Hawai‘i has jumped on the bandwagon of states (along with 31 other states, according to the National Conference of State Legislatures) introducing legislation to ban employers from requesting access to social media accounts of job applicants.  Several bills on the subject were introduced in this year’s legislative session, but the one that appears to have the best chance of becoming law is HB713 H.D. 2 S.D. 1 (HB713).  The bill has passed the House and gained the approval of two Senate committees.  Next up for the bill is review by the Senate Judiciary Committee.  As HB713 gains traction, let’s take a look at what it says and some issues it raises in its current form.

SUMMARY OF HB713, H.D. 2

HB713 would insert a new section into the Hawai‘i statute governing discriminatory employment practices, Hawai‘i Revised Statutes (HRS) chapter 378, part I.  The proposed law would apply to both job applicants and existing employees.  Employers are prohibited from gaining access to a “personal account,” which is defined as:

An account, service, or profile on a social networking website that is used by an employee or potential employee exclusively for personal communications unrelated to any business purposes of the employer.  This definition shall not apply to any account, service, profile, or electronic mail created, maintained, used, or accessed by an employee or potential employee for business purposes of the employer or to engage in business-related communications.

Specifically, an employer may not “require, request, suggest, or cause” an employee or job applicant to: (1) turn over access to his or her personal account; (2) access his or her personal account while the employer looks on; or (3) divulge any personal account.  An employer also may not fire, discipline, threaten, or retaliate against an employee or job applicant for turning down an illegal request for access.

There are exceptions, however.

  • An employer may conduct an investigation to ensure compliance with law, regulatory requirements, or prohibitions against work-related employee misconduct based on receipt of specific information about activity on a personal online account or service by an employee or other source.
  • An employer may conduct an investigation of an employee’s actions based on the receipt of specific information about unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to a personal online account or service.
  • An employer may monitor, review, access, or block electronic data (a) stored on an electronic communications device that it pays for in part or in whole, or (b) traveling through or stored on an employer’s network, in compliance with state and federal law.
  • An employer may get an employee’s login credentials to access an electronic communications device supplied or paid for in whole or in part by the employer.
  • An employer may get an employee’s login credentials to access accounts or services provided by the employer or “by virtue of the employee’s employment relationship with the employer” or that the employee uses for business purposes.
  • HB713 specifies that the proposed law is not intended to prevent an employer from complying with other law or the rules of self-regulatory organizations, and that the proposed law should not be construed to conflict with federal law.

OBSERVATIONS AND CONCERNS

Shoulder surfing nixed.  The bill appears to make “shoulder surfing” by an employer illegal per se.  Suppose an employee tells his boss, “Man, you cannot believe the whales my friend saw on her boat this weekend!  She sent me a video of it on Facebook.”  Intrigued, the boss says he wants to see the video.  The employee obliges by logging on to her Facebook account while her boss watches over her shoulder.  Did the boss unlawfully “request” that the employee grant him access to her “personal account”?  Technically, yes.  Note that HB713 has no exception for voluntary consent of the employee.

“Friending” employees might become illegal.  Employers and employees sometimes connect on the same social network.  While it isn’t always a good idea for an employer to “friend” an employee, it’s not illegal to do so—unless, perhaps, HB713 becomes the law.  HB713 bans an employer from requesting that an employee “divulge any personal account.”  Yet, that’s exactly what a friend request does—it requests access to portions of a social media account that can be viewed only by the account owner’s “friends.”  The “divulge” language probably was intended to reach situations where an employer demands that an employee hand over access to another employee’s personal account.  But as written, HB713’s prohibition against divulging any personal account could be interpreted to apply to innocent “friending.”

The line between personal and private is blurry.  In a perfect world, employees would use business social media accounts strictly for business purposes and conduct all of their personal social media activity using separate social media accounts.   That’s a best practice, not necessarily reality.  The line between personal and business can get blurry in the social media space.  It’s not unusual for employees to talk about work or promote their company within their personal social networks.  If the employee uses his or her personal account for work purposes, shouldn’t the employer, who might have responsibility for the actions of its employee, be entitled to access the employee’s personal account in certain circumstances?  On the other hand, to what extent must an employee use his or her personal account for work-related interactions before the employer should be allowed access to the account?  These are difficult issues.

To address the issue, the latest draft of the bill tightens up the definition of “personal account” a bit and specifies that an employer may obtain login credentials from an employee to access “[a]ny accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes.”  This language is somewhat vague.  For example, what does “by virtue of the employer’s employment relationship with the employer” mean?  It might well be that HB713 is trying to draw artificial distinctions between personal and work social media accounts when in practice, the distinction is sometimes fuzzy at best.

HB713 still has a few hurdles to overcome before it becomes law.  Here at LegalTXTS, we’ll keep an eye out for the status of the bill.

Check out the article on Internet firings posted on HR Hero’s “Technology for HR” blog.  The article talks about the firing of the Applebee’s waitress who snapped a picture of a receipt on which the customer,  a pastor, wrote: “I give God 10%  Why do you get 18?”  and posted it on Reddit.  I was happy to provide commentary for the article on Applebee’s social media policy and suggest tips for employers dealing with embarrassing Internet activity of employees like the Applebee’s incident.

