Digital Workplace Blog

New Jersey Governor Vetoes Social Media Password Protection Law

Littler Mendelson P.C. — Fri, 10 May 2013 18:37:18 -0800

On March 21, 2013, the New Jersey legislature overwhelmingly passed one of the most pro-employee social media password protection bills in the nation. The bill not only prohibited employers from requesting employee passwords to their personal social media accounts, but also prohibited employers from even asking employees or applicants if they possessed a personal social media account. The bill conferred on applicants and employees the right to sue for damages.

Over May 6, 2013, Governor Chris Christie issued a statement and a “conditional veto” of the measure. The conditional veto means the governor objects to parts of a bill and contains proposed amendments that would make the bill acceptable to him. If the legislature re-enacts the bill with the recommended amendments, the governor will have another opportunity to sign the bill and presumably would sign it. To learn more about the proposed legislation and veto, please continue reading at Littler’s Workplace Privacy Counsel.

Patchwork of Social Media Password Protections Laws Impacts Employers

Littler Mendelson P.C. — Thu, 02 May 2013 14:02:09 -0800

Social media websites such as Facebook, Twitter, LinkedIn and others have become a part of daily life in the United States and abroad. The unavoidable reach of social media into our personal lives has extended into our professional lives. Facebook claims to have more than 1 billion users. As of December 31, 2012, LinkedIn boasted more than 200 million registered users in over 200 countries and territories and that LinkedIn members performed "over 5.7 billion professionally-oriented searches on the platform in 2012." It is reasonable to infer that those 5.7 billion searches were not limited to individuals seeking jobs, professional connections or merely long lost friends, but also included employer representatives searching for qualified candidates.

In the last decade, most employers, at some point, have reviewed an employee's or applicant's emails, blogs or online social media postings, either in the capacity of "employer" or perhaps as a "friend." Social media monitoring service Reppler recently surveyed over 300 hiring professionals to determine when and how job recruiters are screening job candidates on different social networks. The study found that more than 90 percent of recruiters and hiring managers have visited a potential candidate's profile on a social network as part of the screening process. Moreover, 69 percent of recruiters have rejected a candidate based on content found on his or her social networking profiles—an almost equal proportion of recruiters (68%), though, have hired a candidate based on his or her presence on those networks.

Employers' access to applicants' and employees' social media activity raises two separate but related questions. First, what social media sites can employers lawfully access to obtain information about applicants and employees? Second, to what extent can employers lawfully rely on information obtained through social media to make employment decisions? The second question raises the types of anti-discrimination concerns that employers have been confronting in the off-line world for decades. However, the first question exposes employers to a completely new legal landscape, one which just began to evolve in April 2012, when Maryland enacted the Nation's first "social media password protection law" and has expanded in the past year to include six additional states—California, Illinois, Michigan, New Jersey, New Mexico, and Utah. With password-protection legislation pending in over twenty state legislatures, this legal landscape undoubtedly will become more complex, especially for multi-state employers, over the next one to two years.

To learn more about the history and background of social media password protection legislation, the differences between the state laws, and how those differences create challenges for employer compliance, please see Littler's Report, Workplace Policy Institute: Social Media Password Protection and Privacy — The Patchwork of State Laws and How It Affects Employers, by Phillip Gordon, Amber Spataro, and William Simmons.

New Jersey Proposed Law the Most Aggressive Social Media Password Protection Law to Date

Littler Mendelson P.C. — Mon, 01 Apr 2013 17:29:13 -0800

New Jersey is expected to shortly join California, Illinois, Maryland, Michigan, and Utah in prohibiting employers from seeking employee or applicant passwords to social media accounts or services. New Jersey’s General Assembly passed its bill on March 21, 2013, and that bill now awaits signature by Governor Christie. Although there is no indication from the governor whether he intends to sign the bill, ignore it, or veto it, any action other than signature would simply be symbolic and almost certainly overruled (the General Assembly passed the bill 75-2). New Jersey’s law is more pro-employee/applicant than any such law enacted to date, providing the broadest protections, the narrowest exceptions, and the most generous remedies. To learn more about the proposed law, please continue reading at Littler's Workplace Privacy Counsel.

