Milonic JavaScript Menu is only visible when JavaScript is enabled
DMI home

Forget the Fockers: Meet the Stored Communications Act

By way of legal background, the Electronic Communications Privacy Act (“ECPA”), enacted in 1986, is comprised of two statutes:  the Wiretap Act and the Stored Communications Act.  Historically, most litigation arising under the ECPA has involved the Wiretap Act, that is, where there are “interceptions” of wire, audio or aural communications (for example, listening to an employee’s phone call).

However, with the social media revolution, the Stored Communications Act (“SCA”) now is coming into play.  Generally speaking, in the employment context, the SCA makes it unlawful for an employer to have unauthorized access to an employee’s private social media sites.

More than a dozen states now prohibit employers from asking applicants or employees for their passwords to their private social media sites.  However, the SCA, which applies to employers in all 50 states and which comes with civil and criminal penalties, may go even further.

Ehling v Monmouth Ocean Hospital Service (D.N.J. 2013) is one of the first cases to focus on the application of the SCA to Facebook.  The facts of the case can be summarized succinctly.  The plaintiff-employee had a Facebook account.  The plaintiff friended a coworker.  The coworker, on his own initiative, provided management with copies of postings made by the plaintiff.

The plaintiff argued that the employer violated the Stored Communications Act.  The court held that the SCA applied.  However, the court also held that an exception to the general prohibition under the SCA on accessing stored communications also applied.

As the court noted, very few courts have addressed whether the SCA applies to Facebook wall posts.  There is no legislative history with regard to the intended application of the SCA to social media for a simple reason:  the SCA was enacted before the advent of social media.

However, the legislative history does provide some guidance.  As the court noted:  “The legislative history of the [SCA] suggests that Congress wanted to protect electronic communications that are configured to be private.”

The SCA  provides that whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided . . . shall be liable for damages” under the SCA.  The SCA also provides for damages where an individual exceeds the authorization provided to him or her to access a facility.

For the SCA to apply, four (4) requirements must exist:  (1) there is an electronic communication; (2) that was transmitted by an electronic communication service; (3) the communication is in electronic storage; and (4) it is not public.  The court noted that Facebook wall posts that are configured to be private meet all four (4) criteria.

More specifically, the court held:  (1) Facebook wall posts are electronic communications; (2) Facebook wall posts are transmitted by an electronic communication service; (3) Facebook wall posts are in electronic storage; and (4) Facebook wall posts that are configured to be private are, by definition, not accessible to the general public.

After concluding that accessing an employee’s Facebook page is covered by the SCA, the court then dealt with whether there was an exception that would make the employer’s conduct in this case lawful.  The court focused on the exception which provides that the SCA “does not apply with respect to conduct authorized . . . by a user of that service with respect to a communication of or intended for that user.”

The authorized user exception applies where:  (1) access to the communication was authorized; (2) by a user of that service; and (3) with respect to a communication intended for that user.  The court goes on to define access as not being authorized if the authorization was coerced or provided under pressure.

In this case, the court concluded that all three (3) requirements were met.  The first requirement, however, is the one which is most significant for employers; that is, whether the employer’s access to the employee’s Facebook wall posts was authorized.  In other words, did the co-worker who was friended by the plaintiff provide the information to management without any coercion or pressure?

In this case, the co-worker testified that he voluntarily provided the information to management.  Management also testified that it received the information without soliciting it in any way.  Under these circumstances, it was an easy call for the court to find that the access was authorized.

However, not all cases are quite so simple.  Sometimes employees will tell management about an offensive posting, for example, racial, ethnic or religious harassment, but not provide a copy of the posting itself.  In these circumstances, what is management to do?

There are a continuum of options available to an employer, each with corresponding risk.  The seriousness of the legal risk associated with the alleged postings may inform, in part, the level of risk the employer is willing to take under the SCA.

