Social Media Privacy Laws and Legal Liabilities


Published on

Produced by Holland and Knight, this presentation covers social media legal liabilities.

Published in: Education, Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Social Media Privacy Laws and Legal Liabilities

  1. 1. Social Media: Legal Liabilities, Loopholes and Lessons LearnedAugust 10, 2011 Jennifer Mansfield Lindsay Dennis Swiger Copyright © 2011 Holland & Knight LLP All Rights Reserved
  2. 2. Important notice:Information contained in this PowerPoint is forthe presenter’s use in an August 2011 program.It is being used for informational purposes onlyand is not legal advice. Specific facts require theapplication of specific laws. Federal and statelaws change frequently. Thus, consult yourattorney with particular legal questions. 2
  3. 3. Today’s Topics• Legal concerns: – Who has liability for social media content? – Regulatory, privacy and other legal considerations for marketing through social media• Employment issues• Crafting state of the art policies – Employee Policies – Privacy Policies – Terms of use for your website 3
  4. 4. Social Media 4
  5. 5. Social Media – Potential PR Nightmare• Dominos: bad publicity suffered by Dominos from the infamous YouTube prank video posted by two of its employees: atch?v=OhBmWxQpedI• Also: – Nurses in Wisconsin terminated for posting patient Xrays on Facebook – Univ of New Mexico Hospital works terminated for taking pictures of patient injuries with cellphone cameras and posting them on MySpace 5
  7. 7. Release of Sensitive/Protected Information• Data security: An employee could unwittingly click on links to spam and phishing schemes or download malicious code onto the company network.• Re-Posting of material: E-mail messages, firm-wide memos, or employee rants may end up before a wider audience, with little recourse from the original author. – Twitter tweets, even if original followers are restricted can be retweeted – See e.g., Moreno v. Hanford Sentinel, Inc., 172 Cal.App.4th 1125 (2009) (author who posted an article on social network site cannot state a cause of action for invasion of privacy against the person who submitted that article to a newspaper for republication)– Hackers: Need to maintain security to protect information of your customers/clients. 7
  8. 8. Internet Security You neverwant to have to send one ofthese emails to your customers. . . 8
  9. 9. Defamation• A false statement that tends to hold a person up to hatred, contempt, or ridicule or causes him to be shunned or avoided by others.• Re-publisher just as liable as the original speaker• Section 230 of the Communications Decency Act; – Craigslist was absolved of liability for assault with a handgun sold on its site – MySpace was immune from liability for sexual predators communicating with minors on its site – Union immune from defamatory postings by members on its site 9
  10. 10. Invasion of PrivacyFour types of invasion ofprivacy claims:(1) intrusion upon seclusion,(2) appropriation of name or likeness of another,(3) publication of private facts;(4) False light (not in Florida)Yath v. Fairview Clinics, N.P., 767 2d 34 (Minn. App. 2009) atch?feature=player_embe dded&v=mg11glsBW4Y 10
  11. 11. Intellectual Property• Harm to Reputation: A company could suffer a harm to its reputation from the creation of false profiles.• “Name squatting” and “brandjacking” – when a third- party uses a company name in social media without authorization.• Copyright: – Get a license: Copyright in original UGC belongs to the user, unless agreed otherwise. If you re-post, make sure what you’re reposting does not contain copyright violations. – Fair use is an affirmative defense, but can be very tricky 11
  12. 12. Digital Millennium Copyright Act (DMCA) 17 USC § 512 • Protects Intellectual Property(sword): Notice and Takedown procedures without litigation. • Protection From Users Infringing Acts (shield): "Safe Harbor" protects service providers until noticeLenz v. Universal, 572 F.Supp.2d 1150 (N.D. Cal. 2008) of a violation is properly given. om/watch?v=N1KfJH FWlhQ 12
  13. 13. Social Media – Litigation Concerns• Discovery, preservation issues: – Ensure that data can be preserved, retrieved and produced if required. – Adopt/implement written computer maintenance schedule. – Include procedures for preserving electronic records in case of subpoena or threatened litigation; and – Consult legal counsel and IT early to identify computers/other devices of employer, employees and third parties that may have relevant information.• Just because an attorney is cc’d, doesn’t make it privileged.• If a privilege exists, it can be lost: Once communications are shared with others, any privilege of confidentiality will be lost. 13
  14. 14. Federal Regulations• HIPAA : Healthcare Insurance Portability and Accountability Act of 1996. • Nurses in Wisconsin terminated for posting patient Xrays on Facebook • Univ of Mexico Hospital workers terminated for taking pictures of patient injuries with cellphone cameras and posting them on MySpace• HITECH Act – requires businesses or third parties who receive HIPAA information to maintain confidentiality and must notify people if their confidential information is released. 14
