Antitrust and Unfair Competition Law
Competition: Fall 2019, Vol 29, No. 2
Content
- Chair's Column
- Competitive Balance In Sports: "Peculiar Economics" Over the Last Thirty Years
- Compliance With the California Consumer Privacy Act In the Workplace: What Employers Need To Know
- Editor's Note
- Let Me Ride: No Short-cuts In the Antitrust Analysis of Ride Hailing
- Masthead
- Monopsony and Its Impact On Wages and Employment: Past and Future Merger Review
- Protecting Company Confidential Data In a Free Employee Mobility State: What Companies Doing Business In California Need To Know In Light of Recent Decisions and Evolving Workplace Technology
- The Complexities of Litigating a No-poach Class Claim In the Franchise Context
- Whistleblowing and Criminal Antitrust Cartels: a Primer and Call For Reform
- Social Media Privacy Legislation and Its Implications For Employers and Employees Alike
SOCIAL MEDIA PRIVACY LEGISLATION AND ITS IMPLICATIONS FOR EMPLOYERS AND EMPLOYEES ALIKE
By Robert B. Milligan, Daniel P. Hart and Sierra Chinn-Liu1
I. INTRODUCTION
According to the Pew Research Center, approximately seven-in-ten Americans use social media to connect with one another, engage with news content, share information and entertain themselves.2 YouTube and Facebook are the most widely used online platforms: these two platforms, respectively, are visited by 73% and 69% of Americans every day.3 Sites and applications such as Twitter, Instagram, LinkedIn, and SnapChat also garner substantial daily use.4
Social media clearly influences and permeates our daily livesâand the workplace is no exception. Companies frequently conduct business via social platforms, and employees often use social media on the job for both personal and work-related reasons.5 The pervasive use of social media, however, creates a tension between the rights of employees to personal privacy on the one hand, and the needs of companies on the other, to protect corporate intellectual property, comply with regulatory reporting requirements, guard against cyber threats, and maintain appropriate systems and data management practices.
To address these concerns, starting in 2012, twenty-six states enacted social media privacy laws that prevent or limit employers from requesting passwords to current or prospective employees’ personal internet and social media accounts.6 In varying degrees and differing ways, these laws directly impact an employer’s ability to request or require an applicant or employee to disclose his or her username and/or password; to open his or her internet or social media accounts in the presence of a supervisor; to add a representative of the employer to the employee’s contact list; or to otherwise alter the privacy settings associated with the employee’s internet or social media accounts.7 Many of the laws include a right of action to an employee subjected to statutory social media privacy violations, and provide various forms of reliefâincluding, but not limited to, money damages, penalties, injunctions, and attorneys’ fees. One state (Michigan) has even gone so far as to make it a misdemeanor for an employer to violate its social media privacy statute.8
[Page 83]
Most social media privacy laws contain liability exceptions and safe harbors for employers, however. For example, a number of state laws only affect access to "personal" social networking accounts, i.e., those accounts which employees do not use for employer business. Many such laws also allow account access by employers, albeit in limited circumstances, such as during investigations into employment-related misconduct or theft of employer data, or to permit access to employer-owned equipment or information systems. Some state laws authorize mandatory employer access to employee internet or social media accounts for required self-regulatory employee screeningâsuch as, for example, broker screening under NASD and FINRA rules. And, a number of state social media laws provide immunity to employers for "innocent discovery" of protected information during ordinary network monitoring, or to employers who decline or fail to demand access to protected accounts.
A chart summarizing the variations among these state laws appears at the end of this article. Because of their relatively recent enactment, however, there is virtually no case law interpreting the applicability, sweep, or limits of these state social media privacy laws. This article highlights some of the issues that employers may face, and that courts may need to grapple with, as they undertake compliance with these state laws. Such issues include:
[Page 84]
- Whether a user’s internet or social media account is a "personal" account to which employer access may be limited or prohibitedâespecially in states (such as California) where the social media law does not define the term.
- The permissible scope of an employer investigation that authorizes (or requires) employer access to employee internet and social media accounts;
- Implications for employer intellectual property and trade secrets, including employer vs. employee ownership of social media account-related information;
- Discovery disputes involving employee social media content; and
- The potential interaction between state social media privacy laws and other laws, such as the federal Computer Fraud and Abuse Act.
