Skip to Content
  • Home
  • About the Bar
  • Mission
  • Forms
  • Sitemap
    • Member Directory
      Last Name:
      First Name:
      Bar Number:
      City:


    • Login
OSB Logo

Oregon State Bar Bulletin — MAY 2014







On Jan. 1, 2014, Oregon’s new social media “password protection” law, House Bill (HB) 2654, went into effect. The law protects the social media privacy rights of job applicants and employees, and it applies to all Oregon employers, however large or small. As a result, it is of consequence not only to employment law practitioners, but to any law firm that has employees. Boiled down to its essence, HB 2654 makes it unlawful for an employer to:

1. Request that a job applicant or employee disclose his or her password to a social media account;

2. Compel an employee or applicant to add it to a contact list associated with a social media account — e.g., to add the employer as a LinkedIn “connection” or a Facebook “friend”;

3. Compel an applicant or employee to access her password-protected social media content in the presence of an employer representative, so that he may view it (a practice referred to as “shoulder surfing”); or

4. Retaliate against or penalize an applicant or employee in any way for refusing to disclose a password, refusing to “connect” or refusing to allow an employer representative to “shoulder surf.”

HB 2654 is part of a wave of “password protection” laws that have been enacted throughout the country within the past two years.1 This wave of legislation was prompted by Associated Press (AP) reports that that circulated in early 2012, describing incidents in which employers demanded job applicants’ log-in credentials — or “shoulder surfed” their social media accounts — as a regular part of conducting background checks for prospective employment.2

The AP reports provided no evidence that these practices were widespread.3 Still, there is no question that HB 2654, like similar laws passed in other states, was enacted with admirable purpose: empowering employees to keep their personal social media lives separate from their work lives, when they so choose.

A Law of Unintended Consequences?

Unfortunately, while HB 2654 has an admirable purpose, there are some serious problems with the way it was drafted. Consequently, it could end up harming employees more than it protects them and imposing much greater costs and liabilities on employers than the legislature ever intended.

This article explores three of the most serious issues raised by HB 2654. Ultimately, the true impact of the law will depend in large measure on how the courts end up resolving these issues. Until then, this article offers some suggested strategies that employers and employees might utilize to mitigate the problems created by the law’s uncertainties.

How Will HB 2654 Affect Ownership of Nonpublic Social Media Content?

One of the most important exceptions in HB 2654, which might be described as the “employer account” exception, provides that an employer may compel an employee to disclose a password to a social media account if the account has been “provided by” the employer or is “to be used on behalf of the employer.” This exception, although important to protect employer rights, is so broadly worded that it could have the perverse effect of forfeiting an employee’s control over personal information contained in a social media account that he or she created.

To understand how this might occur, consider the following hypothetical:

The law firm Dewey, Cheatum & Howe decides that its associate attorneys (who are its employees) need to do a better job pulling their weight when it comes to bringing in new business. In conjunction with broader marketing initiatives, the firm implements a new policy requiring its associates to actively promote the firm’s services by regularly posting, on their LinkedIn accounts, short articles concerning recent legal developments of significance to the firm’s clients. Associate John Doe had already set up a LinkedIn account before joining Dewey. However, on the date the firm announces the new requirement, he has not actively used the account for several months. Over the next year, however, he complies with the firm’s new requirement and posts a topical legal article on his account at least once each month. He rarely accesses the account for any other purpose.

It would seem that the LinkedIn account Mr. Doe created before joining Dewey now exists primarily “to be used on behalf of the employer.” Consequently, HB 2654, read literally, now authorizes Dewey to compel Mr. Doe to disclose the password that he uses to access the account, thereby allowing Dewey to access and appropriate information that Mr. Doe might understandably prefer to keep private — including, among other things, the contents of private email messages that he has sent and received via LinkedIn’s servers. Although this result may seem antithetical to the core purpose of the law, it may nonetheless be the “correct” interpretation of HB 2654 if it is the interpretation that the bill’s plain language demands.4

To avoid being placed in the unfortunate situation of our hypothetical Mr. Doe, an employee who is asked to use his social media account for work purposes, might consider two different options: a) set up a separate account exclusively for work purposes, and avoid storing or transmitting any data on that account that he does not want his employer to view; or b) ask his employer to explicitly acknowledge, in writing, that his use of his account for work purposes will not give the employer the right to access any nonpublic content stored in the account.

