Illinois Becomes Second State to Prohibit Employers from Requiring Access to Employees’ and Prospective Employees’ Social Media Web Sites

On August 1, 2012, Illinois joined Maryland (law passed in March 2012) in prohibiting employer access to social media web sites of their employees and prospective employees.  There are a number of other states that are also considering such prohibitory legislation (California, Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, South Carolina and Washington), as is the United States Congress.  In April 2012, Representatives Eliot Engel and Jan Schakowsky introduced the Social Networking Online Protection Act (2012 H.R. 5050), and the Password Protection Act of 2012 (2012 S. 3074) was introduced in the Senate in May 2012, which prohibit employers from requiring access to their employees’ social media web sites.  In July, Delaware passed a law prohibiting public and private academic institutions from requiring that a student or applicant disclose password or account information granting the academic institution access to the student’s or applicant’s social networking profile or account.  A companion bill dealing with employers is still being considered by the Delaware legislature.

The new Illinois law amends Section 10 of the Right to Privacy in the Workplace Act.  It prohibits an employer from requesting or requiring any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.  This Act goes into effect January 1, 2013.

The Illinois law defines “social networking website” as an Internet-based service that allows individuals to construct a public or semi-public profile within a bounded system, created by the service; or to create a list of other users with whom they share a connection within the system; or to view and navigate the employee’s or prospective employee’s list of connections and those made by others within the system.  It does not include electronic mail.

The new Illinois law is not intended to nor does it prohibit an employer from obtaining information about a prospective employee or an employee’s information that is in the public domain or that is otherwise obtained in compliance with the new law.

Under the new Illinois law, an employee may file a complaint with the Director of Labor or, failing timely resolution, may bring a civil action for injunctive relief and to recover actual damages plus costs.  For a willful and knowing violation of this Act, the employee may recover $200 plus costs, reasonable attorney’s fees, and actual damages.  Any employer or prospective employer or his agent who violates the provisions of this Act is guilty of a petty offense and subject to a $1,000 fine.  The new law also prohibits retaliation for opposing employer’s conduct reasonably believed to violate the new law.

Employers are advised to ensure compliance with these laws in both Illinois and Maryland and to keep their eyes on the other states.

EEOC Issues Guidelines Addressing the Use of Background Checks in Employment

The EEOC (the “Commission”) recently issued guidelines addressing the use of background checks in employment.  Generally speaking, a “background check” or “consumer report” is something that is obtained from a reporting agency and reflects a consumer’s credit, character, reputation, standing, lifestyle, or the like, and is used (in this context) for the purpose of determining employment eligibility (whether for hire, promotion, eligibility to work at a particular job site, etc.).  While the Commission had been focused on this issue to some extent since 2007, the new guidelines suggest that the EEOC plans to launch an aggressive enforcement campaign aimed at preventing perceived inherent disparate impact discrimination via the most common background check scenarios.

At the heart of the Commission’s guidelines and, indeed, currently the subject of legislative debates in many states, are “Ban the Box” recommendations.  The “Box” being referenced typically appears on an employment application as a Yes/No choice, seeking disclosure of any prior convictions or pending criminal charges.  The disclosure, if any, acts as a de facto bar to employment. The EEOC has now publicly expressed the presumption that any policy that mandates an adverse employment decision for any criminal history is inherently discriminatory.

EEOC guidance mandates what should be logical — any disclosure or “hit” on a background check should be considered on an individualized basis.  Factors the EEOC recommends considering include the nature and gravity of the offense, the age of the offense, and the nature of the job at issue.  Where an employer can point to a rational relationship between the job and the offense so as to justify disqualification from employment, the Commission will not likely find discrimination occurred.  The clearest example is disqualifying an applicant with a fraud conviction from work as a bank teller — a position in which the person would handle funds with little supervision and be responsible for reporting balances and the like.  Where businesses run in to trouble is in disqualifying applicants or employees based on a “zero tolerance” policy, or because the individual is guilty of crimes the employer finds inherently offensive, though they lack a rational relationship to the job duties at issue.  One of the most common examples is an employer’s policy of refusal to hire anyone found guilty of a “sex offense,” without further clarifying the meaning of that term.  That phrase can mean many things, including potentially having consensual sexual relations with someone just a few years younger than majority age (e.g., an 18-year old boy and a 17-year old girl in California).  Absent individualized inquiry and analysis, a blanket policy could result in unjust actions, whether putatively race-based or otherwise.