II. KEY ISSUES
A. What Does the Term "Personal" Mean in Social Media Legislation?
Many states, including California, Colorado, Nevada, and Washington, have passed social media privacy laws that do not define the term "personal." Although the state laws discussed in this article generally apply only to "personal" social media accounts, the failure by some state legislatures to define the term is problematic, as it can be unclear who in fact owns the particular accounts at issue in the absence of an express policy or agreement governing social media.
Based on recent court decisions in these states, employers likely have at least some ownership rights to an employee’s social media account, even if the account is used for both employment-related and non-employment-related purposes, specifically where the employer played an important role in creating, maintaining, or developing the account.9
Employers could potentially evade the applicability of similar privacy laws by detailing in employee job descriptions company ownership of work-related accounts. By requiring employees to use such accounts in accordance with job descriptions and proprietary information protection agreements, an employer can attempt to ensure that company social media accounts "belong" to the company for purposes of the employer protections afforded by the relevant state social media privacy statute(s).
B. Bring Your Own Device Policies
Employers are likely to face related issues resulting from bring your own device ("BYOD") policies. When an employee uses his or her own device to access company email, files, or other information, the employer does not "own" the device, but may still have an interest in the business-related information residing on the device and protecting that information. Public employers in particular have a heightened interest in restricting employees’ use of personal devices to conduct official business. See Nissen v. Pierce Cty., 183 Wash. 2d 863, 869 (Wash. 2015) (en banc) (holding that text messages sent and received by a public employee in her official capacity were public records, even though she was using her personal cell phone).
[Page 85]
An effectively written BYOD policy may protect an employer’s interest in data accessed on an employee’s personal device. A policy that clearly informs employees that all company-related information on the device will remain the sole property of the company, and that the company retains the right to delete company data through the use of monitoring software, may help to establish an employer’s control over the information on an employee’s personal device, so as to distinguish it from purely "personal" information that may be subject to the reach of an applicable state social media statute.10
C. Protectable Trade Secrets
State social media privacy laws may conflict with recent decisions about whether social media content (e.g., contact/customer lists) may be an employer’s protectable trade secrets.
1. "Trade Secrets" Defined
Information and data are protectable under the Uniform Trade Secrets Act ("UTSA")âeffective in 48 statesâif the information derives value from being kept secret, is a secret, and is kept a secret. In the two states that have not yet adopted the UTSA, New York and Massachusetts, similar protections are provided through the state’s common law. Information is kept secret if its owner takes affirmative measures to prevent its unauthorized disclosure, including but not limited to, the following: non-disclosure, restricted-use, and mandatory-return agreements; confidentiality stamps; limited internal distribution and access permissions; and password protection of computers and other devices. These efforts need only be "reasonable under the circumstances"; "absolute" secrecy is not required.
Although there are no bright-line rules for whether information is protectable as a trade secret, courts generally find that information is a trade secret where (i) the information is the result of a substantial investment of time, effort, and expense; (ii) it generates independent economic value for its owner; (iii) it is not generally known in the relevant industry; (iv) it cannot easily be accessed by legitimate means; and (v) it cannot be independently reverse engineered without significant effort and expense. Experience reveals that in many cases, the more egregious a defendant’s theft of an alleged secret, the more likely a court will find that the stolen data qualifies as a trade secret.11 This is the case not merely because of the court’s desire to punish egregious behavior, but because an employee’s theft and subsequent use of stolen data or information tends to reflect the independent economic value of the stolen information, and also tends to show that the information was not publicly available.12
[Page 86]
2. Potential Impact on Account-Content "Ownership"
Social media privacy laws also raise questions about account-content ownership (e.g., LinkedIn connections)âespecially where, as in several states, the social media privacy statute does not define what is meant by "personal" internet or social media account information.
The Cellular Accessories and PhoneDog cases, discussed Section II.A., above, held that an employee’s LinkedIn account (Cellular Accessories and Eagle) and Twitter feeds (PhoneDog), may "belong to" the employee’s employer, due primarily to the employer’s investment of time and expense in developing and maintaining the accounts at issue. Similarly, in Ardis Health, LLC v. Nankivell, No. 11 Civ. 5013 (NRB), 2011 WL 4965172 (S.D.N.Y. Oct. 19, 2011), the federal district court for the Southern District of New York that an employer "owned" an employee’s account content, pursuant to the terms of the employment agreement. More recently, in Salonclick LLC v. SuperEgo Mgmt. LLC, 16 Civ. 2555 (KMW), 2017 WL 239379 (S.D.N.Y. Jan. 18, 2017), a case involving trademark infringement and allegedly unauthorized use of the plaintiff’s domain names and social media accounts, the Southern District of New York again extended companies’ rights to protect their social media accounts and domain names from theft by independent contractors. Such reasoning could be applied to protect an employer that invested to create and maintain certain internet and social media for the benefit of employees as well as the company.
