in defense of snooping employers

7/27/2019 In Defense of Snooping Employers

1/37

DRAFT Please do not cite or distribute without authors approval

1

IN DEFENSE OF SNOOPING EMPLOYERS

Jessica K. Fink*

ABSTRACT

In recent months, a plethora of states have turned their legislative attention toprotecting employee privacy in the workplace, focusing specifically on passing state lawsthat protect the social media privacy of individuals in their states. Indeed, discussions

of workplace privacy are everywhere nowadays:Media stories condemn employers

efforts to monitor their employees email, Internet and telephone usage. Employees rage

about perceived invasions of their privacy. Politicians heatedly debate how to limitemployersprying conduct, passing laws designed to reign in certain types of monitoring

by employers. At the same time, employers also find themselves perplexed, as they

grapple with how they can gather the information that they need to make importantbusiness decisions within an environment that views such efforts with disdain. In a world

where technological advancements have made it easier than ever to collect massive

amounts of information about those in the workforce and where employers feel an

increasing need to collect such information, looming questions continue to existregarding the proper scope and limits of employees privacy.

This article represents one effort to answer these questions while taking theemployers perspective into account, explaining both the motivations behind and

justifications for employers efforts to snoop into their employees private lives. The

article describes the means through which employers gather information about their

employees, including through some recent, rather novel approaches to collecting suchdata. In addition, this article discusses the financial, legal and practical concerns that

motivate employers to snoop in the first place, arguing that employers engage in this

conduct for what frequently amount to very legitimate reasons. More significantly, thisarticle places substantial responsibility for employer snooping with the courts

themselves, highlighting particular decisions and doctrines that not only permit, but in

fact encourage, employers to engage in these efforts to monitor employees.

At bottom, this paper attempts to put the problem of employer snooping into a

broader context. While employers certainly should not have access to every aspect of

their prospective and current employees private lives, and while abuses of theboundaries undoubtedly exist, much of the snooping behavior for which employers have

been condemned represents more than just senseless meddling, but rather is part of a

sound business plan designed to protect employers, employees and the public at large.


2/37


2

Introduction..3

I. The Limited Right to Privacy in a Private Sector Workplace.5

II. Practical and Legal Hurdles Affecting Employers Ability to Snoop.8

A. Limits Associated with Traditional Tools for Information Gathering.8

B. The Rise in More Creative Tools for Information Gathering10

III. Employer Motivations for Snooping: Why Employers Snoop.15

A. Financial Motivations for Snooping..16

B. Concerns About Liability Prevention as a Motivation for Snooping(Prophylactic Monitoring)..18

C. Reputational Concerns as a Motivation for Snooping...20

D. The New Normal: Advances in Technology and Changing EmployeeExpectations as a Motivation for Snooping...23

IV. Role of the Courts in Permittingand Perhaps EvenEncouragingSnooping....25

A. Uncertain Boundaries as Making Way for Employers to Snoop: TheImpact of City of Ontario v. Quon.26

B. Court-CreatedIncentivesfor Employers to Snoop: The Courts HostileEnvironment and Third-Party Retaliation Jurisprudence..29

1. How Hostile Environment Cases Encourage EmployerSnooping....29

2. How the Courts Third-Party Retaliation JurisprudenceEncourages Employer Snooping31

V. Obligations Imposed on Snooping Employers..34

Conclusion 36


3/37


3

INTRODUCTION

In February 2013, three members of Congress introduced legislation aimed atbarring employers from requiring or requesting that any employee or prospective

employee provide an employer with a username, password or other means of accessing aprivate email or social media account.1 This federal law, coming on the heels of similarlegislation passed in at least ninestates

2and pending in many others,3has beencharacterized as vital to preventing employer requests for personal accounts becomingroutine.4 In the same vein, employees in recent years increasingly have complainedabout other types of alleged intrusions by employersintrusions involving everythingfrom the monitoring of telephone and email communications, to the use of global positionsystems (GPS) to track employees whereabouts, to the application of sophisticatedtechnology that can record virtually every keystroke made by an employee on his/heremployer-owned computer.5

At first blush, the outrage expressed by both workers and the public regarding thistype of employer conduct seems understandable, even predictable: What possible reasonmight an employer have for needing to delve into an employees social media account?Why must an employer know the precise location of an employee at every moment of theworkday? Shouldnt there be some areas of an employees life that can remain private,safe from employer intrusion, even if such areas touch upon workplace activities? Giventhat employers efforts to monitor employees show no signs of abating, and given that thetechnological means for engaging in such monitoring are becoming more sophisticatedevery day, the answers to questions like these will grow to be increasingly more pressingin the months and years to come.

This article attempts to provide one response to this important set of questions,explainingboth the motivations behind and justifications for this type of snooping

* Associate Professor, California Western School of Law. J.D., Harvard Law School, 2001; B.A.,University of Michigan, 1997. I am grateful to Professor Orly Lobel and the students in her Work, Welfareand Justice Seminar at the University of San Diego School of Law for their helpful suggestions with respectto this paper. Finally, many thanks to Camille Gustufson for her excellent research assistance.1SeeSocial Networking Online Protection Act (SNOPA),H.R. 537, 113thCong., (2013);see alsoMichael O. Loatman, Congress May Limit Employer Access To Personal Social Media Accounts, DAILYLABOR REPORT, Feb. 11, 2013. This actually was the second time that members of Congress had attemptedto pass legislation of this nature. Previous bills, similarly aimed at limiting employers access toprospective and current employees email and social media account credentials, were introduced in both theHouse and the Senate in spring 2012 but failed to garner sufficient support to become law. See id.; see also

Lance Whitney,Democrats to employers: Stop asking for Facebook passwords, CBS NEWS, May 10,2012, available at http://www.cbsnews.com/8301-501465_162-57431867-501465/democrats-to-employers-stop-asking-for-facebook-passwords/.2See infra note 93.3Jean Eaglesham & Michael Rothfeld, Wall Street vs. Its Employees Privacy, WALL STREET JOURNAL,April 22, 2013, available athttp://online.wsj.com/article/SB10001424127887323551004578436713224083592.html.4See Loatman,supranote 1.5See Robert Sprague, Orwell was an Optimist: The Evolution of Privacy in the United States and its De-Evolution for American Employees, 42 J.MARSHALL L.REV.83, 83 (2008).


4/37


4

behavior by employers. The article not only describes the mechanisms typically adoptedby employers to gather information about prospective and current employees, but alsoargues that such intrusions by employers in many cases are reasonableand indeed, evenprudent. This article will begin in Part I by providing some history and context to theissue of employee workplace privacy, reviewing some of the relevant rights and

responsibilities of employers with respect to employee privacy. Among other things, thearticle will describe the very limited privacy rights that are available to employees,particularly those who work in the private sector. In Part II, this article will discuss themethods used by employers to gather information about employees, and will describehow various restrictions on conventional methods of information gathering have led tothe evolution of more unusualand arguably more intrusivemeans of monitoringemployees. While this section will describe a host of tools currently used by employersto gather information about prospective and current employees, it will pay particularattention to the recent flurry of attention surrounding employer requests for individualssocial media passwords. In Part III, this article will explain why employers are moremotivated than ever to engage in snooping behavior, laying out the financial, legal and

practical concerns that render it logicaland even advisablefor employers to snoop.In Part IV, this argument extends one step further, with a discussion of the role that thecourts (including the U.S. Supreme Court) have played in permitting, and evenencouraging,employers' efforts to monitor employees. In Part V, finally, the article willpropose some limits on employers right to snoop, articulating some responsibilities thatemployers should have when engaging in any monitoring of prospective or currentemployees.

At bottom, this article sets out to put the alleged problem of employer snoopingin a more informed context and to show that it is not the dilemma that many representat least, not one that requires the heightened level of legislative attention and media hypethat has emerged in recent months and years. While abuses of employee privacy withoutquestion exist, employers by and large are not encroaching unreasonably into theiremployees private lives. Employers gather information about prospective and currentemployees not out of some prurient desire to delve into the personal and private aspectsof their lives, but rather out of an informed, careful and logical consideration of the risksassociated with notacquiring such information. While advances in technology havehelped to expand employers ability to snoop, employers actions in large part have beentailored to their legitimate needs.


5/37


5

I. THE LIMITED RIGHT TO PRIVACY IN A PRIVATE SECTORWORKPLACE

6

Any discussion of workplace privacy should begin with an understanding of onekey idea: Employees in the modern American workplace possess extremely limited

privacy rights.