NLRB Strikes Down Restrictions on Employee Communications on Social Media and Elsewhere — DirectTV U.S. DirecTV Holdings, LLC, 359 NLRB 54 (Jan. 25, 2013)

On the same day that the D.C. Circuit Court of Appeals ruled that President Obama’s recess appointments to the National Labor Relations Board (NLRB) were unconstitutional, the NLRB struck down several of DirectTV’s work rules, including one relating to social media use.  The ruling comes as little surprise, as it mirrors the positions and rationale stated in previous Guidance Memoranda issued by the NLRB’s Office of General Counsel.  Of course, this decision carries more weight because it’s issued by the Board itself (but query the ruling’s validity in light of the D.C. Circuit decision).

Restrictions on employee communication with the media

The first two rules instructed employees to “not contact the media,” and “not contact or comment to any media about the company unless pre-authorized by Public Relations.”  Section 7 of the National Labor Relations Act (NLRA) protects employee communications with the media concerning labor disputes.  The broad and unequivocal language of the rules could lead an employee to believe that such protected activity is not permitted under the rules, which is unlawful, the NLRB.  The rules did not distinguish between protected and unprotected communications (e.g., maliciously false statements).

Restrictions on employee communication with NRLB agents

The next rule in question stated: “If law enforcement wants to interview or obtain information regarding a DIRECTV employee, whether in person or by telephone/email, the employee should contact the security department . . . who will handle contact with law enforcement agencies and any needed coordination with DIRECTV departments.”  The NLRB found that this rule would make employees think that they must go through their employer before cooperating with an NLRB investigation, as NLRB agents could reasonably be considered “law enforcement” as far as labor matters are concerned.  This violates Section 8(a)(4) of the NLRA, which protects employees who file unfair labor practice charges or who provide information in the course of an NLRB investigation.  While an employer could have a legitimate interest in knowing about attempts by law enforcement agents to interview employees, the rule failed to separate out those situations from those in which the Section 8(a)(4) protections apply.

Confidentiality

DirecTV instructed employees to “[n]ever discuss details about your job, company business or work projects with anyone outside the company” and to “[n]ever give out information about customers or DIRECTV employees.”  The rule identified “employee records” as one of the categories of “company information” that must be kept confidential.  The NLRB struck down these rules because employees could reasonably understand them to restrict discussion of their wages and other terms of conditions of employment.  The rule was also deficient in not exempting protected communications with third parties such as union representatives, NLRB agents, or other governmental agencies concerned with workplace matters.

Online Disclosures of “Company Information”

DirecTV posted a corporate policy on its intranet stating: “Employees may not blog, enter chat rooms, post messages on public websites or otherwise disclose company information that is not already disclosed as a public record.”  In addition to the policies on the intranet, DirecTV issued a handbook with overlapping sets of rules governing employee conduct and effectively directed employees to read them as one.  The handbook contains a confidentiality rule that defines “company information” as including “employee records.”  Reading the two policies together, an employee could understand the intranet policy to prohibit online disclosure of information concerning wages, discipline, and performance ratings.

LegalTXT NotesThis ruling isn’t groundbreaking, but it confirms that the Board agrees with the positions taken in the previous OGC Guidance Memoranda on social media policies.  The D.C. Circuit does cast a pall over the validity of this ruling, although the NLRB supported the ruling with multiple Board decisions that were issued well before the recess appointments were made.

Now that the 2013 legislative session in Hawai‘i is in full swing, let’s take a look at what new measures are in the pipeline to regulate Internet activity.  A chart of relevant information about each bill is available here.  Here’s a summary of the Internet-related proposals working their way through the legislature.

Social Media and Internet Account Passwords

A set of bills (SB207 and HB713) proposes to join other states in banning employers from asking employees or job applicants to disclose the passwords to their personal social media accounts.  Another set of proposals (HB1104 and HB1023) would extend the ban to educational institutions and their students or prospective students.

Privacy Policies

Two bills (HB39 and SB729) would make it a legal requirement for operators of a commercial website or online service to post a privacy policy on their website.

Cyberbullying

Three bills (HB1226, SB525, and HB397) would require the board of education to adopt various policies and programs to combat cyberbullying in public and charter schools.

Teacher/Student Interactions

Apparently responding to incidents in which teachers and students conducted inappropriate relationships online, HB678 would allow a teacher in a public or charter school to engage in electronic communication with a student (including cell phone calls) only on Department of Education networks and systems.

Identity Theft

SB325 would require businesses to implement a comprehensive, written policy and procedure to prevent identity theft and train all employees in implementation of the same.

Cybersecurity

HB462 would establish a statewide cybersecurity council to identify and assess critical computer infrastructure, identify cybersecurity “best practices,” recommend incentives for voluntary adoption of such best practices, evaluate the efficacy of such practices, and report annually to the legislature.

We’ll be tracking these bills, reporting on their status periodically, and posting revisions to the chart.  Stay tuned!