Conversely, with the onset of state social media privacy laws, employees may have ammunition to argue that they own their social media contacts, even when used in furtherance of the employer’s businessâespecially in states where "personal" is not clearly defined. That is to say that employees in trade secret cases may be able to argue that an applicable social media privacy law implies a degree of ownership of their social media accounts, even if they use them in part to advertise their employers’ business. This presents yet another dimension to be considered in the balancing of respective interests that courts interpreting these state laws will be tasked with.
3. Potential Impact on "Protective-Measure" Analysis
Further, some may argue, that unless employers investigate their employees’ social media activities and related data theft, employers have not used "reasonable" efforts to maintain secrecy under the Uniform Trade Secrets Act ("UTSA"), and therefore stand to lose trade secret protection for that data. Section 1(4)(ii) of the UTSA provides that owners of trade secrets must have employed "efforts that are reasonable under the circumstances to maintain [their] secrecy." The "reasonable under the circumstances" requirement is often the central dispute in trade secret litigation; the owner will claim that it used reasonable efforts, and the alleged thief will claim that the owner/plaintiff was "willy-nilly" in handling its so-called secrets. If social media privacy laws permit an employer to investigate an employee’s suspected data theft through his or her social media networking account, but the employer does not do so, has the employer failed to use "reasonable efforts" to protect the data’s secrets?
[Page 87]
On the one hand, information that falls into the public domain, or becomes generally known within the relevant industry, usually loses its status as a trade secret.13 Similarly, the disclosure of information without imposing a confidentiality obligation on the recipient may result in the loss of trade secret protection.14 An employee’s posting of trade secret information on his or her social media account would pose a significant risk of loss of protection for the informationâespecially if the employer, after learning of the posting, and otherwise authorized under an applicable social media statute to demand access to the employee’s account to investigate and/or pull back the information, fails to act, or the company has in place a policy that does not prohibit such social media activities by employees.
On the other hand, "absolute" secrecy is not required to maintain trade secret status, only "reasonable efforts" to maintain confidentiality.15 Indeed, two relevant features of many privacy laws are: (1) employer immunity for failure to investigate suspected misconduct (e.g., Michigan, Utah); and (2) no duty to monitor employee activity on social media accounts (e.g., District of Columbia). Employers faced with a waiver argument may cite immunity or safe harbor provisions to counter the argument that they were required to investigate reports or suspicion of employee-account-related data theft, lest they lose statutory protection for that data.
D. Social Media Discovery Issues
Under the Federal Rules of Civil Procedure, parties may request discovery of "electronically stored information" ("ESI") that is within the responding party’s "possession, custody, or control." Fed. R. Civ. P. 34(a)(1)(A). Courts have recognized that the information available on social networking websites may be subject to discovery under this rule.16 According to the U.S. District Court in Oregon, there is "no principled reason to articulate different standards for the discoverability of communications through email, text message, or social media platforms."17
Generally speaking, social media is neither privileged nor specifically protected by privacy rights.18 Content from social networking websites may not necessarily be "shielded from discovery simply because it is ‘locked’ or ‘private.’"19 "Although privacy concerns may be germane to the question of whether requested discovery is burdensome or oppressive and whether it has been sought for a proper purpose in the litigation, a person’s expectation and intent that her communications be maintained as private is not a legitimate basis for shielding those communications from discovery."20
[Page 88]
A party’s right to discovery is not unlimited, however, and this remains true for ESI as well. Federal Rule of Civil Procedure 26(b)(1) limits the scope of discovery to information "relevant to any party’s claim or defense" and mandates that discovery be "proportional to the needs of the case."21 This rule applies equally to social media.22 In the context of social media, courts have limited discovery to posts related to contested issues, rather than the entire account history.23
Also worth noting are the implications for spoliation in dealing with evidence posted or stored on social media websites or platforms. Recent case law on social media discovery has focused on the importance of maintaining such information and preventing spoliation, adding preservation obligations to the list of challenges for general counsel in dealing with social media issues. In one such case, Gatto v. United Air Lines, Civil Action No. 10-cv-1090-ES-SCM, 2013 WL 1285285 (D.N.J. Mar. 25, 2013), the plaintiff sued his employer for injuries allegedly sustained while working. During discovery, the defendants requested the plaintiff’s social networking account content, and the plaintiff agreed to provide access to his account. Upon opposing counsel’s attempt to login, however, the plaintiff received notice of unauthorized access and immediately deactivated the account. The court subsequently granted spoliation sanctions against the plaintiff and found that, regardless of whether he intended to destroy the account, he had "effectively caused the account to be permanently deleted," thereby giving rise to an appropriate inference of spoliation.24
