in-house counsel report that their companies are increasing spending on cybersecurity. Primary Causes of Data Breaches, i.e., Unwanted Information Disclosures. Employee Error. The most common cause of data breaches are employee error (24 percent of reported data breaches). For example, an employee “accidently sending an e-mail with sensitive information to someone outside the company.”Intentional and Malicious Access by Insiders.Phishing. “Phishing” refers to when third parties send spam e-mails designed to trick employees into giving up their personal information. Third-Party Access.Lost Device.Malware.Primary Employer Victims of Data Breaches. According to the survey, the healthcare industry reported the highest number of data breaches, followed by the insurance, manufacturing, and retail industries. Data breaches in the healthcare industry are particularly worrisome given the likelihood that such breaches would result in HIPAA violations. Consequences of Data Breaches. Data breaches can have numerous consequences, such as timely and expensive efforts remedial efforts, loss of valuable and/or necessary information, and the potential advantage to competitors’ access to the information in question. Data breaches can also leave employers liable to those affected by the breach.EXAMPLE: The data breach Sony Pictures Entertainment Inc.?suffered in 2014 prompted affected employees to file a class action against Sony, claiming that Sony was liable for the theft of the employees’ personal data. Corona et al v. Sony Pictures Entertainment Inc., U.S. District Court, Central District of California, No. 14-09600. After the U.S. District Judge allowed the employees to proceed with their claims that Sony was negligent and violated a California confidentiality law, the parties submitted a proposed settlement in October 2015. Pending court approval, the settlement requires Sony to pay up to $8 million to compensate the individual employees, identify theft losses, the protective measures they were forced to undertake, and their legal fees and costs. Appropriate Response to Threat of Data Breaches.Train Employees. Re-evaluating IT departments and updating firewall software are important; but given that employee error is the leading reported cause of data breaches, training is critical to avoiding data breaches and the consequences they entail. Purchase Cybersecurity Insurance.Inappropriate Response to Threat of Data Breaches. Employers must be careful not to overreact to the threat of data breaches or be overzealous in their protection against such unwanted disclosures, because protecting against data breaches may implicate employee privacy and leave employers vulnerable to related employee claims. Fair Labor Standards Act of 1938, as amended, 29 U.S.C. §201, et seq. (“FLSA”). If a company instructs or allows a non-exempt employee to perform work on a wireless device (whether company or personally owned) or a company-sponsored social media page, the hours may be compensable and may constitute overtime, even where they are performed during non-business hours and off the job.Frew v. Tolt Techs. Serv. Group, LLC, No. 6:09-CV-49-ORL-19GJK, 2010 WL 557940, at *5 (M.D. Fla. Feb. 11, 2010) (fact that employer regularly checked GPS records of employee’s vehicle, as well as employee’s employer-issued cell phone records, created a genuine issue of material fact as to whether the employer had notice that the employee was performing uncompensated overtime work).Tips for an Effect BYOD Policy. Establish Expectations and Requirements. Be clear as to mandatory or voluntary nature of policy.Establish clear expectations regarding employee use of personal devices at work, but avoid infringing upon employee freedoms and off-duty conduct. Address who controls the company-related information on the personal device and the employee’s obligations with respect to an employer’s need to access company information.?EXAMPLE: For litigation hold purposes, employees using personal devices may have information or evidence on their personal devices relevant to the litigation, and that could provide a basis to argue that the employer should issue a litigation hold and/or preserve the information on the employee’s personal device.Make it clear that the employer can prohibit, prevent, or revoke the employee’s use of personal devices for work-related purposes at any time. Prohibit Intermingling of Information. Prohibit the intermingling of company and personal information on the device. For example, require separate e-mail accounts on the device and/or separate folders or locations for company information and personal information.Confidentiality Agreements. Have employees who use their own personal devices to perform work sign confidentiality agreements to protect company information, trade secrets, etcetera, from disclosure to third parties. Consent to Monitoring. Reduce employees’ expectation of privacy on their own personal devices and inform employees that their personal devices may be monitored or subject to search in specific circumstances (e.g., termination, to protect confidential or proprietary information, in the event of a litigation hold), and obtain written consent to monitor the employees’ personal devices. Address Return of Information and Loss of Information. Implement policies and procedures: (1) for the return of company information, trade secrets, files, etcetera, on employee personal devices; and (2) for lost or stolen devices. In this regard, employers should consider requiring employee personal devices that are to be used for work purposes to have a remote wiping program that will allow the employer to delete employer data if needed.Post-Employment Agreements. When an employment relationship ends, obtain an agreement regarding the employer’s access to company information stored on the employee’s personal devices. For example, an employer may want to incorporate these types of obligations in severance agreements.The federal government has employed BYOD policies for many years and published some helpful information on its experiences, along with recommendations. THE NATIONAL LABOR RELATIONS ACT (“NLRA”), SOCIAL MEDIA AND ELECTRONIC COMMUNICATIONS POLICIESIn addition to the considerations discussed above about social media and electronic communication policies, it is important to evaluate whether these policies, or certain parts thereof, violate other laws protecting workers who engage in certain activities, such as the NLRA. Violations of the NLRA. Section 7 of the NLRA provides all non-supervisory employees the right “to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection.” This protection is very broad and applies to all employees, whether they are members of a union or not, and to employers, whether they employ union members or not. Definition of “Employee” Under the NLRA. The NLRA defines an “employee” as any employee, including those whose work has ceased as a consequence of, or in connection with, any current labor dispute or because of any unfair labor practice, and who has not obtained any other regular and substantially equivalent employment. However, “employee” does not include any individual: Employed as an agricultural laborer, or In the domestic service of any family or person at his home, or Employed by his parent or spouse, or Having the status of an independent contractor, orEmployed as a supervisor, or Employed by an employer subject to the Railway Labor Act, orEmployed by any other person who is not an employer as defined by the NLRA.Definition of “Employer” Under the NLRA. The NLRA defines an “employer” as any person acting as an agent of an employer, directly or indirectly, but not including: the United States or any wholly owned government corporation, or any Federal Reserve Bank, or any state or political subdivision thereof, or any person subject to the Railway Labor Act as amended from time to time, or any labor organization (other than when acting as an employer), or anyone acting in the capacity of officer or agent of such labor organization.Definition of Concerted Activity. Generally, the NLRA protects the rights of employees who engage in “protected concerted activity,” which is when two or more employees take action for their mutual aid or protection regarding terms and conditions of employment. A single employee may also engage in protected concerted activity if they are acting on the authority of other employees, bringing group complaints to the employer’s attention, trying to induce group action, or seeking to prepare for group action. When an employee suffers an adverse employment action as a result of language that is posted on social media sites such as Facebook? or Twitter, the action may give rise to an unfair labor practice charge if the posted language is construed as concerted activity. With the rise in use of social media, there has been a trend with the National Labor Relations Board (“NLRB”) to file charges in cases where an employee suffered an adverse employment action for language posted on the Internet. Remedies for Violations of the NLRA. The most severe remedies afforded by the NLRA are provided to an employee who has been terminated for conduct which is protected by the NLRA. Such an employee may be afforded reinstatement and back pay; however, there are no compensatory damages such as emotional distress provided by the NLRA. An employer who engages in NLRA violations can be issued a cease and desist order and made to post NLRB notices in the workplace. If the violations resulted in an unfair election, the NLRB can order that the election be rerun. If an employer refuses to bargain with an elected representative, the NLRB can order that they bargain. Recent Trends under the NLRA – Boeing Decision. In Boeing, Co. 365 NLRB No. (Dec. 14, 2017), the Board addressed facially neutral policies and workplace rules and created a balancing test to determine when such rules violate the NLRA. This resulted in Boeing overturning its prior decision in Lutheran Heritage Village-Livonia, 343 NLRB 646 (2004) (rules are unlawful if they could be “reasonably construed” to prohibit the exercise