The most direct response would be:  “Please provide me with a copy of the posting about which you speak.”  No matter how politely that is stated, because of the inherent power differential, a court could find that a mere request is coercive.

Slightly less direct:  “It would be helpful for you to provide us with a copy of the posting to which you referred.  Please understand that there will be no adverse action taken against you, regardless of whether you decide to provide us with a copy of the posting.”

Even more gentle:  We thank you for the information but cannot investigate or take corrective action without seeing it.

Which option, or variation of  it, makes most sense turns at least in part, as noted above, on what is at issue.  Consider the following examples.

On the one hand, if the posting includes stupid, but not illegal material, then there is no reason to take any risk under the SCA.  On the other hand, if the posting could expose the employer to legal liability, for example, the allegation being that the employee has posted racist rants, PHI under HIPAA, or inside information under the SEC, then the employer must balance its risks under statutes regarding the preceding against the risk under the SCA.

When all is said and done, there are a few things that are clear:

One:  An employer should never ask an applicant or employee for his or her private password.  This is true in all states, even if there is no specific state law.

Two:  Where an employee voluntarily provides an employer with a posting, the employer should document the voluntariness with which it was provided.  That is, the employer should document that it did not request the posting, but rather an individual provided it to the employer on his or her own initiative.

Three:  Where an employee raises a concern about a posting, but does not provide a copy of the posting itself, if legal issues are potentially implicated, the employer should formulate a request for the posting to maximize the likelihood that the employee will share the posting and also minimize the risk that a court find will find there to have been threats or pressure.

No doubt that any request by an employer exposes the employer to some risk.  But not requesting the posting also may expose the employer to some risk.  It is risk management, not risk avoidance.



Social Media Webinar: October 29








Social Media: From Hiring to Firing








Monday, October 29, 2012






Pacific: 10:00 a.m. to 11:00 a.m.  
12:00 p.m. to 1:00 p.m.  


Mountain: 11:00 a.m. to 12:00 p.m.  
1:00 p.m. to 2:00 p.m.  









When registering online, you will be prompted to sign in as a new or existing student.










You probably are aware of the recent imbroglio over the practice of some employers asking applicants for their passwords to access their private social media pages. Legal risk and bad employee relations. But that doesn’t mean that an employer may not legally benefit from reviewing the public profile of an applicant's social media page at the appropriate time and under the appropriate circumstances. Similarly, an employer ordinarily cannot discipline an employee for fulminating about the terms and conditions of their employment, unless they wish to tango with the NLRB. Conversely, an employer must take corrective action if an employee posts legally-protected information, for example, PHI under HIPAA. With regard to marketing, employers need to communicate that, when employees are promoting their products or services, they make clear their affiliation with their employer, even if the social media is “personal.” Conversely, however, employers also should make clear that, when employees are engaging in truly personal social media (for example, posting a political blog), they make explicit that they are not speaking for their employer (but without mentioning their employer by name). Supervisors should think twice before friending subordinates; they may learn more about them than if they looked in their medicine cabinets (not that we recommend that either). However, that does not mean that supervisors should not connect with subordinates in a professional network. By reviewing a subordinate’s social media activity, a supervisor may learn that a valued subordinate is considering alternative employment and have an opportunity to re-recruit her. Social media is not an “on-off” switch. There are business risks in ignoring it. There are legal risks in jumping in without thinking through how the use of social media could be argued to violate the actual or perceived rights of applicants or employees. This webinar focuses on the intersection between social media and the employment relationship. Recommendations will be made to maximize the business benefits while minimizing the legal risk.




Approved for CA, NY, NJ and PA CLE credit and HRCI credit.








Jonathan A. Segal

Pricing: $65 | $55.25 for Nonprofit






For more information on financial assistance, please contact
Deborah Margulies at or 215.979.1957.






Follow Us:








Did the NLRB Bless Employees Who Use Social Media to Defame? Sort of!

