In mid-September, a district court ruled that the federal Stored Communications Act (SCA) protects private Facebook wall posts from access by unauthorized users. Employer user of social media information in employment decisions has garnered much attention in recent years. Several states have even passed laws precluding employers from asking for employee or applicant Facebook passwords, while the National Labor Relations Board has considered Facebook material as a potential exercise of rights under the National Labor Relations Act. This article takes a look at how the federal SCA applies to Facebook material in making employment decisions.
What is the SCA?
The SCA refers to a pre-Internet statute enacted in 1986. It is a part of the Electronic Communications Privacy Act of 1986 (ECPA). Normally, it prohibits unauthorized access to non-public electronic communications that were transmitted by an electronic communication system and are in electronic storage.
In this case, the court found that Facebook wall posts are subject to the SCA. They are electronic communications (since they are made over the internet); transmitted through an electronic communication service (since Facebook permits users to send and receive electronic messages to each other through emails and posts); maintained in electronic storage (Facebook archives all old posts and emails); and they are not accessible to the general public.
In Ehling v. Monmouth-Ocean Hosp. Serv. Corp., the US District Court for the District of New Jersey held that Facebook wall posts protected by privacy settings satisfy all of the requirements for protection under the SCA because Facebook posts are electronic communications that are transmitted by an electronic communication system and are stored electronically on Facebook’s servers.
Despite this holding, the Ehling court granted summary judgment against the plaintiff, an employee who had been suspended by her employer based on the content of non-public Facebook posts. The court explained that screenshots of the problematic posts had been sent voluntarily to the employer by one of the plaintiff’s Facebook “friends,” who had authorization to view the plaintiff’s posts. Thus, the court held that the employer’s actions were permitted under the “authorized user” exception to the SCA.
This ruling provides even more reason for employers to avoid unauthorized access to an employee’s social media activities. The court’s holding is consistent with the passage by 11 states of laws prohibiting employers from demanding social media passwords from employees. However, employers that learn of social media activity by employees through passive means may still be able to take action based on that information.
Deborah Ehling, the plaintiff in this case, was hired by a New Jersey hospital as a registered nurse and paramedic in 2004. She later became the president of the union of professional emergency medical services workers in the state. Ehling maintained a Facebook account with approximately 300 friends, which included several coworkers. She had set her Facebook privacy settings so that only her friends could view posts on her Facebook wall. None of Ehling’s managers or supervisors at the hospital were her Facebook friends.
In 2009, Ehling posted a statement on her Facebook wall which criticized emergency response paramedics at a shooting at the Holocaust Museum in Washington, D.C., who reportedly saved the life of the shooter. A coworker who was her Facebook friend printed a screenshot of her post and gave it to Ehling’s manager, who then passed it on t hospital administrators.
Ehling was temporarily suspended with pay and warned that her post reflected “deliberate disregard for patient safety.” This prompted Ehling to file a complaint with the National Labor Relations Board, which found no privacy violation and no unfair labor practice, since the hospital management had not itself accessed or solicited the wall post.
When Ehling was later terminated for attendance reasons, she brought suit alleging invasion of privacy under New Jersey state law, as well as violations of the SCA, amongst other claims.
Not only did the court dismiss Ehling’s SCA claim, but it also ruled against her on her invasion of privacy claim. It found that hospital management was a passive recipient of information. There was no intentional, offensive intrusion on Ehling’s solitude or seclusion The court found that Ehling “voluntarily gave information to her Facebook friend, and her Facebook friend voluntarily gave that information to someone else. This may have been a violation of trust, but it was not a violation of privacy.”
This article takes a look at a recent case (Ehling v. Monmouth-Ocean Hospital Service Corp.) in which an employee claimed that she was protected by the Stored Communications Act (SCA), when information she has posted to her Facebook resulted in her termination. This case is an important reminder to employers against unauthorized access to employees’ social media activities that are not open to the general public.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US), a privacy professional should be comfortable with topics related to this post, including:
- Electronic Communications Privacy Act – ECPA (III.A.b.ii.)
- National Labor Relations Board – NLRB (IV.A.b.iv.)