Case Against NJ Woman Charged With Identity Theft Via Facebook Will Go Forward

After setting up a fake Facebook profile for her ex, Dana Thornton finds herself fighting a fourth-degree identity theft charge in New Jersey courts. 

She's accused of impersonating her ex-boyfriend, and making personal statements she attributed to him -- reportedly saying he was "high all the time," had herpes, and liked prostitutes. 

The New Jersey Code of Criminal Justice defines the offense of impersonation/identity theft to include "impersonat[ing] another or assuming a false identity and do[ing] an act in such assumed character or false identity . . . to injure or defraud another." Thornton tried to get the case dismissed because the statute makes no mention of electronic communications.  The judge didn't buy the argument, and on Wednesday, ruled the case will go forward.

In my opinion, this court reached the right decision.  The statute unambiguously says that assuming a false identity to injure another person is against the law -- it shouldn't matter what tools are used in the process.

Interestingly, a bill was proposed in the NJ legislature last year that (if passed) would clarify that criminal impersonation using electronic means or the internet is covered by the law.  As I told the Associated Press, amending this particular statute could complicate future prosecutions.  For example, if the legislature amends the identity theft statute to specifically say it covers online conduct, would a court later assume the state’s harassment statute isn’t meant to encompass online communications because it hasn’t been amended to specifically say so?  If this statute is revised to specifically reference online conduct, should the legislature try to amend all other laws that could be implicated in the context of online communications? 

See All Friends & Pages In Your Facebook News Feed -- For Real This Time

OK, so this post may not appear all that law-related . . . but I’ve received the same Facebook-related question from a couple different lawyer friends, so that’s enough for me to assume this is worth sharing!

You may or may not have noticed that not all your Facebook friends show up in your Facebook News Feed. Facebook’s default setting is to publish items from friends and pages you’ve recently interacted with. No one’s quite sure what that means exactly. Presumably, it has something to do with whether you’ve liked someone’s status, posted on someone’s wall, and so on – but it’s not clear what degree of interaction is required. There’s been a Facebook status floating around for quite a while about how to correct this, suggesting users address the issue through their account settings and asking users to copy and paste the setting to spread the word. I, too, copied and pasted this advice because common sense says it should have worked. But alas. Common sense has no place in the world of Facebook. A couple lawyer friends pointed out that this change in account settings didn’t appear to be working. The next time they’d log in, the settings went back to the “recently interacted” instead of “all.” So, I did a little investigating. Turns out, there’s a better way to make this change (at least until Facebook makes its next surreptitious change to our default privacy settings), by editing your News Feed settings specifically. So, if you’d like to see news from all your friends and pages, try this:

Go to your News Feed and click on “Most Recent” at the top of that page. You should see a little drop down box option; select “Edit Options” at the bottom of that drop-down list.

The default says it is showing posts from “Friends and pages you interact with the most.” Change that to “All of your friends and pages.”

I made the change and it made a huge difference in my News Feed!

Missouri Law Bans Certain Teacher/Student Online Communications

Missouri has just passed a law prohibiting certain online communications between teachers and students.  The Amy Hestir Student Protection Action more broadly aims to protect students from sexual abuse, but the controversial provision in the law reaching student and teacher social media usage and online activity is section 162.069, which provides:

By January 1, 2012, every school district must develop a written policy concerning teacher-student communication and employee-student communications. Each policy must include appropriate oral and nonverbal personal communication, which may be combined with sexual harassment policies, and appropriate use of electronic media as described in the act, including social networking sites. Teachers cannot establish, maintain, or use a work-related website unless it is available to school administrators and the child's legal custodian, physical custodian, or legal guardian. Teachers also cannot have a nonwork-related website that allows exclusive access with a current or former student. Former student is defined as any person who was at one time a student at the school at which the teacher is employed and who is eighteen years of age or less and who has not graduated.

Although it's been coined the "Facebook law," it reaches other online communication tools, as well.  And it doesn't necessarily ban all contact between students and teachers online -- just communications on a "website that allows exclusive access with a current or former student."  The law doesn't define what this is, but it presumably aims to prevent private, direct communications between student and teacher.  This would also seem to prevent a teacher with a private Facebook profile from "friending" a student on Facebook.  (Or would it?  If the only communication between a teacher and student occurred on a publicly visible "wall"?)  A number of analysts have suggested teachers who want to communicate with students on Facebook should create public Facebook fan pages, which students can "like."  This way, students and teachers can communicate on its wall, allowing their exchanges to be publicly visable.  (But this wouldn't take away the ability to send a private message -- that capability is available on Facebook by default, whether you're friends with the person you want to message or not.)