of Section 7 rights) and establishing a new test for evaluating whether workplace rules prohibit the exercise of Section 7 rights. Social media policies were of no exception. The Boeing standard replaced the “reasonably construed” standard and aims at balancing a facially neutral rule’s impact on employees’ exercise of Section 7 rights with the employer’s right to maintain productivity and discipline in the workplace. The test classifies such workplace rules into three categories:“Category 1 Rules – will include rules that the Board designates as lawful to maintain, either because: (i) the rule, when reasonably interpreted, does not prohibit or interfere with the exercise of Section 7 rights and thus no balancing of rights and justifications is required; or (ii) even though the rule has a reasonable tendency to interfere with Section 7 rights, the potential adverse impact on those protected rights is outweighed by employer justifications associated with the rule. This means that workplace civility rules, for example, do not per se violate the NLRA. Category 2 Rules – will include rules that warrant individualized scrutiny in each case as to whether the rule, when reasonably interpreted, would prohibit or interfere with the exercise of Section 7 rights, and if so, whether any adverse impact on protected conduct is outweighed by legitimate business justifications. Category 3 Rules – will include rules that the Board will designate as unlawful to maintain because they would prohibit or limit Section 7 conduct, and the adverse impact on Section 7 rights is not outweighed by justifications associated with the rule. For example, rules prohibiting employees from discussing wages is a Category 3 rule, because it will be presumed to infringe on employee Section 7 rights.” The Board noted that these categories “represent a classification of results” and that these categories are not part of the test. Post-Boeing Cases on Employer Social Media Policies. CVS Health, No. 31-CA-22210099 (Sept. 5, 2018).Coastal Industries, Inc. d/b/a Coastal Shower Doors, Case 12-CA-194162 (August 30, 2018).Comprehensive Healthcare Management Services, LLC d/b/a Brighton Rehabilitation and Wellness Services, No. 06-CA-209251 (July 3, 2018).Each of these Board decisions addressed company social media policies and found that parts of the policies were permissible while other parts were unlawful. Based on these cases, there are several examples of what the Board would consider lawful and unlawful following Boeing. Post-Boeing Examples of Unlawful Social Media Policies.Rules requiring employees to identify themselves by their real name when discussing their employer or their work on social media were Category 2 Rules and facially unlawful. Rules preventing employees from disclosing any “employee information” on social media. This Board stated that “employee information” was overbroad and it would be essentially impossible to conduct any Section 7 activities if one could not disclose any employee information whatsoever (as employees would not even be allowed to discuss the names and contact information of any other employees). Further, the Board reasoned that “employee information” could be read to include employee contact information or other non-confidential employee information. Prohibiting employees from posting inaccurate or false statements (as opposed to only maliciously false statements) was unlawful. Posting “derogatory information” about the employer on any websites, and to send complaints and grievances to normal company channels was found to be unlawful. The Board reasoned that it was “an absolute ban on employees making any comments on social media disparaging the employer.” Thus, it was an unlawful and overbroad Category 2 rule. A rule in the employer’s policy that prevented employees from posting the employer’s phone number or website link online was unlawful, as it prevented employees from soliciting customers and/or the public to call the employer to express support for the employee’s Section 7 activities, and served no legitimate business interest as employer’s contact info was easily located online.Broad rules that prohibit posting any confidential information, which could reasonably be interpreted by employees to include information like their terms and conditions of employment, was overly broad and unlawful. Post-Boeing Examples of Lawful Social Media PoliciesProhibiting employees from speaking on behalf of the company without authorization as well as requiring employees to disclaim that they are not speaking on behalf of the employer or as a company representative was a Category 1 rule and facially lawful. Restricting the use of company logos, company name or URL on social media accounts is a Category 1 Rule and facially lawful. (The Board reasoned that employers have a strong interest in protecting their intellectual property and that employees generally understand such a rule to protecting these interests). Requiring disclaimers on personal social media accounts if speaking about the employer in any way or re-sharing