Adventures in Cyber Security

cyber securityOne of the most exciting aspects of employment law is the inexhaustible list of ways that employees find to get themselves—and their employers—into trouble.  Recently, we have observed an uptick in electronic security attacks which makes the close of 2018 a perfect time to refresh ourselves on the “Dos” and “Don’ts” of cyber security. Continue reading

Delaware Social Media Privacy Law Moves Ahead

At our Annual Employment Law Seminar last week, I spoke about the “Facebook Privacy” bill that was then pending in Delaware’s House of Representatives.  The bill passed the House on later that day and is now headed to the Senate.  For those of you who weren’t in attendance last week, here’s a brief recap of the proposed law.  Continue reading

Lawsuits, Discovery, and the Right to Privacy In the Context of Social Media

A party’s “right to privacy” in the context of social media is the subject for numerous motions in civil litigation.  The scenario goes like this:  Plaintiff sues defendant, alleging injuries.  Defendants seeks discovery of Plaintiff’s social-media content, such as photos, posts, and comments, in the hopes of disproving liability and/or damages.  Plaintiff claims right to privacy in social-media content.  Court must decide. Continue reading

Facebook Threats Constitute Legitimate Grounds for Termination

Earlier this week, I wrote about the issue of threats made via Facebook constitute constitutionally protected speech.  Today’s post also is about threats made via Facebook but in the context of the workplace.  The case, decided by the Court of Appeals of Ohio, is timed perfectly for my road trip tomorrow to Ohio. social media letterpress_3

In Ames v. Ohio Department of Rehabilitation & Correction, an employee, a Senior Parole Officer, was sent for an independent medical exam after she posted a Facebook comment that her employer believed to be a threat.  The comment was in reference to shooting parolees.  The employee claimed that the comment was a joke.  The psychologist who conducted the exam cleared her to return to work, finding no evidence of depression, anxiety, or mood disturbance. Continue reading

Issue of Threats via Facebook Heads to the Supreme Court

The intersection of Facebook use and Free Speech is complicated.  Complicated enough, in fact, that the U.S. Supreme Court will weigh in on the subject when it decides a case it is scheduled to hear argument in today, Elonis v. United States. text message speech bubble or twitter keyboard_3

The basic legal principle at issue is what constitutes a “true threat.”  It is a crime to use the phone or Internet to make a “threat to injure” another person.  And “true threats” are not protected as speech under the First Amendment.  So, “true threats” to injure another made via Facebook can be punishable as crimes.  Otherwise, the speech would be protected by the constitution and could not be considered criminal.

But what’s a “true threat?”  Is that question to be answered by the “reasonable person” who would be subject to the threat?  Or does the speaker have to have intended his words as a threat to constitute a criminal act?

In Elonis, the defendant was arrested after making violent threats directed to his ex-wife (and others).  At trial, he testified that he did not intend to frighten anyone and compared his posts to rap lyrics.  The jury didn’t buy it and found that a reasonable person would have viewed the posts as “true threats.”  So now the Supreme Court will decide what the “true test” for “true threats” should be.

The legal issue may appear easier than it is.  The facts of the case may make the speech and speaker less sympathetic.  For example, his Facebook comments included the following about his wife, after she left with their two children:

If I only knew then what I know now, I would have smothered [you] with a pillow, dumped your body in the back seat, dropped you off in Toad Creek and made it look like rape and murder.

He later posted, “I’m not gonna rest until your body is a mess, soaked in blood and dying from all the little cuts.”  And, when a court issued the wife a protective order, Elonis posted whether it was “thick enough to stop a bullet.”  He also threatened to kill an FBI agent and to slaughter a class of kindergarten students, reports the LA Times.

Three Tips for Protecting Your Electronically Stored Confidential Information

Employers, do you know what apps your employees are using?  That’s the question posed by a recent article in the WSJ.  (See Companies Don’t Know What Apps Their Employees Are Using).  My guess is that the answer to this important question is, “No.”  Here are my top tips for how not to be the employer discussed in the WSJ article. cloud storage file cabinet drawer and folders_3

First, have a policy about employees’ use of cloud-based apps to save work-related documents.  Consider prohibiting employees from saving work documents to cloud-based storage accounts such as Dropbox, SkyDrive, and Box.net.  Also consider prohibiting employees from backing up the contents of their work laptops to cloud-based back-up accounts, such as Mozy and Carbonite. Continue reading

A Perk of BYOD Policies at Work

Employers face a serious challenge when trying to prevent employees from taking confidential and proprietary information with them when they leave to join a new employer-particularly when the new employer is a competitor.   When an employer becomes suspicious about an ex-employee’s activities prior to his or her last day of work, there are a limited number of safe avenues for the employer to pursue. privacy policy with green folder_thumb

Generally, an employer should not review the employee’s personal emails or text messages if they were sent or received outside the employer’s network.  But what if the employee turns over his personal emails or text messages without realizing it?  The answer is, as always, “it depends.”  A recent case from a federal court in California addresses the issue in a limited context. Continue reading

Keeping Secrets on Social Media: Part II

Employees telling secrets online was the subject of yesterday’s post, Keeping Secrets on Social Media.  Today’s post–a continuation of the theme from yesterday–is about “auto-expire” apps.

telling secrets_thumb

An “auto-expire” app is an app that enables users to set an automatic expiration date and time for social-media or other online content.  There are lots of reasons one would use an auto-expire app but the three that come immediately to mind are regret, efficiency, and secrecy.