7

Regardless of the specific workplace setting, employers generallypossess broad latitude to scrutinize the background of potential employees and to monitordetails of current employees behavior.8 Employers may launch thorough investigationsinto the qualifications of a job applicant, using a host of psychological and other tests;they may conduct extensive background checks on a potential employee; they may runInternet searches to learn as much as possible about a potential new hire.9 With respectto current employees, employers examine everything from employeesInternet,telephone and email usage, to the keystrokes that they enter into their computers, to thecoworkers with whom they socialize, to the number and length of the bathroom breaksthat they take throughout the day.10As one commentator in this area has observed:What is allowed to be monitored and what can be done with the monitoring? The

answer seems to be that an employer can monitor virtually anything, and almost anythingcan be done with it.11

6While this article focuses on employer snooping within the private sector, many of the ideas discussedherein would apply with equal force to public sector employees. Public sector employees possesssomewhat greater privacy rights than their private sector counterparts due to application of constitutionalprotections to their employers conduct. SeePauline T. Kim,Electronic Privacy and Employee Speech, 87CHI.-KENT L.REV.901,906(2012)(citation omitted) (noting that private sector employees generallycannot rely upon constitutional rights to being a privacy claim, but rather must turn to a common lawprivacy tort). However,the privacy rights of even public sector employees still are fairly limited in scope.

See generally Paul M. Secunda,Privatizing Workplace Privacy, 88NOTRE DAME L.REV.277 (2012); cf.Sheila A. Bentzen, Safe for Work? Analyzing the Supreme Courts Standard of Privacy for GovernmentEmployees in Light of City of Ontario v. Quon, 97 IOWA L.REV1283, 1286 n.5 (2012) (citation omitted)(noting that [p]ublic employees privacy interests are not necessarily different from those of privateemployees, but the public employment relationship is governed by certain bodies of law, most notably theConstitution, that do not apply to the private sector) (citation and internal quotation omitted). 7See Sprague,supra note 5, at 84 (stating that [e]mployees have virtually no privacy); see also id.at 89(citing the near extinction of privacy rights for employees);see also Lindsay Noyce,Private Ordering ofEmployee Privacy: Protecting Employees Expectations of Privacy with Implied-in-Fact Contract Rights,

1 AM.U.LAB.&EMP.L.F.27, 27 (2011) (noting that [e]mployees, perhaps irrationally, oftenoverestimate the amount of privacy they should expect in technological communication).8See Sprague,supra note 5, at 84;see also Boris Segalis,Employee Privacy Gains in the United States,INFORMATION LAW GROUP,Jan. 13, 2011, available at

http://www.infolawgroup.com/2011/01/articles/enforcement/employee-privacy-gains-in-the-united-states/(noting that [t]raditionally, in the U.S., employees have enjoyed little privacy in the workplace. Withrespect to workplace communications, for example, employees generally are deemed not to have areasonable expectation of privacy. With some limitations, this allows employers to freely monitor andreview employee communications).9See Sprague,supra note 5, at 84.10See id.11Karin Mika, The Benefit of Adopting Comprehensive Standards of Monitoring Employee technology Usein the Workplace, CORNELL HRREVIEW,Sept. 22, 2012, available at http://www.cornellhrreview.org/the-benefit-of-adopting-comprehensive-standards-of-monitoring-employee-technology-use-in-the-workplace/.


6/37


6

While employers do enjoy relative freedom to snoop into the private lives ofpotential and current employees, there is a hodge-podge of federal and state laws (and, insome limited cases, constitutional provisions12) that establish some boundaries foremployers in this context.13 The primary federal law that impacts employee privacy inthe workplace is the Electronic Communications Privacy Act of 1986 (ECPA),14which

consists of two parts: the Wiretap Act (Title I)

15

and the Stored Communications Act(Title II).16 The Wiretap Act has a rather limited application to concerns regardingemployee workplace privacy, since it prohibits only the interception of electroniccommunications while in transmission.17 Most modern communications only are intransmission for a matter of seconds, minimizing the opportunities for interception.18The Stored Communications Act however, has a more significant application toworkplace monitoring, since it prohibits unauthorized access to communications while inelectronic storage.19 Indeed, in enacting the Stored Communications Act, Congress intentwas toprovide protection to individuals emails and text messages20both of whichrepresent fertile areas of employer monitoring.21

Despite these protections, however, the ECPA contains several significantexceptions that allow for employer monitoring under certain circumstances: Under theconsent exception, an employer can engage in monitoring if one of the parties to acommunication consents to monitoring.22 Under the course of business exception, anemployer can engage in monitoring that occurs in its normal course of business, such asby intercepting phone calls on telephone equipment used in the employers ordinarycourse of business.23 Under a third exception, the provider exception, an employer thatprovides wire or electronic communications services can retrieve information stored onits system, if such access is necessary to protect its rights as the provider of this electronic

12See supra note 6.13For a more thorough summary of the current state of the law in this area, including the privacyprotections proposed in the most recent draft of the RESTATEMENT (THIRD)OF EMPLOYMENT LAW,seegenerallySecunda,supranote 6;see also Jill L. Rosenberg,Is Big Brother Watching: MonitoringEmployee Communications and Employee Privacy, PRACTICING LAW INSTITUTE LITIGATION ANDADMINISTRATIVE PRACTICE COURSE HANDBOOK SERIES409(2011);Corey A. Ciocchetti, TheEavesdropping Employer: A Twenty-First Century Framework for Employee Monitoring, 48 AM.BUS.L.J. 285, 290-301 (2011) (citations omitted); Sprague, supra note 5, at 93-111 (citations omitted).1418 U.S.C. 2510-2511 (2006).15Id.at 2511(1).16Id.at 2701.17See Ciocchetti,supranote 13, at 291-92 (citations omitted).18

See id.(citations omitted).19See 18 U.S.C 2701(a).20See Rosenberg,supranote 13, at 438 (observing that Congress enacted the ECPA to make the alreadyexisting Federal Wiretap Act applicable to newly emerging communication devices);see alsoCiocchetti,supranote 13, at 291-92 (citations omitted) (stating that [t]he ECPA was intended to extendprivacy protection from wire communications such as telephone calls, to electronic communications suchas e-mails and text messages).21See infra note 56 and accompanying text.22See Ciocchetti,supranote 13, at 292 (citation omitted).23See id.(citation omitted);see also Sprague,supranote 5, at 116-17 (citations omitted).


7/37


7

service.24 Thus, an employer that provides an email or voicemail system to its employeescan, under this exception, freely access information from that voicemail or email system.

A second federal statute that might impact employer monitoring at work is theComputer Fraud and Abuse Act (CFAA),25whichprohibits knowingly access[ing] a

computer without authorization or exceeding authorized access.

26

The CFAA, however,is not likely to apply to employee monitoring in any significant way, since most courtsinterpreting this statute have held that the scope of an individuals authorization to accessa computer network should be analyzed according to expected norms of intendeduse).27 Because most employers are authorized to access computer networks that aretheir own property, this statute more typically applies when an employee or competitorhacks into an employers system to discover confidential information.28

In addition to these federal statutory protections (as well as legislative efforts bysome states),29common law invasion of privacy principles also might provide someprotection against employer intrusions. Employees may bring a tort claim alleging an

unlawful intrusion upon seclusion by showing that an employer intruded into a place orproperty where the employee possessed a reasonable expectation of privacy, and byestablishing that this intrusion would be highly offensive to a reasonable person.30 Manyemployees, however, may have difficulty showing a reasonable expectation of privacy inareas monitored by their employer, particularly where monitoring takes place on orwithin the employers property.31 Indeed, courts generally will find liability for anintrusion upon seclusion tort only where an employer invades very private locations, suchas employee locker rooms or rest rooms.32 Accordingly, the common lawlike itsstatutory counterpartsremains of minimal use to employees seeking protection fromemployer prying.33

24See Ciocchetti,supranote 13, at 293 (citation omitted).2518 U.S.C. 1030 (2006)26Id.27Ciocchetti,supranote 13, at 294 (citations and internal quotations omitted).28See id.One additional potential source of statutory protection for employees can be found in Section 7 ofthe National Labor Relations Act (NLRA). See 29 U.S.C. 157. Under Section 7 of the NLRA,employers may not interfere with employees right to engage in concerted activities. Id. Some have arguedthat certain types of surveillance by an employer constitutes this type of unlawful interference, becausesuch conduct by employers unlawfully might chill employees exercise of their right to engage in

concerted activities. See infranote 181.29See, e.g.Ciocchetti,supranote 13, at 294-98 (citations omitted).30See id.at 299-301 (citations omitted);see also Secunda,supranote 6, at 294-95 (internal quotations andcitations omitted).31See id.at 300.32See id.at 301 (citation omitted).33The current version of the Restatement (Third) of Employment Law also proposes some privacyprotections for private sector workers, including by introducing a newly named tort of wrongful employerintrusion upon a protected employee privacy interest. Secunda,supranote 6, at 295-96 (citationsomitted). This version of the Restatement, however, remains in draft form. See id.at 295 n.93.