The steady flow of memos and decisions on social media from the NLRB in the last two years regarding social media has left many employers bewildered about the do’s and don’ts of social media policies.  The NLRB has been rather active in striking down social media policies for unlawfully restricting activity protected by Section 7 of the National Labor Relations Act (NLRA).  In the midst of this confusion, allow me to direct your attention to a little feature with a heroic name – the Savings Clause.  A Savings Clause is a statement that sets boundaries around a social media policy.  It’s basically a disclaimer.  It says something along the lines of, “this policy should not be interpreted to prohibit X,” and theoretically, that clarification should “save” a rule from being illegal. Pretty nifty, eh?

Now, before you think popping a Savings Clause into a social media policy will magically shield you from legal trouble, it’s a bit more complicated than that.  The NLRB has spoken on Savings Clauses in social media policies since its Office of the General Counsel (OGC) issued the third memo on social media on May 30, 2012.   The NLRB also weighed in on Savings Clauses in its September 18, 2012 decision striking down Costco’s social media policy (the first NRLB decision addressing social media issues); its September 25, 2012 decision striking down Echostar Technologies’ social media policy; and the OGC’s Advice Memorandum issued on October 19, 2012.  The fact that the NLRB has issued all this “guidance” should give employers pause about thinking that Savings Clauses are simple to write.  They’re not.  But NLRB guidance suggests that Savings Clauses can be effective if written well.

Here are some tips on using Savings Clauses drawn from NLRB decisions and memos.

1.  Having a Savings Clause is a good idea.

This might seem obvious, but it’s generally a good idea to include a Savings Clause in your social media policy.  The NLRB was critical of Costco’s social media policy for not including any type of disclaimer stating that the policy was not intended to interfere with the employees’ rights to engage in activity protected by the NLRA.  The NLRB did not go as far as to say that the policy’s other defects would have been cured by a Savings Clause, but the fact that it criticized a social media policy for not having any Savings Clause strongly suggests that having one could only help.

2.  Savings clauses don’t save rules that explicitly prohibit concerted, protected activity.

There are some policies even a Savings Clause can’t make better.  For example, the OGC’s May 30, 2012 Memo examined a policy that prohibited employees from posting information about employer shutdowns and work stoppages, and from speaking publicly about the workplace, work satisfaction or dissatisfaction, wages, hours, or work conditions.  The Savings Clause in the policy stated:

This policy will not be interpreted in a way that would interfere with the rights of employees to self organize, form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, or to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection or to refrain from engaging in such activities.

The NLRB said that an employee reading the policy would reasonably conclude that the policy prohibited protected activities despite what the Savings Clause said.  The lesson here is that a policy can’t forbid activity protected by the NLRA and then expect a Savings Clause to rescue the policy from being unlawful.

3.  Use terms your employees can understand. 

The Savings Clause in the policy we looked at in the last bullet point suffered from the additional problem of using the term “concerted activities.”  The NLRB criticized the clause for not explaining to a layperson what the right to engage in “concerted activity” entails.  Lawyers might understand what “concerted activity” or “protected activity” refer to, but employees without legal training might not.  Avoid using legal terminology in the Savings Clause.  Use plain English instead.

4.  Don’t be vague.

A Savings Clause can’t be too vague, or it won’t end up “saving” anything.  So what’s considered vague?

A Savings Clause stating that if the policy conflicts with law, “the appropriate law shall be applied and interpreted so as to make the policy lawful” is too vague, according to the NLRB’s Echostar decision.  A good Savings Clause must be specific enough to give employees an idea of how the social media policy will be interpreted.  A generic statement that the policy is intended to comply with the law means little unless the employer provides some context for the statement.

What if the Savings Clause made the policy subject to a specific law, like the NLRA?  That’s better, but still not good enough.  The OGC’s May 30, 2012 Memo disapproved of two Savings Clauses, one stating that the policy “will be administered in compliance with applicable laws and regulations (including Section 7 of the National Labor Relations Act),” and another stating that the policy “will not be construed or applied in a manner that improperly interferes with employees’ rights under the National Labor Relations Act.”  The NLRB found both Savings Clauses too vague to cure the policies from being overbroad.

So just how specific should a Savings Clause be?  That leads us to–

5.  Identify the kind of activity being “saved.” 

The OGC’s October 19, 2012 Advice Memo emphasized the importance of drafting rules that provide employees with context.  “[R]ules that clarify and restrict their scope by including examples of clearly illegal or unprotected conduct, so that they would not be reasonably construed to cover protected activity, are not unlawful,” the Advice Memo explained.  A Savings Clause can help provide the needed context.  The Advice Memo approved of Cox Communications, Inc.’s social media policy, which contained the following Savings Clause:

Nothing in Cox’s social media policy is designed to interfere with, restrain, or prevent employee communications regarding wages, hours, or other terms and conditions of employment.  Cox Employees have the right to engage in or refrain from such activities.

This Savings Clause specifically identified the kind of activity that is permitted—employee communications regarding wages, hours, or other terms and conditions of employment—so as to eliminate any doubt that other rules in the policy might prohibit activity that is protected by the NLRA.

In sum, I hope these tips will help you get the most out of Savings Clauses.