Meeting of March 12, 2014 - Social Media in the Workplace: Examining Implications for Equal Employment Opportunity Law
Thank you for inviting me to submit both written and oral testimony on how employers are using social media in today's workplace-I am honored to appear before you and discuss this topic. My name is Renée Jackson, and I lead the Social Media & Technology in the Workplace team within the Labor and Employment practice group at Nixon Peabody LLP. I focus my practice on the intersection between social media, technology, and the workplace, and I have been counseling employers across the country for several years on how to navigate this new and quickly evolving intersection.
Social media and technology have transformed the way that companies use information and conduct business, and I have been closely tracking how these changes impact employers. Our clients range greatly-in size, location, and industry-but nearly all of them are trying to understand how they can use social media to hire employees, promote their brand, and grow their business without running afoul of the law and employees' rights. Without question, the technologies at issue during this hearing are moving faster than the law ever could, so the challenge from the day I started thinking about these issues has been: How do employers (and their lawyers) apply old or static laws into these new spaces?
I have spoken at dozens of events and conferences on the legal risks of social media use in the workplace. I have written and been called upon to comment for articles analyzing these developing issues. I have counseled clients on how to lawfully use social media in the hiring process, the rights that employees have to use social media (both personally and in the workplace), whether an employee can be disciplined for a post made in social media, whether and how to investigate an issue arising out of social media that impacts the workplace or company brand, and various other issues relating to social media and technology. This combination has given me unique insights into the questions that many employers are grappling with.
Based on this background and knowledge, my testimony will outline the ways in which employers are using social media and the common issues they are facing when trying to do this lawfully. I will divide my testimony into two main sections: 1) use of social media during the recruiting and hiring process, and 2) use of social media during employment.1 I will focus my testimony on the laws and legal concepts that are most relevant to the EEOC's mission and enforcement plan.
First, I'd like to point out that there is no standard definition of social media. Therefore, for purposes of this public hearing, "social media" will refer to any websites or mobile device applications ("apps") that allow users to create, post, upload, comment on, interact with, or share content with other users (including the user's own network, networks of other users, or members of the public). Social media generally includes:
Other types of social media include: social games (Words With Friends), location-sharing (FourSquare), consumer review (Yelp), virtual worlds (Second Life), and social bookmarking (Reddit). Even sports news websites such as ESPN.com can be considered social media, as ESPN requires users to login to Facebook in order to comment on an article, and that user's current employer, current city, and photo can be listed along with his or her name and comment.
USE OF SOCIAL MEDIA IN RECRUITING AND HIRING
Employers are increasingly using social media to recruit talent and aid the hiring process, and candidates are increasingly using social media to find and apply for jobs. Employers use social media in recruiting and hiring for many reasons, including to:
Of course, concepts such as "fit," "well-roundedness," and "negative" can be nebulous and subjective. However, all of the employers that I work with and counsel are simply trying to lawfully incorporate social media into their traditional hiring practices, not use those concepts as pretext for discrimination. For example, most employers looking for "negative" information are looking for evidence of illegal drug use, violent or sexually explicit activities, poor communication skills, critical postings about previous or current employers, overt racism or discriminatory tendencies, or excessive personal social media use during working hours.
What laws are implicated by employer use of social media in the hiring process?
While internet searches and social media can be useful in the hiring process, the laws dictating what is and is not permissible are underdeveloped and lagging far behind technology. I advise companies using social media in the hiring process on how to comply with these existing laws:
Anti-Discrimination Laws: Federal, State, and Local
As the EEOC is well aware, federal, state, and local anti-discrimination laws protect individuals from discrimination in hiring based upon their protected class status. On the federal level, employers must comply with Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act of 1990, the Age Discrimination in Employment Act of 1967, the Genetic Information Nondiscrimination Act, the Vietnam Era Veterans' Readjustment Assistance Act, and the Uniformed Services Employment and Reemployment Rights Act of 1994. Employers must also comply with any applicable state or local laws providing greater protection against discrimination for additional protected classes, such as sexual orientation, gender identity, familial status, or marital status.
