Navigating Workplace Privacy Issues - Seyfarth Shaw...Citrix GoToMeeting, Google Apps) –Platform...

Seyfarth Shaw LLP “Seyfarth Shaw” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). Seyfarth Shaw LLP

Navigating

Workplace

Privacy Issues

November 2, 2016

Karla Grossenbacher

Stacey Blecher

Meredith-Anne Berger

©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential

Selyn Hong

Elizabeth Levy

Ari Hersher

Presenters

Karla Grossenbacher

Partner | Washington, D.C.

(202) 828-3556

[email protected]

Stacey Blecher

Counsel | New York

(212) 218-5530

[email protected]

Meredith-Anne Berger

Associate | New York

(212) 218-3336

[email protected]

Selyn Hong

Associate | San Francisco

(415) 732-1149

[email protected]

Elizabeth Levy

Associate | Los Angeles (Century City)

(310) 201-1565

[email protected]

Ari Hersher

Partner | San Francisco

(415) 544-1063

[email protected]

©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 2

Monitoring Electronic Workplace

Communications

Best Practices to Avoid Privacy Issues

in BYOD Programs

Issues in Cloud Computing for

Employers

NLRB Social Media

Social Media Privacy & Use in Litigation

Agenda

3

5

4

2

1


Monitoring Electronic

Workplace Communications


Applicable Law

• State and federal statutes prohibiting unauthorized access

or monitoring of electronic communications

• Common law Invasion of Privacy


Applicable Law

• Stored Communications Act

• SCA makes it illegal to access without authorization a

facility through which electronic communication service is

provided and thereby obtain access to communications in

electronic storage

• Exception for person or entity providing the electronic

communication service


Invasion of Privacy

• Restatement of the Law, Second, Torts

• One who intentionally intrudes, physically or otherwise,

upon the solitude or seclusion of another or his private

affairs or concerns, is subject to liability to the other for

invasion of his privacy, if the intrusion would be highly

offensive to a reasonable person.

• “Intrusion” presuppose lack of authorization or consent


Case Studies


Pure Power Boot Camp v. Warrior Fitness Boot Camp (S.D.N.Y. 2008)

• employees leave in order to set up competing business

• While employed, access his Hotmail account from

company computer

• Employee stored user name and password on computer

• Employer read emails in Hotmail

account to determine if employee had

engagement in malfeasance

– accesses other accounts


Pure Power Boot Camp v. Warrior Fitness Boot Camp

• Employee alleges violation of SCA

• Employer argues

– policy put employees on notice emails could be

reviewed

– implicit authorization because of stored password

credentials

• SCA violation found

– Policy did not have appropriate language

– House keys analogy

©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential

10

Lazette v. Kulmatycki (N.D. Ohio 2013)

• Employee terminated

• Turned in company-issued BlackBerry without deleting

Gmail account and employer reviewed emails

• Employer read emails and argued implicit authorization

and no affirmative act to acquire emails


Lazette v. Kulmatycki

• Employee alleged both SCA violation and invasion of

privacy

• SCA violation found

– negligence does not equal approval

• Invasion of Privacy

– can’t consider handbook on motion to dismiss

– emails were highly personal

– other considerations: why did he access them? when did she

know?

- ©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 12

Sunbelt Rentals v. Victor (N.D. Ca. 2014)

• Employee leaves company

• Returned company issued iPhone and iPad and forgot to

de-link Apple account and text messages continued to

come to phone

• Employer reviews texts because of concerns over

misappropriation of trade secrets


Sunbelt Rentals v. Victor

• Employee alleges SCA violation and Invasion of Privacy

• No SCA violation

– Texts are not communications that are in electronic storage

• No Invasion of Privacy –

– No expectation of privacy in company-issued phone no longer in his

possession

– No expectation of privacy in general for texts (and no evidence

regarding contents of texts)

– He did not take appropriate steps to protect his texts (i.e., delinking

his Apple account before returning the device)


Maremont v. Susan Freedman Design (N.D. Ill. 2014)

• Marketing Director uses personal social media accounts to market

employer

• Sets up Facebook page for employer (uses personal account to

administer)

– makes spreadsheet with passwords

• Marketing Director gets in accident – absent from work

• Employer accesses accounts while employee is absent

– uses both personal and employer accounts


Maremont v. Susan Freedman Design

• Files suit under SCA

• Disputed fact as to whether or not employer exceeded

authorization

• No actual damages needed to sue under SCA and get attorneys

fees and punitive damages!