Similarly, in Lester v. Allied Concrete Co., No. CL08-150, 2011 Va. Cir. LEXIS 245 (Va. Cir. Ct. Sept. 6, 2011), a Virginia state court sanctioned a party and his lawyers in a wrongful death suit for intentionally destroying a Facebook page. In that case, the opposing party requested discovery of the contents of the plaintiff’s Facebook page after obtaining a photo of the plaintiff wearing a T-shirt bearing the phrase "I [heart] hot moms."25 The plaintiff was questioned about the shirt at his deposition, whereupon his attorney instructed him to "clean up" the account to prevent "blowups of this stuff at trial."26 The account was removed, and defense counsel was told the plaintiff had no Facebook page.27 The account was later reactivated and the contents produced, with the exception of several "objectionable" photos.28 The jury ultimately found in favor of the plaintiff, but the court sanctioned the plaintiff and his attorney for spoliation for deleting the page.29
[Page 89]
In sum, while state social media privacy laws may have some effect on the discoverability of protected account content, courts will likely still favor disclosure. As the case law in this area develops, so too will the nuanced implications of these laws, such as the introduction and use of heightened protective orders in cases where social media discovery is necessary.
E. Social Media Evidence and Admissibility
For social media evidence to be admissible, the proponent must be able to prove who had ownership and control of the relevant page or content. Federal Rule of Evidence 901 requires the proponent to authenticate evidence by proving the evidence is what the proponent claims it is. This rule applies with equal force to social media evidence; as courts have become more familiar with social media, they have become more skeptical of "self-authentication" arguments.30
Additionally, evidence obtained from a social media account is subject to Federal Rule of Evidence 403, which sets forth a balancing test to determine whether the probative value of the evidence is substantially outweighed by the danger of unfair prejudice. Rule 403 applies even when a proponent is introducing evidence to authenticate a social media page, but the bar for admissibility is relatively low.31 Although "tracing the webpage directly to [its purported creator] through an appropriate electronic footprint or link would provide some technological evidence, such evidence is not required . . . where strong circumstantial evidence exists that [a] webpage and its unique content belong to [such person]."32
[Page 90]
F. Computer Fraud and Abuse Act and Privacy Implications
The new state social media privacy laws described in this article may affect how courts evaluate employees’ allegations against their employers concerning violations of the federal Computer Fraud and Abuse Act ("CFAA") and the employees’ common law rights of privacy.
For example, in Mintz v. Mark Bartelstein & Assocs. d/b/a Priority Sports & Entm’t, et al., 885 F. Supp. 2d 987, 1002 (C.D. Cal. 2012), the court found that accessing the personal email account of an employee, even one who had allegedly stolen trade secrets, was an invasion of that employee’s privacy. The employee (Mintz) resigned from his job and sued his former employer after he left to join a competitor, seeking a declaration to invalidate his non-compete agreement.33 After Mintz’s resignation, his employers accessed his personal email account without his permission, and allegedly leaked information found in the account to a third party.34 The court found that the employer’s access to Mintz’s Gmail account constituted a violation of California Penal Code section 502, as well as an invasion of privacy (but denied recovery under the CFAA because Mintz had failed to show "loss" within the meaning of the statute).35
In a similar case, Murphy v. Spring, No. 13-CV-96-TCK-PJC, 2013 U.S. Dist. LEXIS 130231, at *2 (N.D. Okla. Sept. 12, 2013), a federal court in Oklahoma held that an employer’s access to an employee’s personal email account to obtain information used in recommending her termination was a potential basis for her invasion of privacy claim. The employee, an administrative assistant working in a Tulsa, Oklahoma school district, alleged that two of her superiors had misappropriated funds, thereby endangering the health and safety of the students. Shortly after making these reports, the assistant was suspended, and her supervisor recommended her termination.36 During the grievance process initiated by the assistant, she was informed by the local police department that her private email account had been hacked.37 She then sued her employer, alleging that the employer had intentionally accessed her private emails and had used information contained therein to support the termination recommendation.38 The court denied the employer’s motion to dismiss the assistant’s Fourth Amendment claim, invasion of privacy claim, and intentional infliction of emotional distress claim, finding that the plaintiff had a reasonable expectation of privacy in her personal account, and the hacking constituted an unlawful search and seizure which could be considered highly offensive to a reasonable person.39
[Page 91]
The rulings in Mintz and Murphy underline the importance of caution when accessing employees’ personal internet and social media accounts, as there can be consequences for employers do so. In addition to liability under state social media laws, employers may also face liability under state computer hacking/security laws, as well as relevant laws governing invasions of privacy.