Both disparate treatment and disparate impact discrimination could theoretically arise from employer use of social media in the recruiting and hiring process. For example:
These are hypothetical examples only. Employers know that they cannot make hiring decisions based on protected class status, no matter where they get the information from. Anecdotally, the employers I work with and counsel are using social media to source candidates, post jobs, and accept applications for employment, but are not relying on social media alone to fill positions. They are not making hiring decisions based on a low social influence score or lack of a social media presence, unless a social media presence is job related (such as for a social media manager position). I have not heard of or read about any cases brought or threatened for discriminatory use of social media in the recruiting or hiring process.2 Nonetheless, I advise employers to be cautious, conservative, and consistent when using social media in recruiting and hiring.
Fair Credit Reporting Act
Employers often use third-parties to conduct background checks on potential employees. Under the Fair Credit Reporting Act (FCRA), these Consumer Reporting Agencies (CRAs) must meet certain requirements, including taking reasonable steps to ensure the maximum possible accuracy of the information reported. Employers using CRAs must also comply with the FCRA by providing notice to the applicant that a background check will take place, obtaining consent from the applicant to conduct a background check, providing notice to the applicant that information having a negative impact on the applicant's eligibility for employment has been found, and allowing time for the applicant to correct any incorrect information found in the consumer report. 15 U.S.C. § 1681 (1970).
Some employers also use third parties to conduct "social media background checks" on potential employees. These background checks are searches of the internet and social media for publicly-available information about or created by the applicant. These social media checks are typically conducted at the same time a traditional background check is done (i.e., at the offer stage). The leading service providers in this space obtain publicly available information from the internet and social media, but redact information regarding an applicant's protected class status before providing the report to the employer, which can help insulate employers from discrimination liability. See, e.g., http://www.socialintel.com/index.php/social-insight. Social media background check companies are consumer reporting agencies under the FCRA, and must comply with all FCRA regulations. See Letter from Maneesha Mithal, Assoc. Dir., Division of Privacy and Identity Protection, Bureau of Consumer Protection, to Renee Jackson, Associate, Nixon Peabody LLP, (May 9, 2011) (http://www.ftc.gov/os/closings/110509socialintelligenceletter.pdf). Companies that provide criminal history reports via mobile applications are also CRAs under the FCRA. In re Filiquarian Publishing, LLC, FTC File No. 112 3195 (http://www.ftc.gov/sites/default/files/documents/cases/2013/05/130501filquariando.pdf) (despite disclaimers that Filiquarian's apps, which compiled and sold criminal record reports, were not FCRA compliant, the FTC found that such disclaimers were not enough to avoid liability under the FCRA because the company advertised and expected that its reports could be used for employment purposes).
Consequently, I advise employers utilizing social media background check companies or mobile applications selling criminal history reports to follow FCRA regulations, including providing notice and authorization forms to applicants, and informing applicants of any adverse actions taken on the basis of these reports. Notably, employers conducting internet and/or social media searches of applicants internally (without the aid of an external third-party) do not need to comply with the FCRA. However, I advise employers conducting these searches internally to comply with the discrimination, privacy, and password protection laws discussed in this testimony.
Password Protection and Other Privacy Laws
Beginning in 2012, states began passing so-called "password protection" bills. These bills were introduced and later passed largely in response to news articles regarding a handful of employers who were reportedly asking applicants for the login information to their social media profiles. To date, 13 states have enacted password protection laws.3 Several more have bills pending. While these laws vary in scope, they generally prohibit employers from requesting username and password information or otherwise accessing the password-protected portions of an applicant's personal social media. Many of these laws protect current employees as well.
In 2013, the Password Protection Act of 2013 was introduced in Congress as S. 1426 and H.R. 2077. Both bills were referred to committee in mid-2013, but have seen no action since. However, the Stored Communications Act of 1986, 18 U.S.C. § 2701 et seq., which prohibits intentional access of electronic communications services without authorization, arguably already prohibited employers from accessing an applicant's social media. See Ehling v. Monmouth-Ocean Hospital Service Corp., 872 F. Supp. 2d 369 (D.N.J. 2012) (an employee's Facebook wall posts were protected by the Stored Communications Act); Pietrylo v. Hillstone Restaurant Group, d/b/a Houston's Restaurants, 2009 WL 3128420 (D.N.J. Sept. 25, 2009) (employer violated the Stored Communications Act by knowingly accessing a password-protected chat-group on a social networking website without authorization). Based on the Stored Communications Act and Pietrylo case alone, I had been advising employers to never request or use an applicant's or employee's user name and password to access their non-public social media profile information.