Takeaways from Case Law To Date

• Whether statutory or common law causes of action – consent is

key

• Negligence does not equal consent

• Texts appear to be less protected than emails

• Think twice about who sets up employer social media accounts

and have clear understanding up front about access and rights


Best Practices in BYOD

Programs


What is “BYOD”?

• Policy of permitting employees to bring and use personally

owned mobile devices in the workplace

• Allows employees to use their own devices to access

company information and applications


No. 1 Reserve the Right to Monitor

The company’s policy should clearly state that it reserves the

right to access, monitor, and delete its proprietary and

confidential information from employee-owned devices in the

policy.

Employees should sign the policy to establish consent


No. 2 Reserve Right to Take Physical Custody of the Device

Employer may temporarily take physical possession of

device to access and collect information for legitimate

business purposes (e.g. workplace investigation, litigation,

etc. )


No. 3 Encryption is Key

Encrypt company data and implement security patches for

trouble spots, such as unsecured WiFi, phishing scams, and

downloaded malware.


No. 4 Have An Information Security Policy and Train On It

Implement data security protocol to avoid the loss or breach

of employer and/or employee data.


No. 5 Don't Forget the Remote Wipe Feature

Enable a remote-wipe feature to erase employer data for

departing employees lost or stolen devices


No. 6 If BYOD Is Abused, CFAA Can Be Considered

Computer Fraud and Abuse Act provides private right of

action for various cyber crimes

Only to be used where damages have been suffered as a

result of violation


Cloud Computing For Employers


Overview of Cloud Computing

• Cloud services like Dropbox, Google Drive, Apple iCloud

and Yahoo Mail allow employers to store and access data

on the internet

• Cloud services can be public or private and include:

– More common subscription based Software as Service (e.g.,

Citrix GoToMeeting, Google Apps)

– Platform as a Service

– Infrastructure as a Service (e.g., Amazon Web Services)

• 81% of U.S. businesses with 100 or more employees

use cloud computing.


vs.

Pros and Cons of Employers Using Cloud Computing

PROS

– Data is accessible anywhere there is an internet connection

– Allows for increased collaboration and flexibility

– Because vast amounts of data are available, can provide affordable redundancy and backup storage

– May be able to allocate IT responsibilities to vendors

CONS

– Data is accessible anywhere

there is an internet connection

– May open the door for off-the-

clock claims

– Because vast amounts of data

are available, may provide an

easy avenue for employees to

take vast quantities of

proprietary information very

quickly

– May become reliant on vendors


Privacy Considerations in the Cloud

• Availability and access to data on the cloud can

facilitate data breaches.

– General analog protections should be implemented:

employee training

selective access


Privacy Considerations in the Cloud

• Cloud-specific protections should be implemented

– vet your provider and implement protective terms of service

(this can come into play if the cloud provider is subpoenaed)

– encryption

– monitor downloads

– monitor access/allow for forensic analysis when needed

– confidentiality agreements

– implement policies that prohibit unauthorized storage


HIPAA Privacy Issues in the Cloud

• HIPAA requires protection of protected health

information (“PHI”)

• HIPAA applies to “business associates”- i.e. a person or

entity that creates, receives, maintains or transmits PHI in

fulfilling certain functions for a HIPAA covered entity

• Cloud service providers have been deemed to be

“business associates”

• Employers may be liable for their business associates,

which can result in fines

– Use business associate agreements

– Monitor data breaches ©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 31

Litigating in the Cloud

• Location of data may open the door to “doing business” in

another state or country

• Vendor contracts should include choice of law and choice of

forum clauses

• Vendors who move must provide sufficient notice

• Different countries have different standards

– European Data Protection Directive

prohibits transfer of private data across national borders without adequate

protections

For American companies to transfer data between the U.S. and E.U., they

must enter a Safe Harbor

• Litigation holds should apply to data stored in the cloud


NLRB Decisions on Employers’

Policies and Ability to Discipline

Employees Based on Social

Media Postings


National Labor Relations Act (NLRA)

• Section 7 of the NLRA states in relevant part:

– Employees shall have the right to self-organization, to form,

join, or assist labor organizations, to bargain collectively

through representatives of their own choosing, and to engage

in other concerted activities for the purpose of collective

bargaining or other mutual aid or protection, and shall also

have the right to refrain from any or all such activities.

• Section 8(a) of the NLRA states in relevant part:

– It shall be an unfair labor practice for an employer . . . to

interfere with, restrain, or coerce employees in the exercise of

the rights guaranteed in section 7.