The federal Fair Credit Reporting Act (“FCRA”) further requires that detailed disclosures be given to employees before background checks are done, when any adverse action is contemplated, and again when an adverse action decision is finalized.  Separate disclosures are required if the background check will also include “interviews” (e.g., discussions with prior employers) in additional to database research.  The FCRA is very specific about the format of each of these notices. And nearly half of the United States have requirements that are stricter and even more specific than those set forth in the federal FCRA. Some even mandate particular type fonts. As with any procedural violation, class certification is often virtually guaranteed (given the absence of individualized treatment). Violations of the FCRA requirements, for example, can multiply at the rate of $100-$1000 per violation (e.g., per applicant or employee, for the entire statutory period).  It is common that businesses seldom complete all steps of the process correctly.

So, how does all this play out in the workplace?  Fixing the paperwork might be the easy part.  Most employers don’t want to spend the time or money going through individualized analyses, which the Commission says should include discussions with the subject individual to explore circumstances surrounding the offense at issue before a final decision is made.  “Zero tolerance” policies are certainly much easier (and more expedient) from an employer perspective, and companies often bank on the fact that applicants or employees with “dirty laundry” may be less likely to raise complaints about potentially unfair policies.  However, the Commission is empowered to pursue violations on behalf of an absent class — there does not have to be a proactive complainant.  At present, the EEOC is actively engaged in hundreds of claims involving alleged violations of applicant/employee rights associated with background check procedures, and we anticipate the recent Commission guidelines to encourage the plaintiffs’ bar to focus on this area of the law in the context of class actions.  In sum, this is a good time for businesses to take a fresh look at not just their paperwork, but in how they utilize the results of any consumer investigative report.

Editor’s note – Please see our other coverage of the EEOC’s guidance on use of background check’s here.

Recent Fee Shifting Cases Caution Against Diving into Non-Compete/Trade Secret Litigation Where the Facts Supporting a Violation are Unknown or Questionable

Two recent cases highlight the down side of running into court with guns blazing but without the horses to prevail, or at least without the facts sufficient to survive the bad faith standard of the Uniform Trade Secret Act.  In Sasco v Rosendin Electric, Inc., 143 Cal.Rptr.3d 828 (July 11, 2012), the Appellate Court affirmed the lower court’s judgment of $ 484,943.46 in attorneys’ fees and costs pursuant to California’s Uniform Trade Secrets Act, observing:

Speculation that the individual employees must have taken trade secrets from SASCO based on their decision to change employers does not constitute evidence of misappropriation.  Nor does speculation that Rosendin’s success in obtaining the Verizon Tustin contract was based on the theft of trade secrets constitute evidence of misappropriation.…..Having reviewed the parties’ respective papers, the court found there was no evidence of trade secret misappropriation.

In Loparex, LLC v. MPI Release, LLC, 2012 WL 3065428 (S.D. Ind., July 27, 2012) the District Court was even more direct in awarding the prevailing party, MPI,  $475,000 in attorneys fees and nearly $29,000 in costs under the Illinois Uniform Trade Secret Act.  The Court found that Loparex pursued the trade secret misappropriation claims in “bad faith.”  The Court also determined there was no evidence that the employees had misappropriated any trade secrets in its diversion of a former Loparex customer.  The Court went on to award fees against Loparex’s former lead counsel as well, under 28 U.S.C § 1927, for bad faith prosecution of the case.

These cases do not mean that attorneys’ fees will be shifted where a plaintiff can show that trade secrets are at issue and the plaintiff has a good faith factual basis to conclude that those trade secrets were being misappropriated or there was a threatened misappropriation.  The plaintiff bringing a trade secrets action does not get assessed the other party’s attorneys fees by losing, but only when the plaintiff loses and a claim of misappropriation is made in bad faith.  In these two cases, there was no reasonable basis for bringing the claims, let alone continuing to pursue the litigation after it was clear to everyone that the plaintiffs’ claims were meritless.

