September 25, 2015, was the six (6) year anniversary of the New Jersey District Court decision affirming the jury verdict in Pietrylo v Hillstone Restaurant Group, d/b/a Houston’s, 2009 WL 3128420 (D.N.J. Sept. 25, 2009).
In Pietrylo, the first New Jersey case considering the privacy of employee communications on social media sites, we represented two former employees, who were fired by their employer for allegedly making derogatory comments about their jobs outside of work on a private MySpace group page. Back in the dark ages of the social media explosion (circa 2006- 2009), Myspace was a major player in social media. Now, Myspace is used mainly as a streaming radio service and music news site. At the time, not one state in the union had any laws on their books protecting usernames and passwords for social media accounts.
One of the employees created a MySpace group page called “The Spectator” as a place for Houston’s employees to “vent about any BS” they encountered at work. He selected all of the privacy controls offered by MySpace in setting up the page and designated the page, as “private”, meaning access to the page was limited to MySpace users who received an invitation from him to join the group. Only he, not invited members, could send out invitations. He invited several Houston’s employees, but no managers or upper management personnel. The invitees included a female Houston’s greeter. The greeter accepted the invitation and became an authorized member of the group. Access to the group was through the member’s email address and personal, private password.
Upper management became aware of the group page. A member of upper management called the greeter into his office while she was working and asked her for her email address and personal private password so that he could access the page. She did so, but later testified, that she did so only because she thought something would happen to her if she did not. This manager went on the page using the greeter’s personal information and copied the postings. He also passed the greeter’s personal information up the corporate ladder to other members of upper management. The page was accessed a number of times. Subsequently, Houston’s terminated the two employees based upon their comments on the group page and their involvement in creating it.
We filed suit on behalf of the fired employees, and amongst other things, alleged that Houston’s had violated federal and state statutes involving improper access to stored electronic communications. After three (3) years of contentious litigation, the case went to trial before a jury. The trial lasted a week. The jury returned a verdict in favor of our clients finding that Houston’s managers had accessed the MySpace site “without authorization” and acted “maliciously”. The jury awarded compensatory damages and punitive damages. The case received national attention being featured on ABC: Eyewitness News, CNN: American Morning, Fox News: Fox and Friends, and in the Wall Street Journal, AOL: National News, and the New Jersey Law Journal.
Six (6) years later, we thought it would be interesting to see how far the law as come, if at all, post-Pietrylo. Is social media technology still outpacing, by a wide margin, the law on social media?
The simple answer is not as much as it did at the time of the Pietrylo decision, but the law still has a long way to go before it is on equal footing with social media technology.
Social media continues to explode in popularity and usage; employers are increasingly concerned that what employees say on the Internet and other social media electronic devices could damage their business. The reality is that more and more employees are bringing their personal smart phones and tablets to the office.
Twenty-five years ago, individuals wrote letters as their form of personal correspondence. An employer, during those times, would never ask or demand an employee to turn over their letters for examination if they happened to have some of them in their office. Today, individuals write their “letters” online and employers demand all too often to view those personal correspondence.
Many employers argue that access to personal social media accounts is required in order to protect their brand or reputation, or is needed to protect proprietary information or trade secrets, or to prevent the employer from being exposed to potential liability. Many employees, on the other hand, consider an employer requiring access to personal social media accounts, including the username and password, an invasion of the employee’s privacy.
What happens when these two (2) competing interests collide?
After Pietrylo, Maryland became the first state in the nation to pass a password protection law in 2012. In 2013, New Jersey became the 13th state to pass a password protection law. Pursuant to NJSA 34:6B-5, referred to as the “Social Media Privacy Bill or Password Protection Act”, an employer is prohibited from requiring or requesting a current or prospective employee to provide or disclose to them any user name or password to any of the employee’s social media accounts accessed through any electronic device.
As of this writing, a total of twenty-one (21) states have now passed special laws restricting employer access to personal social media accounts of applicants and employees. Besides Maryland and New Jersey, Arkansas, California, Colorado, Connecticut, Illinois, Louisiana, Michigan, Montana, Nevada, New Hampshire, New Mexico (job applicants only), Oklahoma, Oregon, Rhode Island, Tennessee, Utah, Virginia, Wisconsin, and Washington, have all passed social media laws.
This means that there are still twenty-nine (29) states that have yet to pass a social media password protection law.
Federal legislation on the subject has been proposed several times, including federal legislation sponsored by senators from New York and Connecticut citing the Pietrylo decision. Efforts to enact a national social media privacy law, however, have not yet been successful.
Although strides have been made since Pietrylo for social media law to catch up with social media technology, there is still a long, long way to go.
NOTE: The content of this blog is intended for informational purposes only. It is not intended to solicit business or to provide legal advice. Laws differ by jurisdiction, and the information on this blog may not apply to every individual reading it. You should not take, or refrain from taking, any legal action based upon the information contained in this blog. You should first seek professional counsel of your choice. Your use of this blog does not create an attorney-client relationship between you and the author or his firm.