company information is a Category 1 and lawful on its face. Instructing employees not to post anything discriminatory, harassing, bullying, threatening, defamatory or unlawful was a Category 1 rule and facially lawful. Thus, work rules requiring harmonious relationships in the work place are permissible. Rules prohibiting taking pictures of non-public areas or meetings or within the workplace and/or posting such photographs on social media are facially lawful. Requiring employees to keep internal communication and information confidential and not to post or disclose on social media is lawful as it recognizes that most internal information given to employees are designed to be about company matters and not terms and conditions of employment. However, the Board noted that such a rule was a Category 2 Rule. Preventing employees from posting professional employment recommendations, reference or testimonials about current or former employees was lawful. (The Board reasoned that it was akin to “ensuring that only authorized employees may speak on the [e]mployer’s behalf.”). Although rules prohibiting criticism or disparagement fall in Category 2, such rules that do so with the purpose to promote safe and discrimination and harassment free workplaces can be lawful. Further, rules requiring that social media posts be done civilly is also lawful. Rules preventing conduct that “adversely affects” the company or co-workers may be lawful because the balance of an employer’s need to maintain discipline and productivity outweighs any construed chilling effect of the rule on Section 7 rights. Be Careful – Even with Lawful Social Media Policies Employers Can Violate the NLRA for interfering with employee’s social media use.When evaluating whether social media activities are protected, the Board evaluates whether they were sufficiently disloyal, reckless, or maliciously untrue as to lose the Act’s protection.?Roseburg Forest Prod. Co., & Carpenters Indus. Council (Cic), Local Union No. 2949, No. 19-CA-213306, 2018 WL 5676045 (Oct. 31, 2018) (citing Jefferson Standard, 346 US 464 (1953);?Linn v. Plant Guards Local 114, 383 US 53 (1966);?Triple Play Sports Bar, 361 NLRB 308 (2014)). Northwest Rural Electric Cooperative, 366 NLRB No. 132 (July 19, 2018) (affirming ALJ’s decision that employee’s comments and “like” of a Facebook? post on a third-party social media site about workplace safety related to his line of work was protected concerted activity and terminating employee for his Facebook? post was unlawful). Roseburg Forest Prod. Co., & Carpenters Indus. Council (Cic), Local Union No. 2949, No. 19-CA-213306, 2018 WL 5676045 (Oct. 31, 2018) (holding that employee’s Facebook? post, which was liked by other employees, was concerted protected activity). New York Party Shuttle, LLC, 359 NLRB No. 112, Case No. 02-CA-073340 (May 2013) (NLRB held that employer violated NLRA by failing to give an employee work assignments because the employee publicized his union activities and concerted activity in e-mail communications and Facebook? posts).Design Technology Group, LLC d/b/a Bettie Page Clothing and DTG California Mgmt., LLC d/b/a Bettie Page Clothing, a Single Employer and Vanessa Morris, 359 NLRB No. 96, Case No. 20-CA-035511 (Apr. 2013) (NLRB held that employer violated the NLRA by terminating employees for engaging in concerted protected activities that included postings on Facebook? complaining about treatment by their supervisor). Hispanics United of Buffalo, Inc., 359 NLRB No. 37, Case No. 03-CA-027872 (Dec. 2012) (NLRB found that employer violated NLRA by discharging employees who engaged in concerted activity in Facebook? posts. Specifically, an employee posted a message on her Facebook? page asking her co-workers how they felt about another employee’s criticism that the employees do not work hard enough for the clients, and other employees responded to the post, defended themselves and criticized the working conditions). Karl Knauz Motors, Inc. d/b/a Knauz BMW, 358 NLRB No. 164, Case No. 13-CA-046452 (Sept. 2012) (NLRB noted that charging party’s comments on Facebook? that the decision by the employer to serve potential clients hot dogs was “cheap” and may negatively affect his earnings would potentially constitute concerted protected activity; however, the NLRB found that the charging party’s termination was lawful based on other Facebook? posts that were not concerted activity. Significantly, the NLRB held that certain language in the employer’s handbook violated the NLRA). Costco Wholesale Corporation, 358 NLRB No. 106, Case No. 34-CA-012421 (Sept. 2012) (finding that Costco violated the NLRA by maintaining a rule that prohibited employees from electronically posting statements that harm the company’s reputation or defame the company). Employee Conduct Not Protected under the NLRA. There are times when employees’ use of social media or other online sources will not constitute concerted protected activity. Stange Law Firm, No. 14-CA-227644 (March 4, 2019) (holding that employees and former employees anonymous