G. Using Social Media in Investigations
When using social media in workplace investigations, employers should stay within the bounds of their own social media policies. Although viewing information from an employee’s social media account that is available on the public domain is generally permitted (even in states that have social media privacy laws), employers should exercise care to avoid taking actions that may perceived as retaliation for protected activities.40
Social media policies can serve as extensions of other policies. A well-written social media policy can be an effective tool for employers to enforce prohibitions on employee behavior in and outside the workplace.41 As with any workplace policy, it is important for employers to enforce social media policies consistently.42
Having an effective social media policy is the first step an employer can take toward protecting itself during workplace investigations. Simply having a policy, however, is not enough. As illustrated by the cases discussed in this Section, managers must be properly trained in using the policy appropriately and consistently for the employer to realize the full benefits of the policy.
H. Other Issues
In addition to complying with state social media privacy laws, employers should carefully consider whether their social media policies comply with federal and state laws protecting the ability of employees to engage in statutorily protected activities. From the Equal Employment Opportunity Commission ("EEOC") to the Department of Labor ("DOL"), to the Securities and Exchange Commission ("SEC") and the National Labor Relations Board ("NLRB"), federal and state regulatory agencies are increasingly wary of employer policies that limit employees’ freedom to engage in whistleblowing and other protected activities. Even with proper policies in place, employers may still run afoul of statutory provisions and the agencies charged with enforcing them, if the policies are overbroad or inadvertently restrict relevant activity.
[Page 92]
The NLRB in particular has been taking a hard look at employer policies governing the use of social media. In its 2014 decision in Triple Play Sports Bar & Grille, 361 NLRB No. 31 (2014), the NLRB ruled that a Facebook discussion regarding an employer’s tax withholding calculations and an employee’s "like" of the discussion constituted concerted activities protected by Section 7 of the National Labor Relations Act ("NLRA"), which covers employees’ rights to engage in concerted activities regarding the terms and conditions of their employment. In addition, the Board held that the employer’s Internet and blogging policy (which provided that in "engaging in inappropriate discussions about the company, management, and/or co-workers, the employee may be violating the law and is subject to disciplinary action, up to and including termination of employment") was overly broad and therefore violated the NLRA.43 In another decision, Purple Communications, 361 NLRB No. 126 (2014), the NLRB ruled that employees who have access to an employer’s email system as part of their job generally may, during nonworking time, use the email system to communicate about wages, hours, working conditions, and union issues.
In light of these rulings, employers should carefully consider their policies and practices regarding employee use of social media even if they operate only in states that have not yet enacted social media privacy laws.
III. CONCLUSION
Some of the essentials of the social media privacy laws enacted in twenty-six states and the District of Columbia can be found in the summary chart appended at the end of this article. There is little, if any, case law interpreting these statutes. It is anticipated that litigation and additional action by state legislatures will help to define acceptable practices in this area.