8/37


8

II. PRACTICAL AND LEGAL HURDLES AFFECTING EMPLOYERSABILITY TO SNOOP

As noted above, the right to privacy at work exists as a rather illusory right,particularly for private sector workers. Employers possess significant latitude when it

comes to gathering information about both prospective and current workers. Thisfreedom to snoop, however, is not without any limits: While employers in theory possessa relatively unfettered right to poke around in their employees private lives, variouspractical and legal obstacles may hinder employers ability to use certain methods ofgathering information.

A. Limits Associated with Traditional Tools for Information Gathering

Employers face several restrictions with respect to their ability to research thebackgrounds of both prospective and current employees, including with respect tomethods that traditionally have been used in the workplace. For example, while popular

media frequently depicts the polygraph (i.e., lie detector) test as a common method oftesting an individuals veracity, the federal Employee Polygraph Protection Act of 1988effectively bars employers from using a polygraph test to screen either job applicants orcurrent employees, except in very limited situations.34 Similarly, while employers maywant information regarding a potential or current employees drug usage or medicalstatus,both federal and state laws may limit employers ability to conduct medical and/ordrug testing as part of the hiring process,35as well as with current employees.36Employers wanting to explore a potential employees credit history will have to complywith specific requirements under the Fair Credit Reporting Act,37and those wishing tocheck applicants criminal records may run afoul of federal and/or stateantidiscrimination statutes.38

In addition to the above-described tools, employers for many years relied on abattery of honesty tests, personality tests and other psychological examinations inscreening potential (and sometimes current) employees.39 These examinations attempt togauge the integrity of an individual and/or assess the individuals psychological state,

34See Ian Byrnside, Six Clicks of Separation: The Legal Ramifications of Employers Using SocialNetworking Sites to Research Applicants, 10VAND.J.ENT.&TECH.L.445, 451 (2008) (citation omitted);see alsoStephen F. Befort,Pre-Employment Screening and Investigation: Navigating Between a Rock anda Hard Place, 14 HOFSTRA LAB.L.J.365, 401-03 (1997) (citations omitted) (noting that more than half ofall states have enacted states similar to the Employee Polygraph Protection Act, many with restrictionseven more stringent than those established by federal law).35

See Byrnside,supranote 34, at 451-52 (citations omitted);see alsoBefort,supra note 34, at 392-99(citations omitted).36SeeRochelle B. Ecker , To Catch a Thief: The Private Employers Guide to Getting and Keeping anHonest Employee, 63 UMKC LAW REV.251,272 (1994) (citations omitted);see also Lisa Guerin,Workplace Testing: What Your Employer May Require,NOLO,available at http://www.nolo.com/legal-encyclopedia/workplace-testing-employer-requirements-29496.html.37See Byrnside,supranote 34, at 450-51 (citations omitted).38See id.at 450 (citations omitted).39SeeSusan J. Stabile, The Use of Personality Tests as a Hiring Tool: Is the Benefit Worth the Cost?,4 U.PA.J.LAB.&EMP.L279, 279-80 (2002).


9/37


9

such as by determining the applicants potential for violence, propensity for addiction,and reaction to figures of authority.40 Yet these tests also create both legal and practicalchallenges for employers. Certain types of questions on these exams may violate federaland/or state antidiscrimination principles, particularly where questions inquire into acandidates religious beliefs or sexual practices.41 These tests also have proven to be of

questionable utility and reliability, largely because they measure intangible qualitiessuch as intelligence and the ability to be truthful, thus injecting subjectivity into thescoring of the examinations and producing inconsistent and untrustworthy results.42Thus, even to the extent that an employer ventures to utilize these tools, the informationgathered as a result may be of little utility.

Faced with these obstacles in gathering information on their own, yet hungry fordata about prospective employees in particular, many employers have turned to anotherseemingly reliable source for learning about potential new hires, soliciting referenceinformation from a candidates former employers. Yet here too, employers frequentlyencounter barriers. In theory, employers possess significant latitude to provide reference

information regarding a former employee, even where the reference will include negativeinformation.43 In order to encourage employers to share an accurate assessment of aformer workers abilities, the law grants employers a qualified privilege tocommunicate information to a prospective employer as part of a reference request.44Under this qualified privilege, an employer may not be held legally liable for the contentsof a response to a reference request (i.e., through a defamation suit) so long as anemployer does not communicate false information about an employee with malice aterm which different courts will define in different ways.45

Despite this potential protection, however, many employers still feel wary aboutproviding reference information. Employers fear the cost of having to litigate anexpensive defamation suit to prove the existence of the qualified privilege, if they doprovide negative information about a former employee.46 Moreover, employers worrythat providing evenpositive information about a former worker may lead to trouble down

40See Befort,supranote 34, at 402-03 (citations omitted);see also Stabile,supranote 39, at 283-85(citations omitted).41See Befort,supra note 34, at 402-404 (citations omitted);see also Stabile,supranote 39, at 286-88(citations omitted) (describing the extent to which the Americans with Disabilities Act may limitemployers ability to administer certain types ofpersonality tests);see also id.at 289-98 (citations omitted)(describing variety of flaws in accuracy of personality tests to screen applicants).42See Ecker,supranote 36, at 260 (citations omitted);see also Stabile,supra note 39, at 297 (citationsomitted) (noting that many who have studied these tests have expressed real concern about both the

reliability and validity of personality tests);see also id.at 289-98 (citations omitted).43See id.at 283-84 (citations omitted).44See Befort,supranote 34, at 406-08 (citations omitted).45See id. at 407-08. While some courts apply a common law standard for malice, requiring a showing ofactual ill will or an intent to harm the plaintiff, other courts use an actual malice standard, which requiresa plaintiff to prove that a statement was made with knowledge of its falsity or in reckless disregard of itstruth or falsity. See id.at 408 (citations omitted).46See John Ashby,Employment References: Should Employers Have an Affirmative Duty to ReportEmployee Misconduct to Inquiring Prospective Employers?, 46 ARIZ.L.REV.117, 118 (2004) (citationsomitted);see also Stabile,supra note 39, at 283-84 (citations omitted).


10/37


10

the road, since employers may face exposure for negligent misrepresentation if anemployee who received a positive reference subsequently exhibits violence or otherwiseharms a member of the public.47 Accordingly, confronted with this difficult decisionregarding what information about a former employee should be provided to a prospectiveemployer, many employers simply refuse to provide any substantive information at all,

limiting reference information to the employees dates of employment, positions held,final pay, and certain other objectively-verifiable information.48 Others entirely refuse torespond to reference requests.49

B. The Rise in More Creative Tools for Information Gathering

Thus, when it comes to using traditional tools for gathering information aboutboth prospective and current employees, many employers find themselves stymied intheir efforts. At the same time, however, employers are under increasing pressure togather information about their workersboth about prospective employees and aboutthose who currently are employed.50 Accordingly, faced with an increasing concern for

gathering information and a decreasing ability to use traditional methods to do so, manyemployers have adopted more novel approaches for obtaining the data that they need.

Almost as a matter of course nowadays, employers use the Internet to gatherinformation about prospective and current employees, taking advantage of the massiveamounts of newly available information to assist them in their hiring decisions.51 A 2009survey by CareerBuilder.com reported that 45% of the 2600 hiring personnel surveyedstated that they viewed candidates social networking sites as part of the hiring process.52Additional studies have reported that at least 75% of recruiters and/or employers use

47See Ashby,supra note 46, at 118 (citations omitted).48See id. at 119 (citation omitted);see also Fact Sheet 16: Employment Background Checks: AJobseekers Guide, PRIVACY RIGHTS CLEARINGHOUSE,https://www.privacyrights.org/fs/fs16-bck.htm(observing that while [a] former boss can say anything (truthful) about your performance, mostemployers have a policy to only confirm dates of employment, final salary, and other limited information).49See Ashby,supra note 119 (citation omitted);see also Susan J. Wells,No, Not ThatJohn Gotti,NEWYORK TIMES, Oct. 22, 1998, available athttp://theater.nytimes.com/library/tech/98/10/circuits/articles/22chec.html (observing that [m]anyemployers have adopted a policy of giving only basic information when asked for references on formeremployees because they fear lawsuits)..50See infraSection III.51

Byrnside,supra note 34, at 446-47;see alsoid. at 456 (citing a growing trend among employers toconduct online background checks of job applicants by searching their MySpace and/or Facebookprofiles) (citation omitted); Margaret Keane, Mark Walsh & Joe Lee, Social Networking: New Risks ofFamiliar Liabilities, PRACT.LAW INST.,PLIORDERNO.28713, 87, 93 (2011) (observing that [e]mployersare increasingly and routinely using the Internet to conduct background research on applicants andemployees to use in making employment decisions); Wendy S. Lazar & Lauren E. Schwartzreich,Employee Privacy Rights: Limitations to Monitoring, Surveillance and Other Technological Searches in

the Private Workplace, PRACT.LAW INST., PLI Order No. 29714, 373, 378 (2011) (stating that [h]umanresource professionals turn increasingly to social media for background information on candidates).52See Lazar,supra note 51, at 378 (citation omitted).
http://theater.nytimes.com/library/tech/98/10/circuits/articles/22chec.htmlhttp://theater.nytimes.com/library/tech/98/10/circuits/articles/22chec.html


11/37


11

some type of Internet searching as part of the applicant screening process.53 Evenbehemoth employers like Microsofta company that presumably has a wealth ofresources that it could devote to the hiring processcites social media research as a now-typical part of its hiring process.54 As more and more data about potential workersbecomes available on the Internet, and as these types of online tools become increasingly

more sophisticated, employers likely will utilize these tools at an ever-growing pace.

Technology also has made it substantially easier for employers to monitor theircurrent employees activities.55 For example, employers may monitor current employeesInternet usage or email communications, particularly when the employee is using anemployer-provided computer or using the employers server for this activity.56 Ifemployees are using a cellular phone provided by the employer, the employer mayexamine their text messages, voicemails, and/or listen in on their telephoneconversations.57 Employers may record the keystrokes made by the employee at his/hercomputer and track the searches conducted by the employee via Internet search engines.58Indeed, this type of monitoring has become commonplace in the workplace. A recent

study by the American Management Association found that 66% of employers monitortheir employees website activities.59 Forty-three percent of employers review theiremployees email, and 40% analyze the contents of outbound email communications.60Forty-five percent of employers track the content, keystrokes and time that employeesspend at their keyboards.61 Forty-five percent of employers monitor the time spent byemployees on telephone calls and/or the numbers called by employees and another 16%of employers record employees telephone conversations.62An additional 10% ofemployers monitor employees voicemail messages.63

Employer monitoring also extends beyond examining computer and telephoneusage, involving even more novel methods of tracking employees activities. Manyemployers also may use access panels in the workplace electronic devices thatcontrol entry into a doorway, stairwell, elevator, or other restricted area.64 Individualswishing to enter these restricted areas must provide a password, swipe an identification

53See Byrnside,supra note 34, at 456 (citation omitted);see also Ciocchetti,supra note 13, at 285 n.2(noting that the majority of employers monitor the electronic activities of their employees in some form oranother).54See Byrnside,supra note 34, at 456 (citations omitted).55See Kim,supra note 6, at 913 (noting that [w]hile employers have always had an interest in monitoringtheir employees activities, technological change has increased both the incentives and means to do so).56See Ciocchetti ,supra note 13, at 307-09, 312-14.57

See id. at 307-09, 320-21 (citations omitted);see alsoLazar,supra note 51, at 377 (citations omitted);Kim,supra note 6, at 902 (citations omitted).58Ciocchetti,supra note 13, at 315-16, 320 (citations omitted).59See2007 Electronic Monitoring and Surveillance Survey, AMA/ePolicy Institute Research, Feb. 8, 2008,cited in Carlin, infra note 102, at n.9.60See id.61See id.62See id.63See id.64See Ciocchetti,supra note 13, at 302.


12/37


12

card, or utilize fingerprint or iris identification.65 These access panels not only provideemployers with workplace security by preventing unauthorized individuals from enteringcertain areas, but also can allow employers to track employee behavior.66 By placingaccess panels on restroom or break room doors, for example, employers can monitorwhether and to what extent employees utilize such facilities.67 Employers similarly have

used global position systems (GPS) and Radio Frequency Identification (RFID) tomonitor the location of their employees and property.68 These systems can trackemployees specific location within a workplace at any given time, and also provideaccurate reports on employees productivity by compiling data regarding the speed atwhich employees are working.69 While these technological advances are relatively newwith respect to their use in the workplace (thus rendering their legal status somewhat influx),70they too represent an area where technological advancements have allowedemployers to delve even further into areas once viewed as private.71

As employers have stepped up their use of creative methods for gatheringinformation about employees, one tactic in particular has captured the attention of the

public, the media, and governmental actors. In recent years, some employers haverequested (or, in some cases, insisted) that prospective and/or current employees providethe employers with access to their social media sites.72 For example, in 2010, theMaryland Department of Corrections asked an employee who was returning to hisposition as a security guard following a leave of absence to provide the Department ofCorrections with his social media login and password.73According to the Department of

65See id.66See id. at 30367See id. On a related (but somewhat more extreme) note, some employersmay use technology to monitorwhether employees actually wash their hands when using the restroom at work. See id.;see also id.at 303-04 n.63 (citations omitted). At least one company has invested a device that will detect when an individual

enters a restroom, identify whether that individual is an employee, and confirm whether that employeeactivates the soap dispenser while in the room. See id. If the employee fails to activate the soap dispenserduring the visit to the restroom, then a notification is provided within the room to remind that individualthat hand washing is required. See id.68See id. at 310;see also Jennifer L. Parent,Advising Clients on Todays Top Employment Law Issues,ASPATORE THOUGHT LEADERSHIP, 2013 WL 153851 *1, *2 (2013).69See Ciocchetti,supra note 13, at 310 (citation omitted).70See Parent,supra note 68, at 2-4;see also Ciocchetti,supra note 13, at 311-12 (citation omitted).71Ironically, this use of technology to push the envelope regarding the bounds of employee privacy insome cases may work to the detriment of the employer. Employees also increasingly are becoming savvyabout the extent to which technology can assist them in various workplace situations. See, e.g., DavidKoeppel,More People Are Using Smartphones To Secretly Record Office Conversations, THE FISCALTIMES,July 28, 2011 (describing employees use of blackberry device to record conversation with a

superior during a negative performance review);see also id.(noting one plaintiff-side attorneysobservation that more than 50% of her potential clients possess some type of digital evidence with respectto their claims).72See Debra Donston-Miller,Facebook Password Debate Stirs Deep Social Fears, INFORMATION WEEK,Mar. 27, 2012, available athttp://www.informationweek.com/thebrainyard/news/social_networking_consumer/232700304/facebook-password-debate-stirs-deep-social-fears.73Manuel Valdes & Shannon Mcfarland,Employers asking job applicants for Facebook passwords, THEASSOCIATED PRESS,Mar. 20, 2012;see also Emil Protalinski,Employer demands Facebook logincredentials during interview, ZDNET,Feb 20, 2011, available at


13/37


13

Corrections, this request was made in order to check for any gang affiliations by theemployee.74 In another instance, a New York statistician interviewing for a new positionwas asked to provide his prospective employer access to his Facebook page.75 Variousmunicipal employers also have put these types of policies in place, requiring certainemployeesmost frequently those working in a security or law enforcement capacity

to provide their employers with access to their personal social media sites as a conditionof employment.76

Even if an employer does not ask a prospective or current employee for theirsocial media login credentials, also employers can gain access to these websites through avariety of other methods. In some cases, an employee or applicant may be asked to logon to a social media site in the presence of an employer representative, to allow theemployer to review the contents of the site at that time (a practice known as shouldersurfing).77 In other cases, the employee may be asked to friend a staff member of theemployer, thereby allowing that individual access to the information on the social mediasite.78 Finally, some employers utilize third party applications that can scour and collect

some of the information from individuals Facebook profile.

79

Predictably, many have denounced this practice as a dramatic overreach byemployers. According to one commentatora law professor and former federalprosecutor[i]ts akin to requiring someones house keys, an egregious privacyviolation.80 In the words of another observer: Would we let a potential employer walkaround our houses, opening drawers, looking at our letters, checking our diaries, littleblackbooks, and contents of our liquor cabinets? I think not.81 The sponsor of anunsuccessful 2012 Senate bill aimed at outlawing this practice referred to these employerrequests for social media credentials as an unreasonable and intolerable invasion ofprivacy.82 Even the American Civil Liberties Union has involved itself in fighting thispractice.83

http://www.zdnet.com/blog/facebook/employer-demands-facebook-login-credentials-during-interview/327;Leslie Horn,Employers Asking Applicants for Facebook Passwords, PCMAG.,Mar. 17, 201274See id.75See Valdes,supranote 73.76See id.; see also Walter M. Stella, The Importance of Compliance with Employment Law in an Ever-Changing, High-Tech Era, ASPATORE THOUGHT LEADERSHIP, 2011 WL 601169 *1, *4 (2011).77See Horn,supra note 73;see also Valdes,supranote 73.78See Valdes,supra note 73;see also Marie Andre Weiss, The Use of Social Media Sites Data by BusinessOrganizations in their Relationship with Employees, 15NO.2J.INTERNET L.16,23 (2011).79See Valdes,supranote 73.; see also Joshua Brustein,Keeping a Closer Eye on Employees SocialNetworking,NYTIMES,Mar. 26, 2010. available at http://bits.blogs.nytimes.com/2010/03/26/keeping-a-

closer-eye-on-workers-social-networking/; Torie Borch, Can Legislation Preventing Employers FromRequesting Facebook Passwords Really Protect Privacy, SLATE,Mar. 28, 2012, available athttp://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.html.80See Valdez,supranote 73.81See Donston-Miller,supra note 72.82See Whitney,supranote 1.83See Horn,supranote 73;see also Protalinski,ACLU: Employers demanding Facebook passwords isprivacy invasion, Mar. 22, 2012, available athttp://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693 (quoting ACLU attorney stating that [i]t's an
http://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693http://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693http://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693http://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693http://www.zdnet.com/blog/facebook/aclu-employers-demanding-facebook-passwords-is-privacy-invasion/10693


14/37


14

Yet other observers have criticized the apparent hysteria that has surrounded thisissue. According to these commentators, requests for social media credentials representnothing more than a few clumsy missteps by socially backward organizations, or evenlegitimate steps in the vetting of candidates for positions that would require high security

clearance.

