Internet Law & Security Updates

So much is happening online that it can be hard to keep up. I have compiled some of the most recent events in Social Media, Internet law & Cybersecurity. Know how these changes affect your privacy and other rights. If you have any questions leave them in the comments!

Social Media

Comments on social media considered and Facebook “Likes” enjoy federal protection. On August 25, the National Labor Relations Board found in Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Sanzone, Case No. 34-CA-012915, and Three D, LLC, d/b/a Triple Play Sports Bar and Grille v. Spinella, Case No. 34-CA-012926, that an employer had violated federal labor law by terminating an employee who had “liked” a former co-worker’s negative comment about the employer posted on Facebook.  The Board also ruled that the employer violated the National Labor Relations Act (the “Act”) by firing another employee for posting an expletive-laced comment about the employer in response to the former co-worker’s comment, and it found that the employer’s “Internet/Blogging” policy banning “inappropriate discussions” regarding the company unlawfully chilled employees’ exercise of their right to engage in protected, concerted activity under the Act.

BYOD

Reimburse employees for wireless service. A recent California ruling that requires companies to reimburse employees for wireless serviceAlthough the case raised more questions than it answered about what level of reimbursement is required, it seems clear that companies will bear a larger portion of the cost of BYOD programs than they had previously borne.

Security 
According to the New York Times, when one adds the compromised records in Target, PF Chang’s, Neiman Marcus, Sally Beauty, Michaels, UPS and others, the number of affected customers amounts to more than one-third of the U.S. population.

Home Depot the latest victim of security breach. Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations. Krebs’ reporting is here. This latest incident raises yet another round of concerns about the malware known as “Backoff” and the potential widespread effect on retailers. Home Depot has been hit with a class action lawsuit stemming from a suspected data breach at the home improvement retailer 

Using your cellphone’s gps to stay ahead of fraudsters. In a new effort to use technology to foil credit-card fraud, a company called BillGuard is testing a system that would monitor the precise whereabouts of mobile devices to detect possible payment issues. The tech firm is tracking mobile-phone locations in an attempt to stay one step ahead of fraudsters. Because smartphones are almost always near their owners, the technology would register and flag those occasions when a phone is not near the owner’s credit card. The technology would only be used with the consumer’s consent.

Healthcare.gov Server Hacked.The Department of Health and Human Services disclosed on Sept. 4 that malware had been uploaded on the Obamacare test server back in July. HHS officials say the malware was designed to launch a distributed-denial-of-service attack against other websites when activated and not designed to exfiltrate personally identifiable information. No consumer data was exposed in the incident, officials say (see HealthCare.Gov Server Hacked).

Apple plans to add safeguards to help address security vulnerabilities exploited by celebrity-photo hackers. The proposed changes include alerting users – using both e-mails and push notifications to devices – every time someone:

  • Changes an account password;
  • Uses a new device to log into an account;
  • Restores an iCloud backup to a new device.

After receiving a related alert, the user can immediately change their account password, or file a report of a suspected security breach with Apple. The company has yet to detail how exactly it will respond to those reports.

Privacy

Magazines in Michigan cannot share your personal information. The Michigan’s Video Rental Privacy Act limits the ability of companies to disclose information regarding customers’ video rental activities. In a case filed by a consumer who alleged that a magazine company had improperly disclosed her personal information, along with information about the magazines to which she subscribed, the U.S. District Court for the Eastern District of Michigan recently held that the law does in fact apply to magazines. The court noted that the statute is directed to companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings,” and that magazines constitute “other written materials.”

NLRB Decision #2: Be Careful What You Post on Social Media!

Be careful what you post on Facebook! Although courts and law makers are making gallant strides to protect our privacy interests in social media you can still cross the line. On October 1, 2012, The National Labor Relations Board (NLRB) issued another decision addressing the National Labor Relations Act (NLRA), social media, and handbook policies prohibiting or limiting social media use. In Karl Knauz Motors, Inc., the NLRB reviewed two separate issues: 1) whether the employer unlawfully fired an employee after he posted pictures on Facebook; and 2) whether a courtesy policy in the employer’s handbook violated the NLRA.

 Robert Becker, a BMW salesman at Karl Knauz Motors, was fired after he posted several photos and comments on Facebook regarding incidents that happened at work. Incident #1: A salesperson allowed the 13-year-old son of a customer to sit behind the wheel after a test drive. The boy apparently hit the gas, drove over his parent’s foot, over a wall, and then into a pond. Becker posted a picture of the Land Rover in the pond, and a caption criticizing his co-worker’s decision to let the boy sit in the car. Incident #2: Karl Knauz Motors (employer) hosted a luxury car sales event. Becker criticized the company for serving hot dogs, chips, and bottled water at a luxury car event, and posted several pictures of the fare with sarcastic comments, mocking the inexpensive food and beverages. Becker posted both sets of pictures and comments were posted on the same day and he was terminated shortly thereafter.

Becker filed a charge with the NLRB, claiming that he was discharged for engaging in protected concerted activity because his posts were made in an effort to improve working conditions.