Survey Reports High Percentage of Employee Misuse and Theft of Company Data

Littler Mendelson P.C. — Tue, 19 Mar 2013 10:34:35 -0800

A recent study by independent data privacy research firm Ponemon Institute of 3,317 individuals in six industrialized countries found that employees are moving intellectual property, including trade secrets, outside their companies in all directions.

Over half of those surveyed admitted they had emailed business documents to their personal email accounts; 41% said they do this at least once a week. The same percentage of respondents confessed they downloaded company IP to personally-owned tablets or smartphones. A majority of those surveyed did not believe this was “wrong.”

To learn more about the survey results, and what employers can do to minimize data theft, please read more at Littler's Unfair Competition & Trade Secrets Counsel.

Is Telecommuting Right For You?

Littler Mendelson P.C. — Mon, 18 Mar 2013 14:34:59 -0800

Yahoo! CEO Marissa Mayer's recent decision to ban telecommuting has highlighted the issue of how employers of all sizes respond to technological changes that are redefining the workplace.

In addition to the savings of decreased overheard (in the form of office space, equipment, or otherwise), telecommuting may provide other tangible benefits. Indeed, recent studies suggest that telecommuting may increase employee satisfaction, decrease turnover (and consequently, recruiting and new employee training costs), and decrease absenteeism. It can also reduce an employer's "carbon footprint" by eliminating the energy consumption associated with traveling to the workplace. However, these technological changes also impact how supervisors and subordinates interact, and the human component may lag behind technological advances. A recent MIT study, for instance, found that supervisors often look more favorably upon employees who put in "face time."

From the startup employer to the multinational corporation, the potential to telecommute creates new compliance challenges. For employers that decide not to offer telecommuting, working from home might remain a "reasonable accommodation" under state and federal disability laws that these employers must still consider. Employers offering telecommuting should ensure that their confidential data and intellectual property remain uncompromised. Monitoring the "work time" of telecommuting employees, especially for those paid on an hourly basis, creates its own set of difficulties. These are but a few of the issues that employers will wrestle with in adapting to technological innovation that allows employees to work from anywhere in the world. Proactively maintaining and periodically updating alternative working arrangement or telecommuting policies is essential to realizing the benefits, and avoiding the pitfalls, of the changing workplace.

To learn more, please see Littler's Insight, How Flexible Are You? Stretching the Boundaries with a Remote Workforce, by Laura Hayward and Brian Morris.

Employer's Termination of Non-Union Employees for Facebook Posts Violated NLRA

Littler Mendelson P.C. — Mon, 07 Jan 2013 10:01:42 -0800

In another decision that affects non-union as well as union employers, the National Labor Relations Board recently ruled that comments posted on Facebook are protected in the same manner and to the same extent as comments made at the "water cooler." In Hispanics United of Buffalo, 359 NLRB No. 37 (Dec. 14, 2012), the Board found that a non-union employer's termination of five employees for Facebook postings was unlawful, awarding the employees full reinstatement and backpay. To learn more about the decision, please see Littler’s ASAP, NLRB Rules Employer’s Termination of Non-Union Employees for Facebook Posts Violated NLRA, by Alan Levins.

Michigan's Internet Privacy Protection Act Sets Limits For Employers & Employees

Littler Mendelson P.C. — Mon, 07 Jan 2013 09:09:00 -0800

On December 28, 2012, Michigan joined California, Illinois, and Maryland in enacting a social media password protection law when Governor Rick Snyder signed the "Internet Privacy Protection Act" (IPPA or the "Act"). In an accompanying statement, the governor declared that "cyber security is important to the reinvention of Michigan, and protecting the private internet accounts of residents is a part of that," and that "potential employees and students should be judged on their skills and abilities, not private online activity." To accomplish these objectives, the IPPA, like the other states' social media legislation, generally prohibits employers from gaining access to applicants' or employees' personal social media accounts. The Act, however, also permits employers to access employees' use of employer equipment and systems and allows for investigations, under certain circumstances, of employees' personal social media accounts. While relatively straightforward, the Act will require businesses operating in Michigan to grapple with a range of interpretive challenges. To learn more about the Act, please see Littler’s ASAP, Michigan's New "Internet Privacy Protection Act" Sets Limitations for Employers and Employees, by William Balke and Philip Gordon.