Employers, for their part, should not assume that they gain the right to demand passwords and access employee-created accounts simply because the accounts have been used for work purposes. Even if HB 2654’s “employer account” exception allows this (and we cannot know for certain until the courts interpret it), such conduct might still violate federal laws like the Stored Communications Act (18 U.S.C. §§ 2701, et seq.). Therefore, if an employer wishes to have access to social media accounts used to promote its products or services, it should set up new accounts to be used specifically and exclusively for such promotional purposes. The employer should obtain a signed acknowledgement from each employee who uses such an account that: a) its contents are the employer’s exclusive property; b) it can access the account at any time; c) the employee must promptly disclose the password for the account upon request; d) the employee has no expectation of privacy in any information stored in the account; and e) the account is to be used for work purposes only.

How to Interpret the Term Compel

HB 2654 makes it unlawful for an employer to compel an employee to add it as a social media contact. However, the law does not define the term compel. This raises the question of how broadly will courts interpret the term.

A second hypothetical — again involving our perennial whipping-boy, Dewey – may help shed light on the nature of the problem:

At the all-attorney meeting at which Dewey’s new marketing initiatives are announced, Dewey’s marketing director “strongly encourages” associates to build their networks on their LinkedIn accounts. The first thing each associate should do, she emphasizes, is to make sure they send an “invitation to connect” to every partner at the firm with a LinkedIn account. About six months later, in the course of collecting information for associate Jane Roe’s annual review, Ms. Roe’s supervising attorney asks the marketing director how Roe has progressed in her social media marketing efforts. The marketing director relates that Ms. Roe’s efforts have been lackluster, at best. Specifically, Ms. Roe has not sent a single invitation to connect to a partner of Dewey. The supervising attorney, but for this report, would have given Ms. Roe a 4 out of 5 on the “business development” category of her review. However, she instead gives her a 3, noting that Ms. Roe “should increase her efforts to meet the firm’s expectations with respect to its social media initiatives, starting by sending invitations to connect on LinkedIn to each partner of this firm.” After reading this criticism, Ms. Roe immediately sends invitations to connect to every partner at Dewey with a LinkedIn account.

Do the facts of this hypothetical suggest that Dewey has violated HB 2654’s prohibition against “compelling” an employee to add it as a social media contact? Quite possibly. After all, the partners at Dewey are undoubtedly Ms. Roe’s “employers.” Moreover, Ms. Roe could plausibly argue that she felt “compelled” to send them LinkedIn invitations, given the prospect of once again being downgraded on her review if she failed to do so.

To avoid the potential liability that our hypothetical Dewey firm now faces, employers should train all supervisory staff and marketing personnelon the new law, with the aim of ensuring that no employee feels compelled to add any higher-level employee or firm partner or business owner as a social media contact. At a minimum, this will involve: a) cautioning marketing personnel against advising employees whom in the firm they “should” or “must” add as social media contacts to help promote their services; b) advising supervisors not to retaliate against a subordinate in any way for rejecting a social media invitation; and c) explaining to any person with any role in performance evaluations that he or she must completely disregard whether an employee has accepted or rejected social media invitations from his or her superiors (or evaluators) when giving input about the employee’s performance. Finally, employers should explain to all management employees the inherent, unavoidable perils associated with sending social media invitations to subordinates or any employees below them in the company hierarchy.

How to Interpret the Term Employer

HB 2654 makes it unlawful for an employer to retaliate against or penalize an employee in any way for rejecting the employer’s social media invitation. This raises the question, for purposes of HB 2654, how much authority must a supervisor have over a subordinate to be deemed to be acting as the “employer”? The answer will determine when an employer may be held vicariously liable for its supervisory employees’ personal violations of HB 2654.