In addition to a statutory basis for attorneys fees under the Uniform Trade Secrets Acts adopted in many states, there are  other statutory fee shifting statutes that may apply.  For instance, Montana’s Declaratory Judgment Act, § 27–8–313, may provide a statutory basis for awarding attorneys’ fees as supplemental relief if such an award is determined to be necessary and proper.  See, e.g., Mungas v. Great Falls Clinic, LLP. 354 Mont. 50, 221 P.3d 1230 (2009)(fees not awarded because the facts not deemed to warrant it).  More frequently, however, fee shifting awards come from a well drafted employment agreement.  Ohio Learning Centers, LLC v. Sylvan Learning, Inc.,  2012 WL 1067668 (D. Md., March 27, 2012).  The Sylvan Court quoted the relevant contract language:

[I]n the event either [SLI] or [OLC] institutes a suit or action to enforce any term or provision of [the License] Agreement, the most prevailing party in the suit or action, or on appeal, shall be entitled to recover from the losing party a reasonable attorney fee to be set by the trial or appellate court in addition to costs or disbursements provided by law.

At the summary judgment phase the Court found the fee award premature because “ at this stage in the litigation it is not yet clear that the Defendants will be ‘the most prevailing party’ in this case.”  Note that the Court is enforcing the parties’ agreement as written.  The Court also noted that the fee-shifting provision in the License Agreement only provides for an award of “reasonable” fees.  And since evidence of the reasonableness of the fees had not yet been submitted by the putative prevailing party, the Court stated that it could not conduct the requisite analysis.

The take away:  make sure you have the horses before filing suit, or at least be reasonably assured you will have those horses harnessed by the time the smoke of your rush to court clears.

Is Your Electronic Information Protected from Employees Under the CFAA? Maybe So, Maybe Not…

In WEC Carolina Energy Solutions LLC v. Miller, 2012 WL 3039213 (4th Cir) decided July 26, 2012, the Fourth Circuit sided with the Ninth Circuit in deciding that the Computer Fraud and Abuse Act (“CFAA”) does not apply to employees and former employees who were authorized to access the employer’s electronic information.  The decision stands in contrast to the position taken by the Seventh Circuit in Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418, 420–21 (7th Cir.2006).  The Fourth Circuit rejects the interpretation of the CFAA taken by the Seventh Circuit, which interprets the CFAA much more broadly.  The Seventh Circuit concludes that an employee’s misappropriation of electronic information from his employer is a breach of the employee’s duty of loyalty that immediately terminates his agency relationship and with it his authority to access the laptop, because the only basis of his authority had been that relationship.

WEC Carolina Energy Solutions Inc. argued that its former employee violated the CFAA’s ban on access “without authorization” by taking files from his work computer to a rival company.  The employer had argued in the District Court that by misappropriating the information, Miller voided his agreement with the company, and, therefore, he was no longer permitted to access his computer under the CFAA.  The District court rejected that interpretation of the CFAA and the Fourth Circuit affirmed.  In so ruling the Court “ adopt[s] a narrow reading of the terms “without authorization” and “exceeds authorized access” and hold[s] that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access.”

The Fourth Circuit, like the Ninth and Seventh Circuits, found the crux of the issue presented to be “the scope of ‘without authorization’ and ‘exceeds authorized access,’” but the Fourth Circuit finds the Ninth Circuit argument in United States v. Nosal, 676 F.3d 854, 863 (9th Cir.2012) (en banc), the better interpretation of “authorization” as being “that an employee is authorized to access a computer when his employer approves or sanctions his admission to that computer.  Thus, he accesses a computer ‘without authorization’ when he gains admission to a computer without approval.  Similarly, we conclude that an employee ‘exceeds authorized access’ when he has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access.  Notably, neither of these definitions extends to the improper use of information validly accessed.  (citations omitted.)”  Unlike the Ninth Circuit, however, which was willing to find that a CFAA violation could be established where an employee exceeded his authority under a company access policy, the Fourth Circuit ruling is even more restrictive than the Ninth Circuit’s view.  The Fourth Circuit “adopt[s] a narrow reading of the terms ‘without authorization’ and ‘exceeds authorized access’ and hold that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access.”

Given that the CFAA has both criminal and civil liability the Fourth Circuit chose to strictly construe the language.  Even “under the Nosal panel’s approach, because [the employee] obtained information ‘in a manner’ that was not authorized (i.e., by downloading it to a personal computer), he nevertheless would be liable under the CFAA. See § 1030(a)(2)(C).  Believing that Congress did not clearly intend to criminalize such behavior, we decline to interpret ‘so’ as ‘in that manner.’”  The bottom line—the Fourth Circuit approach, “reject[s] an interpretation of the CFAA that imposes liability on employees who violate a use policy, choosing instead to limit such liability to individuals who access computers without authorization or who obtain or alter information beyond the bounds of their authorized access.”