Sure, it may be a decent policy for teachers not to Facebook friend students.  But requiring it by law (a relatively ambiguous law, no less) sets the stage for some likely problems.  Although well intended, the law sure seems to leave open a lot of questions.  What exactly is "exclusive access"?  Does this law go too far?  Does it infringe on students' or teachers' free speech or freedom of association rights?  Does this prohibit communication with students the teacher actually teaches or taught?  Or all students within the district?  What about retired teachers?  Retired teachers who still substitute teach in the school district?  Doesn't this law go much further than necessary to stop improper sexual conduct between student and teacher?  If teachers aren't sure what it means, won't it chill their speech?  The law discusses communications on "websites" -- so it wouldn't reach text messages, or phone calls for that matter.

The law goes into effect later this month, but gives school districts until January 1 of 2012 to implement their new policies.

NLRB Continues Aggressive Response to Employers' Social Media Policies It Deems Overbroad

The National Labor Relations Board recently issued two more complaints against employers that fired employees in response to the employees’ Facebook posts.

On May 9, the NLRB lodged a complaint against a non-profit organization in New York, saying it improperly fired five employees for Facebook posts that amounted to protected concerted activity. According to the press release, an employee posted on her own Facebook wall an allegation by a coworker that employees weren’t doing enough for clients. A group of employees responded to the Facebook post, defending their job performance and complaining about their working conditions (including work load and staffing issues). The employer fired the five employees who participated in the online discussion, saying the remarks amounted to harassment of the employee mentioned in the original post. The NLRB’s complaint claims the Facebook discussion was protected under the National Labor Relations Act because it involved a conversation among coworkers about the terms and conditions of employment, including their job performance and staffing levels.

The NLRB also issued a complaint last month against a Chicago BMW dealership that terminated the employment of a car salesman who posted pictures and commentary on his Facebook page criticizing a promotional event hosted by the dealership. (It sounds like he thought serving customers hot dogs and bottled water was a little lame and might negatively affect sales commissions.) The employee removed the posts immediately after management asked him to, but shortly thereafter, the car dealership still fired him. The NLRB alleges that this employee’s use of social media was also protected under the National Labor Relations Act. The dealership came forward to say the salesman was fired reasons other than his Facebook posts.

The NLRB has been increasingly involved in these Facebook firing cases. You may recall the NLRB complaint filed late last year charging a Connecticut employer with unfair labor practices when it discharged an employee who complained about her supervisor on Facebook. That case settled earlier this year.

These aren’t the only cases out there, and it seems the NLRB intends to keep a keen eye on social media issues. Employers should be careful when disciplining employees for their social media or online activities -- and should also ensure their social media policies or practices aren’t overbroad.

Check Out A Few of Erickson's Posts for IowaBiz on Technology, Internet, & Law

For those of you who may be interested, I thought I'd share a few posts I've written recently for IowaBiz, the official blog for the Des Moines Business Record, that touch upon technology, the internet, and the law:   

• May 31, 2011 post on a bill signed by Iowa's Governor that authorizes a study on online gaming.

• May 13, 2011 post discussing how employers may respond to the fairly common practice of employees including information about their workplace on Facebook or other social networking profiles. 

• April 13, 2011 post discussing the largely symbolic vote in the House to repeal the FCC's net neutrality rules (the measure isn't expected to pass the Senate).

• March 29, 2011 post discussing the importance of early planning stages in a company's creation of or updates to social media or social networking personnel policies.

Coming Up in NYC: ABA National Symposium on Technology in Labor and Employment Law

Attention attorneys!  The ABA National Symposium on Technology in Labor and Employment Law will be held April 27-29 at the New York University School of Law in New York, New York.  The event is presented by the Technology in the Practice and Workplace Committee and co-sponsored by the NYU Law School's Center for Labor and Employment Law.  The meeting kicks off with a welcome reception on Wednesday, April 27 from 6:30p-8:30p.  General sessions will be held Thursday, April 28 and Friday, April 29.

See the committee's announcement for more details.  And if you're a lawyer who plans to attend, leave a comment!

Update, Update, Update Your Document Retention Policies!

With the increased online activity in business, companies should take time to review and update document retention policies sooner rather than later. Many companies probably already have policies addressing email systems, but these may need refreshing. Because more and more companies have become active on social media sites like Facebook and Twitter, it’s also wise to review or update document retention polices to ensure the scope will cover such social media activity. To the extent you have different policies addressing different technologies or communications, businesses should ensure they’re consistent. (Companies may want to avoid multiple policies if it’s possible to draft one that’s broad and flexible enough to capture all electronic communications.)

Keep in mind any special obligations that might exist for your particular business or industry. Federal and/or state regulations may impose special recordkeeping obligations or considerations. For example, and as I’ve mentioned before, the U.S. securities regulator, FINRA, has regulatory guidance regarding certain record-keeping obligations brokerage firm’s business-related communications online (including on social media sites and blogs).

Companies may struggle with apparent tensions that arise between obligations to preserve relevant communications versus associated privacy concerns.  (For example, privacy issues may arise when a company attempts to collect or store communications by employees or customers.)  Businesses would be wise to seek legal counsel in navigating these waters.

Remember online communications may become relevant in litigation – and companies have an obligation to preserve all relevant communications, documents, and information if litigation is pending or reasonably anticipated. A company that fails to properly preserve relevant information can face hefty sanctions by the court.