iTunes In, Log On, Dropbox: Practical Considerations for Social Media Checks

Littler Mendelson P.C. — Tue, 17 Jul 2012 15:09:07 -0800

By Sebastian Chilco

Employer access to employee and applicant social media information remains a hot topic. Through blog posts and other online publications, Littler has discussed how various courts, agencies, and legislatures have tackled the issue. Maryland is currently the only state that prohibits asking individuals for social media login and password information, though similar legislation awaits the governor's signature in Illinois. Moreover, multiple state legislatures and the U.S. Congress have introduced proposed laws. Beyond Maryland, however, the practice's validity is uncertain – which is not surprising because most privacy and antidiscrimination laws predate social media.

The legislative process is normally reactive, i.e., a practice becomes widespread and legislation is introduced to curb the activity. However, with social media access requests and review, state legislatures may be reacting to a perceived issue that is not really a problem. There is limited data concerning employer access requests, but what is available suggests the practice is not as prevalent as one would expect based on media coverage. For example, a recent Littler survey found that only 1% of businesses used access requests during the hiring process. A series of Careerbuilder.com surveys suggest the practice peaked years before the issue occupied the spotlight: in 2008, 22% of employers said they used social media sites to screen applicants; in 2009, 45%; in 2012: 37%. While there was a jump in reported use from 2008 to 2009, use has declined since then. Although survey data may not provide conclusive evidence concerning the pervasiveness of employer access requests and review, it certainly casts doubt on whether proposed legislation is necessary.

Regardless of whether courts, agencies, or legislatures legitimate the practice, there are practical considerations employers should consider when deciding whether to incorporate social media access requests and review into hiring and employment practices.

Information Overload & Underwhelming

Access requests present employers with numerous practical challenges. The initial hurdle employers must overcome is locating pertinent information.

An ever-expanding number of social media sites exist online. To channel P.T. Barnum, social media sites are like suckers: there's one born every minute. Anyone who has shared an article online knows there are unlimited sites where information can be posted and stored. This begs the question "Where to look?"

Some employers hedge their bets with Facebook, which, with over 900 million active users, is the logical choice. However, many individuals maintain numerous accounts across myriad platforms, so it is possible that X (Facebook) does not mark the spot on the applicant/employee treasure map. Moreover, a company's internet firewall might prevent you from accessing potentially relevant information, depending on the social network involved (e.g., adult themed). Sometimes ignorance is bliss.

To be completely apprised of established and emerging social media sites, a company might need a social media consultant or an extremely social-media-savvy HR department. Fully vetting an applicant through social media requires an inordinate amount of patience and idle time. Even if time and money are not issues, there is an overabundance of information available online that increases exponentially each second. Uncovering relevant information may be the online equivalent of finding a needle in a haystack. Realistically, employers more likely will encounter countless pictures of what meals the individual has eaten or indicia that he really enjoys George Takei posts.

Avatars Aren't Limited to Hollywood Blockbusters and World of Warcraft

Because of media coverage, many believe businesses may request access to and review their social media information, which they fear could be detrimental to their potential, current, or future employment status. Individuals may take corrective steps to ensure the information contained on social media sites does not reflect poorly upon them. Accordingly, even if provided access, employers cannot be confident that the information reviewed is without omission or creative editing. Below are actions applicants and employees might take to deflect or elude social media checks.

Phantom Profiles

Maintaining multiple social media profiles is commonplace. An individual may have multiple accounts to meet different needs: Twitter ("What's Justin Bieber doing right now?"); Facebook ("Sometimes I need to escape from the city into the country; that's why I play Farmville"); LinkedIn ("I need a better job to afford more Farmville credits"); Instagram ("I had lasagna for lunch. I thought you'd want to know, and see"). Or he may have multiple accounts in name only to stem the tide of emails informing you that, "[Your friend] just joined [new social media site] and wants you to join" emails.