Social-media regret is nothing new.  Just last summer, I wrote a post about social-media regret syndrome.  Auto-expire apps like Xpire, for example, allow users to set expiring posts for Facebook, Twitter, and Tumbler.

Efficiency also is a reason to consider these apps. You don’t need to keep (or have others keep) the series of text messages exchanged about where to meet for lunch.

But secrecy, in my opinion, is the most prominent reason for the increased interest in these auto-expire apps.  In the employment context, there may be security reasons for having highly confidential discussions automatically deleted forever.  Apps like Wickr (branded as “a top-secret messenger), are targeted to businesses for exactly that reason.  Wickr advertises that messages sent through the app contain no geolocation data and are not tracked or monitored–what’s yours is yours and cannot be accessed by the host site.

Be careful, though, about what you send through these apps–people are often surprised by the utility of having access to evidence in the form of contemporaneous posts and conversations.  But, for certain exchanges, you can imagine the equally powerful utility of having an untraceable and permanently deleted line of communications.

Keeping Secrets on Social Media

The title of this post is a bit laughable, isn’t it?  I mean, really, it’s almost an oxymoron.  Keeping secrets on social media?  What’s the point?  The very existence of social media is dependent upon sharing-not secret-keeping.  But the two are intersecting more and more.  Which is why I am writing a short series of posts about the topic.  Beginning today with a post about “anonymous” apps.telling secrets_thumb

Back in February, fellow employment lawyers, Adam S. Forman and Dan Schwartz, and I were interviewed for an article in Law360, titled, “What Employers Need to Know About the New Social Media.”  In that article, I discussed what I think is the wave of the future in social media for employers-apps focused on secrecy.

For example, one app, Secret, allows users to share anonymous messages with anyon3e in their contacts who also uses the app.  Employers in the tech industry, where these apps are particularly popular, are struggling with how to deal with (and, preferably, prevent), the loss of confidential company information.

For example, an employee hears through the grapevine that the Vice-President of R & D has taken a job with a competing firm.  Employee posts that hot tidbit on Secret, where all of his work colleagues (who also have the app, of course), will see it.  The firm can be seriously disadvantaged by uncontrolled leaks of information.  And, when the app is designed specifically for that very purpose, it is hard to address with any meaningful result.

As a side note, educators are struggling with a related problem.  Students bullying other students via these anonymous apps is a serious problem that many school districts are trying to manage.

So what should employers be doing?  Well, to start, they should be reading this blog post.  If they do, at least they’ll know about the existence of these “anonymous” social-media apps and about the potential issues the employer may be facing already because of them.  Next, employers should consider investigating for themselves. Have an individual from HR subscribe to the service and see what, if anything, is posted about the company.  Although it may hurt to find out, it’s better that you know so you can make a rational decision about how, if at all, to address it.

In the next post in this series, I’ll discuss “auto-expire” apps that enable users to set an expiration date on their posts and messages.  Stay tuned.

How NOT to Produce Facebook Evidence

Electronic discovery, the collection and production of electronic documents in litigation, is a scary thing to many lawyers. Some are so scared by it, in fact, that they just deny that it exists and continue to produce only hard-copy documents. Of course, that is a terrible idea. And not at all in compliance with the rules of procedure. But, alas, it is what it is.logo_from_dev

There are times that a lawyer will want to produce electronic records, such as text messages, emails, and, heaven forbid, social-media content, but simply not know how to do it.  I had an opposing counsel call me once and say that he was willing to produce his client’s relevant Facebook posts if I would show him how to do it.  Ummmm, no.

My point, though, is that lawyers are ethically bound to understand and comply with the applicable e-discovery rules but, as a matter of practical reality, that does not mean that they comply.  Which is why e-discovery continues to be a predominant subject for discussion in the legal profession.

A recent case from South Carolina gives a pretty good example of how not to produce electronically stored information (ESI).  In Wellin v. Wellin, the defendants moved to compel the production of certain ESI, including emails, text messages, and Facebook posts in “native format.”  (Native format means, in the most basic sense, that if it was originally in electronic form, you must produce it in electronic form, as opposed to paper form).

The plaintiffs apparently had attempted to produce the requested items but, instead of producing the responsive material in native format, they . . . [wait for it, wait for it] . . . :

printed out responsive emails and provided photocopies of certain portions of those emails to defendants. Additionally, [one plaintiff] provided the content of several text message exchanges and Facebook posts by transcribing those messages on loose-leaf paper.

The Court granted the motion to compel.

Initially, I assumed that the producing parties must have been acting pro se (without counsel) because there is just no way that a lawyer would produce text messages and Facebook posts that were “transcribed” on “loose-leaf paper.”  Upon closer review of the opinion, though, it appears that all parties were represented.  Clearly, I am missing something about the course of events that led a party to produce ESI in this “format” (is loose-leaf paper even considered a “format”?).

What matters, though, is that employers and their counsel be diligent in their efforts to preserve all potentially relevant evidence, including text messages and social-media content, and to preserve it in its original form (native format).  Preservation is the first step.  Maybe we can work on our production skills after that.  I’ll keep my fingers crossed.

Wellin v. Wellin, No. 2:13-cv-1831-DCN, 2014 U.S. Dist. LEXIS 95027 (D.S.C. July 14, 2014).