Connecticut Employer Settles Facebook Firing Case With NLRB

Yikes. My apologies for the massive delay since my last couple posts. Speaking of my last couple posts . . . remember that time American Medical Response of Connecticut fired an employee after she complained about her boss on Facebook? Shortly after the termination, the NLRB’s Hartford regional office issued a complaint against AMR, alleging the firing violated federal labor law. According to the complaint, the employee’s online comments constituted protected activity.  The complaint also alleged that the company's policies addressing online communications were overly broad.  Yesterday, the NLRB announced the case has been settled.  (Fun fact:  not only did the NLRB issue a press release, it also tweeted the update!)

twitter.com/nlrb

To review a few considerations employers may want to take into account, you may want to revisit my blog post, "Social Media Policies for Employers:  A Few Notes on the NLRA."

Social Media Policies for Employers: A Few Notes on the NLRA

Yesterday’s post discussed recent action by the National Labor Relations Board, pointing out that your employee’s Facebook posts or other online communications may be protected under the National Labor Relations Act. Many private employers don’t realize Section 7 of the NLRA protects the rights of all employees, regardless of union status, to engage in protected “concerted activities,” such as discussing wages, work conditions, and other terms of employment. In light of yesterday’s discussion, when reviewing or updating social media policies, employers may want to think about:

• An employer may violate the NLRA simply by maintaining certain work rules or policies, even if they’re not enforced, if the rule would reasonably tend to chill employees in exercising their Section 7 rights.
• Obviously, an employer violates the law if a workplace rule explicitly restricts Section 7 protected activities (i.e., "You can't talk about your wages."). But a rule that doesn't expressly restrict protected activity may also be illegal if (1) employees would reasonably construe the language to prohibit Section 7 activity, (2) the rule was promulgated in response to union activity, or (3) the rule has been applied to restrict the exercise of Section 7 rights. 
• Thus, an employer may violate the NLRA by implementing overly broad policies. For example, it may be unlawful to implement a policy broadly prohibiting online communications that disparage the employer or supervisors or prohibiting any depiction of the company without employer permission.
• Of course, prohibiting conduct that’s clearly not protected under the NLRA isn’t a violation – an employer may properly restrict communications such as (non-exhaustive list of examples cited by the NLRB): (1) conversations about the employer’s proprietary information, (2) explicit sexual references, (3) criticism of race or religion, (4) obscenity, profanity, or egregiously inappropriate language, (5) references to illegal drugs, and (6) online sharing of confidential intellectual property.
• Sometimes, an employer’s policy provision might be overly broad standing alone, but the surrounding context may give it a more limited – and legal – meaning. For example, prohibiting employees from having “negative conversations” about managers may be overly broad if it contained no further clarification or examples. However, an employer probably can prohibit employees from making “statements that are detrimental to the company” when the prohibition is listed alongside examples of egregious misconduct (such as “sexual or racial harassment” and “sabotage”) that clearly aren’t protected under Section 7. The inquiry remains: when read in context, would employees reasonably construe the rule as restricting Section 7 activity?
• Although the inclusion of limiting or clarifying language may protect an employer’s otherwise overbroad policy, it’s probably wiser to just more carefully articulate the prohibited activity itself. (If you can’t say “don’t do stuff that annoys us,” but you may say, “don’t do stuff that annoys us, like sexually harassing other employees or stealing our trade secrets,” why not just eliminate the risk by saying “don’t sexually harass other employees or steal our trade secrets”?!)*
• An employer may want to simply include language in a social media policy expressly clarifying the policy doesn't restrict protected communications.
• Consider how you might re-phrase policy language to capture what your company really wants to restrict. For example, “defamation” is generally unlawful, but “disparagement” is broader and might include some online complaining that’s actually protected activity. Perhaps it would be safer for an employer to prohibit “defamatory comments about company supervisors” rather than “disparaging comments about company supervisors.”
• Remember, an employee’s online communications may be protected under other laws, too!

* Um, I hope this doesn’t really need a disclaimer, but I’m not literally suggesting you phrase your policies like this.

NLRA May Protect Your Employees' Facebook Rants (Regardless of Union Status!)

The National Labor Relations Board's Hartford regional office recently accused an employer of engaging in unfair labor practices when the company fired an employee who complained about her supervisor on her personal Facebook page. The NLRB regional director (part of the NLRB's Office of General Counsel) filed the complaint against American Medical Response of Connecticut on October 27, 2010, and issued a press release last month announcing that an NLRB investigation concluded that the employee’s Facebook posts were protected concerted activity, and that the company’s blogging and internet posting policy contained unlawful provisions. Specifically, it took issue with the provision “that prohibited employees from making disparaging remarks when discussing the company or supervisors and another that prohibited employees from depicting the company in any way over the internet without company permission.” The press release explained these kinds of provisions interfere with employees’ rights to engage in protected concerted activity. I found a copy of the complaint posted to JDSupra by Adrian Lurssen, which included the actual text of the two alleged “unlawful provisions,” which state:

• Employees are prohibited from posting pictures of themselves in any media, including but not limited to the Internet, which depicts the Company in any way, including but not limited to a Company uniform, corporate logo or an ambulance, unless the employee receives written approval from the EMSC Vice President of Corporate Communications in advance of the posting;

• Employees are prohibited from making disparaging, discriminatory or defamatory comments when discussing the Company or the employee's superiors, co-workers and/or competitors.