  15. 15. Federal Regulations• Food, Drug, and Cosmetics Act (FDCA) – regulation of labeling and advertising for drugs and devices. – Labeling – brochures, detailing pieces, letters, prices lists, etc. – Advertising – journals, magazines, broadcast media, telephone, etc.• FDA says all manufacturers are in control of their websites and thus all FDCA requirements apply. – Testimonials – especially for an off-label use – can create a problem for the company 15
  16. 16. Federal Regulations• FTC Regulations • Testimonials/Endorsements regulation implemented in 2009. • Must disclose connections between advertisers and their endorsers that might materially affect the weight or credibility of the endorsement • Free Product is considered compensation• Children’s Online Privacy Protection Act (COPPA); 15 U.S.C. 6501-6506; 16 CFR Part 312. • Applies to websites that target children under 13 or know, or should know, that a visitor is under age 13 16
  17. 17. Social Media – User Privacy ConcernsFTC Staff Report: Self-Regulatory Principles For Online Behavioral Advertising (Feb. 2009)• Transparency: The Report calls for companies to obtain affirmative express consent from consumers for material changes in use of PII• Consumer Control: clear statement that (1) data about consumers’ activities online is being collected for behavioral advertising and (2) consumers can choose whether or not to have their information collected for such purpose. 17
  18. 18. Social Networks – SEC regulation• Violation of securities laws: Loose communication about public companies might violate securities laws that regulate material misstatements, public disclosures, and solicitations made by or on behalf of the company.• Example, in 2007, the SEC opened an informal inquiry into Whole Foods CEO John Mackey’s “sock puppet” activities, that is, his anonymous posts and commentary to online financial message boards praising Whole Foods and offering other opinions about its competitors. Mackey was eventually cleared, but not before he and the company were dragged through a media gauntlet. 18
  19. 19. Yikes!What can I do about all of this? 19
  20. 20. WebsitePrivacy Policies and Terms of Use 20
  21. 21. Website Privacy Policies and Terms of Use• Two perspectives: – Looking: from inside your home site to outside – Looking: from outside to inside a third party site• Are they “contracts” or “policies”? – The FTC says they are contracts• The ideal is “spontaneous participation” in social media, but thereality is that enterprises must require disciplined participationaccording to rules – Pointer: make underlying rules look like spontaneous participation (technical and process measures) 21
  22. 22. How the Two Fit Together•Privacy Policy •Terms of Use • Notice of privacy practices • Define services – Definition of personal information • Rules on passwords & authentication – Host’s use of personal information • Technology rules (bots, deep-linking) – Sharing of personal information • Code of conduct between users • Grants and cross-grants of rights • Consent • Advertisement policies • Access • Right to Monitor • Security • DMCA information • Enforcement • Member disputes • Warranties, disclaimers & general 22
  23. 23. Privacy controls• User behavior – Facebook admonitions • “Please choose carefully the information you post on your profile, and that you provide to other Members. • If you make your profile freely available to other Members, your profile should not include information that personally identifies you, such as your telephone number, street address, last name, email address, and any geographically recognizable photographs.”• User choice – Ability to opt-in and opt-out 23
  24. 24. Employment Law Issues 24
  25. 25. Social Media for Employers•Use of Social Media to Recruit and Screen Job Applicants.•Social Media at Work. 25
  26. 26. Use of Social Media to Recruit and Screen JobApplicants• Recruiting – Identify potential applicants who might not be looking for a new job – Target applicants with specific job levels and skill sets• Screening – Vet job applicants for corporate culture “fit” – Verify qualifications on an applicant’s resume or CV 26
  27. 27. Use of Social Media to Recruit and ScreenApplicants•73% of employers use social networks or social media to support their recruitment efforts (Jobvite survey, 2010).•53% of employers research job candidates on social media websites ( survey, 2010). 27
  28. 28. Screening Applicants Online• A 2008 SHRM survey found that negative information found through social media was more likely to affect an employer than positive information.• According to, 2 in 5 employers had found content on a social network site that dissuaded them from hiring a candidate. – Lies about qualifications on resumes or CV’s – Discriminatory comments – Questionable judgment – Provocative or inappropriate photographs 28
