In October 2007, Kevin Colvin, an intern at the New York branch of the Anglo Irish Bank, asked his supervisor for time off for a family emergency. It happened to be Halloween. That night, a picture of Colvin dressed in a fairy costume surfaced on Facebook. He was promptly dismissed.
“He must have been Facebook friends with someone he worked with, because the picture made its way to his boss, who wrote him an email that said, ‘I hope everything is OK. Cool wand,’” says Kabrina Chang, a School of Management assistant professor of business law and employment law.
Chang (CAS’92), whose research into the legal issues surrounding off-duty social media behavior was published in the spring 2011 issue of the North Atlantic Regional Business Law Association’s Business Law Review, says that 72 percent of 18-to-29-year-olds have a Facebook page, and 40 percent of those over 40 have a profile. While the Colvin case was ultimately one of deception, “it got me wondering how big the problem is with people who post things on Facebook that could be harmful to a business’ reputation,” Chang says. “I found some cases, but there aren’t that many.”
Chang says 85 percent of businesses have no policies for governing employee online behavior.
In another case, she says, a server at a restaurant had set up a MySpace page to vent about work. He’d invited only other coworkers, past and present. The discussions became infused with sexual comments about customers and other employees and with references to violence and drug use. It wasn’t long before the restaurant bosses got wind of it; they found the remarks hurtful and harassing to other employees, as well as a bad reflection on the restaurant. The server was fired. He sued for invasion of privacy and violation of the Stored Communications Act, which protects communication that lives on a website, for example. The courts sided with him on the latter grounds.
“A woman who was invited by the MySpace site administrator showed her manager the page,” Chang explains. “The managers said the invited woman gave up the password voluntarily. But she testified that she didn’t feel she could have said no, because it was her boss. So they didn’t have authorized access. Had they had authorized access, I don’t think it would have been a problem firing him for it.”
Chang recently presented her social media research at a faculty symposium at SMG. BU Today caught up with her to ask what workers and bosses need to keep in mind when it comes to activity on online networking sites.
BU Today: Is social media creating an atmosphere where our private lives will increasingly fall under the purview of our employers?
Chang: Well, there’s one case, which is not an employment case, but speaks volumes about the embarrassment and unprofessional conduct of employees online and why businesses are worried about it. A woman got expelled from the nursing program at the University of Louisville. She was to follow a woman through labor and delivery, and she blogged about it. The blog was colorful, full of vulgarities and crass descriptions. Again, one of the other students saw it and told the instructor, who then showed it to the dean. They expelled her, saying she violated the code of professional conduct in the school of nursing. The court said she really didn’t. She didn’t use any identifying information, nothing linking her to the school. Plus, it was directed to the general world and not a specific audience. The fact that it was crude and vulgar contributed to it being nonprofessional instead of unprofessional, and her expulsion was overturned.
How are companies crafting policies for online behavior?
Companies pay a lot of money for marketing and recruiting online, but very few have policies dictating employee online behavior. They never really considered it a problem, but more companies are becoming concerned. Legally, employers probably have more rights than they think they do, but from a management perspective, I think they might be less willing to be overbearing and Big Brotherish. It’s a very delicate topic, because it might put a real damper on morale.
What’s the difference between bad-mouthing your company at a dinner party and on Facebook? Is it that the comments live on?
Exactly. It’s permanent.
If computers are provided by employers, does that make everything fair game, at any time, even something like your personal Gmail account?
It does. Employees should recognize that if they’re using an office computer at work or off duty. There’s a really interesting case with the Philadelphia Police Department that’s not resolved, but percolating. There’s a sergeant who started a website called domelights.com, dedicated to talking about law enforcement issues. Over time, the Guardian Civic League argues, there was a lot of racial harassment, derogatory remarks, the encouraging of racial profiling. Officers posted at home and at work, and they talked about it at work. The plaintiffs are suing the Philadelphia Police Department for allowing a racially hostile environment to exist at work based on what was going on online.
What’s your advice for employers?
Employers would be prudent in addressing the issue with employees in writing and in training seminars and handbooks, but not be overbearing, because that really sends a message to employees that you probably don’t want to send. On the other hand, there are cases out there that impose liability on employers for what happens online: for example, sexual harassment. Sexual harassment can happen in the office, at an off-site holiday party, and it can happen online.
There was a case where some airline pilots had a forum online. A bunch of comments were made about another pilot, and she sued for sexual harassment, among a host of conducts. The court said the statements made online can be imputed to the employer as harassing comments. So employers have to address this because they stand to be exposed to risk. The real difficulty is how zealous are you going to be. How companies are going to pay attention to it depends on the culture of the office.
What should workers consider when they’re online?
Don’t put anything on your Facebook page you wouldn’t want your employer to see. I caution my students, too, when they’re looking for jobs, to clean up their Facebook pages.
Setting your privacy controls to the strictest level isn’t enough?
In the nursing student case, the MySpace case, and another case involving a blog, someone tattled on them, someone who was authorized showed their higher-ups. My students have reported back to me that some employers have someone who cruises social networking sites trying to find information, through a mutual Facebook friend, for example. Another way an employer can gain access is through university and high school affiliations. One student, during an interview, was asked to log onto his Facebook page. Another woman was hired by a company that required that she friend the company when she changed her employment status, which gave them access.
Should current employees be worried that their bosses are cruising their social networking profiles?
For existing employees, some companies have started to, based on my research, but it’s not as aggressive as for applicants. I think if there were a disgruntled employee, they’d be smart to see what’s going on. But it’s more a case-by-case basis.
Do you foresee clear-cut online policies emerging anytime soon?
I don’t think we’ll ever arrive at a clear-cut way of handling the issue. I think there will be enough lawsuits that both parties will become more wise and prudent. The big issue for employers is access. If an employer can find a way to get legitimate access, it’s fair game so far. The one wrinkle is with union employees and concerted activity. That’s one area where there hasn’t been a court decision yet, where employees might have a protection, but it’s such a narrow exception.
What is concerted activity?
Concerted activity is talking about terms or conditions of work with other people from work. If you’re complaining about your boss online and several coworkers comment on your post, that chain of activity could be protected. You can’t be fired or disciplined at work. There are exceptions—if it’s defamatory or malicious. But in the majority of the cases, the question isn’t whether your posts are protected, but how did your boss get access to them.
Does BU have an online behavior policy?
We don’t, but there’s a draft. It’s in the works in the general counsel’s office.