This has caused quite a ruckus among human resources and legal professionals, because – remember – the National Labor Relations Act protects union and non-union employees against discrimination based on union-related activity or group action (“protected concerted activity” such as discussing the terms and conditions of their employment). Although this complaint has received extensive coverage already, I thought it may be worthwhile to join in the discussion to point out that this NLRB complaint doesn’t sound the death knell on employer social media policies or internet policies. The NLRB isn’t saying blogging or internet policies violate the law, it just seems to be saying this employer’s internet policy was too broad. That being said, I think the complaint still might possibly inject a little confusion into the employer’s (and lawyer’s) evaluation of appropriate social media policy language.

Last December, the NLRB's Office of the General Counsel issued an Advice Memorandum in Sears Holdings (Roebucks), No. 18-CA-19081, which examined another employer’s social media policy and found the policy did not violate the NLRA. The challenged provision within the policy in that case prohibited “[d]isparagement of company’s or competitors’ products, services, executive leadership, employees, strategy, and business prospects.”

On one hand, the specifically challenged disparagement provisions in the two cases are relatively similar. Consequently, the approval of the policy at issue in December 2009 seems inconsistent with the October 27, 2010 complaint – at least at first blush. Both seem to be broadly worded to restrict what could be considered protected under the NLRA.  But it seemed important to the December 2009 conclusion that the challenged provision within the Sears policy was only one of multiple other, relatively specific, prohibited social media activities such as prohibiting disclosure of confidential or proprietary company information, reference to illegal drugs, obscenity or profanity, and so on. The Sears policy also included prefatory language saying “…[t]he intent of this Policy is not to restrict the flow of useful and appropriate information, but to minimize the risk to the Company and its associates.”

The Sears Advice Memo pointed out that, standing alone, “the ban on “[d]isparagement of company’s . . . executive leadership, employees, [or] strategy . . .” could chill the exercise of protected concerted activity. But read in light of its longer list of prohibited activity that clearly fell outside NLRA protection, employee wouldn't reasonably construe the Sears social media policy to prohibit protected concerted activities. In contrast, the American Medical Response provisions at issue appear to constitute that employer’s entire “Blogging and Internet Posting Policy” (based on the way it reads in the complaint, anyway). The lack of the more limiting contextual language like that included in the Sears social media policy seems to distinguish it and suggests that may make the American Medical Response internet policy too broad. The American Medical Response complaint also indicates the employer fired the employee after denying her requested union representation. Sounds like that may be a game-changer, too.

American Medical Response's answer to the complaint was due last month, and on January 25, 2011, there will be a hearing before an NLRB administrative law judge on the American Medical Response complaint.  Keep your eye out for that.

Two important reminders: (1) the NLRB agency's complaint isn’t a final determination or decision -- it's just a charging document; there hasn’t even been a hearing yet, and (2) the Advice Memorandum isn’t binding, either. Although it’s fun (well, fun for nerdy lawyers like me) to think about the various implications these kinds of filings could suggest, keep those two caveats in mind!  Look for tomorrow's post that will expand on this one a bit. 

Thanks to Anders for pointing me to the NLRB press release last month!

Final GINA Regulations (Finally!) Published: Social Media & Employer Acquisition of Genetic Info

The Equal Employment Opportunity Commission today (finally!) issued final regulations implementing Title II (the employment provisions) of the Genetic Information Non-Discrimination Act of 2008 (GINA). As I mentioned in an earlier post, Title II took effect on November 21, 2009, the Commission published proposed regulations last year, but the final regulations were delayed. I also pointed out that employers would have to wait for the final regulations for the EEOC’s treatment of information obtained via social networking sites and employees’ social media profiles. 

The Issue: Acquiring Employee Genetic Information Via Social Media = Violation?
Recall that GINA makes the mere acquisition of genetic information illegal, and the Act broadly defines “genetic information” to include even medical conditions of family members. This left employers wondering if they’d be facing a GINA violation if, for example, a supervisor found an employee’s status update saying he was raising money for multiple sclerosis in honor of his father who is suffering for it. Employers wondered if just receiving that information might be a violation.

Some acquisitions of genetic information aren’t illegal; the law provides specific exceptions. The final regulations now clarify the scope of those exceptions regarding acquisition of genetic information through social networking or social media sites such as Facebook.

