Law still evolving, but users who set tight privacy controls seem to have more success in court
By Harpaul Sambhi
In Canada, as well as in the United States and the United Kingdom, there are laws protecting citizens’ rights to privacy.
However, in the very public world of Facebook, Instagram, Twitter and YouTube, how much privacy can users reasonably expect? This area of law is still new and will only be decided as more cases are brought before the courts.
But there are some cases that appear to be setting a trend. When users set tight privacy controls on their profiles or join password- protected groups, courts have found the expectation of privacy is definitely greater than when users allow free access to their information or join public groups.
Case Study: Houston’s Restaurant
Houston’s Restaurant is one of several chain restaurants in the United States owned by Hillstone Restaurant Group. Brian Pietrylo was a waiter at a Houston’s Restaurant in New Jersey and created a group on MySpace called “Spec-Tator” to give his fellow employees a place to “vent about any BS we deal with at work without any outside eyes spying in on us,” according to the website.
The group was private and users could only join by invitation. Pietrylo’s first post was: “let the s**t talking begin.” Past and present employees were invited to join and discuss their frustrations with the employer.
Karen St. Jean, a greeter at the restaurant, was one of the employees invited to join. While dining with one of Houston’s managers, St. Jean showed the group to the manager. The manager asked St. Jean for her password, which she provided.
Although St. Jean said the manager didn’t threaten her, she said she handed her password over because she was afraid she would have gotten into trouble otherwise. Several managers used St. Jean’s password to access the group and print off posts that contained sexual remarks about management and customers, as well as references to violence and illegal drug use.
Although Pietrylo stated these remarks were “just joking,” the company dismissed Pietrylo and another employee for “offensive” posts that management said contradicted Houston’s core values and would negatively affect the restaurant’s business. Pietrylo filed a lawsuit against the restaurant in 2008 for breach of privacy and violating the federal Stored Communications Act, which addresses voluntary and compelled disclosure of “stored wire and electronic communications and transactional records” held by third-party Internet providers.
The jury found Houston’s obtained St. Jean’s password without her “freely given” consent and thus violated the Stored Communications Act by accessing the group. However, it found Houston’s didn’t violate the employees’ common law right of privacy because they didn’t have a reasonable expectation of privacy online.
See Pietrylo v. Hillstone Rest. Group, Pietrylo II, No. 06-5754 (FSH), 2009 WL 3128420 at *1 (D.N.J. Sept. 25, 2009)
While some employers might be using social media to verify work-related information, such as whether or not a candidate actually worked for the organizations listed on her resumé, they will also have access to a lot of personal information that could be cause for a discrimination claim if the candidate is rejected.
Just having access to employees’ photos on social networking sites can set up grounds for discrimination based on sex, age and ethnicity. This is less of a concern in European countries where it’s common practice for candidates to include a photo with their resumés.
Other personal information available on social networks, but not necessarily through a photo, that could be grounds for discrimination claims include sexual orientation and marital status. However, for any discrimination claim to be successful in court, the candidate would probably need to provide more evidence of discrimination than the single act of a hiring manager checking her Facebook page.
This kind of Facebook checking cost one IBM staffer her long-term sick leave benefits. An IBM employee in Bromont, Que., on long-term sick leave because of major depression had her benefits cut off in 2009 when a Manulife insurance agent saw Facebook photos of the employee at a bar, at a birthday party and on vacation. The employee said she was following her doctor’s advice to try and have some fun. Her lawyer said Facebook isn’t an appropriate tool to judge a person’s mental state.
Great companies that have used Social HR initiatives to their advantage, like Ernst & Young, explicitly state they are not on Facebook to check users’ personal information. And in Germany, the government proposed a new law in August 2010 to prevent employers from using job candidates’ private Facebook pages as part of the selection process. However, they would be able to consider any public online postings.
If you create any social HR initiatives, I strongly recommend you not use your organization’s presence on a social network for the purpose of checking up on employees or candidates. However, if you truly believe checking social media is a valuable screening tool, then you should create a policy that explicitly makes candidates aware of this practice and have them consent to it, as they would have to consent to other background checking methods. And train hiring managers and recruiters to prevent any bias in the screening process.
Have a comment? I would love to hear more. Feel free to discuss your opinions in the comment box below. You can find me @hsambhi on Twitter.
Harpaul Sambhi is the CEO of Careerify, a company that develops social recruiting tools focused on employee referral programs with offices in Toronto and San Francisco. He is the author of Social HR, published by Carswell, which sheds insights in how social media is impacting human resources. He can be reached at email@example.com, (416) 840-6216 or visit www.careerify.net for more information.