E-Discovery Law Alert : New York & New Jersey Attorneys for Electronic Discovery and Corporate Information Management Law

The Computer Fraud and Abuse Act (“CFAA”) is a federal law that, in part, makes it a crime to access a computer in an unauthorized manner. In the employment context, the statute has proven valuable in protecting confidential and proprietary information that employees can access on their employers’ electronic systems.

Recent decisions by the United States Courts of Appeals for the Ninth and Third Circuits emphasize the breadth of the CFAA’s application to the workplace. In U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011), reh’g en banc granted 2011 U.S. App. (Oct. 27, 2011), the court held that employees violated the CFAA where their use of an employer’s systems exceeded their authority under the employer’s policies, which warned of criminal liability for misuse. The court went one step further in U.S. v. Tolliver, No. 10-3439, 2011 U.S. App. (3d Cir. Sept. 15, 2011), finding that an employee who accessed her employer’s systems as part of bank fraud exceeded authorized access even though the employer only generally prohibited use of its electronic systems for non-business reasons.

Nosal

In Nosal, the defendant worked for an executive search firm. When his employment with the firm ended, he entered into a non-competition agreement with the firm. Despite the agreement, the defendant purportedly asked three current employees of the firm to help him compete against his former employer. These employees allegedly transferred confidential information from the firm’s computer database to this individual – information that the employees were authorized to access as employees of the firm.

Notably, pursuant to firm policy, employees only could access the information using individualized usernames and passwords. Additionally, the employees agreed only to use and disclose such information for legitimate business reasons. The firm also marked the information as “proprietary and confidential” and warned that employees needed “specific authority to access” the information and that access “without the relevant authority can lead to disciplinary action or criminal protection.

• Email This
• Print
• Comments/Questions
• Trackbacks
• Share Link

The National Labor Relations Board’s Acting General Counsel recently issued a report and press release summarizing the outcomes of recent NLRB cases involving employees’ use of social media and the legality of employers’ social media policies. Among the cases discussed in the report are several in which the Board found that provisions of employers’ social media policies violated Section 8(a)(1) of the National Labor Relations Act, which prohibits work rules that would “reasonably tend to chill employees in the exercise of their Section 7 rights” to engage in “concerted activities” for the purpose of “mutual aid or protection.”

Although the NLRB report does not pronounce any new or specific rules for employers to follow in drafting social media policies, it suggests that to avoid running afoul of Section 8(a)(1), social media policies should be narrowly tailored so as not to prohibit “concerted activity” via social media, such as online discussion among coworkers regarding terms and conditions of employment. Employers should be mindful that union and non-union employees alike are covered by the NLRA, and thus the Board’s recent rulings on social media policies are applicable to virtually all employers.

• Email This
• Print
• Comments/Questions
• Trackbacks
• Share Link

Employers wanting to prohibit damaging communications from being made about them by employees through blogging and rapidly evolving social media such as Facebook, Twitter, and LinkedIn should be aware of a recent National Labor Relations Board (NLRB) Complaint against American Medical Response of Connecticut, Inc. asserting that two of the more common employer restrictions on employee blogging and social media communications constitute unfair labor practices and are, therefore, unlawful. In its News Release, the NLRB pointed to two of the provisions in the company’s blogging and internet posting policies as being unlawful under Section 7 of the National Labor Relations Act (NLRA):

• “one that prohibited employees from making disparaging remarks when discussing the company or supervisors;”
• “and another that prohibited employees from depicting the company in any way over the internet without company permission.”

This position, which emanates from the NLRB’s Office of the General Counsel, seems to differ from a December 2009 Advisory Memorandum from the NLRB General Counsel’s Division of Advice that found lawful the social media policy of Sears, Roebuck and Co. prohibiting, among other things, “[d]isparagement of company’s . . . products, services, executive leadership, employees, strategy, and business products.”

• Email This
• Print
• Comments/Questions
• Trackbacks
• Share Link

In this technology age, employees increasingly make personal use of workplace electronic communications applications. The legal ramifications of such personal use – and how employers can create policies that balance the right to monitor the workplace with employees’ expectations of privacy – were examined in an informative panel discussion, “Electronic Communications Policies in the Wake of Stengart and Quon” during Gibbons P.C.’s Fourth Annual E-Discovery Conference on October 28, 2010.

Discussion regarding Stengart

The panel kicked off with a discussion of the New Jersey Supreme Court’s March 30, 2010, ruling in Stengart v. Loving Care, which presented novel questions about the extent to which an employee could expect privacy and confidentiality in personal e-mails with her attorney that she accessed on a computer belonging to her employer. The Court held that an employee did not waive the attorney-client privilege when using a company computer to communicate with her attorney via a personal password-protected e-mail account, and that attorneys for the employer who failed to turn over the attorney-client communications found on the computer were subject to sanctions.

A panel member explained that Stengart does not prevent employers from implementing and enforcing unambiguous electronic communications policies or from monitoring employee communications pursuant to such policies. Nor does it prevent employers from imaging and reviewing the contents of an employee’s computer in conjunction with a lawsuit. Employers, however should refrain from reading any communications between an employee and her attorney uncovered as part of such reviews. For further discussion of the Stengart case, see the article co-authored by Richard Zackin and Kristin Sostowski.

• Email This
• Print
• Comments/Questions
• Trackbacks
• Share Link