No Specific Intent Necessary for Violation
First, it seems worth mentioning that the EEOC pointed out that an employer may violate GINA without a specific intent to acquire genetic information, so the Commission changed the language of the regulations:  the Commission removed reference to “deliberate acquisition” of genetic information, and now indicates Title II of GINA restricts “requesting, requiring, or purchasing” genetic information.

“Inadvertent Acquisition” Exception
Turning to the exemptions, specifically, the Commission pointed out that the “inadvertent acquisition exception” applies not just to interactions in the workplace, but also to interactions that take place online. The regs provide a specific situation in which acquisition of genetic information would not result in a violation under the “inadvertent acquisition” exception:  when a manager or supervisor “inadvertently learns genetic information from a social media platform which he or she was given permission to access by the creator of the profile at issue (e.g., a supervisor and employee are connected on a social networking site and the employee provides family medical history on his page).”

In other words, drawing from the hypothetical I posed in my earlier post, an employer would not violate GINA if an employee sends a friend request to his supervisor, and weeks later, the employee’s status update appears in that supervisor’s Facebook news feed, unexpectedly disclosing genetic information. The inadvertent acquisition exception protects the employer from liability for this acquisition of genetic information.

“Commercially & Publicly Available” Exception
With respect to the exception for genetic information obtained via commercially and publicly available information, the regulations provide that media sources with “limited access” will not be considered commercially and publicly available. That is, this exception doesn’t apply to genetic information obtained through sources such as social networking sites (such as Facebook) that require permission to access from a specific individual or where access is conditioned on membership in a particular group (unless the employer can show access is routinely granted to all who request it). For example, if an employee’s Facebook profile contains genetic information, and that employee has taken advantage of Facebook privacy restrictions so that information is only accessible by the employee’s Facebook friends, the information isn’t considered commercially and publicly available. The Commission was careful to point out the determining factor is whether access requires permission of an individual or is limited to a particular group, and not how a particular web site might be “categorized” -- such as social media, personal web site, blog, or so on. (i.e., Although the converse is more often true, some social or professional networking profiles or portions thereof don’t require permission to access or routinely grant access, whereas some web sites and blogs do limit access.)

Further, even if an employer obtains genetic information through a source deemed commercially and publicly available, it’s not protected by the exemption if the employer sought access to that source with the intent of obtaining genetic information. The EEOC stated, “[f]or example, an employer who acquires genetic information by conducting an Internet search for the name of an employee and a particular genetic marker will not be protected by this exception, even if the information the employer ultimately obtained was from a source that is commercially and publicly available.” This may seem intuitive, but as commentators pointed out, this probably would have been technically possible under the proposed regulations, so it makes sense for the EEOC to include this specific clarification.

The regulations further explains that employers may not obtain genetic information through media sources – even if commercially and publicly available – if the employer is likely to acquire genetic information by accessing those sources. While some might argue an employer should assume an employee’s Facebook profile is likely to contain genetic information, the regulation suggests a higher “likely” standard, “such as Web site and on-line discussion groups that focus on issues such as genetic testing of individuals and genetic discrimination.”

The text of the final regulations may be found at http://bit.ly/9LUP85 and the EEOC’s question-and-answer documents on the final GINA regulations may be found at http://www.eeoc.gov/laws/types/genetic.cfm.

FCC Proposes "Bill Shock" Rules to Help Wireless Users Avoid Unexpected Charges

The Federal Communications Commission today proposed new rules that would require mobile service providers to give alerts to customers to avoid unexpected overage charges on their bills.  The FCC says mobile "bill shock" (unexpected jump in the monthly bill) is an increasing problem for consumers; the Commission says it wants to help consumers better control their mobile costs.  One in six mobile users have experienced bill shock -- more than half of them experienced an increase of $50 and up. 

The FCC wants to prevent this so-called bill shock by requiring cell companies to give consumers simple alerts, in the form of voice or texts, before they incur overage charges.  The rules would also require providers to alert customers when they're about to incur international or other roaming charges that aren't covered by their plans and if they're going to be charged more than the normal rates.  Finally, the rules would also require clear disclosure of tools the provider offers to set usage limits or reviews of usage balances.  The proposed rulemaking also seeks comment on whether all carriers should be required to give consumers the option of setting their own usage caps -- and also seeks comment on whether small providers or prepaid services should get an exemption from these requirements or be given extra time to comply.

Mobile companies have long been criticized by consumer-protection groups for what's perceived to be deceptive billing, early termination fees, exclusivity deals, and the like.

For a creative description of the consumer-protection issues facing wireless carriers (and because I enjoy creative writers!), see Timothy Noah's write-up for Slate.

Article: Use of Social Media Evidence in Workers' Compensation Litigation

Professor Gregory M. Duhl and attorney Jaclyn Millner recently made available on SSRN a draft of their article that will be published in the Pace Law Review; it's focused on the use of social networking evidence in workers' compensation litigation.

From the paper's abstract:

. . . In this article, we examine how social networking has influenced workers’ compensation law, looking at, in particular, the intersection of professional responsibility, discovery, privacy, and evidence with social networking in state workers’ compensation systems.