Protected Concerted Activity

Definition: Complaints about workplace issues that affect at

least two workers.

– The complaining employee does not need to be acting with the

authority of co-workers, as long as he or she is working to

initiate, induce or prepare for group action.

– The NLRA protects employees who engage in protected

concerted activity, even if they are not union members.


Scope of NLRA Protection

• Must involve a term or condition of employment

• Broadly construed

• Protection extends beyond immediate employee-employer

relationship to acting with other employees to improve

employee interests in, for example, legislation or

demonstrations


Unprotected Activity

• Conduct directed toward co-workers or supervisors is

insubordinate or even threatening (Atlantic Steel).

• Appeal to third parties must make clear that comments

are in the context of a labor dispute (Jefferson).

– Appeals to third parties become unprotected when:

• Conduct is so disloyal, reckless, or maliciously untrue as to

lose the NLRA’s protection.

• Disparagement of the employer’s products or services may

justify loss of the NLRA’s protection


Protected “Concerted” Activity

• “Concerted”

– Actual concert by two or more employees

– Individual employee attempting to initiate or induce group

action, even when attempt is rebuffed

– Individual pursuing “logical outgrowth” of previously

expressed group concerns

– Individual disciplined to prevent employee protected

concerted activity (“preemptive strike”)

• Personal gripes not concerted

• Need expression of shared concerns, not just sympathy or

general dissatisfaction


• Cannot have blanket rules on discussing “employee information”

• Cannot require employees to only be respectful

• Cannot prohibit behavior that does not quite amount to insubordination

• Cannot require refraining from damaging company reputation or not acting in company’s best interest

• Cannot prohibit employees from disagreeing with each other, even with strong language

• Cannot prevent employees from speaking to the media on their own or other employees’ behalf

• Cannot prevent fair use of logos and trademarks

March 18, 2015 General Counsel Memo Addressing Employer Privacy Rules


The NLRA & Social Media

Two types of potential violations

1. Maintaining an overly broad rule that interferes with

employees’ rights to engage in concerted protected activity

2. Disciplining employees for engaging in concerted protected

activity on social media


Protected Social Media Activity

• An employee is protected under the NLRA when

discussing work conditions with other coworkers on social

media

– Complaining on social media about policies, managers, wages

– Sharing wage information on posts

– Expressing union support on posts or comments

• Examples of social media activity that could be protected

– Facebook posts

– “Likes” on Facebook or other social media

– Twitter discussions and retweets

– Blogging about work conditions


Decisions Regarding

Protected Social Media Posts


Karl Knauz Motors, Inc., 358 NLRB No. 164 (September 28, 2012)

• In the fall of 2012, the NLRB began to issue decisions in

cases involving discipline for social media postings.

• Karl Knauz Motors, Inc. was the first such decision.

– The NLRB found that the firing of a BMW salesman for photos

and comments posted to his Facebook page did not violate

federal labor law.

– The NLRB agreed with the ALJ that the salesman was fired

solely for the photos he posted of an embarrassing Land

Rover incident which did not involve fellow employees and

was not concerted activity, so was not protected.


Hispanics United of Buffalo, Inc., 359 NLRB No. 37 (December 14, 2012)

• Since Karl Knauz Motors, Inc., a number of NLRB

decisions starting with Hispanics United of Buffalo, Inc.

have reached the opposite result.

– In Hispanics Unites of Buffalo, the NLRB found that it was

unlawful for a non-profit organization to fire five employees

who participated in Facebook postings about a coworker who

intended to complain to management about their work

performance.

– The Facebook comments and responses concerned working

conditions such as work load and staffing issues.

– The NLRB found that the Facebook conversation was

concerted activity and was protected by the NLRA.


Triple Play v. NLRB (2d Cir. 2015)

• Two employees of sports bar criticized their employer on

Facebook.

– A former employee posted:

“Maybe someone should do the owners of Triple Play a favor

and buy it from them. They can’t even do the tax paperwork

correctly!!! Now I OWE them money . . . Wtf!!!!”

– A current employee “liked” the post.

– A second current employee added in response to a

subsequent comment by the initial poster accusing one of

Triple Play’s owners of criminal conduct:

“I owe too. Such an asshole.”

– The sports bar terminated both employees. ©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 45

Triple Play v. NLRB (2d Cir. 2015) cont’d

• In 2014, the NLRB found that the terminations were unlawful

because the employees were engaged in protected (work-

related) discussions under the NLRA.

