Protecting your privacy in the age of servers and social media
By Robert J. Bezemek And David Conway

Almost everyone uses social media. Whether it’s emailing, surfing the web, sending text messages, tweeting or tumblr, we are treating social media as an extension of our personal conversations with family, friends and co-workers. And we do it from every imaginable location — public transit, automobiles, restaurants, parks, sidewalks, the office, and throughout the campuses where we work.

Increasingly, however, we are vulnerable to unintended interception of our communications, or having those communications forwarded or shared by others (even when “private”) in ways that are beyond our control. From custodian to chancellor, someone, somewhere, may have the opportunity to read what you have posted online. And that can result in embarrassment — or worse, investigations, interrogations, and discipline, even discharge.

You may think that your social media communications are protected by law. They might be, but if you haven’t been careful, you may have waived your protections.

Invasion of privacy
When you use your own electronic device — a smartphone, tablet, or personal computer — you have a right of privacy. However, that right may be compromised or invalidated, depending on whether your use was “in the open” where others could read what you posted, whether you had a reasonable expectation of privacy because the device or service required a password, whether any relevant policies of the service provider or employer were implicated, and based on who might be looking in. Even so, the legal precedent in this area is not consistent enough to be relied upon.

If you use that device at work to get a cellular or internet connection, you may be connecting through your employer’s router and server. And everything traveling through the employer’s router is available to the employer, and may be saved on the employer’s hard drives or servers, or off-site by a third party. It might be easy for the employer to search your electronic communications without your knowledge. Isn’t that an invasion of your privacy? Probably not, unless your union has negotiated protection.

Most employers have computer and email usage policies which declare that you have no right of privacy when using employer-owned electronic equipment. So, once you’ve signed on, it is possible that a court or other entity will find that you’ve “waived” any right to privacy. This extends to conversations that would normally, and reasonably, be private. This trend is alarming, for the courts have ruled for many years that employees do have a right of privacy at work.

Though employers like to argue that if they “own it” (the building, the campus, your file cabinet) they can seize it or inspect it, some courts have recognized a zone of privacy in desk drawers, file cabinets, and offices. But these protections are under attack, with employer “computer use policies” which abrogate these privacy rights.

A recent and disturbing California case, Holmes v. Petrovich Development Co., 191 Cal. App. 4th 1047 (2011), held that emails sent from an employee to her attorney, through her employer’s work email system, were not protected by the attorney-client privilege. The employer searched for those emails, read them, and used them to try to defeat the employee’s lawsuit alleging wrongful dismissal. The court found that because she used an employer email system, with a stated policy that emails “are not private,” the privilege did not apply.

If you are issued an employer-owned computer, most employer policies dictate what you can and cannot do with the computer and provide that you waive your right of privacy as a condition of accepting the electronic device. You might be surprised at what you’ve agreed to merely by turning on your employer-owned computer, the one you use as though it were your private computer.

The most secure, and only prudent way to preserve your right of privacy is for your union to negotiate contractual language to protect your privacy and use of electronic resources, email and internet access. Otherwise, any reliance on legal privacy protections may be grievously misplaced.

The realities of the modern workplace are that you need a computer at work, to connect to your students, colleagues, parents, administrators and others. And, the reality is that employers need to respect that you are entitled to privacy when you use these devices for personal purposes, and that such personal use is natural and commonplace.

Even in the “best environment” possible — a workplace with comprehensive, negotiated privacy protections — it is still best to not rely on employer email for sensitive matters. All highly confidential or private emails (such as an email to your union or about your supervisors, complaints or grievances) should be sent from a non-work email account. There is simply no reason to risk it, when you may never even know if your privacy was compromised.

New state law attempts to protect social media networking
In September, Gov. Brown signed a social media privacy protection bill into law that protects employees and job applicants from an employer’s intruding into their social networking sites. Assembly Bill 1844 prohibits employers from requiring employees and job applicants to provide them with social media user names or passwords. The law doesn’t go far enough, but it is a step in the right direction.

Even this law has exceptions, however. It does not prohibit an employer from requesting passwords necessary to access electronic devices that it owns, or from demanding “an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations, provided that the social media is used solely for purposes of that investigation or a related proceeding.” As this is a new law, the full scope of this second exception is not yet entirely clear.

While AB 1844 is an improvement on the current state of affairs, this law should not be seen as any guarantee, or even a reasonable assurance, that employers will not be able to find anything and everything you post online. Remember, an employer still has access to any public information that you share online (such as tweets, blog posts, or the ever-changing “public” portions of a Facebook page) and any ostensibly “private” information that a third party may share with them.

Put another way, information on Facebook that is visible to each and every one of your “friends” is not private. Many people have only realized this after they have been terminated for making “disparaging” or “disloyal” remarks, for comments forwarded to the employer by others, or for making comments that were not hidden or protected by Facebook’s “private” settings as well as the employee thought. In one notable case considered by the National Labor Relations Board, an employee was fired for simply “liking” another employee’s comment on Facebook.

Protected union activity in an online world
Sharing information about employers, work issues and concerns among colleagues is common. Using social media for such discussion has important considerations with respect to “protected union and concerted activity” under both the National Labor Relations Act and collective bargaining laws administered by the California Public Employment Relations Board — the Education Employment Relations Act and the Higher Education Employer-Employees Relations Act. These two California laws give public school, community college and UC employees the right to organize and form unions, and to otherwise help one another with employment-related issues through “mutual aid and protection.” (See Glossary)

Although no law keeps this information entirely private, online comments and discussion are nevertheless sometimes considered “protected activity” under the NLRA, EERA, or the HEERA, depending on fact-specific circumstances.

Under laws enforced by PERB and the NLRB, it is unlawful for an employer to impose or threaten reprisals, or to discriminate against employees who exercise their rights under that law to engage in “protected activity.” Employer reprisals or discrimination can be any adverse employment action that an employer takes because of the protected activity, such as a reprimand, suspension or termination. If an employee’s complaints about safety at work are made on behalf of or shared with coworkers, the comments are usually protected speech.

Most important for online conversations and postings, protected employee activity includes engaging in the “mutual aid and protection” of coworkers, regardless of whether a union is involved. A common form of mutual aid is participating in conversations with colleagues about the employer’s working conditions — wages, safety, academic freedom, etc.

While these conversations could take place in person, the NLRB has recognized that today it is even more common for such discussions to take place online, over email or social networking sites such as Facebook. Moving the conversation online does not lessen the scope of protection, but it certainly makes it easier for an employer to see which employees may be complaining about them. And if the conversation does not fit the fact-specific outline for “protected activity,” or if one of numerous exceptions to the rule apply, then discipline or termination may result. However, some communications may be protected by the U.S. Constitution, when, for instance, they address matters of “public concern.”

The following two online speech examples illustrate how NLRA and EERA “fact-based” inquiries into online conversations or Facebook postings hinge on minor details, and can end up with completely different end results.

In one recent NLRB case, an employee posted comments online critical of safety in the workplace. While it would seem that this is protected, the NLRB ruled that it was not. The employee never discussed his safety concerns with his co-workers, and did not share the postings with his co-workers, despite the importance of the issue, so he did not meet the “mutual” prong of the aid and protection test. The employee was terminated.

In another recent case, an employee posted critical remarks on Facebook regarding her manager’s fairness towards her and her coworkers that were a “continuation” of a similar conversation she had earlier that day with her coworkers. Another employee “liked” the comment. Both were terminated, but later reinstated, because the conversation was for their mutual aid and protection.

The bottom line: The final test for proving that an employer retaliated or discriminated against an employee for engaging in protected activity such as the “mutual aid and protection” of his or her coworkers can be very fact-specific.

The most prudent course of action is to (1) negotiate contractual protection to limit employer surveillance and (2) assume an employer may find a way to access even “private” online postings. It would also be wise to protect your electronic devices with security measures, starting with a password.

Protecting your privacy in the age of servers and social media
By Robert J. Bezemek And David Conway

Almost everyone uses social media. Whether it’s emailing, surfing the web, sending text messages, tweeting or tumblr, we are treating social media as an extension of our personal conversations with family, friends and co-workers. And we do it from every imaginable location — public transit, automobiles, restaurants, parks, sidewalks, the office, and throughout the campuses where we work.

Increasingly, however, we are vulnerable to unintended interception of our communications, or having those communications forwarded or shared by others (even when “private”) in ways that are beyond our control. From custodian to chancellor, someone, somewhere, may have the opportunity to read what you have posted online. And that can result in embarrassment — or worse, investigations, interrogations, and discipline, even discharge.

You may think that your social media communications are protected by law. They might be, but if you haven’t been careful, you may have waived your protections.

Invasion of privacy
When you use your own electronic device — a smartphone, tablet, or personal computer — you have a right of privacy. However, that right may be compromised or invalidated, depending on whether your use was “in the open” where others could read what you posted, whether you had a reasonable expectation of privacy because the device or service required a password, whether any relevant policies of the service provider or employer were implicated, and based on who might be looking in. Even so, the legal precedent in this area is not consistent enough to be relied upon.

If you use that device at work to get a cellular or internet connection, you may be connecting through your employer’s router and server. And everything traveling through the employer’s router is available to the employer, and may be saved on the employer’s hard drives or servers, or off-site by a third party. It might be easy for the employer to search your electronic communications without your knowledge. Isn’t that an invasion of your privacy? Probably not, unless your union has negotiated protection.

Most employers have computer and email usage policies which declare that you have no right of privacy when using employer-owned electronic equipment. So, once you’ve signed on, it is possible that a court or other entity will find that you’ve “waived” any right to privacy. This extends to conversations that would normally, and reasonably, be private. This trend is alarming, for the courts have ruled for many years that employees do have a right of privacy at work.

Though employers like to argue that if they “own it” (the building, the campus, your file cabinet) they can seize it or inspect it, some courts have recognized a zone of privacy in desk drawers, file cabinets, and offices. But these protections are under attack, with employer “computer use policies” which abrogate these privacy rights.

A recent and disturbing California case, Holmes v. Petrovich Development Co., 191 Cal. App. 4th 1047 (2011), held that emails sent from an employee to her attorney, through her employer’s work email system, were not protected by the attorney-client privilege. The employer searched for those emails, read them, and used them to try to defeat the employee’s lawsuit alleging wrongful dismissal. The court found that because she used an employer email system, with a stated policy that emails “are not private,” the privilege did not apply.

If you are issued an employer-owned computer, most employer policies dictate what you can and cannot do with the computer and provide that you waive your right of privacy as a condition of accepting the electronic device. You might be surprised at what you’ve agreed to merely by turning on your employer-owned computer, the one you use as though it were your private computer.

The most secure, and only prudent way to preserve your right of privacy is for your union to negotiate contractual language to protect your privacy and use of electronic resources, email and internet access. Otherwise, any reliance on legal privacy protections may be grievously misplaced.

The realities of the modern workplace are that you need a computer at work, to connect to your students, colleagues, parents, administrators and others. And, the reality is that employers need to respect that you are entitled to privacy when you use these devices for personal purposes, and that such personal use is natural and commonplace.

Even in the “best environment” possible — a workplace with comprehensive, negotiated privacy protections — it is still best to not rely on employer email for sensitive matters. All highly confidential or private emails (such as an email to your union or about your supervisors, complaints or grievances) should be sent from a non-work email account. There is simply no reason to risk it, when you may never even know if your privacy was compromised.

New state law attempts to protect social media networking
In September, Gov. Brown signed a social media privacy protection bill into law that protects employees and job applicants from an employer’s intruding into their social networking sites. Assembly Bill 1844 prohibits employers from requiring employees and job applicants to provide them with social media user names or passwords. The law doesn’t go far enough, but it is a step in the right direction.

Even this law has exceptions, however. It does not prohibit an employer from requesting passwords necessary to access electronic devices that it owns, or from demanding “an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations, provided that the social media is used solely for purposes of that investigation or a related proceeding.” As this is a new law, the full scope of this second exception is not yet entirely clear.

While AB 1844 is an improvement on the current state of affairs, this law should not be seen as any guarantee, or even a reasonable assurance, that employers will not be able to find anything and everything you post online. Remember, an employer still has access to any public information that you share online (such as tweets, blog posts, or the ever-changing “public” portions of a Facebook page) and any ostensibly “private” information that a third party may share with them.

Put another way, information on Facebook that is visible to each and every one of your “friends” is not private. Many people have only realized this after they have been terminated for making “disparaging” or “disloyal” remarks, for comments forwarded to the employer by others, or for making comments that were not hidden or protected by Facebook’s “private” settings as well as the employee thought. In one notable case considered by the National Labor Relations Board, an employee was fired for simply “liking” another employee’s comment on Facebook.

Protected union activity in an online world
Sharing information about employers, work issues and concerns among colleagues is common. Using social media for such discussion has important considerations with respect to “protected union and concerted activity” under both the National Labor Relations Act and collective bargaining laws administered by the California Public Employment Relations Board — the Education Employment Relations Act and the Higher Education Employer-Employees Relations Act. These two California laws give public school, community college and UC employees the right to organize and form unions, and to otherwise help one another with employment-related issues through “mutual aid and protection.” (See Glossary)

Although no law keeps this information entirely private, online comments and discussion are nevertheless sometimes considered “protected activity” under the NLRA, EERA, or the HEERA, depending on fact-specific circumstances.