  29. 29. Revoking Offers• A soon-to-be Cisco employee posted the following tweet on Twitter: – Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work.• Tim Levad at Cisco saw the tweet, and tweeted him back: – Who is the hiring manager? I’m sure they would love to know that you will hate the work. We here at Cisco are versed in the web.• This post went viral overnight and became an internet sensation. The offer was subsequently rescinded. (CA Labor & Employment Bulletin, p. 91March/April 2010.) 29
  30. 30. Pitfalls of Pre-employment Online Screening• Discrimination – Failure to Hire• Case Study: Gaskell v. University of Kentucky, E.D. Kentucky, Nov. 23, 2010• Facts: – The University of Kentucky wanted to hire a Founding Director for its astronomical observatory. The University put together a search committee which received about 12 applications for the position. – The most qualified applicant by far was Martin Gaskell. He was the top candidate until… 30
  31. 31. Gaskell v. University of Kentucky (cont.)• One of the members of the search committee conducted an internet search for information about Gaskell and found his professional website which linked to his personal website which contained an article titled “Modern Astronomy, the Bible, and Creation.”• This information was circulated to the entire search committee.• From there, the search committee discussed Gaskell’s religious beliefs with other professors at the University, with the University Dean and Provost, and with Gaskell’s previous employer. The search committee also reviewed Gaskell’s student evaluations for references to his religious beliefs. 31
  32. 32. Gaskell v. University of Kentucky (cont.)• In the end, Gaskell was not hired for the position. Instead, a less qualified candidate was selected.• Gaskell filed a lawsuit claiming that he was not hired because of religious discrimination.• The Court’s Decision:• The court concluded that the case should go to trial because Gaskell had presented direct evidence of discrimination.• The smoking gun? An email from the chair of the search committee. 32
  33. 33. Gaskell v. University of Kentucky (cont.)• The email, with the subject line “The Gaskell Affair,” stated:• It has become clear to me that there is virtually no way Gaskell will be offered the job despite his qualifications that stand far above those of any other applicant. Other reasons will be given for this choice when we meet Tuesday. In the end, however, the real reason why we will not offer him the job is because of his religious beliefs in matters that are unrelated to astronomy or to any of the duties specified for this position. (For example, the job does not involve outreach in biology.). . . If Martin were not so superbly qualified, so breathtakingly above the other applicants in background and experience, then our decision would be much simpler. We could easily choose another applicant, and we could content ourselves with the idea that Martins religious beliefs played little role in our decision. However, this is not the case. As it is, no objective observer could possibly believe that we excluded Martin on any basis other than religious. . . . 33
  34. 34. How to Avoid Claims Arising From Social MediaSearches of Job Applicants•Implement and consistently follow practices and procedures regarding social media screening of applicants.•Train hiring personnel. 34
  35. 35. Suggestions and Considerations for a SocialMedia Screening Practice and Procedure• Create a list of the lawful information the company wants to find out from the online search and use that list in every search.• Decide whether the company will screen all applicants for all positions, or only for certain positions.• Have a neutral person conduct the online screening, filter out any protected information about the applicant, and report to the decision maker only information that lawfully can be considered.• Consider whether to conduct the online search before or after the in-person interview.• Consider whether to provide notice to applicants and whether to obtain the applicant’s consent before conducting the online search. Notice and consent is required if using a third party vendor. 35
  36. 36. Social Media at Work 36
  37. 37. Employees’ use of social networking sites• During work hours using the employer’s computer system.• On the employee’s own time using the employer’s computer system.• On the employee’s own time and about the company.• On the employee’s own time and about personal, but potentially illegal or otherwise objectionable, topics. 37
  38. 38. Overview of Employment Law Issues• Fair Employment Practices• Invasion of Privacy• Stored Communications Act• Labor Law• Wage and Hour 38
  39. 39. Fair Employment Practices• Two general areas of concerns: Disparate Treatment and Harassment.• Disparate Treatment: – Posts by a manager or supervisor on a social media site may be used as evidence of a discriminatory animus or provide admissions to support a discrimination claim. – Discriminatory application or enforcement of the employer’s social media policy.• Harassment: The use of blogs and other social media outlets to create an unlawful hostile work environment for an employee or group of employees in a protected class. 39