Unfortunately, HB 2654 itself leaves the question unresolved, and Oregon case law provides little guidance. As a result, employers should prepare for the worst-case scenario: that even the lowest-level supervisor might ultimately be deemed an “employer” for purposes of HB 2654, exposing her employer to potential vicarious liability for her individual actions. The following hypothetical might help illuminate the nature of the risk:

Patricia Prickly is a lead worker on Acme Widget’s production line. Anne Umbrage is an entry-level production worker on that line, working under Ms. Prickly’s supervision. Ms. Prickly does not have the authority to fire, demote or discipline Ms. Umbrage, or take any action that would tangibly affect the terms of her employment. However, she does direct Ms. Umbrage’s day-to-day activities, determining how much time Ms. Umbrage will spend on the various tasks performed by workers in her position. In addition, she provides feedback to management regarding Ms. Umbrage’s performance, which is incorporated into Ms. Umbrage’s performance reviews. After a few weeks on the job, Ms. Prickly, who believes that she and Ms. Umbrage have become fast friends, sends Ms. Umbrage a “friend request” on Facebook. Ms. Umbrage, who actually dislikes Ms. Prickly intensely, rejects the request. Immediately thereafter, Ms. Prickly begins to assign Ms. Umbrage the odious task of widget polishing (viewed as the worst task on the line, due to the rancid smell of polish) with increasing frequency, and more often than she assigns that task to other employees under her supervision. In addition, Ms. Prickly reports that Ms. Umbrage has a “poor attitude” when her input is solicited for Ms. Umbrage’s performance review.

Has Acme just violated HB 2654’s prohibition against taking “any action to … penalize an employee” for her refusal to add the employer as a social media contact? Well, if Ms. Prickly qualifies as Ms. Umbrage’s “employer” for purposes of HB 2654 — which is possible if the courts end up adopting an expansive approach to vicarious liability under the new law — then it probably has.

To avoid the possibility that the actions of even low-level “leads” like Ms. Umbrage might result in vicarious liability, some businesses may be tempted to adopt what might be called “Facebook Nonfraternization” policies, prohibiting any employee with any supervisor authority whatsoever from requesting that any subordinate add him or her to a social media contact list. Adopting such a policy seems like a bad idea, though, for at least two reasons: 1) it would inevitably have a negative effect on workplace morale and provoke staff resentment; and 2) to the extent the policy impedes social media communications to or from supervisory employees who fall outside the fairly restrictive definition of “supervisor” under the National Labor Relations Act, the National Labor Relations Board might view it as running afoul of Section 7 of the NLRA, which protects the rights of nonmanagement employees (i.e., nonsupervisors) to “engage in … concerted activities for the purpose of mutual aid and protection.” See 29 U.S.C. § 152(11) (defining supervisor), 29 U.S.C. § 157 (regarding concerted activities). Still, if certain employers choose to adopt nonfraternization policies nonetheless, in an understandable reaction to HB 2654’s open-ended anti-retaliation provisions, this would represent another instance in which the law — directly contrary to its purpose — actually provokes more interference in employees’ personal social media lives, instead of less, by prompting some employers to declare social media relationships between subordinates and supervisors completely off limits.

Instead of overreacting by imposing nonfraternization policies, however, employers are better served to put into place universally applicable social media policies that include the following provisions, among others: a) with the exception of employer-owned accounts, no employee will be asked to provide a password to an account, compelled to add the employer (or any supervisor) to a contact list, or compelled to access password-protected social media content in the presence of a supervisor or employer representative; b) an employee is free to reject a social media invitation sent by any coworker or superior, and will suffer no negative job consequences as a result; c) an employee who feels he or she has been penalized for rejecting a social media invitation, or opposing any other practice prohibited by HB 2654, should complain to human resources or another designated representative; and d) engaging in any prohibited retaliation, or other violation of the policy, will subject the violator to serious discipline.

Such provisions, properly implemented and enforced, will allow employers to effectively mitigate the potential new liabilities created by HB 2654, without being overbearing.

Conclusion

There is no one-size-fits-all approach to implementing policies in response to HB 2654. However, this article offers some baseline suggestions for achieving compliance with the new law. Regardless whether a particular employer decides to go beyond these suggestions and implement additional safeguards against liability, thinking through the issues and making sure good policies and practices are put into place — rather than waiting until something goes wrong and undertaking an ad hoc response — is of utmost importance. An employer may wish to involve an experienced employment law attorney in this process. Sound legal advice can only help in navigating HB 2654’s hidden landmines.

 

Endnotes

1. Other states that have enacted similar legislation at the time of this writing include Arkansas, California, Colorado, Illinois, Maryland, Michigan, New Jersey, New Mexico, Nevada, Utah and Washington.See www.ncsl.org/research/telecommunications-and-information-technology/employer-access-to-social-media-passwords-2013.aspx (a summary from the National Conference of State Legislatures of the status of “password protection” legislation in each state that has considered a bill on the issue) (accessed March 11, 2014).