While the lines of the split in Circuits has become more defined with WEC Carolina Energy Solutions LLC, predicting what the Supreme Court will do with that split is another story.  My money is on Judge Posner’s interpretation in International Airport Centers, partly because he is a brilliant jurist and I practice in the Seventh Circuit, but mostly because that is the interpretation that expands an employer’s arsenal of protections against cheating employees.  However, until the fat lady [U.S. Supreme Court] sings employers should continue to draft and implement a computer access and use policy for its employees that assumes that a well drafted policy violated by an employee can be enforced under the CFAA, so long as the employer can demonstrate $5,000 in damages to the employer resulted from the employee’s actions.

New Jersey District Court Allows Plaintiff to Proceed to Trial on Claim of Unlawful Discharge, Dismisses Claims of Handicap and Discrimination

The New Jersey District Court in St. Cyr v. Brandywine Senior Living LLC, recently granted summary judgment to the employer dismissing the plaintiff’s causes of action for handicap and race discrimination, but allowed the plaintiff to go to trial on her claim that she was unlawfully discharged in violation of the FMLA in retaliation for asking for a medical leave of absence because she was fired only two days before the leave of absence was to begin.  In granting summary judgment on the claim of handicap discrimination, the court determined that the plaintiff, who suffered from arthritis, was not “handicapped” under the NJLAD because the condition, which  was alleviated with medication, did not interfere with her ability to perform her job, and because she never asked for an accommodation for the condition.  The court rejected her claim of race discrimination based on her admission that the only evidence implicating racial animus was the fact that she was fired for watching the BET Network on television during working hours.  The court noted that the plaintiff, who had previously been placed on probation for poor performance and was on final warning, was replaced by an African American employee and had failed to show the legitimate reason given for her discharge was pretextual.  Despite that finding, however, and despite the fact that the employer had granted the plaintiff’s request for a medical leave of absence, the court denied summary judgment on the claim of retaliatory discharge under the FMLA based only on the determination that the timing of the discharge – only two days before her FMLA leave was to begin – was “unusually suggestive” of retaliatory motivation.  The court did not explain how the timing could be suspect if that was when the plaintiff was found watching television instead of doing her job, and if there was no evidence that the proffered reason was pretextual.

New Jersey District Court Denies Employer’s Motion to Dismiss Plaintiff’s Cause of Action After Employee’s Supervisor Gains Unauthorized Access to Employee’s Facebook Account

In Ehling v. Monmouth-Ocean Hospital Service Corp., the District Court in New Jersey recently denied the employer’s motion to dismiss the plaintiff’s cause of action for invasion of privacy in connection with a supervisor having gained unauthorized access to her private Facebook account.  The plaintiff nurse, who was also the union president at the hospital, had posted comments on her Facebook wall about the news story out of Washington, D.C. in 2009 concerning the killing of a security guard at the Holocaust Museum by a white supremacist in which she expressed her opinion or rant that the paramedics in D.C. should have let the shooter die rather than help him after he was shot during the incident:  “He survived [and] I blame the DC paramedics.  I want to say 2 things to the DC  medics.  1.  WHAT WERE YOU THINKING?  and 2.  This was your opportunity to really make a difference!  WTF!!!!  And to the other guards…. go to target practice.”  The supervisor apparently wanted access to plaintiff’s Facebook comments because of her leadership role with the union, and convinced a co-worker to give him access to her private account so he could copy her postings. When he saw the comments about the D.C. incident he sent a copy to the State Board of Nursing suggesting that it represented an improper disregard for patient safety.

On the employer’s motion to dismiss the invasion of privacy claim on the grounds that there can be no expectation of privacy with respect to Facebook postings, the court decided that the question whether the plaintiff had a reasonable expectation of privacy was for a jury to decide based on the circumstances, including the number of “friends” who had access to her Facebook wall where the plaintiff claimed that she had restricted access to her friends but did not provide access to any supervisors or members of management.  The court did not address the separate question whether a rant expressing an opinion about a news report could be considered an expression of one’s “private affairs” subject to protection under invasion of privacy law, and did not address the fact that Facebook specifically includes in its Privacy Policy a disclaimer to the effect that there is no guarantee of privacy and that users make postings at their own risk inasmuch as anyone with access can copy or share comments with anyone they choose.

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy