human resource management unit I article Critique
nasarb
8 Socially Aware, October 2015
The defendant, LogMeIn, Inc., sells software for accessing computer files remotely from separate computers or mobile devices. LogMeIn previously provided its software as two separate products: LogMeInFree, a free service that allowed users to log into remote computers from a desktop or laptop; and Ignition, a paid service that allowed users to log into computers using mobile devices. Before 2011, the plaintiff, Darren Handy, downloaded LogMeInFree and then paid for Ignition. In 2014, LogMeIn introduced a new paid product called “LogMeInPro,” which merged the features of LogMeInFree and Ignition. Eventually, LogMeIn posted a message on its website stating it would begin migrating users of LogMeInFree and Ignition to the new platform while ending support and maintenance on the older platforms. This required users of LogMeInFree and Ignition to pay for LogMeInPro in order to receive continued support and maintenance for Ignition and to continue to use the functionality previously provided for free as part of LogMeInFree.
In response, Mr. Handy brought a class action suit alleging he would never have purchased Ignition if he had known that the company would discontinue support for Ignition or require additional payment for continued access to the LogMeInFree functionality. His suit claimed that LogMeIn violated California Business and Professions Code §§ 17200 and 17500 by fraudulently failing to disclose that the company might discontinue support and change its pricing model for the software. LogMeIn argued, among other things, that its online TOU reserved the right for LogMeIn “to modify or discontinue any Product for any reason or no reason.” But Handy argued that this statement
was not binding on him because he never affirmatively accepted the TOU.
The court disagreed, however, holding that “whether the Terms and Conditions constituted an enforceable contract is irrelevant to whether the Terms and Conditions related to LogMeInFree provided notice to prospective purchasers of the Ignition app that LogMeInFree could be discontinued.” The court went on to note that, while LogMeIn’s TOU may not have been “forced on Plaintiff through a clickwrap,” the TOU nonetheless showed that LogMeIn had “publish[ed] the fact that it reserved the right to terminate the free app, LogMeInFree.” Therefore, the court held that there was “an insufficient showing that information related to the future termination of LogMeInFree constituted a material omission when selling the Ignition app.”
Clients often ask us whether a “browsewrap” TOU serves any purpose at all, given the fact that courts are often disinclined to construe such TOU presentations as creating an enforceable contract. Handy v. LogMeIn, Inc. shows that, in at least some circumstances, the answer is yes; even if a browsewrap does not constitute a contract, it may serve a useful purpose by providing legally significant notices to users.
EMPLOYER ACCESS TO EMPLOYEE SOCIAL MEDIA: APPLICANT SCREENING, “FRIEND” REQUESTS AND WORKPLACE INVESTIGATIONS By Melissa M. Crespo and Christine E. Lyon
A recent survey of hiring managers and human resource professionals reports that more than 43 percent of employers
use social networking sites to research job candidates. This interest in social networking does not end when the candidate is hired; to the contrary, companies are seeking to leverage the personal social media networks of their existing employees, including for their own marketing purposes, as well as to inspect personal social media in workplace investigations. As employer social media practices continue to evolve, individuals and privacy advocacy groups have grown increasingly concerned about employers intruding upon applicants’ or employees’ privacy by viewing restricted-access social media accounts.
Although federal legislation has been proposed several times (see here and here), efforts to enact a national social media privacy law have not been successful. In the absence of such legislation, states are actively seeking to address employee social media privacy issues. In 2014, six states passed social media laws, and, since the beginning of 2015, four more states have passed or expanded their social media laws. Similar legislation is pending in at least eight more states. In total, 22 states have now passed special laws restricting employer access to personal social media accounts of applicants and employees (“state social media laws”).
These state social media laws restrict an employer’s ability to access personal social media accounts of applicants or employees, to ask an employee to “friend” a supervisor or other employer representative and to inspect employees’ personal social media. The state social media laws also have broader implications for common practices such as applicant screening and workplace investigations, as discussed below.