2. See, e.g., www.co.uk/news/article-2111059/Colleges-jobs-asking-Facebook-email-passwords-job-interviews.html?ito=feeds-newsxml and www2.timesdispatch.com/news/2012/mar/28/aclu-warns-state-police-social-media-checks-applic-ar-1798387/

3. Actually, the results of at least one nationwide poll suggest that such practices are so vanishingly uncommon that the current wave of password-protection legislation represents the consummate “solution looking for a problem.” See Phillip L. Gordon, Amber M. Spataro, and William J. Simmons,Social Media Password Protection and Privacy – the Patchwork of State Laws and How it Affects Employers, Littler Report (May 2013), available at:www.littler.com/files/press/pdf/WPI-Social-Media-Password-Protection-Privacy-May-2013.pdf.

4. There is a strong presumption under Oregon law that a statute’s plain language should be given effect, even if extrinsic evidence suggests that the legislature might have meant something different than what it actually said in the statute. See State v. Gaines, 346 Or 160, 172 (2009) (“a party seeking to overcome seemingly plain and unambiguous text with legislative history has a difficult task before it”).

 

ABOUT THE AUTHOR
Dan Webb Howard is an employment law attorney and appellate practitioner with the law firm of Gleaves Swearingen, located in Eugene.

© 2014 Dan Webb Howard


— return to top
— return to Table of Contents



  • For The Public

      Public Legal Information

    • Public Information Home
    • Legal Information Topics
    • Oregon Juror Guide
    • Submit Ethics Complaint

    • Getting Legal Help

    • Finding The Right Lawyer
    • Hiring A Lawyer
    • Lawyers Fees

    • Client Services

    • Client Assistance Office
    • Client Security Fund
    • Fee Dispute Resolution
    • Public Records Request
    • Locating Attorney Files

    • Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    • Volunteer Opportunities

    • Public Member Application
  • For Members

    OSB Login

    • Log In To OSB Site
    • Member Account Setup
    • Non-Member Account Setup
    • Reset Password

    OSB Resources

    • Attorney's Marketplace
    • Career Center
    • Events
    • Forms Library
    • Online Resources
    • OSB Group Listings
    • Performance Standards
    • Rules Regulations and Policies
    • Surveys and Research Reports
    • Unclaimed Client Funds
    • Voting Regions and By-City
      County Information

    Fastcase™

    • Log in to Fastcase
    • Overview
    • Scheduled Webinars
    • Inactive Member Subscriptions

    Legal Ethics

    • Legal Ethics Home
    • Find an Ethics Opinion
    • Bulletin Bar Counsel Archive

    Company Administrator

    • Company Administrator Home
    • Company Administrator FAQ
    • Authorization Form

    State Lawyers
    Assistance Committee

    • SLAC Info

    Volunteering

    • Volunteer Opportunities

    Court Information

    • Judicial Vacancies
    • Court Info | Calendars | Jury Info
    • Oregon Attorneys
      in Federal Court
    • Tribal Courts of Oregon

    OSB Publications

    • Bar Bulletin Magazine
    • – Bulletin Archive
    • – Legal Writer Archive
    • Capitol Insider
    • Disciplinary Board Reporter

    PLF Programs

    • (OAAP) Oregon Attorney
      Assistance Program
    • Practice Management Attorneys
    • Malpractice Coverage
  • CLE/Legal Publications

    CLE Seminars

    • CLE Seminars Home
    • Online Seminar Registration
    • General Info/FAQ

    My Account

    • My Content
    • My Events
    • Order History

    Legal Publications

    • Legal Publications Home
    • Log in to BarBooks®
    • BarBooks® FAQ
    • Online Bookstore
    • Legal Pubs Blog
  • Bar Programs

    Diversity & Inclusion

    • Diversity & Inclusion Home
    • Diversity Story Wall
    • D&I Programs
    • ACDI Roster
    • D&I Staff Contacts
    • D&I Links

    Legislative/Public Affairs

    • Legislative Home
    • Committee Contacts
    • Legislative Sessions
    • Staff Contacts
    • Useful Links