What a timely topic!  I look forward to reading it, and hope you find it informative.  Thanks to Professor Duhl for bringing this to my attention!

Business Bloggers & Fair Use Questions

Check out my first IowaBiz blog post at the Business Record's blog, where I'll be blogging on internet law issues.  My first post discusses a few copyright issues facing individuals who blog for business purposes, with a focus on the fair use doctrine.

Hospital Workers Post Pics of Dying Man on Facebook: Highlights Need to Educate Employees on Proper Use of Social Media

So. Not. Cool.

Sixty-year-old William Wells arrived at St. Mary Medical Center's emergency room in Long Beach with more than a dozen stab wounds. According to the Los Angeles Times, his throat had been lacerated so severely, he was almost decapitated.

The first instinct of a handful of hospital workers there that day? Rather than rush to the aid of the dying man, they took pictures of him . . . and then, yes, they posted them on Facebook.

According to the Los Angeles Times news story, the hospital fired four staff members and disciplined three. At least two involved were nurses (but they apparently weren't fired).

This sad story highlights some of the challenges healthcare facilities face in today's social media frenzied culture. Hospitals and clinics struggle to balance their use of social media sites for marketing, recruiting, and advertising purposes against the need to protect patient privacy. But let me suggest that social media isn't really the problem -- the problem arises when employees make poor judgment calls when using these new online tools.  Of course, these employees should have known posting pictures of a dying man on Facebook was a bad idea.  But some privacy breaches and other workplace problems could be prevented if employers took a more concerted effort to identify their business needs and to educate employees about social media expectations.

Healthcare facilities often implement across-the-board bans of Facebook and other social networking sites at the workplace, assuming this kind of broad-brush approach will be the most effective. Managers may be forgetting that blocking workstation access to Facebook wouldn't have changed the St. Mary employees' access to their smartphone cameras and 3G mobile internet. Frankly, I don't think all-out bans of social media sites at the workplace are practical or effective.  Employers should take the time to create, communicate, and maintain a thoughtfully considered social media policy. Although some judgment calls seem intuitive, employers need to communicate their requirements and expectations to employees regarding employee use of social media.

New Jersey Town Adds DUI Pics to Facebook Page

Oh, my. Check out this story over at cnet about a New Jersey township that recently decided it will post arrest photos on its Facebook page. According to the story, the police department has maintained a Facebook page for about six months, but just this week decided to add DUI pictures to the site.

Social Media Club Des Moines Presentation Tomorrow: "Legal Side of Social Media"

If you're in the Des Moines area, come on over to Mars Cafe in the morning to join Social Media Club Des Moines (SMCDSM) for my presentation on various legal issues related to social media. 

 

SMCDSM organized this free event, and it's sponsored by Mars Cafe (owned by my colleague, Larry James, Jr.!) and Dickinson, Mackaman, Tyler & Hagen PC (my employer!). 

Mars Cafe is located at 2318 University Avenue in Des Moines. Come early to grab food and drink, and my presentation will begin at 7:30a tomorrow, Tuesday, August 10, 2010.  The presentation will be about 30 minutes, with time thereafter for some discussion and/or Q&A.

For more information or to RSVP, check out the SMCDSM's event description here.

Networking Lawyers! JD Supra & LinkedIn Announce New "Legal Updates" Feature

JD Supra announced a joint effort with LinkedIn to launch "Legal Updates," described as:

"the first and only application specifically created to distribute legal content (and help lawyers connect with the right people) on the world's largest professional network."

LinkedIn is a professional networking website, and JD Supra users create online portfolios to share content. The collaborative application lets LinkedIn users install the Legal Updates news feed of legal content from JD Supra. This new tool allows users to better target their relevant audiences - the feeds are customizable, allowing users to sign up for information related to specific subjects or industries (real estate, employment, etc.) or for feeds from particular sources (individuals, law firms, etc.).

The announcement sums up the power of this resource well, saying this new tool allows "targeted delivery of useful legal information to professionals across the LinkedIn network..."

Keep your eye on this new networking application, already being touted as a "game changer in the online dissemination and marketing of legal work"!

Blagojevich Judge Won't Release Juror Names Because of those Darn Bloggers and Facebookers

The Ward Room over at NBC News in Chicago reports that the judge in the Rod Blagojevich corruption trial announced that juror names would not be released because of bloggers and social media sites like Facebook. After journalists challenged the judge's decision, the Court of Appeals ruled that the judge will have to hold a hearing on the issue -- which is set for next week.

I understand the judge's concern over protecting the jurors, and thus, the integrity of our legal system. But the former journalist in me struggles to accept this kind of ruling as beneficial for the public at large. Ensuring freedom of the press -- particularly on a matter of important political and public concern -- also preserves and protects the integrity of the system.

The Chicago Tribune also ran a good summary on the issue here.

