In Pietrylo v. Hillstone Restaurant Group, a server at a Houston's restaurant in New Jersey created a MySpace.com group whose purpose was to let current and former employees "vent" about their experience while working at the restaurant. The user group was invitation-only and required a password to enter and view the postings. The page included posts containing vulgar and sexually explicit comments as well as references to violence and illegal drug use. Eventually, a manager of the restaurant learned of this group page and asked a hostess (who had been invited to join the group) to provide him with her personal login information so he could access the page. Although the manager made no threats against her if she refused, the hostess testified that she thought she "would have gotten in some sort of trouble" if she refused to cooperate. Shortly thereafter, the company terminated plaintiffs based on their comments on the site and involvement in creating it.
Plaintiffs sued in federal district court in New Jersey, alleging, among other claims, terminations in violation of public policy, invasion of privacy, and violation of the federal Stored Communications Act (SCA) and parallel state statutes. A federal jury found that the restaurant's managers violated state and federal laws that protect the privacy of online communications, and awarded plaintiffs $3,400 in back-pay and $13,600 in punitive damages. Specifically, the jury determined that the company violated the SCA and parallel state provisions in the way that it gained access to the MySpace postings, namely management requesting and using the hostess's password to access the site. The jury, however, rejected plaintiffs' privacy claims, explaining that plaintiffs did not have a reasonable expectation of privacy in the MySpace group page. The jury also rejected plaintiffs' claims for damages suffered as a result of emotional distress.
This case highlights the challenges employers face with respect to employees' blogs and social networking sites that contain work-related speech. While this decision does not restrict an employer's right to monitor communications and information within its own computer networks, it demonstrates the risks of attempting to access an employee's restricted online content without the employee's authorization. Employers should consider implementing written policies that address employee work-related speech on social networking and other online sites to require that employees observe appropriate guidelines when referring to the company, its employees, services, and customers.