On August 20, 2013, a Federal District Court in New Jersey issued an opinion applying the Federal Stored Communications Act (“SCA”), 18 U.S.C. §2701 – 11, to non-public Facebook pages. In Ehling v. Monmouth-Ocean Hospital Service Corp., D.N.J. No. 2:11-cv-03305, a co-worker, who was “friends” with the plaintiff on Facebook and was able to view her posts, forwarded a number of the plaintiff’s inappropriate posts regarding her work on to their employer. The employer could not directly access these posts because of the plaintiff’s privacy settings on her Facebook profile. Ultimately, the employer terminated the plaintiff for making these posts that were forwarded on to the employer. The plaintiff sued, alleging that the employer violated the SCA by accessing her non-public posts.
The court agreed with plaintiff that because her Facebook posts were not publicly accessible, the SCA protected them from unauthorized access. However, the court held that the employer did not violate the SCA in this instance because one of the exceptions to liability under the SCA applied in this situation. The employee who forwarded the post was authorized to access it, and under the SCA, that employee was also authorized to then forward it onto whomever he pleases. So long as the employer did not in any way coerce the employee to forward the posts, the employer did not violate the SCA despite the fact that the plaintiff never directly authorized the employer to access the posts.
Although the court ultimately ruled in favor of the employer, the take-away from this case for businesses is that courts in your jurisdiction will be much more likely to follow the New Jersey federal court and apply SCA protections to employee Facebook and other social media accounts. If you as the employer are not authorized to access an employee’s social media page, then you may violate the SCA by doing so. In addition, if an employer wishes to gain access to an employee’s social media page for whatever reason, it will be important not to attempt to do so in any way that a court could find coercive. Eliciting authorization in a coercive way, either directly from the employee or from another person authorized to access the employee’s page, could expose an employer to liability under the SCA.
Employers should likewise be aware of a growing trend among federal courts applying SCA protections to online employee privacy. Just a few months ago, in Lazette v. Kulmatycki, N.D. Ohio No. 3:12CV2416 (June 5, 2013), the Northern Federal District Court of Ohio held that the SCA provided some protection to personal employee emails stored on an employer-issued smart phone. (For an analysis of that case, see Nathan Pangrace's Great Work! blog post here). Courts have found creative ways to apply the SCA (which became law in 1986) to modern-day issues. Granted this emerging trend, it would be prudent for any employer to thoroughly evaluate any action that could be construed as intruding into an employee's electronic privacy.