School District Considers Social Media Policy for Teachers & Other Employees

Daniel Schwartz has an interesting post over at the Connecticut Employment Law Blog, pointing to a Connecticut school district considering a social media policy for its teachers:  School Board Considers Social Media Usage Policy for Teachers, Other Employees.

Schwartz also mentions a list of sample policies I've perused a number of times myself and have found to be a great resource:  the "Social Media Policies Database" made available over at the Compliance Building blog.  Of course, I encourage my readers to hearken back to my earlier cautions about relying on sample policies, as the public/private employer distinction raises another reason to thoughtfully and carefully approach sample policies. Remember that a school district, as a public employer, has First Amendment issues to worry about that private employers generally don't need to consider when drafting employment policies. Public employers may also want to consider, for example, Fourth Amendment implications of conducting online searches or monitoring use of technology, whether some level of due process might be owed before disciplining an employee, and so on.  Remember that a policy drafted for a private employer won't address First Amendment or other issues only relevant to a public employer . . . and a policy drafted for a public employer probably won't be a great fit for a private employer. Still, employers may find some helpful nuggets of information in the MANY samples out there!

US Supreme Court Issues Opinion in Quon Sexting Case

The United States Supreme Court ruled today that a public employer’s search of sexually explicit text messages on a police officer’s employer-issued pager did not constitute an illegal invasion of privacy.  The Court overturned the Ninth Circuit, which had determined the employee had a reasonable expectation of privacy in his text messages and that the city’s search was not reasonable.

The city argued its employees had no reasonable expectation of privacy in communications made on employer-provided devices.  The Court explained:

The record does establish that OPD, at the outset, made it clear that pager messages were not considered private. The City’s Computer Policy stated that “[u]sers should have no expectation of privacy or confidentiality when using” City computers. . . . Chief Scharf’s memo and Duke’s statements made clear that this official policy extended to text messaging.

The disagreement over the expectation of privacy question arose as a result of later communications by the officer responsible for the city's contract with Arch Wireless, and whether these later representations overrode the city's official policy.  The Court, however, avoided deciding that question -- resting its decision on narrower grounds.  The Court advised, "Prudence counsels caution before the facts in the instant case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations enjoyed by employees when using employer-provided communication devices." 

The Court acknowledged that "[r]apid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior" and concluded that "[a]t present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve."  The Court said a broad holding on the question of employee privacy expectations vis-à-vis employer-provided equipment may well have implications for future cases that can't be predicted.  The Court essentially moved on to simply assume without deciding that even if Quon had a reasonable expectation of privacy in his text messages, the city did not violate the Fourth Amendment by obtaining and reviewing the transcripts in this case.

Stay tuned for further analysis and comment on this important case!  More posts on this case will come after I've had more time to review the details more closely.

Final GINA Regs Delayed: GINA & Social Media Considerations for Employers

Title II of the Genetic Information Nondiscrimination Act of 2008 (“GINA”) makes it illegal to discriminate against employees or applicants because of genetic information. It prohibits using genetic information to make employment decisions, prohibits acquisition of genetic information by employers, and limits disclosure of genetic information by employers. (Harassment and retaliation are also forbidden.)  Title II took effect on November 21, 2009. The proposed regulations were published last year, and the final regulations were initially expected to be published in May of 2010, but publication of the final rule has been delayed.

This leaves employers (and their lawyers) in interpretation-limbo a while longer. With respect to social media issues specifically, GINA makes the mere acquisition of genetic information illegal. Because the Act broadly defines the term “genetic information” (including even medical conditions of family members), checking out an employee’s or applicant’s Facebook profile could easily result in a violation. For example, if an employer found an employee’s status update saying he is raising money for multiple sclerosis in honor of his father who is suffering from it – just getting that information could be a violation.

Some acquisitions of genetic information aren’t illegal; the law provides six exceptions. One of those exceptions is inadvertent acquisition. “Well, I didn’t know I was going to find this information on his profile.” This probably isn’t going to protect employers. If a supervisor or human resources manager intentionally accesses a profile, the information found there isn’t acquired inadvertently. (Depending on the facts, I suppose this could change. If an employee sends a friend request to his supervisor, and weeks later, the employee’s status update appears in the supervisor’s Facebook news feed – there may be a better argument for the inadvertent acquisition defense.)

The better possibility is the exception for “commercially and publicly available information.” The statute identifies newspapers, magazines, periodicals, and books as potential sources of genetic information. The proposed regulation adds to the list information obtained through electronic media (internet, television, and movies). This suggests social media would be exempted – but the EEOC then specifically invited public comment on whether “personal Web sites, or social networking sites” would be a prohibited or exempted source of genetic information. So, it’s still not clear whether social media profiles would fall under the "commercially and publicly available information" exemption. If it doesn’t fall within the scope of this exception, an employer that obtains genetic information by checking an applicant or employee profile would likely be violating GINA.