• In 2015, the 2d Circuit affirmed the NLRB’s decision.

– Wages, including the tax treatment of earnings, are directly

related to the employment relationship.

– Employees were engaged in concerted activity:

Two other employees were involved in the Facebook

discussion.

Facebook discussion was part of a sequence of events, all of

which concerned the employees’ complaints about the tax

treatment of their earnings. ©2016 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 46

Triple Play Takeaways

• Employers should consider consulting with experienced counsel before

terminating an employee for disparaging or defamatory speech when

that speech occurs in a group discussion about work on social media.

• Since a “like” can be protected conduct on its own, employers should

consider consulting with experienced counsel before disciplining

employees based on a “like” of a post about work.

• An employee’s use of obscenities in a social media post does not itself

suffice for the employee’s communications to lose NLRA protection.

• General policy language that establishes subjective standards (i.e.,

“inappropriate discussion”) raises a red flag unless accompanied by

specific examples making it clear to a reasonable employee that the

general language is not intended to encompass protected speech.


Pier Sixty, LLC, 362 NLRB No. 59 (December 14, 2015)

• During a pending organization campaign, a manager and

an employee of a New York-based catering company

providing full-service event planning for private functions

got into a conflict.

– As the manager attempted to direct a group of employees at

an event, the employee claimed the manager told them to

“stop chit-chatting” and later used a harsh tone of voice,

ordering them to “spread out” and “move!”

– In response, the employee posted on Facebook:

“Bob is such a NASTY MOTHER F*CKER don’t know how to

talk to people!!!!!! F*ck his mother and his entire f*cking

family!!!! What a LOSER!!!! Vote for the UNION!!!!!!”


Pier Sixty, LLC, 362 NLRB No. 59 (December 14, 2015) cont’d

• The NLRB found in favor of the employee.

– The employee’s Facebook post was a protected exercise of

“concerted activity” rights; and

– The employee’s specific conduct was not sufficiently

egregious, serious or violent to lose its protected character

under NLRB precedent.


Takeaways

• Before taking disciplinary action based on an employee’s

social media postings, consider:

– Does the employee’s complaint involve protected substance?

– Does the employee’s complaint involve concerted action or is

it just an individual gripe?

– Could the employee’s complaint evolve into concerted action

by other employees?


Decisions Regarding

Employee Handbook Policies


NLRB’s Two-Step Test for Assessing Social Media Policies

The NLRB implements a two-step test in determining

whether or not a social media policy violates employee rights

under the NLRA. (Costco v. Wholesale Corp.)

1. First, the inquiry focuses on whether the provision explicitly

restricts protected concerted activities.

If it does, it is invalid.

2. The second step comes into play if the provision does not

explicitly restrict the activity but:

(1) employees may reasonably construe the language to

prohibit protected concerted activity;(2) the rule was

promulgated in response to union activity; or (3) the rule was

applied to restrict the exercise of concerted activity.


Karl Knauz Motors, Inc. 358 NLRB No. 164 (September 28, 2012)

The NLRB considered “Courtesy” rule in

dealership’s handbook…



Courtesy is the responsibility of every

employee. Everyone is expected to be

courteous, polite and friendly to our

customers, vendors and suppliers, as

well as to their fellow employees. No

one should be disrespectful or use

profanity or any other language which

injures the image or reputation of the

Company.

Karl Knauz Motors, Inc. 358 NLRB No. 164 (September 28, 2012) cont’d

• The NLRB found that this rule violated the NLRA because

“employees would reasonably construct its broad

prohibition against “disrespectful” conduct and “language

which injures the image or reputation of the Company” as

encompassing Section 7 activities.

– There was no rule which limited the application of the rule to

exclude Section 7 conduct.

– A reasonable employee would believe he would be punished

for engaging in Section 7 activity that violated the rule.


U.S. Cosmetics Corp. (May 17, 2016)

• ALJ reviewed the social media policy of U.S. Cosmetics

Corp.

• The policy included the following provisions:

– “Under no circumstances may an employee . . . [p]ost financial,

confidential, sensitive or proprietary information about the Company,

clients, employees or applicants on social media. Additionally,

employees may not post obscenities, slurs or personal attacks that

can damage the reputation of the Company, clients, employees or

applicants . . .”

– Employees are prohibited from “using disparaging, abusive, profane

or offensive language; creating, viewing or displaying materials that

might adversely or negatively reflect upon USCC or be contrary to

USCC’s best interests . . .”