Regardless of the applicable laws, employers accessing the non-public portions of applicants' social media profiles is a non-issue. I have seen no evidence-anecdotal or otherwise-indicating that private-sector employers are trying to gain such access. I have not encountered a single client who is doing so. When I speak about these laws to clients and other human resources professionals, they indicate that they don't have the need, desire, or time to gain such access.
Of course, employers should be aware of the state laws currently applicable to them, but I advise employers in every state to refrain from requesting username or password information or otherwise requesting access to non-public potions of applicants' social media profiles during the hiring process.
How Can Employers Comply With These Existing Laws?
Employers have a patchwork of old and new, federal and state laws to comply with. Compliance is not easy or clear. I advise employers wishing to supplement traditional hiring practices with social media to consider the following options for compliance4:
USE OF SOCIAL MEDIA DURING EMPLOYMENT
Social media use has permeated the workplace. Employers use social media to promote their products and services, increase brand awareness, communicate with customers, and hire and retain employees. Employees use social media throughout the workday-on both computers and mobile devices-to stay connected with contacts, catch up on the latest news and gossip, take a break from work duties, and even play games. Some employees use social media on behalf of their employer, managing the company's social media presence and interacting with customers as part of their job duties. Many employees, like those in sales positions, use social media for business generation and development. It is common for co-workers to be connected with each other in social media-both personal and professional-regardless of reporting relationship. As a result of all of this, the line between personal and professional, work and play has become quite blurred.
What laws are implicated by the use of social media during employment?
Again, the laws dictating what is and is not permissible use of social media (by employers and employees) during employment are underdeveloped and lagging far behind technology. I advise companies on how to comply with these existing laws and guidance:
There are more laws and guidance implicated during the employment relationship than during the recruiting and hiring process. Most are unrelated to the subject matter of this public hearing and the laws that the EEOC enforces, so I will not discuss them in great detail here.
Federal and State Anti-Discrimination/Anti-Harassment Laws
As the EEOC is well aware, federal, state, and local anti-discrimination and anti-harassment laws protect individuals from discrimination and harassment in employment based upon their protected class status. On the federal level, employers must comply with Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act of 1990, the Age Discrimination in Employment Act of 1967, the Genetic Information Nondiscrimination Act, the Vietnam Era Veterans' Readjustment Assistance Act, and the Uniformed Services Employment and Reemployment Rights Act of 1994. Employers must also comply with any applicable state or local laws providing greater protections against discrimination and harassment.
Several cases detail the issues:
These cases make clear that viewing an employee's social media could lead to learning information about protected class status, protected activity for retaliation purposes, or the need for an accommodation (through pictures, status updates, biographical information, listed interests, etc.). However, the potential for harassment via social media is just as concerning. The use of social media between employees has created a more collegial and informal atmosphere of communication. This happens through less formal and more frequent communications, learning nuggets of personal information about co-workers, sharing more personal experiences and photos, and even playing social games with each other. In most respects, this increased ability to communicate and share is positive; but it can also lead to awkward and potentially harassing situations when use of such tools turns inappropriate or unwelcome.
When a supervisor asks to be a subordinate's friend on a social media site such as Facebook, it could create an awkward situation. If the subordinate accepts the invitation, the supervisor can see the subordinate's status updates, photos, wall postings, social activities, and other personal information, unless privacy settings are utilized. If the subordinate doesn't accept the invitation, he or she may be concerned that his or her employment opportunities may suffer or that the supervisor will be offended. From the perspective of the supervisor, being friends with a subordinate could lead to learning too much personal information about that employee and his or her social activities. It could also lead to imputed or actual knowledge under various EEO laws if, for example, the supervisor sees that one employee is making sexual comments about or to another employee on Facebook. Either way, the supervisor/subordinate dynamic is changed, and not necessarily for the better.
Employees have more ways to communicate with each other than ever, both inside and outside of the workplace. Misuse of social media can give rise to claims of sexual harassment or even cyber-stalking. Because of the informal nature of social media communications, comments can easily turn overly personal, sexual, or derogatory. Take, for example, image-sharing and messaging apps such as Snapchat and Confide, which are designed to make communications momentary, private, and fleeting.
