The District of New Jersey recently addressed whether an employer violated the Stored Communications Act (SCA), 18 U.S.C. §§ 2701-11, by reviewing an employee's Facebook posts. The posts were voluntarily provided to the employer by the plaintiff's co-worker/Facebook friend.
In Ehling v. Monmouth-Ocean Hospital Service Corp. et al. (MONOC), 2013 WL 4436539 (D.N.J. August 20, 2013), the plaintiff, a registered nurse, paramedic and acting president of the local union, maintained a private group within her Facebook account where only those who were Plaintiff's Facebook friends were permitted to access and view postings on her Facebook "wall." While the plaintiff invited co-workers to be her Facebook friends, she did not invite any members of management. As alleged in the complaint, there was purportedly significant animus between the plaintiff and management, allegedly stemming from the plaintiff's union activities and her deposition testimony in a wage and hour lawsuit filed by employees against MONOC.
Unbeknownst to the plaintiff, one of the plaintiff's co-worker Facebook friends, Tim Ronco (Ronco), took screenshots of her Facebook wall and gave them to a MONOC manager. The evidence at summary judgment was that Ronco independently came up with the idea to send the plaintiff's posts to the manager, and the manager never asked or demanded that Ronco provide the posts or the plaintiff's Facebook password. Interestingly, while the manager was deposed, Ronco, then a former employee traveling in an RV, was not.
One such posting was a 2009 comment the plaintiff made regarding a shooting that took place at the Holocaust Museum in Washington, DC, stating:
- An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards ....go to target practice.
Upon being informed of the post, MONOC allegedly sent letters regarding same to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services. The letters stated that MONOC was concerned that the plaintiff's Facebook posting showed a disregard for patient safety (given the post's insinuation that the paramedics acted inappropriately in saving the shooter's life).
In her complaint, the plaintiff alleged that MONOC violated the SCA and invaded her privacy.
The SCA provides that whoever: "(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters or prevents the authorized access to a wire or electronic communication while in electronic storage in such a system" shall be liable for damages. 18 U.S.C. § 2701(a); 18 U.S.C. § 2707 (providing for civil liability under the statute). The statute further provides that "[i]t shall not be unlawful ... [to] access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public." 18 U.S.C. § 2511(2)(g)(i).
The court held, as a threshold matter, that the SCA applied to the plaintiff's Facebook wall posts because they were: (1) electronic communications [i.e., Facebook wall posts]; (2) transmitted via an electronic communication service [Facebook]; (3) that were in electronic storage [Facebook saves and archives wall posts indefinitely]; and (4) not public [because the plaintiff limited access to her Facebook friends].
However, one of the exceptions to the SCA is for conduct authorized "by a user of that service with respect to a communication of or intended for that user." 18 U.S.C. § 2701(c) (the aptly called "authorized user" exception). The court found that this exception applied because: (1) Ronco voluntarily provided the plaintiff's Facebook posts to the MONOC manager without coercion or pressure; (2) the plaintiff's Facebook post was authorized by "a user of that service," in that Ronco was a Facebook user, a Facebook friend of the plaintiff, and the plaintiff posted on Ronco's Facebook wall; and (3) the posts were "intended for [Ronco]."
As to the invasion of privacy claim, it also failed because the plaintiff's Facebook friend (Ronco) freely chose to share the plaintiff's posts with MONOC management. Further, there was no evidence that MONOC management obtained access to the plaintiff's Facebook page by logging into her account, logging into another employee's account, or asking another employee to log into Facebook. As the court explained, while Ronco's provision of the plaintiff's posts to MONOC management "may have been a violation of trust ... it was not a violation of privacy."
The Take-Away
The morals of this story are that: (1) an employee's Facebook posts are likely protected by the SCA if the employee limits access to his or her Facebook friends; (2) an employer's unsolicited use of Facebook posts voluntarily turned over by a co-worker will likely not violate the SCA or create a cause of action for invasion of privacy; and (3) under the SCA, the bright line remains that where an employer coerces an employee to provide access to his or her, or co-worker's, private Facebook accounts, an SCA cause of action will likely lie. Finally, New Jersey employers need to remember that pursuant to the recently passed social media privacy law, effective December 1, 2013, with limited exception, they are prohibited from requiring that current or prospective employees disclose usernames and passwords to their private social media accounts.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
