Employee Social Media Accounts Garner Increased Attention
In 2015, I predict an increased focus on employees’ rights regarding their personal social media accounts. Since 2012, individual states have enacted laws prohibiting employers from requesting access to their employees’ (or job applicants’) personal social media accounts. In 2014 alone, six states enacted such laws, bringing the total number of states with this type of legislation to 18. (Click here for additional analysis of the impact of these laws on employers.)
In addition to individual states’ laws, I expect clarification on a national level regarding employer policies and actions related to employees’ personal social media accounts. In the past year, the National Labor Relations Board (NLRB) has started to focus on whether employer policies regarding employee social media accounts are consistent with the National Labor Relations Act (“Act”). The Act prohibits employers from interfering with employees who come together to discuss their employment for the purpose of collective bargaining or other mutual aid or protection. According to the NLRB, employees’ comments on their personal social media accounts can constitute protected activity under the Act. One recent NLRB case involved two employees who posted on their Facebook accounts about the employers’ alleged failure to correctly withhold taxes from their paychecks. The employer terminated the employees because of their comments on their personal social media accounts. The NLRB found that the employee’s comments were protected under the Act, ordered the employer to reinstate the employees, and ordered the employer to clarify its social media policy. The employer is now appealing the NLRB’s determination in court.
I predict not only that more states will enact employee social media account legislation, but also that the NLRB and the courts will provide more guidance on employer restrictions or sanctions related to employee social media use.
Cybersecurity Predictions from London
With fines for security breaches expected to rise dramatically under the proposed Data Protection Regulation and recent cybercrime/cyberterrorism looking to be an increasingly effective and efficient weapon across all industry sectors, we can expect companies to pay more attention to how they protect their personal data. In addition, we can expect to see more frequent and sophisticated attacks with a view to exposing personal data (or at least holding it for ransom), requiring increased security measures as a matter of course. We may also see increased difficulty in obtaining insurance coverage protecting against such attacks unless companies implement specific risk controls.