Of course, even if a social networking profile turns out to be an excepted source of information, employers still must be careful in how they use the information they acquire. As is the case with any other kind of unlawful discrimination, an adverse employment action taken after the employer becomes aware of an employee’s protected status might suggest the employment decision was because of the protected status and not performance.  (Not only true in the context of current employment relationships, but also in the context of hiring.)

Pace Law Review Call for Articles on Social Networking & the Law

The Pace Law Review will be publishing a themed issue on social media and the law, and Executive Articles Editor, Nicholas Tapert, asked if I would help them spread the call for articles throughout the legal community. The following description comes from Nicholas:

The editors of the Pace Law Review invite proposals from scholars, researchers, practitioners, and professionals for contributions to an issue slated for publication during the Fall of 2010. This issue focuses on how the internet and social networking affects the legal landscape. We hope to publish articles that examine the evolving relationships between this technology and the many different areas of law it impacts, including evidence, electronic discovery, privacy, ethics, and tort. We believe there is room for a lively written discussion on these subjects. As examples, Facebook, Myspace, and Twitter are regularly the subject of national headlines; in 2008 the Federal Rules of Evidence were amended in an attempt to address the very substantial issues created by e-discovery; and in the 2009-10 term, the Supreme Court heard a case that concerned whether a government employee has a reasonable expectation of privacy when “sexting” on an employer-provided phone.

Please submit proposals of no more than 500 words by attachment to plr@law.pace.edu by June 30, 2010. We welcome proposals for articles, essays, and book reviews. All proposals should include the author's name, title, institutional affiliation, contact information, and should concern issues related to the subject-matter described above. Book review proposals should also include (a) the title and publication date of the book proposed for review; (b) a description of the importance of the book to the general topic; and (c) any other information relevant to the book or proposed review (e.g. the reviewer's expertise or any relationship with the author). Authors are also welcome, but not required, to submit a CV.

Waitress Fired After Complaining on Facebook: "Legally Justified" Does Not Always Equal "Good PR"

The Huffington Post reports that Brixx Pizza fired a North Carolina waitress after she complained on Facebook about a customer's stingy tipping.

According to the Post, a couple sat at their table for three hours, and waitress Ashley Johnson, 22, said the customers kept her at work an hour after she should have been able to clock out. The couple rewarded her with a $5 tip.

A frustrated Johnson criticized them on her Facebook page -- calling the couple cheap and mentioning her employer by name.

Brixx got in touch with Johnson shortly thereafter, informing her that it was terminating her employment because her Facebook post violated company policy against disparaging customers and casting the restaurant in a negative light via social network sites.

Brixx posted the following official statement on its Facebook page discussion board:

Brixx Wood Fired Pizza appreciates your feedback! Please know we value our employees very much, which is why we are one of the few small restaurant companies that offers benefits. Brixx also values our customers and has a policy against making negative remarks about them.

As an employer, it is necessary to enforce policies for the benefit of all our hardworking employees and valued customers. Our policies ensure Brixx is an enjoyable place to both work AND dine. We welcome your comments, but please keep it clean!

As evidenced by the backlash on the company's Facebook page, employers have to consider not only legal implications of a Facebook firing, but also the practical implications -- including a potential backlash from the public that may be triggered by discipline for an employee's online activity. Although the company may be able to justify the termination from a legal perspective, it won't be easy to recover from the PR nightmare that could ensue.   

One user commented, in part, "You've gone & made Ashley Johnson famous. And your company INfamous." One particularly insightful comment aptly summarizes the point of my post:

Thanks to Becca for the tip on this story!

Fifteen Privacy & Consumer Groups File FTC Complaint Against Facebook

It's no real secret that Facebook's latest privacy changes have stirred up a lot of conversation.  In response to those changes, fifteen agencies recently lodged a formal complaint against Facebook with the Federal Trade Commission.

Not-for-profit research center, Electronic Privacy Information Center ("EPIC") announced last week that it -- along with 14 other privacy and consumer protection organizations -- filed a complaint with the FTC accusing Facebook of engaging in unfair and deceptive trade practices. 

The complaint argues that changes Facebook made to its privacy settings adversely affect the network's users by disclosing personal information that users previously had not made available or had previously restricted.  The complaint states such changes constitute unfair and deceptive trade practices that "violate user expectations, diminish user privacy, and contradict Facebook’s own representations.  Pointing to the specifics, Paragraph 2 of the Introduction alleges:

"The following business practices are unfair and deceptive under Section 5 of the Federal Trade Commission Act:  Facebook disclosed users’ personal information to Microsoft, Yelp, and Pandora without first obtaining users’ consent; Facebook disclosed users’ information—including details concerning employment history, education, location, hometown, film preferences, music preferences, and reading preferences—to which users previously restricted access; and Facebook disclosed information to the public even when users elect to make that information available to friends only." 

EPIC has complained to the FTC about Facebook and other social networking sites (such as Google Buzz) in the past, but EPIC has made the May 5, 2010 complaint against Facebook available here.

Update: Social Media Law Student just shared a relevant post:
ACLU Weighs in on Facebook’s Privacy Issues.