KEY RESTRICTIONS UNDER STATE SOCIAL MEDIA LAWS As a general matter, these state social media laws bar employers from requiring or even “requesting” that an applicant or employee (21 of the 22 state laws protect both current employees and applicants; New Mexico’s law protects
Even if a browsewrap does not constitute a contract, it may serve a useful purpose by providing legally significant notices to users.
9 Socially Aware, October 2015
only applicants) disclose the user name or password to his or her personal social media account. Some of these state laws also impose other express restrictions, such as prohibiting an employer from requiring or requesting that an applicant or employee:
• add an employee, supervisor or administrator to the friends or contacts list of his or her personal social media account;
• change privacy settings of his or her personal social media account;
• disclose information that allows access to or observation of his or her personal social media account, or otherwise grant access in any manner to his or her personal social media account;
• access personal social media in the employer’s presence, or otherwise allow observation of the personal social media account; or
• divulge personal social media.
These laws also prohibit an employer from retaliating against, disciplining or discharging an employee or refusing to hire an applicant for failing to comply with a prohibited requirement or request.
For example, a few states, like New Mexico, only cover traditional social networking accounts, while most other state laws broadly apply to any electronic medium or service that allows users to create, share or view user-generated content, including videos, photographs, blogs, podcasts, messages, emails and website profiles generally. Some of these laws only prohibit employers from seeking passwords or other login credentials to personal social media accounts, while other states impose the broader restrictions described above. For example, Arkansas, Colorado, Oregon and Washington prohibit an employer from requesting that an employee allow the employer access to his or her personal social media accounts; and California, Connecticut, Oklahoma, Michigan, Rhode Island, Tennessee and
Washington prohibit an employer from requesting an employee to access his or her personal account in the presence of the employer. Certain states prohibit an employer from requiring an employee to change his or her privacy settings to allow the employer access to his or her private social media accounts, although it is possible that such a restriction might be inferred from at least some of the other state laws as well. Even more confusing are the inconsistencies across state laws with respect to exceptions for workplace investigations, as discussed below.
While state laws differ significantly, however, the general message is clear: Employers must evaluate their current practices and policies to ensure compliance with these laws.
WHAT EVERY EMPLOYER SHOULD KNOW ABOUT STATE SOCIAL MEDIA LAWS
A. Applicant Screening
In general, these state social media laws do not limit an employer’s ability to review public information, such as information that may be available to the general public on an applicant’s social media pages. Instead, these laws limit an employer’s attempts to gain access to the individual’s social media accounts by means such as requesting login credentials, privacy setting changes or permission to view the accounts.
Additionally, most of these laws explicitly state that they do not prohibit viewing information about an applicant that is available to the public. For example, the Michigan law “does not prohibit or restrict an employer
from viewing, accessing, or utilizing information about an employee or applicant that can be obtained without any required access information or that is available in the public domain.”All of these state social media laws, however, prohibit employers from seeking access to the nonpublic social media pages of applicants. In practice, this means that employers should avoid asking applicants about the existence of their personal social media accounts and requesting, or even suggesting, that an applicant friend the employer or a third party, including a company that provides applicant background investigations.
B. Friend Requests
Certain laws expressly restrict an employer’s ability to encourage an employee to friend or add anyone to the list of contacts for his or her personal social media accounts. This may include, but is not limited to, the employer, its agents, supervisors or other employees.
For example, Colorado’s social media legislation states that an employer shall not “compel an employee or applicant to add anyone, including the employer or his or her agent, to the employee’s or applicant’s list of contacts associated with a social media account,” and many other laws contain this type of prohibition against requesting access via what may be intended as a harmless friend request.
Although these laws do not prohibit a subordinate from friending a manager or supervisor, employers should exercise care not to require, or even request or encourage, employees to friend supervisors or other company representatives. Employers in states without social media laws or states with laws that allow “friending” should nevertheless proceed with caution when requesting access to an employee’s or applicant’s personal social media pages and think twice about “friending” or “following” employees. If an employer learns about an employee’s legally protected characteristic (such as religion, pregnancy, medical condition
Employers must evaluate their current practices and policies to ensure compliance with state laws.
