1. You have a right of privacy in your use of non-employer chat rooms, internet bulletin boards, social networks or blogs, but only if that media is password restricted to persons screened to participate in the forum. The problem of privacy arises when employees disparage or criticize an employer, it products or its customers on such e-sites, and the employer discovers the communications. The employer then fires the participating employees, who claim the terminations are in violation of “public policy” protecting privacy.
Frankly the law is unsettled in this area. That is, no case directly addresses privacy rights by specifically covering use of blogs, chat rooms, social networks, or electronic list services. The best guiding principle then is the default common law principle: “Does this person have a reasonable expectation of privacy” for this particular communication in these particular circumstances.
If your settings on Facebook are completely open and unrestricted to the world, you can hardly claim a “privacy” expectation. [That you use a password to log-on to a social network does not mean you reasonably expect your postings to be “private”]. The employer can argue it really has no obligation at law to employ persons who demonstrate such low regard for its business. On the other hand, if you do an exemplary job, keep your opinions to yourself at work, and if you have limited the access and participation of others to your off-site internet postings, you probably have the right to be left alone by the employer.
Be cautious however. Only post to internet forums on non-work time, and don’t use your employer’s computers or servers. Routing the communications through company computers and internet servers can itself operate to remove any privacy expectation.
2. Use your common sense: if you have a work group that forms an off-hours, off-site internet blog or chat room to denigrate their employer, you run the risk that one of the participants will turn coat, and disclose one or more of the other participants. That defector then may give consent to management to access the site by providing his or her password. Alas, the privacy right has disappeared, unless you can convince your defector to testify that he or she was threatened with termination or discipline if she did not grant access. Basic advice: choose your forum participants carefully, and limit the number, to maintain better control. A Facebook or MySpace “friend” may be your worst enemy.
4. If you use a non-employer internet service provider [“ISP”] to slander the employer, or to disclose its internal trade secrets or confidential operations, the employer may seek to get proof of those communications by serving subpoenas on the ISP. The ISP will be well advised to resist the subpoena by seeking a protective order. If it fails to do so, it could be in violation of your rights under the “Stored Communications Act” or “SCA”. The SCA requires the ISP to protect your privacy by asserting that it is exempted from compliance with the subpoena under the SCA. A California court has ruled that an employer’s service of a subpoena on the ISP to get at the identities of persons sending emails to or receiving emails from an employee regarding the employer’s business is not an enforceable subpoena. O’Grady v. Superior Court (2006) 139 Cal.App.4th 1423, 1441.
5. What if you the employee install a “privacy” program on your employer’s Bar Tenders? These programs often are “secure-erasure” programs that prevent recovery of deleted files. [Employees often think they are “safe” by deleting private emails or private files from their employer’s system. Not so. These are almost always still recoverable by the employer’s I.T. personnel]. The installation of such “secure-erasure” programs violate a federal statute known as the “Computer Fraud and Abuse Act” or “CFAA”, [18 USC Sec. 1030]. Installation of the program violates the law if it is loaded without authorization, and used to “damage” the employer’s data. Permanent erasure comes within the definition of “damage”.
6. In California, an employer seeking to quell private, off-hours, off-site communications could be the subject of an “anti-SLAPP motion”. SLAPP refers to “Strategic Lawsuits Against Public Participation”. [Code of Civil Procedure § 425.16] This law basically gives a litigant the opportunity to expose a lawsuit as a meritless set of allegations having the hidden purpose of intimidating the other party from communicating freely on an “issue of public interest”. An employee who works for a bank, for example, who uses a non-employer internet site during off-hours, and by use of her own computer and ISP, posts an opinion critical of the banking industry and of her employer specifically would likely prevail in having the employer’s complaint dismissed as an intimidation tactic intended to chill a constitutional right of free speech. To win the motion, the employee would need to prove two things: that her speech or writing was of “public interest” and that the employer’s suit against her lacked any substantial facts to support the charges against her. For example, if the employer claimed defamation, the employee could counter with evidence that she was merely stating opinion, or that her assertions of fact were true. Of course, if she is fired for her communication, she could also file suit against her employer for wrongful termination alleging the same illegal employer motive: to punish her free speech rights. More good news for the employee is that if she wins the “anti-SLAPP” motion, she is entitled to recover her attorney’s fees and costs from the employer.
In summary, employers often cross the line when seeking to control employees simply because they have the resources to do so. Yet, privacy rights are so fundamental to our life as a nation that laws have been enacted or cases decided that “level the field” for employees.