Privacy & Information Security Law Blog

As reported in the Hunton Employment & Labor Perspectives Blog:

The U.S. District Court for the District of New Jersey recently ruled that non-public Facebook wall posts are protected under the Federal Stored Communications Act (the “SCA”) in Ehling v. Monmouth-Ocean Hospital Service Corp., No. 2:11-CV-3305 (WMJ) (D.N.J. Aug. 20, 2013). The plaintiff was a registered nurse and paramedic at Monmouth-Ocean Hospital Service Corp. (“MONOC”). She maintained a personal Facebook profile and was “Facebook friends” with many of her coworkers but none of the MONOC managers. She adjusted her privacy preferences so only her “Facebook friends” could view the messages she posted onto her Facebook wall. Unbeknownst to the plaintiff, a coworker who was also a “Facebook friend” took screenshots of the plaintiff’s wall posts and sent them to a MONOC manager. When the manager learned of a wall post in which the plaintiff criticized Washington, D.C. paramedics in their response to a museum shooting, MONOC temporarily suspended the plaintiff with pay and delivered a memo warning her that the wall post reflected a “deliberate disregard for patient safety.” The plaintiff subsequently filed suit alleging violations of the SCA, among other claims.

Passed in 1986, the SCA provides protection to electronic communications that are configured to be private. The statutory language was drafted to address the potential privacy issues that could occur in the technology that existed in 1986, and the courts are tasked with adapting the language to modern technology. The District Court determined from the statutory language that the SCA protects: “(1) electronic communications, (2) that were transmitted via an electronic communication service, (3) that are in electronic storage, and (4) that are not public.”

Although MONOC management never solicited or had direct access to the plaintiff’s wall posts in any way, the District Court ruled that the wall posts were covered under the SCA. Addressing each criterion in turn, the District Court ruled that Facebook wall posts configured to be private are protected under the SCA. First, wall posts are electronic communications because Facebook users transmit data to Facebook servers when making a wall post. Second, the data from the wall post is transmitted via an electronic communication service because Facebook provides a service where users can send or receive electronic communications. Third, wall posts are in electronic storage because Facebook saves the information on a server immediately after the posting, and older posts are archived on separate pages that are still accessible to the user. Fourth, wall posts that are configured to be inaccessible to the general public are, by definition, not public.

Although Facebook wall posts are covered under the SCA, the statute provides two exceptions: the SCA “does not apply with respect to conduct authorized (1) by the person or entity providing a wire or electronic communications service; [or] (2) by a user of that service with respect to a communication intended for that user.” The District Court determined that the second exception applied because MONOC management was authorized to access the wall posts because the coworker volunteered the information without being coerced or pressured, and the coworker was a Facebook user whom the plaintiff intended to view her wall posts by virtue of her privacy settings.

Very few courts have addressed the specific issue in this case, so it has been unclear whether Facebook posts are protected under the SCA. With the amount of information the modern person places onto social media, employers may find it convenient to use such information to make employment-related decisions. The federal court here, however, has made clear that non-public Facebook wall posts are indeed protected by the SCA, and employers may be held liable if they access such information without authorization. It is unclear whether the overall damages scheme has been altered considering the employer prevailed on the SCA claim, but the statute provides for a recovery floor of $1,000 consisting of the plaintiff’s actual damages and the violator’s profit, as well as costs and fees. Punitive damages may also be assessed for a willful or intentional violation. Although the company prevailed here because of the facts, employers should consider the SCA and other privacy issues when managing employees’ social media use. Also, as discussed in previous articles, employers should be cognizant of the National Labor Relations Board’s expansive rulings asserting that communications between employees addressing the terms and conditions of employment may be protected under the National Labor Relations Act.