10 Socially Aware, October 2015
or family medical history) or legally protected activity (such as political or labor union activity), the employer may face greater exposure to discrimination claims if it later takes adverse action against the employee.
These restrictions may be particularly significant for employers seeking to leverage employees’ personal social media connections for work-related marketing or business development purposes. Employers should be aware that, even in states without an express restriction on friend requests, a law that generally prohibits an employer from attempting to access an employee’s or applicant’s social media account may effectively limit an employer’s ability to require or encourage employees to friend people.
C. Account Creation and Advertising
Recently, Oregon amended its existing social media law to prohibit categories of employer conduct not previously addressed in any of the existing social media laws. Under the new amendment (which takes effect on January 1, 2016), employers are prohibited from requiring or requesting that an applicant or employee establish or maintain a personal social media account or that an applicant or employee authorize the employer to advertise on his or her personal social media account. Notably, the Virginia law, which went into effect July 1, 2015, implies that an employer may be permitted to engage in the type of conduct the Oregon law seeks to prevent. The Virginia law explicitly excludes from covered information an account set up by the employee at the request of the employer.
D. Investigations
One of the most challenging areas under state social media laws involves an employer’s ability to inspect or gain access to employees’ personal social media in connection with workplace investigations. An employer may wish to access an employee’s social media
account, for example, if an employee complains of harassment or threats made by another employee on social media or if the employer receives a report that an employee is posting proprietary or confidential information or otherwise violating company policy. Some of the state social media laws provide at least limited exceptions for workplace investigations, while others do not.
No express exception for investigations: The Illinois and Nevada social media laws do not provide any express exception for workplace investigations that might require access to an employee’s personal social media accounts. This suggests that an employer’s investigation of potential misconduct or legal violations may not justify requesting or requiring an employee to disclose his or her social media login credentials. (We note that, perhaps in an effort to broaden employer investigation efforts and clarify an existing ambiguity, Illinois amended its law so that, where the access sought by the employer relates to a professional account, an employer is not restricted from complying with a duty to screen employees or applicants, or to monitor or retain employee communications as required by law.)
Limited exception for investigations of legal violations: California’s social media law provides that it does not limit an employer’s ability to request that an employee divulge personal social media in connection with an investigation of employee violations of applicable laws. However, this exception does not appear to extend to other prohibited activities, such as asking an employee to disclose his or her user name and password for a personal social media account. Other states provide exceptions only for investigations of specific types of legal violations. For example, the Colorado and Maryland social media laws only provide an exception for investigating violations of securities laws or potential misappropriation of proprietary information.
Limited exception for misconduct investigations: Some social media laws extend the exception beyond investigations of legal violations to investigations of alleged misconduct. These states include California, Oregon and Washington. In general, these laws allow an employer to ask an employee to divulge content from a personal social media account, but still do not allow the employer to request the employee’s login credentials. In contrast, some states, including Arkansas, Colorado, Maryland and Michigan permit an employer to request any employee’s social media login credentials to investigate workplace misconduct.
Given these differences, employers should be mindful of the broad range of investigative exceptions in state social media laws. Before initiating an investigation that may benefit from or require access to an employee’s personal social media, an employer should first consider the restrictions imposed by the applicable state law and the scope of any investigatory exception offered by that law.
E. Best Practices
Given the inconsistencies among the different laws, it is challenging for multistate employers to manage compliance with all state social media laws. Even if it is not the employer’s practice to seek access to its employees’ or applicants’ private social media pages, there are less obvious components of the laws that will affect almost every employer, and employers should consider the following measures.
Review hiring practices for compliance with social media laws: Employers should ensure that all employees involved in the hiring process are aware of the restrictions imposed by these state social media laws. For example, recruiters and hiring managers should refrain from inquiring about an applicant’s personal social media pages or requesting access to such pages. While these state social media laws do not prohibit employers from
11 Socially Aware, October 2015
accessing publicly available personal social media sites, employers will also want to evaluate whether this practice is advisable, given the risk of stumbling across legally protected information that cannot be used in employment decisions.