[Page 93]
State-by-State Chart
STATE | Are personal social media accounts covered by the law? | Is personal social media defined? | Is there a private civil right of action? | Are current employees covered by the law? | Are attorneys fees available? | Does the law cover colleges and universities? | Are public employees covered by the law? | Exceptions for investigations of employee misconduct? |
Arkansas | Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Yes | Yes | Yes |
California | Yes | No | Not Mentioned |
Yes | Not Mentioned |
Yes | Not Mentioned |
Yes |
Colorado | Yes | No | Yes | Yes | Not Mentioned |
Not Mentioned |
Yes Law Enforcement Agencies Exception | Not Mentioned |
Connecticut | Yes | Yes | Yes | Yes | Yes | Not Mentioned |
Yes Law Enforcement Agencies Exception | Yes |
Delaware | Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Yes | Yes | Yes |
District of Columbia | Yes | Yes | Not Mentioned |
Not Applicable |
Not Mentioned |
Yes | Not Applicable |
Not Applicable |
Illinois | Yes | Yes | Yes | Yes | Yes | Not Mentioned |
Not Mentioned |
Yes |
Louisiana | Yes | Yes | Not Mentioned |
Yes | No | Yes | Yes | Yes |
M aine | Yes | No | Not Mentioned |
Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Yes |
Maryland | Yes | Yes | Yes | Yes | Not Mentioned |
Not Mentioned |
Yes | Yes |
Michigan | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Montana | Yes | Yes | Yes | Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Yes |
Nebraska | Yes | Yes | Yes | Yes | Yes | Not Mentioned |
Yes, Law Enforcement Agencies Exception | Yes |
Nevada | Yes | No | Not Mentioned |
Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Not Mentioned |
[Page 94]
STATE | Are personal social media accounts covered by the law? | Is personal social media defined? | Is there a private civil right of action? | Are current employees covered by the law? | Are attorneys fees available? | Does the law cover colleges and universities? | Are public employees covered by the law? | Exceptions for investigations of employee misconduct? |
New Hampshire |
Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Yes |
New Jersey | Yes | Yes | Yes | Yes | Yes | Yes | Yes Law Enforcement Agencies Exception | Yes |
New Mexico | Yes | No | Not Mentioned |
No | Not Mentioned |
Yes | Law Enforcement Agencies Are Not, Does Not Mention Other Public Employers |
Does Not Apply |
Oklahoma | Yes | Yes | Yes | Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Yes |
Oregon | Yes | Yes | Yes | Yes | Yes | Yes | Not Mentioned |
Yes |
Rhode Island | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Tennessee | Yes | Yes | Yes | Yes | Yes | Not Mentioned |
Yes Law Enforcement Agencies Exception | Yes |
Utah | Yes | Yes | Yes | Yes | Not Mentioned |
Yes | Yes Law Enforcement Agencies Exception | Yes |
Vermont | Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Not Mentioned |
Yes Law Enforcement Agencies Exception | Yes |
Virginia | Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Yes | Yes | Yes |
Washington | Yes | No | Yes | Yes | Yes | Not Mentioned |
Yes | Yes |
West Virginia | Yes | Yes | Not Mentioned |
Yes | Not Mentioned |
Not Mentioned |
Not Mentioned |
Yes |
Wisconsin | Yes | Yes | No | Yes | No | Yes | Yes | Yes |
[Page 95]
——–
Notes:
1. Robert B. Milligan is a partner in the Litigation and Labor & Employment Departments of Seyfarth Shaw LLP, where he co-chairs the firm’s Trade Secrets, Computer Fraud & Non-Competes practice group, is the editor of the Trading Secrets blog, and is developing the firm’s Social Media practice group. Daniel P. Hart is a partner in Seyfarth Shaw LLP’s Labor & Employment Department and Trade Secrets, Computer Fraud & Non-Competes and Social Media practice groups. Sierra Chinn-Liu is an associate in Seyfarth Shaw LLP’s Litigation Department and a member of the firm’s Trade Secrets, Computer Fraud & Non-Competes practice group.
2. Social Media Fact Sheet, Pew Research Center (June 12, 2019), https://www.pewinternet.org/fact-sheet/social-media/.
3. Id.
4. Id.
5. A Pew Research Center survey found that American workers use social media while on the job for a variety of reasons, including (in descending order of percentage of use): (1) to take a mental break from their job (34%); (2) to connect with friends and family while at work (27%); (3) to make or support professional connections (24%) (4) to get information that helps them solve problems at work (20%); (4) to build or strengthen personal relationships with coworkers (17%); (5) to learn about someone they work with (17%); or (6) to ask work-related questions of people inside or outside of their organizations (12%). Cliff Lampe and Nicole Ellison, Social Media in the Workplace, Pew Research Center ( June 22, 2016), available at https://www.pewinternet.org/2016/06/22/social-media-and-the-workplace/.
6. These states include Arkansas (Ark. Code §§ 11-2-124); California (Cal. Lab. Code § 980); Colorado (C.R.S. 8-2-127); Connecticut (Conn. Gen. Stat. § 31-40x) (2015 S.B. 425, Act 16); Delaware (19 Del. Code § 709A); Illinois (820 ILCS 55/10); Louisiana (La. Rev. Stat. § 51.1951 to §§ 1953 and 1955); Maine (26 M.R.S. § 616 to 619); Maryland (Md. Code Lab. and Emp. Law § 3-712); Michigan (MCL § 37.271-37.278); Montana (Mont. Code Ann. 48-3501 et seq.); Nevada (NRS § 613.135); New Hampshire (N.H. Rev. Stat. § 275:74); New Jersey (N.J. Stat. § 34.68-6); New Mexico (N.M. Stat. § 50-4-34 (covers job applicants only); Oklahoma (40 Okla. Stat. § 173.2); Oregon (O.R.S. § 659A.330); Rhode Island (R.I. Gen. Laws § 28-56-1 to -6); Tennessee (Tenn. Code §§ 50-1-1002 to -1004); Utah (Utah Code § 34-48-201 et seq.); Vermont (21 V.S.A. § 4951); Virginia (Va. Code § 40.1-28.7:5); Washington (RCW §§ 49.44.200 and 49.44.205); West Virginia (W.V. Code § 21-5H-1); and Wisconsin (Wis. Stat. § 995.55).