Snapchat is a very popular messaging app that allows users to set a time limit (from one to ten seconds) for how long recipients can view their pictures or videos. After the time limit expires, the message self-deletes from the recipient's phone and from Snapchat's servers. As you can imagine, this messaging app has become a popular tool for sexting, cheating, and other scandalous, nefarious, and illegal purposes, but it has also become a popular way for people to share those more mundane or funny images of life that aren't deemed by the sender to be Facebook or Instagram worthy. Unsurprisingly, it was only a matter of time before someone attempted to adapt the technology for business use.
Confide, launched in January 2014, is the creation of a former AOL executive, who came up with the idea after he was asked via e-mail to give a reference for a former AOL employee. He didn't want to respond in writing to the e-mail, but also couldn't connect over the phone with the person requesting the reference. So he dreamed up a messaging app that would allow such a communication to take place in writing, but not be preserved. Confide allows iOS users to send text messages that delete upon reading. Confide has put several security measures in place to make sure that the message remains confidential and is not preserved. In order to reveal the text of a message, the recipient must swipe his or her finger along orange blocks covering each line of text. The orange blocks will then reappear to hide the words that have already been swiped. The purpose of this is to prevent the user from seeing the entire message at once and to prevent the user from taking a usable screenshot. The app also notifies the sender when the message is read and if the recipient takes a screenshot of the message.
The messages sent are not stored or maintained by Confide-the end-to-end encryption prevents Confide from possessing a retrievable copy. It is easy to see why such apps will have appeal. There are any number of reasons why secure confidential communications are needed. And businesses and other organizations, as well as individuals, are inundated with ESI (electronically stored data), most of which is unimportant, unwanted, under-utilized, or out of date. The ability to have such messages self-delete sounds very welcome. And it would be great to have messages self-delete before they are broadcast to an unintended or unwanted recipient. However, the potential for misuse, or even just the appearance of misuse or impropriety, is great. Auto-destruct messaging could be a tool for insider trading, leaking confidential or trade secret information, harassment, or simply furthering unwanted office gossip.
There are no laws specifically prohibiting auto-destruct messaging, and the laws that are implicated, at least to date, were not written with such apps in mind. However, in addition to the harassment issue, employers may be required to keep a record of such communications. In the employment law context, regulations implementing the Age Discrimination in Employment Act require employers to keep records "pertaining to the failure or refusal to hire any individual" for one year from the date of the personnel action to which the records relate. 29 C.F.R. 1627.3(b)(1)(i). And, regulations implementing Title VII, the Americans with Disabilities Act, and the Genetic Information Non-Discrimination Act require employers to preserve "[a]ny personnel or employment record made or kept by an employer (including but not necessarily limited to requests for reasonable accommodation, application forms submitted by applicants, and other records having to do with hiring, promotion, demotion, transfer, lay-off or termination, rates of pay or other terms of compensation, and selection for training or apprenticeship)" for one year from the date of the making of the record or the personnel action involved, whichever occurs later. 29 C.F.R. 1602.14. Of course, none of these regulations were drafted with self-destructing messaging apps in mind, but certainly an argument can be made that self-destructing messages are covered records and communications under these regulations. But it is a stretch to say that because such records and communications cannot be preserved, using these self-destructing messaging apps is per se unlawful under these statutes.
Family and Medical Leave Act and State Law Equivalents
Given the increase in employees sharing everyday details and experiences online, employers are increasingly becoming aware of employees who may be abusing leave protections under the Family and Medical Leave Act (29 U.S.C. §2601 et seq.) and state law equivalents. Often, in my experience, it is co-workers who complain to the employer about an employee on leave who is posting pictures or status updates indicating that perhaps the leave is not medically necessary. Employers have increasingly been asking whether they can discipline or terminate employees who appear to be abusing leave protections under the FMLA, ADA, and state law equivalents. See Jaszczyszyn v. Advantage Health Physician Network, 504 Fed. Appx. 440, 441 (6th Cir. Mich. 2012) (Five weeks into FMLA leave for a back injury, several of plaintiff's coworkers saw pictures of her drinking at a local festival on Facebook and brought the matter up with their supervisor. After reviewing the matter internally and meeting with plaintiff, the employer terminated her for fraud. Plaintiff alleged retaliation and interference claims under the FMLA and the court granted summary judgment for the employer.); Lineberry v. Richards, 2013 U.S. Dist. LEXIS 15540 (E.D. Mich. Feb. 5, 2013) (co-workers complained about Facebook vacation photos of fellow employee on leave, employee lied to Human Resources about the details of her trip, and was terminated; employer granted summary judgment).