84

According to one reporter who has studied this issue, on closerexamination it turns out there have been very few reported instances of privacy abuse andnone of them seem to have happened very recently.85 According to this reporter,virtually all reported cases of individuals being asked to turn over password informationappear to involve government positions (primarily public safety jobs), and all occurredmore than one year ago.86 This reporter could not find a single example of a privatesector employer demanding a prospective or current employees social media password.87Thus, while valid objections to this practice may well exist, there is scant evidence toindicate any real threat of employers demanding social media passwords or similarinformation on a broad scale.

Moreover, employers have valid reasons for wanting access to this information.Some employersparticularly those in a public safety or similar fieldmay want tocheck for security risks associated with hiring or retaining a particular worker.88Employers likewise may want to review an employees social media web site(s) to gatherimportant information about an employees judgment that might not otherwise beavailable to an employer.89 Finally, some employers may use employees social mediacredentials to more specifically measure an employees potential for success in aposition. Indeed, at least one recent study has concluded that checking a candidates

invasion of privacy for private employers to insist on looking at people's private Facebook pages as acondition of employment or consideration in an application process. People are entitled to their private

lives.). Interestingly, while Facebooks Chief Privacy Officer previously claimed that requestingemployees and applicants login information would violate the companys terms of use, indicating thatFacebook might take legal action against employers engaged in this practice, the company has not yet takenany legal action against any employer and may have backtracked with respect to this position. See TorieBorsch, Can Legislation Preventing Employers From Requesting Facebook Passwords Really ProtectPrivacy, SLATE.COM, Mar.. 18, 2012, available athttp://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.html;see also Shel Israel, The Great Facebook Employee PasswordNon-issue, FORBES,Mar. 25, 2012, available athttp://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/;Anne Fisher,Must you give a job interviewer yourFacebook password?, CNNMONEY,Mar. 28, 2012, available athttp://management.fortune.cnn.com/2012/03/28/facebook-password-job-interview/.84See Donston-Miller,supranote 72;see also id. (noting that some observers have argued that when you

break down the events, this issue is nothing but a tempest in a teapot).85See Israel,supranote 83.86See id.87See id.88See supranotes 74-76 and accompanying text.89See, e.g., David Mielach,Hiring Managers Reveal Social Media Secrets,BUSINESSNEWS DAILY, April18, 2012, available athttp://www.businessnewsdaily.com/2377-social-media-hiring.html (noting thathiring managers have declined to hire candidates who post inappropriate or provocative pictures online,and/or whose social media pages include evidence of drinking or drug use, poor communication skills,bad-mouthing of a prior employer, or making discriminatory comments).
http://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.htmlhttp://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.htmlhttp://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/http://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/http://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/http://www.businessnewsdaily.com/2377-social-media-hiring.htmlhttp://www.businessnewsdaily.com/2377-social-media-hiring.htmlhttp://www.businessnewsdaily.com/2377-social-media-hiring.htmlhttp://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/http://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/http://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.htmlhttp://www.slate.com/blogs/future_tense/2012/03/28/employers_don_t_have_to_request_facebook_passwords_to_invade_applicants_privacy_.html


15/37


15

Facebook profile may be the best predictor of that candidates likely success within acompanysignificantly more accurate than even standard personality tests.90

Despite the potential benefits associated with acquiring an applicants oremployees social media credentials, and despite the relatively limited scope in which

this tactic is used, politicians have responded to this practice with predictable fervor. Onthe federal level, three members of Congress recently introduced the Social NetworkingOnline Protection Act (SNOPA), designed to limit employers access to the logincredentials of employees and applicants social media accounts.91 The law wouldimpose significant fines on employers that request or require any employee or applicantto provide the employer with a username, password or other means of accessing a privateemail or social media account, as well as on employers that retaliate against individualswho refuse to provide such information.92 This legislation follows on the heels ofsuccessful efforts by several statesto regulate in this area.93 Indeed, on the state level,this type of legislation has become something of a trend: A recent report by the NationalConference of State Legislatures asserts that social media privacy legislation has been

introduced or is in the process of being implemented in 35 states since the start of 2013.

94

As additional states inevitably jump on this bandwagon, and as federal lawmakerscontinue to contemplate their own pending legislation, employers seem to be on the vergeof losing a powerful tool in their information-gathering arsenal.

III. EMPLOYER MOTIVATIONS FOR SNOOPING: WHY EMPLOYERSSNOOP

Employers thus have adopted a broad range of methods to gather informationabout prospective and/or current employers. But whyare employers so fixated ongathering this information in the first place? Why do employers care about whoemployees might associate with outside of work, or about what an individual might poston his/her social media page, or about the specific Internet sites visited by a (presumablyotherwise-productive) employee? While some have adhered to the relatively simplisticargument that employers choose to peek into their employees privatelives without anyreal legitimate cause, there are a variety of considerations that not only justify employerstaking these seemingly-intrusive steps to investigate their workers, but in fact render suchsteps prudentand perhaps even necessary.

90See Horn,supra note 73 (citation omitted).91See Loatman,supra note1.92

See id. Notably, this legislation represents Congresss second attempt to regulate in this area. Virtuallyidentical legislation previously was introduced in Congress in 2012 but failed to become law. See id.; seealso Whitney,supranote 1.93Maryland, Illinois, California, Michigan, New Mexico, Utah, Arkansas, Washington and Coloradoalready have enacted legislation that limits employer access to social media accounts. See Loatman,supranote 1;see alsoJoseph J. Lazzarotti,More states limit employer access to employee social media accounts,LEXOLOGY, May 23, 2013, available athttp://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3;Arkansas Enacts Employer, School Social Media Privacy Protection Laws ,DAILY LABOR REPORT, Apr. 29, 2013.94See Eaglesham,supranote 3.
http://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3http://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3http://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3http://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3http://www.lexology.com/library/detail.aspx?g=7f39acc0-6ca1-48be-a4f9-a3348c8d9cf3


16/37


16

A. Financial Motivations for Snooping

A host of financial considerations motivate employers to monitor theiremployees behavior. These financial concerns play a large role during the hiringprocess. Given todays competitive business environment, employers must take every

possible step to maximize gains and minimize losses, and employers often unnecessarilywaste substantial resources as part of the hiring process. Not only is recruiting andinterviewing candidates a costly endeavor, but employers also frequently can wastesignificant resources due to poor hiring decisionsdecisions which ultimately force anemployer to retrain (or replace) an employee.95 Accordingly, employers increasinglyhave directed their resources toward finding an employee who represents the bestpossible fit for a position.96

In this respect, the use of technology to snoop into a job applicants backgroundhas become an indispensible part of the hiring process. As noted above, employers haveutilized the Internet to research candidates with increasingly frequency in recent years:97What once may have seemed like a significant intrusion on a job applicants privacy nowhas become an acceptedan even expectedpart of the interview process.98 In fact,some observershave argued that it would be irresponsible for an employer not toconduct such easy and cost-effective due diligence before hiring or promotingemployees.99 As this technology becomes even more cost-efficient in years to come,and as individuals post more and more information online, one should expect employersto use this simple and cost-effective screening tool with even greater frequency.100

With respect to current employees, employers possess similar concerns regardingmaximizing profitability and efficiency, and these concerns likewise may lead employersto monitor their workers. In todays workplace, incessant distractions litter workplacesand entice workers to stray from their duties.101 In a depressed business climate where

95SeeJay Goltz, The Hidden Costs of Bad Hiring,NYT, Mar. 1, 2011, available athttp://boss.blogs.nytimes.com/2011/03/01/the-hidden-costs-of-bad-hiring/ (estimating that two bad hirescould cost an employer as much as $40,000 in increased unemployment insurance expenses alone, andcould run up to $200,000 if the employees actions resulted in lost customers);see also Stabile,supra note39, at 282-83, id.at n.13-14 (observing that replacing employees is costly, and citing statistics placingthe cost of replacing one bad hire at 1.5 times the workerssalary and benefits) (citations omitted). 96See Byrnside,supranote 34, at 448 (noting that [e]mployers often seek as much information as possibleabout job applicants to ensure the best fit between an applicant and the employers organization) (internalquotation and citation omitted);see generallyStabile,supra note 39, at 279-80 (discussing employers useof personality and other tests to eliminate applicants possessing negative traits and determine the fitbetween an applicant and any open position).97

See supranotes 51-54 and accompanying text..98SeeWeiss,supra note 78, at 16 (describing results of 2009 survey which showed that 79% of hiringmanagers and recruiters in United States review online information about prospective employees, andshowing that 75% of U.S. companies surveyed have policies requiring employees in charge of hiring toutilize online research).99See id.;see also Keane,supra note 51, at 93 (citation omitted).100See Byrnside,supra note 34, at 453 (observing that [t]hemore economical it becomes to obtaininformation about a potential employees private life, the greater the likelihood employers will use it)(citation and internal quotations omitted).101Ciocchetti,supra note 13, at 285.