U.S. Cosmetics Corp. (May 17, 2016) cont’d

– “Employees may not post obscenities, slurs or personal attacks that

can damage the reputation of the company, clients, employees or

applicants.”

– “Under no circumstances may an employee . . . prematurely disclose

confidential and proprietary information to any unauthorized person.”

– “It is our policy that all information considered confidential will not be

disclosed to external parties or to employees without a ‘need to

know.’ If an employee questions whether certain information is

considered confidential, he/she should first check with his/her

immediate supervisor.”

– “Employees may not post financial, confidential, sensitive or

proprietary information about the company, clients, employees or

applicants.”


U.S. Cosmetics Corp. (May 17, 2016) cont’d

• The ALJ found that the policy was invalid.

– An employee could reasonably believe that posting statements

of protest or criticism would be damaging or would adversely

or negatively reflect upon the Company’s reputation.

– All of the provisions could be interpreted as encompassing

information about pay and other benefits

• The recent U.S. Cosmetics Corp. holding is similar to other

NLRB holdings over the past several years in that it

disfavors vague, overbroad language.


Takeaways

• Review policies and revise those that may be vague or

overbroad.

– For example, review policies on confidential information,

blogging, internet or e-mail usage, external communications,

solicitation or postings, internal grievances, non-

disparagement, off-duty conduct, wage discussions.

• Even innocuous, conventional policies like anti-harassment

policies are subject to attack by the NLRB.


Social Media Privacy

& Use in Litigation Practical Strategies for Employers

• Social Media Privacy Legislation

• Regulating Social Media in the Workplace

• Creating and Enforcing Social Media Policies

• Discovery Into Social Media

• Tips for Employers


• Facebook

– 1.4 Billion account holders

– 936 million daily active users

(avg. 20+ mins/day)

• Twitter

– 302 million users

– 500 million “tweets” per day

• LinkedIn

– 364 million members in over 200

countries and territories.

– More than 2 new members per second

• Snapchat

– 200 million users

– 700 million photos sent each day

• Pinterest

– Avg. user spends 2x time on the Internet

Some Interesting Statistics


• Avoiding Data Theft & Trade Secret

Protection

– Social Media provides a means to obfuscate

data theft, allowing a perpetrator to leave with

information outside of the company’s firewall.

• Regulate the Workplace

– Social networks such as Facebook and Twitter

have means of private communication, which

may be used by employees.

• Litigation Avoidance & Defense

– Ensuring employees are not using social media

to engage in unprofessional behavior (e.g.

discrimination/harassment).

– Discovering information relevant to litigation and

workplace investigation.

• Public Relations

Why Access An Employee's Social Media Account?


Social Media Protection Under Federal Law

• No federal law prohibiting employers from requesting personal social media login information from applicants and employees.

• The Stored Communications Act prohibits employers from intentionally accessing such information “without authorization.”

• Courts have held employers accessing private websites in violation of SCA, but the SCA is only applicable where the employer gains access without authorization.

• Where an employee gives his/her employer personal login information upon request, the employer can argue that SCA does not apply because they were “authorized” to log onto the account.


Which States Have Social Media Legislation?

1. Arkansas

2. California

3. Colorado

4. Connecticut

5. Delaware

6. Illinois

7. Louisiana

8. Maine

9. Maryland

10.Michigan

11.Montana

12.Nebraska

13.Nevada

14.New Hampshire

15.New Jersey

16.New Mexico

17.Oklahoma

18.Oregon

19.Rhode Island

20.Tennessee

21.Utah

22.Virginia

23.Washington

24.Wisconsin


What’s Prohibited and What are the Teeth

Federal Law: No access without employee authorization.

a) This includes where an employer gains access to the employee’s account through the

account of another person who can see the account (i.e. a coworker).

State Law: Rules Differ by State. However, most state laws require:

a) No asking, insisting on ‘personal’ account access;

b) No requesting username and password

c) No requiring the adding of employer reps to accounts

d) No ‘shoulder surfing’

e) No retaliation for invoking statutory rights or for an employee’s refusal to provide access

Consequences (vary from state to state)

a) Heavy states (i.e. Oregon): lawsuits, penalties, attorneys fees, reinstatement, back pay.

b) Light states (i.e. New Jersey): complaints to DOL, which may investigate and impose

nominal penalties.