A manager gives an employee a final warning.  The employee is upset and tweets that her manager is a drug dealer. The employee knows her tweet is patently false but tweets anyway with malice.


Two employees compete for a job. The employee who does not get the job wants revenge. He posts on his Facebook page that his co-worker is a pedophile. The employee knows his Facebook posting is patently false; he maliciously posts it anyway.

 Both employees have engaged in defamation and probably should be fired for their malicious conduct.  Moreover, the victims of the defamation could sue these malicious employees and potentially recover not only compensatory but also punitive damages.

What if the employer addresses the issue proactively?  Isn't that what we all try to do? Avoid problems in the first instance. That's what Costco did. 

Costco  prohibited employees from using social media "to defame any individual or damage any person's reputation." Indeed, such a rule could not only avoid damages to the victims of venom but also save an employee's job to the extent it serves as a deterrent to wrongful conduct.

 So there is nothing wrong with the rule, unless you are on the NLRB. In its first decision on social media, the NLRB held the Costco rule violated section 7 of the National Labor Relations Act ("NLRA").

The Board acknowledged that the rule did not directly prohibit employees from carping about the terms and conditions of their employment. Instead, the NLRB held the rule reasonably would be constued by employees to prohibit the exercise of section 7 rights, and therefore, was unlawful.

Really? No!  But that is, sadly, the way the NLRB views the world.  So what do we do now (until the NLRB opinion, hopefully, is appealed and reversed)?

In finding the Costco rule unlawful, the NLRB impliedly suggested two ways an employer could avoid the same result.

First, the Board emphasized that Costco did not expressly exclude protected activity under section 7. The Board stated: "there is nothing in the rule that even arguably suggests that protected communications are excluded from the broad parameters of the rule."

So, contrary to some prior guidance from the Board's general counsel, "carve outs" may save a rule the NLRB otherwise might strike down.  But how robust must the carve out be? 

Also, if there is a carve out for protected activity under section 7, the employer does not want to suggest all concerted activity is protected. So does the employer attempt to draw a line between protected and unprotected concerted activity?

And, should not the carve out, if there were one, carve out from the carve out supervisors and managers? Afterall, they are not employees under the NLRA.

But they are covered by Title VII. So shouldn't we have a carve out for communications protected by Title VII? And what about other employment or whistleblower laws? More carve outs?

I guess it's no secret:  I am not wild about carve outs. 

Second, the Board says that the rule is narrow and does not address other wrongs,  such as postings which are  abusive, harassing, malicious or unlawful. The opinion suggests that, if the Costco prohibition on defamatory and disparaging postings had been a part of a broader list of horribles, the prohibition, seen in context,  may not have led a reasonable employee to believe it precludes concerted activity protected by section 7.

So before you gut your social media policy's prohibitions in this area, consider including a contextual framework for your rules on disparagement and defamation.  Include them among other "egregious conduct" so that you have "accompanying language" to serve as the potential  basis for a contextual defense.   This should minimize (not eliminate) your risk.

 The Board's decision is, I believe, not just wrong. It is sad.  It underestimates the intelligence of American workers and puts their reputations and potential livelihoods at risk in doing so. 





This blog should not be construed as legal advice, as pertaining to specific factual situations or as establishing an attorney-client relationship.









































Risks in Asking for Social Media Passwords (not Just in MD and ILL)

Maryland and Illinois became the first two states to prohibit employers from asking applicants or employees for their social media passwords.  Okay in the other 48 states?  NO!  Please see my recent blog for SHRM's We Know Next: Thankyou,



In The Year 2525

As published by SHRM's We Know Next: See it here

In 1969, Zager and Evans sang “In the Year 2525.”  If you are smiling, you too probably have looked in a mirror and asked: how did that happen? Did you ever wonder what the employment world will look like in 2525?  Perhaps the following:

  • The NLRB will help unions which are failing to thrive by trying to make employers post union-marketing notices to drum up business for them.
  • The DOL will create a smart phone application to help employees track their time so that they can more easily sue their employers.
  • The EEOC will interpret the ADA so broadly that even shy bladder syndrome (the ability to “pee on cue”) may be a disability.  While I have no doubt that Shy Bladder Syndrome is a real syndrome, I also have no doubt that illegal drug users are likely to develop bashful bladders in need of assertiveness training.
  • California will pass 22 employment laws in one year.