7. The social media privacy laws in sixteen states, as well as the District of Columbia, afford similar privacy protections to students attending university, by preventing or limiting the ability of an educational institution to access usernames or passwords to students’ internet or personal social media accounts: Arkansas (Ark. Code § 6-60-104); California (Cal. Ed. Code § 99121); Delaware (14 Del. Code § 8103); Illinois (105 ILCS 75/10, 105 ILCS 75/15); Louisiana (La. Rev. Stat. §§ 51.1951 to 1952 and §§ 1954 to 1955); Maryland (Md. Code Ed. Law § 26-401); Michigan (MCL § 37.271-37.278); New Hampshire (N.H. Rev. Stat. 189.70); New Jersey (N.J. Stat. § 18A:3-30); New Mexico (N.M. Stat. § 21:1-46); Oregon (O.R.S. §§ 350.272, 350.274); Rhode Island (R.I. Gen. Law § 16-103-1 to -6); Utah (Utah Code § 538-25-101 et seq.); Virginia (Va. Code § 23.1405); Wisconsin (Wis. Stat. 995.55); and the District of Columbia (B. 578, Chap. 218).
8. MCL § 37.278(1).
9. See, e.g., Cellular Accessories For Less, Inc. v. Trinitas LLC, No. CV 12-06736, 2014 WL 4627090 (C.D. Cal. Sept. 16, 2014) (discussing employer’s potential interest in employee’s LinkedIn account); PhoneDog v. Kravitz, No. C11-03474 MEJ, 2011 U.S. Dist. LEXIS 129229 (N.D. Cal. Nov. 8, 2011) (discussing former employer’s potential interest in employee’s Twitter account).
10. See, e.g., H.J. Heinz Co. v. Starr Surplus Lines Ins. Co., No. 2:15-cv-00631-AJS, 2015 WL 12791338 (W.D. Pa. July 28, 2015) (plaintiff employer successfully maintained custody and control of company (non-personal) data and emails stored on employee devices pursuant to company BYOD policy).
11. See, e.g., Hallmark Cards Inc. v. Monitor Clipper Partners LLC, et al., 758 F.3d 1051, 1055, 1060-61 (8th Cir. 2014).
12. Id.
13. See, e.g., Newark Morning Ledger Co. v. New Jersey Sports & Exposition Auth., 31 A.3d 623, 641 (N.J. App. 2011) (trade secrets’ "only value consists in their being kept private . . . if they are disclosed or revealed, they are destroyed").
14. See Seng-Tiong Ho v. Taflove, 648 F.3d 489, 504 (7th Cir. 2011) (plaintiff’s publishing of alleged secrets in trade journals destroyed any trade secret protection the information may have had).
15. See, e.g., Adivair Helicopter Supply, Inc. v. Rolls-Royce Corp., 663 F.3d 966, 974 (8th Cir. 2011) (efforts to maintain secrecy "need not be overly extravagant, and absolute secrecy is not required").
16. See Davenport v. State Farm Mut. Auto. Ins. Co., 3:11-CV-632-J-JBT, 2012 WL 555759, at *1 (M.D. Fla. Feb. 21, 2012); Mailhoit v. Home Depot U.S.A., Inc., 285 F.R.D. 566, 570 (C.D. Cal. 2012).
17. Robinson v. Jones Lang La Salle Americas, Inc., No. 3:12-CV-00127, 2012 WL 3763545, at *1 (D. Or. Aug. 29, 2012).
18. See, e.g., Adivair Helicopter Supply, Inc. v. Rolls-Royce Corp., 663 F.3d 966, 974 (8th Cir. 2011) (efforts to maintain secrecy "need not be overly extravagant, and absolute secrecy is not required").
