Last month in my SocialFish blog post, Keep it Legal: Social Media and Hiring, I wrote about the legal issues around viewing an applicant’s or employee’s social networking sites and outposts. That post focused on looking at the public portion of a person’s networking sites (a legal activity if you don’t discriminate). However some employers have sought access to the private section of a person’s site or group which can lead to a violation of the federal Stored Communications Act of 1986 (18 U.S.C. 2701-12). The Stored Communications Act (SCA) makes it an offense for a person or entity to intentionally access without authorization a facility that provides electronic communications service. It is also illegal to intentionally exceed an authorization to access such a facility. The person or entity that obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage can be fined or imprisoned. The person’s whose site has been violated can also seek a civil remedy for the offense.
Just to be clear, we’re talking about unauthorized access here–meaning you did not request and receive an invitation from the private site owner, but you’ve found some way to bypass that process, like using someone else’s username and password.
How the SCA Applies to Social Networking Sites
The risk to employers who obtain unauthorized access to an employee’s private site first gained attention in 2009 with the Pietryllo v. Hillstone Restaurant Group, d/b/a Houston’s case. A federal jury in Newark, NJ found that two (2) managers of Hillstone Restaurant Group violated state and federal privacy laws. In 2006 two (2) employees (Brian Pietrylo and Doreen Marino) of Houston’s started a private, invitation-only, password-protected MySpace group for their co-workers. According to Charles Toutant in Restaurateurs Invade Waiters’ MySpace, “When Pietrylo invited colleagues to join the forum, he wrote, ‘let the shit talking begin’ and it did, . . .”. The employees made numerous derogatory comments about management and customers. No managers were invited to join, only employees. One manager became aware of the site when an employee showed it to him. Houston’s managers asked the employee twice for her username and password. Although the parties dispute the specifics of the requests, all parties agreed that no threats were made and the employee provided the information freely. However the employee testified that she thought something bad would happen if she did not comply. The manager and a regional supervisor accessed the site five times and terminated Pietrylo and Marino for their unprofessional conduct relative to the group site.
The jury found for the plaintiffs. The private MySpace group was determined to be a facility for electronic communication and subject to the Stored Communications Act. The restaurant managers violated the SCA since they did not have authority from the site owners to enter the site. The court also found that the managers invaded the privacy of the plaintiffs. The jury awarded the maximum back-pay allowed ($2500 for Pietrylo and $903 to Marino) as well as punitive damages of $13,600 which was equal to four (4) times the compensatory damages. A provision of the SCA enables the plaintiff’s attorney to seek attorney’s fees from the defendants since they violated the law.
Although this jury award was relatively small, future cases involving back pay could be substantial. Also the legal fees can be significant, compounded by the ability of the plaintiff’s attorneys to seek attorneys’ fees if the defendant violated the SCA. The case also clearly established that private groups and sections of social networking sites are subject to the Stored Communications Act.
More Considerations for Associations
Although all of the current case law involves employment-related cases, it can be implied that an SCA offense may also apply to unauthorized access to a member’s private site or group. So the lesson for your association is do not try to gain unauthorized access to an employee’s or member’s private site(s) or group(s). Also do not ask an employee, member, or friend to provide you with the log-in codes or passwords to access any private sites. Even if the employee, member, or friend gives you the information freely as in the Houston’s case, you will have to show that the person was not coerced or threatened to comply with your request.
The Bottom Line
Listening is a critical component of your social media strategy to enable you to monitor what others are saying about your association, profession, and industry. You don’t have to stop listening because of the Stored Communications Act; you just have to be smart about it. If you ask the owner or administrator for access to a private site and they say no, walk away. Recognize the limitations imposed by employment and privacy laws on your ability to listen. You can still learn a lot without breaking the law or violating someone’s rights.
Lindy Dreyer
![Pinterest for Business: 9 Tips From Superuser PediaStaff [CASE STUDY]](http://www.socialfish.org/wp-content/plugins/special-recent-posts/lib/phpimage.php?width=50&height=35&rotation=no&file=L3Zhci93d3cvdmhvc3RzL3NvY2lhbGZpc2gub3JnL2h0dHBkb2NzL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEyLzAyL0Jvb2stVGhlbWVkLUxlc3NvbnMtNC1TcGVlY2guanBn){kind=small}
![Technology and the New Workplace Currency [Infographic]](http://www.socialfish.org/wp-content/plugins/special-recent-posts/lib/phpimage.php?width=50&height=35&rotation=no&file=L3Zhci93d3cvdmhvc3RzL3NvY2lhbGZpc2gub3JnL2h0dHBkb2NzL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEyLzAyL0VkaXQtUG9zdC3igLktU29jaWFsRmlzaC3igJQtV29yZFByZXNzLmpwZw==){kind=small}