Oh no, we don't have to wait until 2525.  All of the above have happened in the last year or so.
If this is where we are now, can it go any further in 2525?  Of course it can. Consider:

  • The Unconscious Dreaming Pay Protection Act. Why shouldn't the unconscious get paid for its hard work? And, should not there be a higher minimum wage since, as we all know, the unconscious does the heavy lifting?
  • The Social Media Right to Bash Your Employer Act. Why should employees be dependent on the NLRB for protection?  We need to create a private cause of action so employees can go right into federal court. Of course, it’s not about the money.  Just knowing you have hurt your employer’s brand, pushed away customers and put your colleagues’ jobs at risk if customers flee should be satisfaction enough.
  • The California Right to Choose Your Manager Act. Of course, the relationship will be at will so that employees can change managers at any time and for any or no reason and with or without prior notice.   And, there will be no exceptions to this at-will principle!
  • The Endangered Species Union Act.  All new hires must be given union authorization cards “for their consideration” when they are asked to complete their portion of the I-9.  After all, it is possible that they might miss whatever union notice the employer may be required to post.

As much as we try to do the right thing, not all employers do. Just as there are good and bad employees, there are good and bad employers. And, there is no question that we need the law to protect employees from wrongful conduct.
But overly aggressive plaintiffs’ lawyers and government agencies continue to push the boundaries of the law. And that does not always benefit employees.
As employers pay more to their lawyers, the reality is that there may be less money for their employees. Just as important: if everything is a legal issue, then we risk trivializing the important purposes underlying the laws. If everything is harassment, then nothing is harassment.
I hope we don’t have to wait until 2525 to find balance in protecting employees but without turning the workplace into what sometimes feels like a legal war zone. Moderation and balance are not inconsistent with protecting and enforcing employee rights. The extremes are, to me, extremely scary.
But, since we won’t be here in 2525, let’s continue the conversation at the Annual Conference. I will be speaking on the Year 2525 at Monday at 10:45 AM. I hope to see you there! Travel safely.

This blog should not be construed as legal advice or as pertaining to specific factual situations.




Widening Web of Social Media

I am pleased to post an article I wrote for HR Magazine on minimzing the risks and maximing the rewards of social media:

Thank you to SHRM's We Know Next for tweeting the article!


This blog should not be construed as legal advice, as pertaining to specific factual sitautions or as establishing an attorney-client relationship.


7 Ways Employers Can Protect Their Ass(ets)

As originally published by ALM's "Law.Com," found here.

From the Experts: 7 Ways Employers Can Protect Their Ass(ets)
Some things you need to know about labor law in 2012.
A list of seven action items for employers to help minimize exposure to labor and employment law litigation.

We’re in the first quarter of 2012, and the government and plaintiffs’ lawyers are continuing their assaults on businesses. Perhaps the biggest job growth this year will be in the employment of defense counsel. Here are seven areas where employers already are—or are likely to be—challenged in 2012 and recommendations for minimizing exposure to such attacks.


The Genetic Information Non-Discrimination Act generally prohibits employers from asking employees about genetic information. You may be tempted to skip this section because most of your managers don’t start Monday mornings by asking: “How was your weekend, and do you have any genetic information that you would like to share with me?”

Yet, under GINA’s regulations, our managers may be doing just that. More specifically, the regulations make clear that there are some very particular dangers regarding an employee’s genetic information. When you ask for medical information, if you do not tell the employee’s doctor not to disclose the genetic information to you, and if you then get genetic information, it is as bad as if you had actually asked for it.