19. EEOC v. Simply Storage Mgmt., LLC, 270 F.R.D. 430, 434 (S.D. Ind. 2010).
20. Id.; see In re Ford Motor Co. DPS6 PowerShift Transmission Products Liability Litigation, No. 2:18-ML-02814 AB (FFMx), 2:18-cv-1893 AB (FFMx), 2019 WL 3815721, at *4 (C.D. Cal. May 13, 2019) ("A social media account, which by its nature is intended to be shared, cannot be shielded from discovery on privacy grounds alone.") (Citing Voe v. Roman Catholic Archbishop of Portland in Oregon, No. 3:14-CV-01016-SB, 2015 WL 12669899, at *2 (D. Or. Mar. 10, 2015) (discussing same)).
21. See Fawcett v. Altieri, 960 N.Y.S. 2d 592, 594 (2013) (Discovery "may be curtailed when it becomes an unreasonable annoyance and tends to harass and overburden the other party").
22. T.C. on Behalf of S.C. v. Metropolitan Gov’t of Nashville and Davidson Cnty., No. 3:17-CV-01098, 3:17-CV-01159, 3:17-CV-01209, 3:17-CV-01277, 3:17-CV-01427, 2018 WL 3348728, at *14 (M.D. Tenn. July 9, 2018) ("To obtain discovery of non-social media, a party must show that the information sought is reasonably calculated to be relevant to the claims and defenses in the litigation. The production of a social media account’s contents in full will therefore rarely be appropriate."); Petion v. 1 Burr Road Operating Co. II, LLC, No. 16 CV 1993 (JBA), 2017 WL 6453398, at *3 (D. Conn. Dec. 15, 2017).
23. Gordon v. T.G.R. Logistics, Inc., Case No. 16-CV-00238-NDF, 2017 WL 1947537, at *3-4 (D. Wyo. May 10, 2017); Soderstrom v. Skagit Valley Food Co-op, No. C18-1707 MJP, 2019 WL 3944327, at *2-3 (W.D. Wash. Aug. 21, 2019) (limiting order for the plaintiffs’ production of social media content to posts from the relevant period).
24. Id. at *4.
25. Id. at *12.
26. Id. at *13.
27. Id. at *15.
28. Id. at *17.
29. Id. at *40.
30. See United States v. Vayner, 769 F.3d 125, 132 (2d Cir. 2014) (holding that evidence of the existence of a social media page containing the defendant’s name and photograph was not enough to prove it belonged to the defendant unless the government could also prove that the defendant had created the page or was otherwise responsible for its contents); United States v. Browne, 834 F.3d 410, 411 (3d Cir. 2016) (holding that social media posts are not self-authenticating under the business records exception because custodians can only attest to communications taking place between accounts, not who authored the posts, and there is no underlying process by which the information is recorded that would render the posts accurate and trustworthy).
31. See State v. Ford, 782 S.E.2d 98, 106-07 (N.C. Ct. App. 2016) (admitting screen shots of the defendant’s allegedly vicious dog and a rap video from his MySpace page to prove that the page belonged to the defendant, despite his objections that the content prejudiced the jury to believe that his dog had, in fact, killed the victim).
32. Id. at 106.
33. Id. at 989.
34. Id. at 990.
35. Id. at 1031-35. Specifically, Mintz’s legal fees were being paid by his new employer, and were not "essential to remedying the harm of the unauthorized access." Id. at 1030.
36. Id.
37. Id. at *3.
38. Id. at *4-5.
39. Id. at *34.
40. See Jones v. Gulf Coast Health Care of Del, LLC, 854 F.3d 1261, 1275 (11th Cir. 2017) (holding that employer’s proffered reasons for an employee’s termination, which included FMLA abuse for posting vacation pictures on Facebook while the employee was purportedly on FMLA leave, poor judgment for posting the pictures, and violation of the employer’s social media policy, may have been pretext for discrimination).
41. See Jackson v. Walgreen Co., 516 S.W.3d 391, 394-95 (Mo. Ct. App. 2017) (affirming Labor and Industrial Relations Commission’s denial of unemployment benefits where employee was terminated for harassing coworkers online in violation of the company’s social media policy, which specifically prohibited such conduct).
42. See Carney v. City of Dothan, 158 F. Supp. 3d 1263, 1282, 1292-93 (M.D. Ala. 2016) (granting employer’s motion for summary judgment in race discrimination case because employer was justified in taking adverse employment action against employee who violated its social media policy and based on employer’s showing that it consistently investigated potential violations without regard to the race of the employee involved).
43. Id.