As a defensive maneuver, however, an individual may create multiple profiles within each platform. He will maintain a personal profile for friends and family and a separate profile for employment purposes – the phantom profile. The personal profile represents what that person likes, thinks, and gets up to when the boss is not looking. The phantom profile represents what the individual believes employers want to see – a non-offensive, well-rounded candidate without bad habits or questionable judgment.

Phantom profiles may not be obvious. An individual with one friend clearly is not "on" Facebook. Don't expect to see "hard worker" or "I live for the weekend (because I can catch up on work)" under "About Me," or that an individual "Likes" Microsoft Excel. Variations will be subtle; a personal profile that is not personal. The profile likely will contain generic, non-alarming information and posts: name; birthdate (not year); where (but not when) the individual attended school; current and former employers; safe interests and hobbies (e.g., reading, film, exercise) – information listed on an employment application. Additionally, if he and his friends create phantom profiles and "friend" one another, the deception is less obvious and a phantom social network is created.

Padded Profiles

Padded profiles are less troubling than phantom profiles but remain problematic. Most people know antidiscrimination laws exist and can identify at least one protected class. Hoping to avoid denied interviews and missed employment opportunities, job seekers may "pad" profile pages with one or more protected classification – validity unimportant. However, unlike phantom profiles that purport to provide relevant information to employers from application through employment, padded profiles generally boost an applicant's chances during the pre-interview process. For example, an individual may tweak a profile to include non-physical, protected classification markers that are not readily confirmed at an interview: religion; political beliefs; union affiliation; sexual orientation; certain disabilities (e.g., recovering alcoholic or drug addict). Consequently, the discovery of otherwise unavailable protected classification information during the application process could pose legal and public relations concerns for employers.

Logging Off

Although social media access requests and review probably are less common than reported, this may not halt current legislative efforts to curb the activity. In the meantime, the practice is so far unregulated, except in Maryland. Regardless of statutory barriers, however, employers should consider the obstacles that remain. Even if provided with access, employers cannot be confident that the information reviewed is without omission or creative editing. Employers should consider these practical challenges, along with actual and potential legal obligations, when constructing, reviewing, or revising hiring or employment policies and procedures.

Image credit: pagadesign

Upcoming Privacy Events

Littler Mendelson P.C. — Tue, 20 Dec 2011 10:28:30 -0800

Philip Gordon will be speaking on a range of privacy and data protection issues at the following upcoming events:

Date: January 11, 2012
Conference: BNA
Location: Webinar
Topic: Phil Gordon and Michael McGuire, Shareholder and Chief Information Security Officer at Littler, will co-present “The Challenges of Bring Your Own Device (BYOD) to Work Policies”
Description: With employees demanding the ability to use their personal smart phones and tablets for business purposes and employers looking for new ways to reduce cost and increase productivity, the trend towards “dual-use devices” in the workplace will undoubtedly continue to pick up stream. This webinar will provide practical recommendations for both areas so that your organization understands the risks of saying “yes” to requests from C-level executives or department chiefs to connect their smartphones or tablets to the corporate network.
For more information and to register, please visit: www.bna.com/own-device-19107/

To learn more about other events at which Mr. Gordon will speak, please continue reading at Littler's Workplace Privacy Counsel.

Telework - The Crisp New Term for "Working from Home"

Littler Mendelson P.C. — Mon, 22 Aug 2011 16:41:03 -0800

The Guide to Telework in the Federal Government informs and provides guidance on the Telework Enhancement Act of 2010, which was signed into law on December 9, 2010. The Act establishes baseline expectations for the federal telework program and is a key factor in the federal government’s ability to achieve greater flexibility in managing its workforce. The Telework Guide is an understandable roadmap for other employers to the future of a remote and plugged-in workforce, while complying with the myriad of laws that govern the traditional workplace. To learn more about the guide, please continue reading at Littler's Workplace Privacy Counsel blog.