The regulations include a “safe harbor” disclaimer that is recommended be included with all requests for medical information. If you include the disclaimer and you receive genetic information, you still cannot use it, but it will not be treated as though you had asked for it.

Action Item: Review your policies and practices to make sure that you include a GINA disclaimer whenever your HR manager asks for medical information to support a leave under the FMLA, an accommodation under the ADA, etc.

Also, make sure managers are trained in what to do and not do if an employee discloses that a family member has a medical condition. If an employee tells her supervisor that her mother has breast cancer and so did her grandmother, the supervisor may be tempted to encourage the employee to be screened.

But if the employee later is subject to an adverse employment action, the employee may claim it was because of the supervisor’s concern about her genetic likelihood of getting cancer. Sad but true, like the ADA, GINA can make kindness risky.

Tell the employee she is in your thoughts and prayers. Even offer to help. But stay away from medical recommendations.

2. ADA and Leaves of Absence

The EEOC loves consistency, except when it doesn’t. The subject of maximum leave provisions is one of those areas where it doesn’t.

To maximize consistency, many employers have policies that provide that employment will terminate automatically if an employee is absent a certain number of weeks, for example, 26 weeks. The EEOC has taken the position that these automatic termination provisions violate the ADA and has sued numerous employers—and includes on its website the multimillion dollar settlements it has extracted from employers.

Action Item: Revise your policies to make clear that an employee’s employment will not terminate automatically when the “flexible maximum leave” is reached. Rather, before the maximum is reached, the employer will reach out to the employee to determine whether there are any accommodations that would enable the employee to return to work or whether the employee needs additional leave, and whether such additional leave may be a reasonable accommodation. Develop a protocol to implement the policy.

3. FLSA—Remote Work

The FLSA was enacted in 1938 when people worked at work. We now work everywhere—all the time—and the question now becomes: how does the FLSA apply to work outside of the workplace?

Last year, the U.S. Department of Labor developed a smartphone application so that employees could keep track of their own time. The DOL also created hard copy “exhibits” for employees to track their time. In taking these steps, the DOL has stated that employees must be paid for any work they do, regardless of where they do it.

Some have suggested that the DOL is encouraging claims rather than adjudicating them. Whatever the intent, the effect will be to add wind to the tsunami of wage and hour claims. The number of collective actions has increased by more than 400 percent since the 1990s.

Action Item: Focus on off-duty work in terms of your wage and hour practices. Make it clear that non-exempt employees cannot do work remotely, absent prior permission from their supervisor. For example, if BlackBerries or other PDAs are given to non-exempt employees, tell them when they can use them, how to record their time, and pay them for such time.

4. Like Me Bias

We all know that there is not only conscious bias but also unconscious bias. Of course, the unconscious bias exists only at your competitors but never in your own organization!

The EEOC and private plaintiffs’ lawyers are attacking subjective hiring practices where hiring managers hire or promote someone who is like them—in other words, “like me” bias.

When white men look in a mirror, they don’t see a woman of color. Of course, the converse is equally true. So, if we hire and promote our mirror images, we may be engaging in unlawful bias, albeit often unconsciously. At a minimum, we may be excluding talent to our detriment.

Action Item: Have a diverse team make your key hiring decisions. It would be hard to argue that a diverse team hired its mirror image. Plus, diverse teams tend to come up with better decisions by including different perspectives.

Also, be careful of “cultural fit,” which may be seen as a proxy for bias against someone who differs from the group. Where cultural fit is an issue, focus on behaviors exhibited or expectations expressed that were problematic. If you cannot explain them, you have a problem. And if the explanation sounds stereotypical, you have a problem.

5. Social Media and Disparagement

Before the advent of social media, when employees were unhappy, they used to talk with their co-workers. Now, they may blog, tweet, or otherwise send a postcard to the world fulminating about their employer. The initial response may be to fire the employee. Be careful: the posting may be protected.