c) California: fines up to $1,000 for first violation, up to $5000 for subsequent violations;

complaints to Dept. of Labor


What’s Permitted

• Mandatory access to ‘non-personal’ and/or ‘employer’

accounts

– Accounts opened at employer’s request

– Used for employer business

• Suspected workplace misconduct investigations

– Reasonable belief of misappropriation or data theft

– Co-worker harassment via SN account

• Employer device and systems monitoring

• Search for and use of publicly-available account info


Creating a Social Media Policy/Agreement

• Proper use

• Integrate existing policies – e.g., electronic equipment and systems

use, confidentiality, code of conduct, harassment

• No use during work hours or while using company provided equipment

• Only seek to regulate social media activity impacting the company

• No expectation of privacy in social media activities using company

equipment or systems

– Must follow the company’s conduct standards and its policies

Should not defame anyone or damage their reputation

No disclosure of confidential information

• Failure to abide by the guidelines may subject them to discipline as well

as legal action by the company or others


Additional Things to Consider in Creating a Social Media Policy

• State-specific law regarding employee social media

accounts and permissible scope of employer access

• Defining “personal” versus “non-personal” accounts (i.e.

accounts used for business purposes)

• BYOD policy

• Conflict of law analysis involving

interstate or telecommuting

employees.


• What is a ‘Personal’ or ‘Employer’

Account?

– Some statutes try to define them,

some don’t

– Hybrid accounts – who owns them?

– ‘BYOD’ policies – another layer of

complexity

• Multi-state Employers – Conflicts

of Laws

• Discoverability of Account Content

in Litigation

Areas Where the Law is Still Developing


Litigation Discoverability of Social Media

• Courts have seen a dramatic increase in the number of social media postings that are requested to be produced in discovery.

• While emails and other electronic documents have flooded the courts for decades, the uniqueness of social media platforms presents various questions of privacy, accessibility, preservation, and admissibility.

• Courts have predominantly interpreted these questions in the same way as with emails, text messages, and other electronically stored information (ESI).

• Courts continue to require relevancy and forbid fishing expeditions.


Discoverability of Public Posts

• Information shared on social media is treated like other forms of

discoverable information.

• Social media is often a fruitful area for discovery, as many

individuals use the communication tools (e.g. Facebook

messaging) and do not consider the discoverability of their

communications when do so (resulting in valuable admissions).

• There is no judicially accepted social media privilege or blanket

of privacy when it comes to social media sites.

• Information posted on the Internet and made available to the

public is generally considered to be public information because

the poster has no reasonable expectation of privacy in the

published material.


Discoverability of Private Posts

• Private Messaging & Posts: When certain information is restricted

from the general public’s eyes, more formal discovery methods must be

utilized.

– Crispin v. Audigier found that whether the social media information should be

disclosed to the opposing party depended on the plaintiff’s privacy settings.

– Public information was available to the company, but the company needed a

subpoena pursuant to the Stored Communications Act to access the

information that was limited to certain viewers.

• General Rule: Keep traditional discovery rules in mind when seeking

social media information.

– Establish that the requested social media information is relevant to a claim or

defense,

– Select the most effective (and least invasive) method to obtain the information.

– The more direct and specific the request, the more likely it is to be enforced.


Means of Discovery into Social Media

• Courts have approved various mechanisms to allow for

discovery into social media, while protecting employee privacy:

– Direct access via consent (subject to state and federal law)

– Discovery request

– Third party subpoenas

– In camera review

– Attorney’s eyes only

• Choosing the right mechanisms will depend on the type of

litigation and scope of information sought.


Social Media Role in Emotional Distress Claims

• Social media evidence is particularly probative in employment

litigation because individuals are becoming more willing to share

personal details of their lives on social media.

• Damaging social media evidence can harm a plaintiff’s case and

can be used as a vehicle to lower or eliminate damages.

• Examples:

– Social media picture and messages can be used to challenge

false disability claims;

– Undermine claims for severe emotional distress;

– Show malfeasance on the part of the plaintiff


Tips For Employers

Policies: Review the social media privacy laws in the states in

which you operate and ensure compliance.

Platforms: Keep up with social media platforms as they develop

and understand how they’re used by.

Investigate Public Material First: Gather what information is

publicly available. This avoids spoliation and strengthens

discovery demands.

Tailor Requests Narrowly: Courts are more likely to enforce

requests that are not “fishing expeditions.”


Thank you for joining us today!


Navigating Workplace Privacy Issues - Seyfarth Shaw...Citrix GoToMeeting, Google Apps) –Platform...

Documents

Transcript of Navigating Workplace Privacy Issues - Seyfarth Shaw...Citrix GoToMeeting, Google Apps) –Platform...