Did the employer unlawfully fired an employee after he posted pictures on Facebook? The NLRB held that the posts about the Land Rover incident were not protected concerted activity because they were posted solely by Becker without any discussion or connection to any of the other employees’ terms and conditions of employment. The evidence showed that Karl Knauz Motors discharged Becker only because of the posts about the Land Rover incident (not the sales event incident), so consequently, his discharge did not violate the Act. Although the hearing officer found that Becker’s posts about the inexpensive food at the sales event were protected concerted activity, the NLRB did not address the issue because it was irrelevant, given that he was not discharged for these posts.

Did a courtesy policy in the employer’s handbook violate the NLRA? Despite finding for the employer on the posting issue, however, the NLRB held that the courtesy policy in the company’s handbook was unlawful. Karl Knauz Motors’ handbook had a rule requiring courteous behavior, which also prohibited disrespectful behavior or language that damaged Karl Knauz Motors’ reputation. Specifically, the policy stated:

Courtesy: Courtesy is the responsibility of every employee. Everyone is expected to be courteous, polite and friendly to our customers, vendors and suppliers, as well as to their fellow employees. No one should be disrespectful or use profanity or any other language which injures the image or reputation of the Dealership.

The NLRB, relying on its very recent decision in Costco Wholesale Corporation held that the policy language was unlawful because employees could “reasonably construe” the language prohibiting “disrespectful” conduct and “language which injures the image or reputation of the Dealership,” to include statements made to co-workers and others about improving the employees’ working conditions. The handbook should have contained language informing employees that statements protected under the NLRA were not prohibited under the courtesy policy. This would have help to combat the reasonable assumption by employees, based on a fair reading of the rule, that the company would regard statements of protest or criticism as disrespectful or injurious to its reputation.

What to remember: Although employers must act cautiously when disciplining employees for comments on social media, employees must still be aware of what they post on social media. They may discharged for inappropriate comments that are not protected under the NLRA, including postings on social media that are made without any connection or relation to other employees’ terms and conditions of employment (provided the termination does not violate other laws). This decision makes clear that the NLRB will continue to scrutinize handbooks closely, and reject any policy that could potentially be interpreted to prohibit protected concerted activity by employees.

I think this decision was very necessary to remind employees that despite privacy rights afforded for social media use this is still a public forum and users must exercise discretion. There are consequences for all of our actions and bashing your employer in context that has nothing to do with working conditions or terms of employment is probably not the best use of your timeline. It is important for the NLRB to also provide protections for employers. On the other hand, do you see any free speech implications in getting fired for voicing your opinion about allowing a 13-year old behind a steering wheel?

NLRB Issues First Social Media Decision – What Does this Mean?

Social Media is a new frontier in cyber law.  It is impacted by a variety of regulations such as labor laws, internet law, IP law, etc. Recently the intersection between labor law and social media has impacted corporate policy. Many companies dove head first into the social media craze when they realized the potential marketing impact. Many realizing much later that they needed to regulate use by employees and some not realizing at all. Many of the social media policies created violated employment law namely the National Labor Relations Act (“NLRA”).

Over the last year the National Labor Relation Board (“NLRB”) Acting General Counsel issued a series of memos that provided insight into its interpretation of how the NLRA applies to social media policies. This month was noteworthy as the National Labor Relations Board issued its first decision taking on an employer’s social media policy in Costco Wholesale Corp., 358 NLRB No. 106 (2012).  The ruling was pretty consistent with the recommendations for the NLRB memos which highlighted a need for specificity and examples.

Costco’s “Electronic Communications and Technology Policy” stated:

Costco recognizes the benefits associated with electronic communications for business use. All employees are responsible for communicating with appropriate business decorum whether by means of e-mail, the Internet, hard-copy in conversation, or using other technology or electronic means. Misuse or excessive personal use of Costco technology or electronic communications is a violation of Company policy for which you may be disciplined up to and including termination of employment. Your use of Costco technology and electronic communication systems represents your agreement with the following policies: . . .

  • Any communication transmitted, stored or displayed electronically must comply with the policies outlined in the Costco Employee Agreement. Employees should be aware that statements posted electronically (such as online message boards or discussion groups) that damage the Company, defame any individual or damage any person’s reputation, or violate the policies outlined in the Costco Employee Agreement, may be subject to discipline, up to and including termination of employment.

The NLRB found that employees would reasonably construe the rule as prohibiting Section 7 activity. More specifically, the NLRB found the “broad” prohibitions against damage to the Company or another individual’s reputation included communications by employees that protest how the employer treated its employees.  The NLRB also found the rule requiring employees to use “appropriate business decorum” was lawful under the NLRA, which is good news for employers.

Employers following this opinion should note it affirms that context and specificity play an important role in whether a policy is considered lawful under the NLRA.  Policy’s are evaluated as a whole so employers must be aware of how each section works together. I encourage Employers to pay close attention to NLRB recommendations and all relevant state & federal regulations as you craft your social media policy.