17/37


17

profit margins consistently tighten, employers have become increasingly focused oneliminating behaviors that might detract from the bottom line.102 For example, employerswant to ensure that employees are not spending excessive time surfing the Internet in lieuof performing their duties. According to one report, [e]ven minor personal Internet usein the workplace can lead to millions in lost profits.103 This same study predicted that

[t]his potential loss may only get worse as the average gen-yer spends upwards of thirtyfour percent of their time online doing personal tasks, as opposed to the twenty fivepercent found in the rest of the working population.104 Another study recently foundthat, for a business with 100 employees, the time lost due to non-work-related computeractivities is the equivalent of paying nearly seven workers to do nothing at a total costof $385,000 per year in wages.105

Employers likewise may monitor employees to avoid more direct types offinancial harm. Excessive personal use of a companys broadband capacity or emailaccounts may result in decreased productivity, costly storage shortages, and/or slowernetwork operations.106 Visiting social media sites or other unsecure web sites from a

company computer can introduce data security risks like malware, phishing or otherviruses into the employers computer system.107 In some cases, employers may monitoremployees to prevent seemingly mundane yet ultimately costly financial injuriesforexample, using video surveillance to prevent the theft of office supplies or other companyproperty.108

102SeeSprague,supra note 5, at 111 (arguing that [o]ne significant motivation for monitoring isperformance-based, ensuring that employees are performing their work effectively and efficiently, or atall) (citation omitted);see also Michael Carlin,Employers are Watching Your Facebook: Worker PrivacySignificantly Diminished in the Digital Era, THENATIONAL LAW FORUM,June 8, 2011, available at

http://nationallawforum.com/2011/06/08/employers-are-watching-your-facebook-worker-privacy-significantly-diminished-in-the-digital-era/ (noting that [p]roductivity concerns also cause manyemployers to monitor employees).103SeeCarlin,supranote 102 (citation omitted);see also Larry Swisher,Nine of 10 Workers Accept, LikeMonitoring Of Computer Use By Employers, Survey Finds, DAILY LABOR REPORT, May 24, 2013.104See id.(citation omitted).105Swisher, supranote 103.106SeeCiocchetti,supranote 13, at 285 (citation omitted).107See Weiss,supranote 78, at 19. In this vein, one major law firm, King & Spaulding, recentlyimplemented an email policy under which law firm employees are barred from accessing anypersonalemail accounts (i.e., anything other than the individuals kslaw.com email account) from any firmcomputer, or from any computer connected to the firms computer network. See Posting of Paul Secundatohttp://lawprofessors.typepad.com/laborprof_blog/2013/04/king-and-spaldings-surprising-new-email-

policy.html (Apr. 22, 2013). In implementing this policy, the firm cited advice from both internal andoutside security experts which indicated that accessing personal email accounts from firm computers couldcreate a significant security risk to the firm and its clients. See id.(noting that individual users whoinnocently click on malicious e-mails are often the cause of security breaches).108See Ciocchetti,supranote 13, at 322 (citation omitted);see also Alexis C. Madrigal,Dunkin Donuts'Employee Surveillance Cut Thefts Up to 13%, THE ATLANTIC, Apr. 20, 2012, available athttp://www.theatlantic.com/technology/archive/2012/04/dunkin-donuts-employee-surveillance-cut-thefts-up-to-13/256152/;cf. Stabile,supranote 39, at 281 n.7 (citing a 1991 study that estimates the direct cost toemployers of employee theft as close to $50 billion, as well as other studies placing the cost at $40 billion)(citations omitted).
http://lawprofessors.typepad.com/laborprof_blog/2013/04/king-and-spaldings-surprising-new-email-policy.htmlhttp://lawprofessors.typepad.com/laborprof_blog/2013/04/king-and-spaldings-surprising-new-email-policy.htmlhttp://www.theatlantic.com/technology/archive/2012/04/dunkin-donuts-employee-surveillance-cut-thefts-up-to-13/256152/http://www.theatlantic.com/technology/archive/2012/04/dunkin-donuts-employee-surveillance-cut-thefts-up-to-13/256152/http://www.theatlantic.com/technology/archive/2012/04/dunkin-donuts-employee-surveillance-cut-thefts-up-to-13/256152/http://www.theatlantic.com/technology/archive/2012/04/dunkin-donuts-employee-surveillance-cut-thefts-up-to-13/256152/http://lawprofessors.typepad.com/laborprof_blog/2013/04/king-and-spaldings-surprising-new-email-policy.htmlhttp://lawprofessors.typepad.com/laborprof_blog/2013/04/king-and-spaldings-surprising-new-email-policy.html


18/37


18

One final financial consideration that motivates employers to snoop may arise outof a companys desire to protect its trade secrets. As one commentator observed, [n]ewtechnology leads to new ways that competitors or employees can steal confidentialcompany information.109 A 2010 study by a software security company found that anastonishing 94% of users of one large social networking site readily accepted a friend

request from a complete stranger (who happened tobe presented to them as a prettyyoung woman).110 Even more shocking, when this same study then selected twenty ofthe individuals who had accepted the friend request and engaged them in real timeconversation online, 73% of the sample hadwithin a mere two hours of conversationrevealed to this new friend confidential informationbelonging to their employer,including business strategies and information about unreleased products.111 In 2004,even Applea company known for keeping its trade secrets under wraps, discoveredconfidential information about unreleased products posted on a publically-accessibleInternet bulletin board.112 The disclosure of this type of proprietary information can costa business hundreds of thousands of dollars in any given year: A 2001 survey in which138Fortune 1000 companies reported data, the survey authors concluded that losses of

proprietary information and intellectual property ranged between $53 billon and $59billion in a single year.113

B. Concerns About Liability Prevention as a Motivation for Snooping

(Prophylactic Monitoring)

On top of the financial incentives that might motivate an employer to snoop,employers also may feel compelled to monitor employees as a means of preventing legalexposure in various areas. For example, as discussed in greater detail below,114employees who use workplace computers or other employer-provided equipment tobrowse pornographic web sites, display sexually explicit content, or disseminate raciallyinsensitive material may expose their employers to liability in a harassment ordiscrimination case.115 In some disturbing news for employers, some studies haveindicated that over 20% of all email users have received sexually explicit email in the

109See Rosenberg,supranote 13, at 473-74;see also Weiss,supranote 78, at *9.110See Weiss, supra note 78,at *20 (citation omitted)111See id.(citation omitted);see alsoCiocchetti,supranote 13, at 285 (stating that [f]ailing properly tomonitor employees may allow rogue employees to steal trade secrets or send out confidential informationin violation of various federal and state laws) (citation omitted).112See Rosenberg,supra note 13, at 474.113SeeTrends in Proprietary Information Loss, Asis International, PricewaterhouseCoopers LLP, and U.S.

Chamber of Commerce (Sept. 2002), at 1. Notably, an entire cottage industry has arisen to take advantageof these types of concerns. One online communication services company recently launched a new type ofsoftware, called Social Sentry, designed to help employers monitor their employees Facebook and Twitteraccounts, with one focus being to help employers watch for the release of confidential or embarrassinginformation. See Brustein,supranote 79.114See infraat Section IV.B.1.115SeeRosenberg,supra note 13, at 443 (stating that inappropriate emails may serve as evidence in sexualharassment and or discrimination suits) (citation omitted); See Kim,supra note 6, at 913 (citation omitted)(observing that employers now also fear that employee misuse of electronic communications will giverise to charges of racial or sexual harassment.).