  40. 40. Maremont v. Susan Fredman Design Group,Ltd., 2011 WL 902444 (N.D. Ill. 2011)• Plaintiff, Jill Maremont, was the Director of Marketing, Public Relations and e-commerce for an interior design firm.• She had a popular personal following on Facebook and Twitter, and posted to both sites for work.• She created and posted to a blog for the interior design firm.• Plaintiff’s picture appeared on each Facebook post and Tweet.• She was seriously injured in an accident and was unable to work for 9 months. 40
  41. 41. Maremont v. Susan Fredman Design Group,Ltd.• While Maremont was out of work, her co-workers made Facebook posts and Tweets that looked like Maremont sent them.• She asked them to stop but they did not.• She finally changed her passwords.• She decided not return to work because of the firm’s hostility toward her. 41
  42. 42. Maremont v. Susan Fredman Design Group,Ltd.• Maremont brought a false endorsement claim under the Lanham (Trademark) Act against her employer.• False endorsement occurs when a person’s identity (the trademark) is connected with a product or service in such a way that consumers are likely to be misled about that person’s sponsorship or approval of the product or service.• Her employer, the interior design firm, filed a motion to dismiss. 42
  43. 43. Maremont v. Susan Fredman Design Group,Ltd.• The Court denied the motion to dismiss because Maremont alleged: – She was well-known in the interior design community and had a popular personal following on Facebook and Twitter. – She used Facebook and Twitter in a commercial context as an employee of the interior design firm. – Her employer deceptively used her name and picture to make posts on Facebook and Tweet. 43
  44. 44. Maremont v. Susan Fredman Design Group,Ltd.• Lessons Learned:• If you want an employee to post to social media sites as part of his or her job duties, be sure to have the employee do so using the company’s Facebook page or Twitter name or blog.• The company can control the content of what is posted and what is not.• If the employee is unable to post or no longer works for the company, the company keeps the page/blog/name and the following.• No liability for Lanham Act violations. 44
  45. 45. Pietrylo v. Hillstone Restaurant Group, 2009WL 3128420 (D.N.J. 2009)• Former employees claimed violation of Stored Communications Act.• The Act makes it an offense to intentionally access stored communications without authorization or in excess of authorization.• Exception: Conduct authorized by a user of the service with respect to the communication intended for that user.• Example: A Facebook account holder may authorize a non- account holder to access the account holder’s account. 45
  46. 46. Pietrylo v. Hillstone Restaurant Group• At issue was whether an employee “voluntarily” granted access to management to access the employee’s account on MySpace to access the “Spec- Tator” group, which housed pages created by employees to vent about work. 46
  47. 47. Pietrylo v. Hillstone Restaurant Group• The employee testified that: – She had to give her MySpace password to her supervisor because she worked for the restaurant and for the supervisor. – She would not have given her supervisor the password if he had not been a manager. – She would not have given her MySpace password to other co-workers. – She felt that she would have gotten in trouble if she had not given him the password. 47
  48. 48. Pietrylo v. Hillstone Restaurant Group (2009)• Jury verdict for the former employees• The restaurant, through its managers, had knowingly or intentionally or purposefully accessed the Spec-Tator group without authorization on 5 occasions.• The court denied the defendants’ motion for new trial and motion for judgment as a matter of law, concluding that the jury could reasonably infer that the employee’s purported “authorization” was coerced or provided under pressure. 48
  49. 49. Wage and Hour (Fair Labor Standards Act)• Nonexempt employees – Minimum wage for all “hours worked” – Overtime for all “hours worked” over 40 in a workweek• Use of social media on behalf of employer – May be “hours worked”, if employer had actual or constructive knowledge and gave explicit or implicit consent. – Even if outside of normal working hours. 49
  50. 50. Labor Law/National Labor Relations Act SECTION 7 OF NLRA• Provides all nonsupervisory employees the right to engage in protected and “concerted” activity• Includes discussions of “terms and conditions of employment”• Affords protection to non-unionized employees as well as employees represented by union 50
  51. 51. Labor Law (continued) SECTION 7 OF NLRA• Employer violates section 7 if employees would reasonably interpret work rule to limit concerted activity.• Violation occurs even if employer never enforces rule in a way that infringes on Section 7 rights.• Work rules relating to social media posts are unlawful if they can be reasonably interpreted as limiting employees’ right to discuss terms and conditions of employment. 51
