When Employees Vent
IN MARCH 2004, the Hillstone Restaurant Group hired Brian Pietrylo and Doreen Marino to work as servers in one of its restaurants, Houston’s, located in the Riverside Square Mall in Hackensack, New Jersey. Both Pietrylo and Marino were given consistently good reviews. Pietrylo, in particular, was often ranked by management as one of the top three servers in the restaurant.
In their off-hours, Pietrylo and Marino maintained an account on the MySpace social networking site. They established a private group that could only be accessed by invitation and required a password to enter. Pietrylo invited several of his co-workers to join the group. In the initial post after the group was established, Pietrylo wrote, “I just thought that this would be a nice way to vent about any BS we deal with at work without any outside eyes spying on us. This group is entirely private, and can only be joined by invitation.”
None of the employees who were part of the group accessed the site during work hours. No one from management was invited to join.
In May 2006, another member of the group, Karen St. Jean, was approached by her supervisor, Robert Anton. Having heard rumors about the MySpace group, Anton asked St. Jean to give him her e-mail address and her password to the site. Though St. Jean willingly gave Anton the information, she told her coworkers that she felt pressured to do so because Anton was her boss.
St. Jean did not give Anton permission to share her e-mail address and personal password with anyone else. However, after Anton accessed the MySpace account, he gave the information to three senior executives at the company—a regional supervisor, the vice president of operations, and the director of human resources. Anton gave the executives detailed instructions on how to access the site. He then accessed the site several more times, making copies of the conversations occurring there.
The contents of the site were mostly complaints about management and general workplace gossip. Anton claimed that the discussions concerned him because they were “offensive” and contained some sexual banter. However, none of the employees claimed that there had been sexual misconduct at the restaurant.
Pietrylo and Marino were fired by the company’s regional supervisor for instigating and maintaining the group. The two employees sued Hillstone, claiming that when management accessed the account, the company violated federal and state statutes that protect against unauthorized access of electronic data. They also filed a claim of wrongful termination.
A New Jersey jury found in favor of the two employees and awarded them $3,400 in back pay and $13,600 in punitive damages. The company appealed the case to the U.S. District Court for the District of New Jersey.
The appeals court upheld the lower court’s ruling, confirming that the jury was justified in believing that Anton pressured St. Jean to give up personal information and that it was reasonable for the jury to find that the company had acted maliciously. In summing up the case (Pietrylo v. Hillstone Restaurant Group, U.S. District Court for the District of New Jersey, 2009), the court noted that while the company had a right to protect itself from harassment or humiliation, the jury reasonably concluded that the method the company used to protect those values was improper.
Lessons
Experts say that companies can learn from the case. It shows the importance of establishing a policy about social networking sites. Other issues to consider apart from that specific case include third-party monitoring and how to investigate concerns.
Policy. The first step, according to Brian D. Hall, a partner in the labor and employment department with Porter Wright Morris & Arthur LLP in Columbus, Ohio, is to set up a social media policy for employees. But companies must be aware that social networking sites are legally different from something like e-mail communications, notes Mark McCreary of Fox Rothschild LLP in Philadelphia, an employment law expert who runs a blog on legal issues pertaining to data privacy.
Companies are used to dealing with media they control, he explains. “If I shoot off an e-mail to my girlfriend from work saying what a jerk my boss is, I am using a company-owned account, and the company can use that information to make employment decisions,” says McCreary. “With a social networking site, the company doesn’t own anything, they have no inherent rights. This is a totally different scenario, and companies must tread lightly.”
This policy should make it clear that employees agree to cooperate in any investigation of improper use of a social networking site to the detriment of the employer. “You don’t want to see everything that’s on everyone’s Facebook page,” says Hall. “But being able to access someone’s comment about a safety issue at one of your stores, that could help prevent liability.”
Management at all levels should be trained on privacy issues, both from a legal and an employment-policy perspective. It is critical that managers understand employees’ expectations of privacy in the organization as it relates to internal organizational monitoring, such as Internet access and e-mails, as well as external monitoring, such as social media sites.
Monitoring. Just as companies hire firms to monitor other parts of the Internet for mentions of the company as a form of reputation and intellectual-property protection, Hall suggests hiring a third party to monitor social networking sites on behalf of the company. However, most monitoring companies look for references to an organization, its products, or individuals within that organization. Though such monitoring may detect disparaging comments made by customers, former employees, and others, the main purpose of the monitoring is to gain an understanding of the marketplace. It is important, therefore, that the hiring company be sure that the monitoring service understands what information is relevant.
The monitoring company must also understand what information is within its purview; it must not circumvent the privacy settings at social networking sites, he says. For example, in its terms of use, Facebook makes it clear that you cannot use someone else’s password to gain access to the site. It is also against the rules to give someone else your password. Friending another coworker to get at the information in a roundabout way is close to the line, according to Hall. From a legal perspective, that might be unethical but not necessarily illegal.
Investigations. Then, if a company finds that an issue is worth pursuing, it should conduct a formal investigation. However, companies should consider whether the issue is significant enough to merit the investigation, and employee ranting rarely measures up, says Hall. “Employees griping that they aren’t happy with their jobs is not really a problem. All employees do that,” he notes. “Of more concern is disclosure of trade secrets or product-liability issues.”
McCreary agrees. “If a serious breach has occurred such as the posting of a trade secret, the issue changes radically. The company absolutely has the right to protect that,” he says. And, in such cases, the company should pursue legal action against the employee, making it a different type of investigation.
The best approach to investigating something on a social networking site that raises legitimate concerns is to go directly to the person who has set up the page. “The company must balance employee rights against corporate rights,” says McCreary. However, McCreary notes that an at-will employee can be legally fired for any reason that is not discriminatory. So saying something negative about an employer can certainly be the basis for a legal termination. The crucial question that was addressed in the Pietrylo case is whether the employer intercepted a private communication without the right to do so.
Hall agrees, noting that the employer in Pietrylo was found liable because the jury concluded that the supervisors had coerced an employee who was invited to the password-protected site into giving them access to the site that they were not otherwise permitted to have. If such a site were publicly accessible, the privacy concern would disappear.
There are many public Web sites that are generally critical of a specific corporation or organization. Employers may terminate current employees for making disparaging comments about the employer on these kinds of sites. However, rather than reacting defensively and punishing employees, Hall says that employers may be able to learn lessons from comments being made in public forums and that could help them to improve employee relations.
Establishing clear policies with employees and approaching a social networking page owner directly when an issue arises can help an employer address legitimate concerns while minimizing the potential for legal liability or charges of coercion, which was critical in the Pietrylo verdict.
Teresa Anderson is senior editor at Security Management.