19/37


19

workplace.116 Similarly, employees may abuse their employers email system through apractice called spoofing intentionally sending messages that appear to be fromsomeone else, in order to harass the recipient or otherwise disseminate an inappropriatemessage.117 In either circumstance, these inappropriate emails or other Internet activitiescan form the basis of harassment or other lawsuits against an employer.118By monitoring

employees use of the employers Internet and email systems, an employer may be ableto learn ofand eliminatesuch inappropriate usage before it can create a hostileenvironment or other negative ramifications for employees.119

Employeesdisclosure of confidential or other proprietary information also cancreate potential liability for employers, thus motivating employers to monitor workers inorder to prevent these disclosures. For example, an employeesmishandling of theemployers electronic files could lead to the improper disclosure of private customerinformation or other types of security breaches.120 In one fairly unusual case, thepersonal information of Shell Oil Company employees in dangerous parts of the worldwas leaked to a blogger and subsequently published, posing a threat to the lives and well-

being of these workers.

121

Had harm befallen any of the workers whose information wasmade public, Shell might have been concerned about its own liability for failing toprevent this leak from taking place. Similar arguments about the need to prevent harmscaused by leaked information have been cited by Wall Street to justify its efforts atsnooping: In opposing the rash of new legislation that limits employer access toemployees social media accounts, securities regulators have expressed concern that theraft of new laws aimed at protecting employees' privacy puts investors at risk.122 Theseregulators worry that the rapid dissemination of financial advice on social networks likeFacebook and Twitter could create new channels for Ponzi schemes and otherfrauds,123and argue that fighting these frauds will be complicated by state laws that baremployers from monitoring what their employees pitch to investors.124

Employers also might snoop into ostensiblyprivate areas of their employees (or,more typically, prospective employees) lives out of a concern over liability for negligenthiring. While the standards for determining liability in this area may vary somewhatfrom one jurisdiction to the next, most jurisdictions examine whether an employer knew,orshould have known, of an employees unfitness for a position or dangerous

116See Jeffrey Rosen, THE UNWANTED GAZE: THE DESTRUCTION OF PRIVACY IN AMERICA, Vintage Books(2001) at 79.117See Rosenberg,supra note 13, at 443.118See id.; see alsoCiocchetti,supra note13, at 285.119As discussed in greater detail below,see infra at Section IV.B.1, an employers incentive for monitoring

extends beyond justpreventing the creation of a sexually hostile environment. Rather, such monitoringmay be essential to forming an affirmative defense for against any harassment claims that ultimately arebrought against the employer.120See Kim,supra note 6, at 113 (citations omitted)..121See Carlin,supra note 102.122Eaglesham, supranote 3.123Id.124See id.;see also id.(noting that Wall Street's self-regulator, the Financial Industry RegulatoryAuthority, says financial firms need a way to follow up on red flagssuggesting misuse of a personalaccount).


20/37


20

propensities.125 In at least one jurisdiction, courts applying this standard will focus onthe adequacy of the employers pre-employment investigation into the employeesbackground in determining the employers liability for negligent hiring.126 Thisemphasis on employers conducting a reasonable investigation before hiring a newworker provides further motivation for an employer to snoop as part of the hiring process.

What exactly constitutes a reasonable investigation? How deeply should a prospectiveemployer dig? An employer nowadays likely would be expected at least to conduct abasic Internet search before hiring an individual.127 Indeed, with so much informationnow available over the Internetand with Internet searches rapidly becoming a standardpart of the hiring processan employer may appear negligent if it does not engage insuch pre-hiring snooping.128 If a candidates Facebook page is plastered with imagesof him holding assault weapons, abusing small animals, or snorting cocaineand if thecandidate then engages in similar threatening or illegal activity once hired by anemployera jury likely would be hard-pressed to find that such readily-available clueswould fall outside of the employers reasonable investigation.

Quite simply, employers need to know if a prospective or current employee is adrug addict, a criminal, or has violent tendencies. If the easiest way to discover thisinformation involves a bit of snooping, then employers should be given a bit of latitude topursue such channels. Otherwise, employers will find themselves between a rock and ahard placeresponsible for protecting the health and safety of their workforce and thepublic, but deprived of one of the most effective tools for implementing this protection.

C. Reputational Concerns as a Motivation for Snooping

Related both to the aforementioned financial motivations for snooping and toconcerns about potential legal liability, a third motivation behind employersdecision tosnoop stems from employers reputational concerns. Most employers likely have littleinterest in the details of their employees personal lives: They likely are not particularlyintrigued by their employeesvacation photos or weekend plans or Facebook posts abouttheir childrens latest witty statements. Rather, many employers may monitor theiremployees out-of-work conduct out of a concern for how that employee may berepresentingthe employer. Is an employee making disparaging statements about theemployer? Is he/she disclosing information that the employer would prefer to keepsecret? Is the employee mischaracterizing some part of the employers operations? Suchquestions understandably would concern any employer.

The injection of technology into the workplace has raised the stakes with respectto these reputational concerns, rendering an employers reputation even more vulnerable

125SeeWeiss,supra note 78, at 18 (citations omitted).126See id. (citing Garcia v. Duffy, 492 So.2d 435, 438 (Fla. Dist. Ct. App. 1986)) (internal quotationsomitted).127See supra notes 51-54, 97-100 and accompanying text.128SeeWeiss,supra note 78, at 4 (arguing that [w]ith the prevalence of search engine use to search forinformation, particularly information about a person, a plaintiff in a negligent hiring case might indeedargue that propensities leading to the employee harming the plaintiff could have been discovered bysearching the web, SMS included).


21/37


21

than it was in the past. In the past, employers could maintain tremendous control overvirtually all communications made on behalf of the company: Simply by controllingemployees access to the companys pre-printed letterhead and stationary, employerscould limit the ability of an unauthorized employee to send communications in thecompanys name.129 Now, with email as the dominant form of workplace communication

(and with email accounts that typically include an employers domain name or otheridentifying information), employers have enabled virtually everyemployee tocommunicate with others in the workforce (and with the outside world) in a manner thatbears the employers imprimatur.130 Moreover, in the past, communications themselvesgenerally were handwritten or typed with deliberation and care, and were delivered bysnail mail or, if urgent, by hand.131Now, with email emerging as the preferred form ofcommunication, employees communicate using far less care than in days gone by.Instead of carefully typed or handwritten communications, individuals frequently dashoff email messages with far less reflection and prudence, and then can disseminate thatthose messages to innumerable outsiders with the mere push of a send button.132 Asone commentator has observed, the days of true [employer] control [over employee

communications] are relics of another era.

133

For employers, the impact of such cavalier communications on their reputationcan be devastating. In May 2008, for example, Angelo Mozilo, then-CEO ofCountrywide Financial, mistakenly replied to a distressed debtor who had contactedCountrywide desperately seeking assistance with mortgage restructuring.134 In hismisdirected reply email, Mr. Mozilo wrote, This is unbelievable. Most of these lettersnow have the same wording. Obviously they are being counseled by some other person orby the Internet. Disgusting.135 When Mr. Mozilos email ultimately was widelycirculated on the Internet and in the news media, it led to significant embarrassment forCountrywide.136 An equally destructive situation (not directly involving email) arose inApril 2009, when two Dominos Pizza employees inflicted immeasurable damage upontheir employer after posting online several videos of unsanitary and disgusting actsengaged in during the preparation of a customers pizza.137 After the video ultimately

129See Keane,supra note 51, at 91.130See id. at 91-92.131See id.at 91.132See id. (stating that [e]mployees are able to communicate instantaneously and with an audience ofunlimited scope);see also id.(noting that modern-day correspondence is sent[] with the tap of the Sendbutton, often only seconds after the email or document is composed).133

See id.134Janice Macao, Ivan Espinoza-Madrigal and Sherita Walton, Think Twice Before You Hit The SendButton! Practical Considerations In The Use Of Email, THE PRACTICAL LAWYER, Dec. 2008 (citationomitted).135Id.136See id. For an additional example of a negative email damaging an employers reputation, see KimStates, Oh the social lessons learned when internal email goes viral, INSIDE TUCSON BUSINESS,Feb. 3,2012, available at http://www.insidetucsonbusiness.com/news/profiles/oh-the-social-lessons-learned-when-internal-email-goes-viral/article_e1343a86-4dc6-11e1-8f04-0019bb2963f4.html#.UTkeoXeTmyE.mailto.137SeeCarlin,supranote 102.


22/37


22

went viral, Dominos experienced a steepdecline in its stock values.138 In this way, anemployers hard-earned reputation can be shattered by careless or malicious employeebehavior, since email and other social media allow an isolated incident of misconduct orpoor judgment to become public fodder. In the words of one commentator, [n]everbefore has so much damage been accomplished by low level employees through mindless

behavior and social media.

139

By monitoring employee conduct in the workplace, aswell as communications that employees make about the workplace, employers may beable to limit or even avoid this type of damage.

Concerns about protecting an employers reputation seem particularly relevant inmotivating employers to monitor their employees social media postings.140 As notedabove, employees frequently exhibit little inhibition in posting a glut of information onsocial media sites, including their employers confidential or other proprietaryinformation.141 Employees social mediapostings also may spread negative aspersionsabout an employer, such as in one recent case involving a police officer who postedaccusations of department corruption on her Facebook page.142 Employers have an

interest in quelling this type of public disparagement: Just as an employee would expecthis/her employer not to publicize on its company Facebook page the results of theemployees negative performance review or the reasons for (or even mere fact of) theemployees termination, so too does the employerhave the right to expect its employeesnot to disparage the company in the online community.

138See id.;see also Kerry M. Lavelle, Why Every Employer Should Adopt a Social Media NetworkingPolicy, CONSTR.EQUIP.DISTRIB., Aug. 1, 2010, available at http://www.cedmag.com/article-detail.cfm?id=10926254 (describing damage to reputation of Burger King chain after video of Burger King

employee taking bath in workplace sink was electronically distributed to YouTube, MySpace, the healthdepartment, and to Burger Kings management).139SeeCarlin,supranote 102.140Notably, with respect to workplaces covered by the NLRA, the National Labor Relations Board(NLRB) has devoted significant attention to crafting guidelines for employers to use in setting workplacepolicies for social media use. See generallyLawrence E. Dube,NLRBsSolomon Tackles Social MediaCases, Giving Wal-Mart Policy Revision a Green Light, DAILY LABOR REPORT, May 31, 2012;see alsoNavigating the Social Media Policy Minefield, Gordon & Rees LLP, June 2012, available athttp://www.gordonrees.com/publications/viewPublication.cfm?contentID=2692(advising that[e]mployers looking to implement policies governing the use of social media by employees in theworkplace will have to devise policies that do not conflict with the [NLRA], which may be challenging toaccomplish). According to one attorney who practices in this area, the NLRB recently has beenaggressive in policing social media policies, frequently finding problems with confidentiality

provisions appearing in such policies, as well as with provisions that regulate the posting or publiccomments about a company, or that bar negative or disparaging comments about a company. See MichaelO. Loatman,Attorney Says NLRB Appointments Dispute Doesnt Change Social Media Policies Advice,DAILY LABOR REPORT, Mar. 6, 2003.141See supra notes 110-11 and accompanying text (discussing recent study that exposed employeeswillingness to friend and discuss confidential business information with total strangers on a social mediasite).142SeeGresham v. City of Atlanta,No. 1:10-CV-1301, 2012 WL 1600439, at *1 (N.D.Ga. May 7, 2012)(holding that police department did not violate police officers free speech rights when it denied officer apromotion after she posted accusations of department corruption on her Facebook page).


23/37


23

D. The New Normal: Advances in Technology and Changing

Employee Expectations as a Motivation for Snooping

One final reason for the increase in employer snooping is that this type ofbehavior has become significantly easier to implement. First, as noted above, technology

has become an increasingly prevalent part of the modern workplace,

143

frequently makingit less costly for employers to gather information about prospective and/or currentemployees. With the increasing availability of computer databases that contain millionsof records of personal data about individuals, the cost of searching these sources dropsfor employers.144 One recent study conducted by a University of Denver professordemonstrated just how easily (and inexpensively) a wealth of personal information can beaccessed by a third party: By providing some minimal information and paying $29.95 toan online investigations company, this professor was able to receivewithin a mere 15minutesan extensive personal dossier on himself.145 With such a wealth of informationavailable at such a low cost, searches that once resided in the toolbox of only large andresource-rich companies now may seem feasible to a broad range of employers.146

To a certain extent, these advances in technology create a cyclical phenomenon,culminating in an attrition of privacy rights: The more technology advances, the morethat certain intrusions which once would have seemed astonishing now may appearmundaneand even expected. In the recent Quon case, for example (discussed furtherbelow),147the Supreme Court observed the extent to which social norms play asignificant role in shaping the reasonableness of an individuals expectation of privacy.148According to the Court, [r]apid changes in the dynamics of communication andinformation transmission are evident not just in the technology itself but in what societyaccepts as proper behavior.149 In a similar vein, Professor Jeffrey Rosen, a noted scholarin the area of privacy law, has expressed surprise at the passivity with which Americanshave acceded to encroachments into their private lives, wondering about the tepidresponse to the increasing surveillance of our personal and private life.150 Employeesseem to expectand acceptthat their employers are engaging in some form ofworkplace monitoring. As technology makes it easier for companies to do so, theiremployees expectations of privacy decrease even further.151

143See supraat notes 51-71 and accompanying text;see alsoBentzen,supra note 6, at 1293 (citation andinternal quotations omitted) (stating that [n]ew technology has been injected into the workplaceat anexponentially increasing rate over the last few decades).144See Fact Sheet 16,supra note 48.145

See Sprague,supra note 5, at 89 (citation omitted).146See Fact Sheet 16,supra note 48.147See infra at Section VI.A.148See Keane,supra note 51, at 114.149City of Ontario, California, et al. v. Quon, 130 S.Ct. 2619, 2623 (2010);see alsoNoyce,supranote 7, at29 (stating that the circumstances of the workplace and the actions taken by the employer will dictatewhether an employees expectation of privacy is reasonable); Sprague,supra note 5, at 86-88 (noting alink between the degree of surveillance Americans undergo and the increase in workplace monitoring).150Rosen,supranote 116, at 25.151See Sprague,supra note 5, at 89.


24/37


24

One additional and related result of this increase in technology in the workplacehas been that areas of an employees life once deemed entirely personal now havebecome fair game for employer scrutiny: the personal has begin to blur with theprofessional.152 Employees use their employer-provided cell phones to make personalcalls or send personal texts; they send work-related email from their personal home

computer; they may keep all of their appointments personal and professionalon asingle electronic calendar.153 As one commentator observed, [g]iven the ubiquity ofelectronic communications in both business and social life, it is unrealistic to expect thatemployees will never use employer-provided systems to communicate about personalmatters.154 Yet once personal data makes its way into the workplacein particular,when such data is dragged into the workplace by the employee himself/herself does theemployer have an obligation to ignore that information? While employees objectstrenuously to what they see as employers snooping into their personal lives, perhaps theproblem is not an excessive snooping by employers, but rather an inabilityby employersto separate irrelevant personal information from highly relevant, professionalinformation?

Finally, not only has the amount of technology in the workplace increased (alongwith individuals reaction to such technology), but also the manner in which employeesconduct themselves overall has evolved in recent years. Individuals in all walks of lifegenerally seem more willing to lives their lives on display, not only tolerating othersefforts to monitor their behavior but in fact often encouragingsuch attention. Many ofthe newest members of the workforce belong to the so-called Facebook Generation, agroup so identified because of its tendency to share the minutiae of daily life with all oftheir hundreds of Facebook friends.155 According to one self-proclaimed member ofthis cohort, [m]y generation has long been bizarrely comfortable with being looked at,and as performers on the Facebook stage, we upload pictures of ourselves cooking dinnerfor our parents or doing keg stands at last nights party; we are reckless with our personal

152See generallyKim,supra note 6, at 910-14 (citations omitted);see alsoNoyce,supra note 7, at 29(discussing the growing use of technology in the workplace, [and] the feeble boundaries between workand home).153See Kim,supra note 6, at 911-12 (citations omitted);see alsoChristine Neylon OBrien, The FirstFacebook Firing Case Under Section 7 of the National Labor Relations Act: Exploring the Limits of Labor

Law Protection for Concerted Communication on Social Media, 45SUFFOLK U.L.REV.29,29 (2011)(Smartphones andother portable Internet data generators such as iPads, and even Internet hotspotsincorporated into motor vehicles, have encouraged the blurring of work and personal time such that peopleare tethered to their devices, checking their work and personal messages wherever they are and whatever

else they are doing); Rosen,supra note 116, at 84.154See Kim,supra note 6, 911 (citation omitted).155See WISEGEEK,available at,http://www.wisegeek.com/what-is-the-facebook-generation.htm (statingthat the Facebook generation is a title used to identify those who are growing up in a world where the useof online social networking is common) (italics in original);see alsoKalona Jordan, Social Networkingand the Overshare Generation, SITEPRONEWS, Aug. 24, 2010, available athttp://www.sitepronews.com/2010/08/24/social-networking-and-the-overshare-generation/ (stating that[t]he premise is that everyone in your social circle not only wants to know but NEEDS to know when youare buying that tall frappuccino from @starbucks. That they need to know precisely where you are andwhat you are doing every minute of the day.).
http://www.wisegeek.com/what-is-the-facebook-generation.htmhttp://www.wisegeek.com/what-is-the-facebook-generation.htmhttp://www.wisegeek.com/what-is-the-facebook-generation.htm

7/27/2019 In Defens

in defense of snooping employers

Documents