negative posts on Glassdoor about the employer was not concerted protected activity under the NLRA because it was not concerted or designed for a call for mutual aid and benefit, but further noting that such sites like Glassdoor, , etcetera are not social media sites). Colorado Professional Security Services LLC, Cases 27-CA-203915, -206097, -206104 (August 7, 2018) (employee posting video of himself in his work uniform on Facebook? was not concerted protected activity because his post included crude comments about the employer as well as its customers and others).Tasker Healthcare Group, Advice Memo, Case No. 04-CA-094222 (May 2013) (advising that the employer did not violate the NLRA for discharging an employee who participated in a Facebook? private group message because the employee’s comments and personal gripes about the employer were not protected activity). The Overarching Themes Post-Boeing on Social Media Policies:Overly broad social media policies that create a chilling effect because employees do not know what is and is not prohibited, are less likely to be enforced; andThere is a direct correlation between the degree to which the employee’s activity relates to the workplace and involves other employees, and the likelihood the employee’s social media activity will be considered concerted activity.Advice Memorandum on Employer Rules. The Board has a dedicated website with advice memorandums on employer rules post-Boeing. It is available at . NLRA Considerations for Electronic Communication Policies. Restricting Use of Employer’s Systems to Prohibit Concerted Protected Activity. During the Obama administration, in an unprecedented opinion, the NLRB took the position that employer’s electronic communication policies could not prohibit employees from using company systems, such as e-mail and chat systems, to engage in concerted activity during non-working time. See Purple Communications, 361 NLRB 1050 (2014).However, under Trump’s administration, the Board in Caesars Entertainment, 368 NLRB No. 143 (Dec. 16, 2019) overruled Purple Communications and re-verted back to a long-standing principle under Register Guard, 324 U.S. 793 (1945). Namely, an employer does not violate the NLRA simply by prohibiting the use of company equipment during non-working time. The Board felt as though the 2014 Board in Purple Communications “impermissibly discounted employers’ property rights in their IT resources while overstating the importance of those resources to Section 7 activity.” Exception. Even with this ruling, the Board recognized an exception to the Caesars Entertainment (and Register Guard) rule in the circumstances where an employer’s e-mail system is the only reasonable means for employees to communicate with one another. In this COVID-19 era with more remote workers, this exception may be more hotly litigated since the likely e-mail systems and internal chat functions may be the only reasonable means for non-supervisory employees to engage in Section 7 activities. Post-Caesar Entertainment Cases on Employer Electronic Communication Policies. Moreover, the Board overruled its prior decisions following Purple Communications (2014) and found that employer restrictions on use of company IT resources for non-business purposes as lawful. Argos USA LLC, et al, 369 NLRB No. 26 (Feb. 5, 2020). In Argos, the Board evaluated an employer’s electronic communications policy that stated that the e-mail system was to be used for business purposes and not for personal matters, as well as a cell-phone policy prohibiting employees from possessing and using cell phones in the company’s commercial vehicles. The Board found both of these policies to be lawful policies. To the electronic communications policy, the Board recognized that it was a typical workplace and that there were other avenues of communication available—such as personal e-mail, verbal contact as well as personal social media. Likewise, the Board recognized that the cell phone policy did not prohibit any Section 7 activities and that the purpose of the rule, when read as a whole, was to ensure safety of drivers and the general public. Notably, the Board said that “employees are not guaranteed the right to use every method of communication available to them to discuss their terms and conditions of employment.…”T-Mobile USA, Inc., 369 NLRB No. 90 (May 27, 2020). Board overruled its 2016 decision based on Caesar’s Entertainment and finding that the employer’s rule prohibiting an employee from using the company’s e-mail system to send out communication regarding union activities was lawful. Cell-Co Partnership, 369 NLRB No. 130 (July 22, 2020). Like in T-Mobile USA, Board overruled decision and found that employer’s restriction on non-business use of IT resources is permissible. Purple Communications, Inc., 370 NLRB No. 33 (Oct. 8, 2020). The NLRB overruled its prior decision and found the company’s policy restricting employee use of the company’s e-mail system lawful under Caesars’s Entertainment. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download