National Labor Relations Act
Section 7 of the National Labor Relations Act (29 U.S.C. § 157) is applicable to both union and non-union employers. This section protects the rights of employees to form, join, or assist labor unions; to bargain collectively through representatives of their own choosing; to engage in "other concerted activities for the purpose of collective bargaining or other mutual aid or protection"; or to refrain from any of these activities. The National Labor Relations Board has recently focused its enforcement efforts on two areas relating to social media use in the workplace: 1) the content of employer social media policies, and 2) employer discipline of employees for their social media activities. The NLRB has been grappling with whether certain language in social media policies could reasonably be construed to chill the exercise of rights employees have under Section 7 and whether certain instances of employer discipline of employees for their social media activity violates the protections of Section 7. Guidance from the NLRB has been heavily fact-specific and is beyond the scope of this public hearing.
State Password Protection Laws and Federal and State Privacy Laws
These are the same password protection laws discussed in the previous section on recruiting and hiring. Many of these laws protect current employees as well, and prohibit employers from requesting the usernames and passwords of their employees' personal social media or otherwise accessing the password-protected portions of their employees' personal social media. During employment, these password protection laws become relevant in internal investigations. The Stored Communications Act and interpreting case law apply here as well. Employers often ask whether they can access employee social media during internal investigations (e.g., for misconduct, harassment, leaks of confidential information, absenteeism). I counsel them to use publicly available information or information that has been shared with them through a third party with authorized access to the content at issue (this is often co-workers or customers). I counsel them to avoid accessing social media through employee usernames and passwords that they have requested or otherwise have access to (through an auto-save feature on work computers, for example).
Federal and State Rules of Civil Procedure and Evidence
While I do generally track the discovery and evidentiary trends and decisions regarding social media, it has not been the focus of my practice. Decisions regarding the discoverability and admissibility of social media have been heavily case-specific, and often depend on the court in which the case was brought, the way the discovery request was drafted, and the privacy settings used by the social media user at issue. Despite the fact that admissibility is case-specific, it is clear that social media evidence can potentially be subject to discovery. I do defend employers in court, arbitration, and at the agency level, and it has become increasingly common for employers to look for publicly available social media content relevant to the issues in the case and to then request specific or relevant social media content during litigation.
Fair Labor Standards Act and State Law Equivalents
Given the increase in employee use of mobile devices and other portable technology, the parameters of the workday and the boundaries on working hours are no longer clear. Employers have increasingly been asking whether and how to pay their non-exempt employees for time spent using technology and social media outside of working hours on the employer's behalf or at the employer's request. These concepts are governed by the Fair Labor Standards Act (29 U.S.C. § 201 et seq.) and state law equivalents, which are well outside the scope of this public hearing and will not be discussed further.
Other Agency and Self-Regulatory Guidance
Several agencies and self-regulatory bodies are issuing guidance related to social media use. This includes the Federal Trade Commission's .com Disclosures and the Financial Industry Regulatory Authority, Inc.'s (FINRA) Regulatory Notices 10-06 and 11-39. These relate to company communications with customers and the general public. They are relevant to companies whose employees are using social media to communicate with customers or advertise to the general public. These are well outside the scope of this public hearing and will not be discussed further.
How Can Employers Comply With These Existing Laws?
Again, employers have a patchwork of old and new, federal and state laws to comply with. Compliance is not easy or clear. I advise employers wishing to consider the following options for compliance5:
1 There are some post-employment social media uses and issues as well, but the laws enforced by the EEOC are generally not implicated in that context, so I will not cover post-employment use of social media in my testimony.
2 The one case I am aware of, Nieman v. Grange Mut. Ins. Co., 2013 U.S. Dist. LEXIS 47685 (C.D. Ill. Apr. 2, 2013), was an age discrimination claim based partly on allegations that the Vice President of Human Resources conducted searches on LinkedIn to determine the ages of the candidates for a particular position. Summary judgment was awarded to the employer because plaintiff could not show that the searches were conducted and the employer had legitimate reasons to disqualify him from employment.
4 Of course, these are considerations. It may be that some are relevant or possible, while others are not. Employers need to consider their industry, workforce, and resources when considering compliance options.
5 Of course, these are considerations. It may be that some are relevant or possible, while others are not. Employers need to consider their industry, workforce, and resources when considering compliance options.