Implement social media guidelines: Employers should implement social media guidelines to mitigate potential risks posed by employee social media postings, being mindful of restrictions arising under the National Labor Relations Act and other federal and state laws. Employers also should ensure that their social media guidelines do not run afoul of these state social media laws.
Educate and train personnel: Personnel involved in internal investigations, such as human resources and internal audit personnel, need to be aware of the growing restrictions on employer access to employee personal social media accounts. Prior to seeking access to an employee’s personal social media accounts, or content from such accounts, the internal investigators should check any applicable restrictions. In general, given the general trends in these laws, employers should avoid requesting login credentials to employees’ personal social media accounts, even in the context of investigation, unless they have first consulted legal counsel.
WASHINGTON STATE COURT REFUSES TO UNMASK ANONYMOUS ONLINE REVIEWER By Aaron P. Rubin
In a precedent-setting ruling, the Washington Court of Appeals in Thomson v. Doe refused to grant a motion to compel brought by a defamation plaintiff who had subpoenaed the lawyer-review site Avvo.com seeking the identity of an
anonymous online reviewer, holding that, for a defamation plaintiff to unmask an anonymous defendant, that “plaintiff must do more than simply plead his case.”
The plaintiff in the case, Florida divorce attorney Deborah Thomson, filed a defamation suit against an anonymous poster of Avvo reviews. Claiming to be a former client, the reviewer stated that Thomson, among other things, failed to live up to her fiduciary duties, failed to subpoena critical documents and failed to adequately represent the reviewer’s interests.
After Avvo refused Thomson’s subpoena seeking the anonymous reviewer’s identity, Thomson moved to compel compliance with the subpoena. The Washington State trial court denied Thomson’s motion and she appealed, presenting the Washington State Court of Appeals with what the court acknowledged was an issue of first impression in the Evergreen state: What evidentiary standard should a court apply when deciding a defamation plaintiff’s motion to reveal an anonymous speaker’s identity?
The court began its analysis by describing the holdings of the two leading cases on the issue: New Jersey’s Dendrite Int’l, Inc. v. Doe No. 3, which held that, to unmask anonymous defendants in defamation cases, the plaintiff must “produce sufficient evidence supporting each element of its cause of action on a prima facie basis; and Delaware’s Doe v. Cahill, which
established that plaintiffs seeking to uncover the identities of anonymous speakers/defendants must clear a slightly higher evidentiary threshold— proof that their claims would survive a summary judgment motion.
The court also discussed the one court that “has significantly strayed from Dendrite and Cahill”: the Virginia Court of Appeals. In Yelp, Inc. v. Hadeed Carpet, another case we recently covered at Socially Aware, the Virginia Court of Appeals “declined to adopt either test, instead applying a state statute that required a lower standard of proof.” Specifically, Hadeed held that, in the Thomson court’s words, “a defamation plaintiff seeking an anonymous speaker’s identity must establish a good faith basis to contend that the speaker committed defamation.”
The Thomson court then cited, with approval, the Ninth Circuit’s approach in In re Anonymous Online Speakers. In that case, the Ninth Circuit determined that, when deciding whether to require disclosure of an anonymous speaker’s identity, the nature of the speech at issue should inform the choice of evidentiary standard. Holding that an online review of an attorney’s services is not merely commercial speech—which, the court explained, would warrant the lowest level of protection—the court rejected the Hadeed (good faith) standard. Since the Avvo review did not qualify as political speech either, the court also discounted the highest level of protection. The court then determined that the “motion to dismiss standard” was “inadequate to protect this level of speech” because, in a notice pleading state like Washington, “a defamation plaintiff would need only to allege the elements of the claim, without supporting evidence.”
Finally, the Thomson court addressed the “two remaining standards”: prima facie (Dendrite) and summary judgment (Cahill). The court ultimately decided that the prima facie standard was appropriate because the anonymous reviewer had yet to appear in the case
When deciding whether to require disclosure of an anonymous speaker’s identity, the nature of the speech at issue should inform the choice of evidentiary standard.
Copyright of Venulex Legal Summaries is the property of Venulex and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.