  52. 52. Labor Law (continued) Examples of overly restrictive policies include rules prohibiting posting or discussion of:• Wages or benefits.• “Gossip”• Derogatory statements about employer or managers.• “Company’s business” 52
  53. 53. Facebook & Protected Concerted ActivitiesProtected Concerted Activity Individual Grievances and GripesProhibiting “disparaging, discriminatory Posting that customers are “rednecks”or defamatory comments” about and hoping that they choke on glass asCompany, supervisors, or coworkers they drove home drunk; no response from co-workers (although he received a Facebook message from his boss that he was fired!)Criticizing supervisor on Facebook Complaining on Facebook to sister-in- law about not getting a raise and doing the work of waitresses without tipsPosting comment on Facebook Posting that “mental institution” wherecriticizing food and beverage served at employee worked (actually a homelesssales event because poor quality affected shelter) was “spooky” at night; employeesales commissions; employee was was not “friends” with co-workers on“friends” with co-workers on Facebook Facebook 53
  54. 54. Labor Law (continued)• Unlawful Surveillance: Monitoring or creating impression that employer is monitoring employee’s private, off hours social media posts related to union organizing.• However, it is lawful to routinely scan a broad range of social media sites for references to the employer or its products/services. – The employer is not focused on or creating the impression of focusing on union activity. – Thus, the employer should not be seen as spying on its employees’ protected and concerted activities. 54
  55. 55. Minimizing the Risks because of Employees’ Useof Social Media• Implement and consistently follow policies and procedures regarding employees’ use of online social networking, blogging, and other social media sites (e.g. YouTube) at work and outside of work.• Develop a (lawful and reasonable) method to check compliance with the policies and procedures. 55
  56. 56. Basics of a Social Media Policy• Define what constitutes “social media” and “blogging” – “Blogging” should be defined to mean all web postings, such as those in chat rooms, on bulletin boards, and social networking sites (“micro-blogging”).• On social media sites that are not employer-sponsored, employees who mention their employer’s name should be required to include a disclaimer that the statements posted are those of the poster and do not necessarily represent the opinion of the employer and have not been approved or otherwise reviewed by the employer 56
  57. 57. Basics of a Social Media Policy (continued)• Don’t prohibit all postings relating to the employer because that would violate the NLRA. – Specifically define what topics are “off-limits.”• Notify employees that the policy applies at all times.• Advise employees to notify their supervisor or human resources about possible violations of the policy or other company policies, such as anti- harassment policies.• Notify employees that the company monitors internet usage on company- provided equipment and system for compliance with the policy. – This includes an employee’s personal email account that is accessed using the company’s computer system. 57
  58. 58. Basics of a Social Media Policy (continued)• A social media policy may prohibit: – The disclosure of the employer’s confidential information (which should be defined elsewhere in the handbook) – Disparaging remarks about the employer’s products or services – Disparaging and defamatory comments about competitors and other third-parties (especially if the poster identifies his or her employer) – Postings that threaten, harass or intimidate coworkers – Postings that endorse the employer’s products or services. 58
  59. 59. Basics of a Social Media Policy (continued)• A social media policy may prohibit: – Employees from using the employer’s trademark or logo without consent of a designated company official – Employees from using the employer’s computer systems or network access for posting to social media sites that are not sponsored by the employer – Postings that violate patient confidentiality or privacy rights under state or federal law (e.g., HIPAA).• Where employees are permitted to post on behalf of or for the employer, include policies limiting when employees may make those posts so as to control overtime. 59
  60. 60. Monitoring Employee Use ofSocial Media Sites (Lawfully)• Set up “Google alert” for company name and other key words.• Conduct key word search through company server.• Use of Internet search tools that provide “real-time and interactive social media monitoring and analytics” – Examples: sysomos, buzzstream, biz360, customscoop, echosonar, sentimentmetrics (not an endorsement) 60
  61. 61. THANK YOUJennifer A. Mansfield Lindsay Dennis 50 N. Laura Street, Suite 3900 Jacksonville, FL 32202 904-353-2000 61