The National Labor Relations Board is beyond protective of employees who complain about the terms and conditions of their employment by way of social media. While the National Labor Relations Act protects only “concerted activity,” the NLRB has defined concerted activity so broadly that even narcissists who complain only about their individual treatment may be protected in some circumstances. And, remember, the NLRA applies to non-union employers too.

“Disparaging” postings may be protected by other laws, too. For example, allegations of unlawful bias or other unlawful activity may be protected by federal, state, and local non-discrimination and whistleblower laws. Plus, some states have off-duty conduct statutes that may provide further protection.

Action Item: Review your social media policy and minimize the risk that it will be deemed to prohibit protected activity. Prohibit supervisors from taking adverse action based on a social media posting without checking with HR/counsel first so you can assess whether the posting may be protected. And don’t forget the practical reality that terminating an angry blogger only gives him/her more time to post crazed vituperations about you!

6. Performance Management Guidelines

To ensure due process, many employers have progressive discipline policies. I am a believer in progressive discipline, but there are risks in spelling out in too much detail what you will do and how you will do it. If you don’t follow the policy and/or procedure, the employee will argue this is evidence of bias. Don’t let your best legal defense in these circumstances be the lame: “We never follow our policy and/or procedures anyway, so our failure here is not bias“ That’s hardly the sort of defense you want to assert if you want to be seen as a great place to work.

Assume that, over the next year and beyond, we will continue to expect more and have less time and tolerance for those who don’t meet our higher expectations. In the 70’s, Spiral Staircase sang, “I love you more today than yesterday, but not as much as tomorrow.” The update today could be, “I expect more from you than yesterday, but not as much as tomorrow.”

Action Item: Make sure you reserve the right to skip steps in any policy you may have. Consider listing possible steps without suggesting there is a progression from one to the next.

7. Retaliation

The U.S. Supreme Court has leaned toward employers in every area except one: retaliation. In retaliation cases, employees have won every case before the high court. In 2010, retaliation charges were the most common charge filed with the EEOC (for the first time). The same was true in 2011, and we can expect the same in 2012 again.

Sometimes retaliation claims happen because we wait too long to act. An employee knows he/she is in trouble. Before the manager approaches the employee, the employee consults with a lawyer. Then, the employee approaches his/her manager: “I know my performance is not what it should be. That’s because I am clinically depressed, ADA style, because you have been discriminating against me, Title VII style.” The retaliation claim has been set up if and when adverse action follows.

Action Item: Don’t put off the inevitable. When you have made a decision to take adverse action, do not delay. Delay creates a window of opportunity for a protected complaint. Develop a robust retaliation policy that tracks the broad holdings of the Supreme Court’s decisions—for example, prohibited retaliation is not limited to tangible employment actions, but also may apply to other material terms and conditions of employment. Emphasize in training that the fact that a complaint lacks legal merit is almost never a defense against retaliation claims.

And treat retaliation as seriously as discrimination and harassment, which we should treat very seriously. Remember, even if the regulators have taken certain legal rights to the extreme, discrimination, harassment, and retaliation are still wrong. Very, very wrong.

The enormous regulation and extreme litigation result in employers spending too much time and money on lawyers. While legal fees are unavoidable, they can be minimized with careful and proactive planning so that you can achieve your legitimate business goal with less risk.





Seven Deadly Sins of Social Media

Please see link to article I wrote for Businessweek on practical guidance for executives, managers and supervisors on use of and responding to social media: Feel free to forward as appropriate.


This blog should not be construed as legal advice, as pertaining to specific factual siutations or as creating an attorney-client relationship.

Jonathan Segal



Jonathan Segal

Business Ally. Help clients achieve business goals and manage legal risks. Areas of focus include: gender equality; wage and hour compliance; social media; leadership training; union avoidance; performance management; and agreements

Search Jonathan Segal's blog

« April 2014
© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.
The opinions expressed on this blog are those of the author and are not to be construed as legal advice.