Facebook continues to be the new “water-cooler” as co-workers regularly “friend” each other and allow access to their “wall” posts. New Jersey’s Federal District Court recently addressed the issue of whether a Hospital’s decision to suspend a nurse based on a post on her Facebook wall – which it received unsolicited from a co-worker who was a Facebook friend of the nurse – violated the Federal Stored Communications Act (“SCA”), 18 U.S.C. § 2701-11. The Court also addressed the nurse’s related invasion of privacy claim. Ehling v. Monmouth-Ocean Hospital Service Corp., 2013 U.S. Dist. LEXIS 117689 (8/20/13). [Opinion]
The nurse was a Hospital employee who maintained a personal Facebook account. She chose privacy settings that limited access to her “wall” to her Facebook ‘friends,” including one of her co-workers. Following the 2009 shooting at the Holocaust museum, the nurse posted the following to her wall:
An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards….go to target practice.”
Her co-worker took a screen shot of the post, and then showed the post to the nurse’s supervisor. As a result, the Hospital temporarily suspended the nurse, with pay, due to the concern that her comment reflected a “deliberate disregard for patient safety.”
The nurse sued claiming that the Hospital’s reliance on her Facebook post violated the Federal Stored Communications Act – and was an invasion of privacy. The Court first addressed the issue of whether the SCA applied to Facebook wall posts since the SCA was enacted in 1986, before the WorldWideWeb was developed in 1990 and web browsers were introduced in 1999.
The Court did determine that the SCA applied to Facebook posts based on the following analysis: (1) Facebook wall posts are electronic communications as defined by the SCA; (2) Facebook is an electronic communication service provider as defined within the SCA; (3) Facebook wall posts satisfy the “in electronic storage” requirement as they are not held in temporary, intermediate storage before delivery to the website, and are in accessible storage for back-up purposes; and (4) given that the touchstone of the SCA is to protect information that the communicator took steps to keep private, if a Facebook user chose privacy settings that limited access to her “friends,” the post at issue was covered by the SCA. The Court relied on California precedent in reaching this determination. Interestingly, the Court also found that the privacy protection provided by the SCA is not dependent on the number of Facebook friends to whom the user provides access.
However, the Court still granted summary judgment to the Hospital because it determined that the “authorized user” exception applied because the nurse granted her co-worker access to the post by “friending” her and thereby “intending” that her co-worker would view her posts. The Court also rejected the claim that the “authorization was coerced because the supervisor had never asked the co-worker for any information about the nurse, or the nurse’s Facebook activity. The Court also noted that the nurse’s supervisor was not in a position to offer the co-worker any benefit in exchange for the unsolicited presentation of the Facebook post since supervisor worked in a different division and had no control over the co-worker’s compensation.
The Court also dismissed the nurse’s common law invasion of privacy finding that:
“The evidence does not show that Defendants obtained access to Plaintiff’s Facebook page by, say, logging into her account, logging into another employee’s account, or asking another employee to log into Facebook. Instead, the evidence shows that Defendants were the passive recipients of information that they did not seek out or ask for. Plaintiff voluntarily gave information to her Facebook friend, and her Facebook friend voluntarily gave that information to someone else.”
Notably, the nurse also filed a complaint with the NLRB, however the NLRB determined that the Hospital did not violate the NLRA, and that there was no privacy violation because the post was sent, unsolicited, to Hospital management.
What is the take-away from this decision? First, employers have been waiting since the 2009 jury verdict in Pietrylo v. Hillstone Restaurant Group for guidance about what circumstances would qualify as “authorization” under the federal and NJ stored communications statutes. Second, employers should continue to use extreme caution taking adverse action based on employees’ social media activities. This decision, as well as recently enacted state legislation, clearly prohibits employers from directly – or indirectly – demanding access to employees’ social media accounts. As of July, 2013, legislation has been proposed in over 30 states to prevent employers from requesting passwords, and a number of states have enacted such legislation, including California, Illinois, Maryland and Michigan. Facebook has also condemned the practice and has updated its Statement of Rights and Responsibilities to address this issue.
In addition to potential liability under the SCA, the NLRB has been very active with regards to finding that Facebook rants about bosses, work conditions or compensation fall within the realm of protected “concerted activity” under the NLRA. However, even the NLRB has recognized that employers have a legitimate basis to take action in response to negative postings about their customers/clientele. The Office of the General Counsel found no violation for Facebook firings of a bartender who labeled customers as “rednecks” and hoped that they choked on glass, and of an employee of a residential facility for homeless people with significant mental health issues who joked about the condition of the facilities’ clients.