Under laws enforced by PERB and the NLRB, it is unlawful for an employer to impose or threaten reprisals, or to discriminate against employees who exercise their rights under that law to engage in “protected activity.” Employer reprisals or discrimination can be any adverse employment action that an employer takes because of the protected activity, such as a reprimand, suspension or termination. If an employee’s complaints about safety at work are made on behalf of or shared with coworkers, the comments are usually protected speech.

Most important for online conversations and postings, protected employee activity includes engaging in the “mutual aid and protection” of coworkers, regardless of whether a union is involved. A common form of mutual aid is participating in conversations with colleagues about the employer’s working conditions — wages, safety, academic freedom, etc.

While these conversations could take place in person, the NLRB has recognized that today it is even more common for such discussions to take place online, over email or social networking sites such as Facebook. Moving the conversation online does not lessen the scope of protection, but it certainly makes it easier for an employer to see which employees may be complaining about them. And if the conversation does not fit the fact-specific outline for “protected activity,” or if one of numerous exceptions to the rule apply, then discipline or termination may result. However, some communications may be protected by the U.S. Constitution, when, for instance, they address matters of “public concern.”

The following two online speech examples illustrate how NLRA and EERA “fact-based” inquiries into online conversations or Facebook postings hinge on minor details, and can end up with completely different end results.

In one recent NLRB case, an employee posted comments online critical of safety in the workplace. While it would seem that this is protected, the NLRB ruled that it was not. The employee never discussed his safety concerns with his co-workers, and did not share the postings with his co-workers, despite the importance of the issue, so he did not meet the “mutual” prong of the aid and protection test. The employee was terminated.

In another recent case, an employee posted critical remarks on Facebook regarding her manager’s fairness towards her and her coworkers that were a “continuation” of a similar conversation she had earlier that day with her coworkers. Another employee “liked” the comment. Both were terminated, but later reinstated, because the conversation was for their mutual aid and protection.

The bottom line: The final test for proving that an employer retaliated or discriminated against an employee for engaging in protected activity such as the “mutual aid and protection” of his or her coworkers can be very fact-specific.

The most prudent course of action is to (1) negotiate contractual protection to limit employer surveillance and (2) assume an employer may find a way to access even “private” online postings. It would also be wise to protect your electronic devices with security measures, starting with a password.

6 Maxims for your digital life

  1. Most employers have computer and email usage policies which declare that you have no right of privacy when using employer-owned electronic equipment. Once you’ve signed on, it is possible that a court or other entity will find that you’ve “waived” any right to privacy.
  2. All highly confidential or private emails, such as an email to your union or about your supervisors, complaints or grievances, should be sent from a non-work email account.
  3. Assembly Bill 1844 prohibits employers in most situations from requiring or demanding employees and job applicants to share or provide them with social media user names or passwords.
  4. Assume your employer can find “private” online postings and public information that you share online, such as tweets, blog posts, or “public” portions of a Facebook page, as well as any ostensibly “private” information that a third party may share with them.
  5. The only prudent and secure way to preserve your right of privacy is for your union to negotiate contractual language to protect your privacy and use of electronic resources, email and internet access.
  6. It’s wise to protect your personal electronic devices with security measures, starting with a password.

Glossary of Terms

National Labor Relations Board (NLRB) The federal agency created by the National Labor Relations Act (NLRA) of 1935 that performs the following functions in private sector workplaces: determine bargaining units, hold elections to determine whether a majority of employees want to be represented by a specific union, certify unions to represent employees, and administer other provisions of the act.

Educational Employment Relations Act (EERA) The 1975 act that brought collective bargaining rights to the employees of California’s public schools and community colleges. This includes bargaining, representation, and certain employee rights.

Higher Education Employer-Employees Relations Act (HEERA) The 1978 act that brought collective bargaining to the employees of California’s universities. HEERA governs the union’s role and rights in the universities.

Public Employment Relations Board (PERB) The California governmental agency charged with administering and enforcing state collective bargaining statutes, including EERA and HEERA. Its powers include the authority to determine bargaining units, to conduct representational elections, to identify and correct unfair labor practices, hold fact-finding hearings, certify impasse and similar functions.

Protected concerted activity When two or more employees take action for the purpose of union organizing or union activity, collective bargaining, or otherwise for their their mutual aid or protection regarding the terms and conditions of their employment. Such activities are “protected” under the federal NLRA and state labor laws including EERA and HEERA.