Friday, October 2, 2009

Employer Liability for Accessing Employee's MySpace Group

A jury decided an employer violated the Stored Communications Act (“SCA”) and the parallel state statute when management used an employee’s login information to access the site, awarding compensatory and punitive damages.

According to court documents, two Houston’s restaurant employees, Brian Pietrylo and Doreen Marino, created a private MySpace group called the “Spectator” to (in Brian’s words) “vent about any BS” they dealt with at work. One of the invitees was restaurant greeter, Karen St. Jean. Management apparently caught wind of the web page, and asked Karen for her login information. She voluntarily turned it over to them, and the managers logged on to find all kinds of stuff they weren’t too pleased about:

 Talk of workplace violence (i.e., “The Navajo rug needs to be set on fire”),
 References to illicit drug use (i.e., “If you had to drop acid with one person in Houston[’]s, who would it be?”),
 Offensive name-calling and sexual remarks (i.e., “management dick suckers” and reference to a “rim job,” which apparently involves some kind of anal sex act),
 Disclosure of proprietary business information (i.e., entire wine test on a new wine list that was to be given to the staff)
 Sarcastic and derogatory comments about the quality and standards of Houston’s, as well as its management (i.e., “stupid corporate f---s”).

Houston’s fired Brian and Doreen, and they sued. The jury returned a verdict in favor of Brian and Doreen on their SCA claims, finding that through its managers, Houston’s had knowingly or intentionally accessed the Spectator without authorization.

Following the jury verdict, Houston’s moved for judgment as a matter of law, or alternatively, a new trial. On September 25, 2009, the US District Court for the District of New Jersey issued its opinion denying the motion.

The court said that although Karen voluntarily handed over her login information to them, she testified she would not have turned over her password to any non-managers who asked for it, and she worried she “probably would have gotten in trouble” if she hadn’t complied. Thus, according to the court, a reasonable jury could have decided her purported “authorization” was coerced or pressured. Further, the managers accessed the site on multiple occasions, despite the fact is was clear on the group page that it was meant to be private and accessed only by members. Heck, the way they went about accessing the password-protected MySpace group also suggested they knew they weren’t authorized. Despite the restaurant’s claimed belief its managers pursued access to the Spectator for legitimate business reasons, the jury didn’t believe the way Houston’s tried to protect those interests was proper.

This case reminds employers there are risks in attempting to access employee’s online content – particularly when that access might be considered “unauthorized.” Employers generally should avoid using false information or someone else’s login and password to gain access to any web sites.

No comments:

Post a Comment