    Legal Services Program

    • LSP Home

    Oregon Law Foundation

    • OLF Home
    • Partners in Justice

    Fee Dispute Resolution

    • Fee Dispute Resolution Home

    Pro Bono

    • Pro Bono Home
    • Pro Bono Reporting
    • Volunteer Opportunities

    Lawyer Referral and Information Services

    • RIS Login
    • Summary of Referral and Information Services Programs
    • Lawyer Referral Service Info and Registration Forms
    • Modest Means Program Registration Forms
    • Military Assistance Panel Training Info and Registration Form
    • Problem Solvers Registration Form
    • Lawyer To Lawyer Registration Form

    (LRAP) Loan Repayment Assistance Program

    • LRAP Home
    • LRAP FAQ
    • LRAP Policies
  • Member Groups

    Sections

    • Section Info/Websites
    • Joining Sections
    • CLE Registration Services
    • Standard Section Bylaws (PDF)
    • Leadership Resources
    • Treasurers Tools

    Committees

    • Home
    • Leadership Resources
    • Professionalism Commission
    • Volunteer Opportunities

    House of Delegates

    • HOD Home
    • HOD Resources
    • Meetings
    • Rules (PDF)
    • Roster (PDF)
    • Staff Contacts

    Board of Governors

    • BOG Home
    • Meetings & Agendas
    • Members
    • Liaisons
    • Committees
    • Resources
    • Task Forces

    Oregon New Lawyers Division

    • ONLD Home
    • Law Students
    • Student Loan Repayment
    • Committees
    • Upcoming Events

    Task Forces and Special Committees

    • Task Forces Home

    Volunteer Bars

    • List/Contacts
    • Leadership Resources

    Volunteering

    • Volunteer Opportunities
  • Licensing/Compliance

    Admissions

    • Admissions Home
    • Alternative Admittance
    • Applicants for Admission
    • Admissions Forms
    • Past Bar Exam Results

    Supervised Practice Portfolio Examination

    • SPPE Home

    Licensed Paralegal Program

    • LP Home

    Lawyer Discipline

    • Discipline Home
    • Disciplinary Board Reporter
    • Disciplinary Boards
    • Client Assistance Office
    • (SPRB) State Professional Responsibility Board

    Membership Records

    • Address Changes
    • Good Standing Certificate
    • Request Discipline File Review

    MCLE

    • MCLE Home
    • Program Database
    • Forms
    • Rules (PDF)

    IOLTA Reporting

    • IOLTA Home
    • IOLTA FAQ

    Licensing Fees

    • Licensing Fee FAQ
    • Licensing Fee Payment

    Status Changes

    • Status Changes FAQ
    • Inactive Status Form
    • Retired Status Form
    • Active Pro Bono Status Form
    • Reinstatement Forms
    • Resignation Form A
    • Pending Reinstatements

    Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    Pro Hac Vice/Arbitration

    • Pro Hac Vice
    • Arbitration

    New Lawyer Mentoring Program

    • New Lawyer Mentoring Program Home

    Professional Liability Fund

    • Professional Liability
      Fund Website
For The Public

Public Information Home
Legal Information Topics
Oregon Juror Guide
Finding The Right Lawyer
Hiring A Lawyer
Lawyers Fees
Client Assistance Office
Public Records Request
Unlawful Practice of Law
Fee Dispute Resolution
Client Security Fund
Volunteer Opportunities
for the Public

For Members

BarBooks®
Bulletin Archive
Career Center
Fastcase™
Judicial Vacancies
Legal Ethics Opinions
OSB Group Listings
OSB Login
OSB Rules & Regs
SLAC Info
Surveys and Reports
Volunteer Opportunities

CLE/Legal Pubs

CLE Seminars Home
Legal Publications Home

Bar Programs

Diversity & Inclusion
Fee Arbitration/Mediation
Legal Services Program
Legislative/Public Affairs
Loan Repayment
Assistance Program

Oregon Law Foundation
Pro Bono

Member Groups

Board of Governors
Committees
House of Delegates
Volunteer Bars
Oregon New
Lawyers Division

OSB Sections
Professionalism
Commission

Volunteer Opportunities

About The Bar

About the Bar
ADA Notice
Contact Info
Copyright Notice
Directions to the Bar
Meeting Room Rentals
Mission Statement
OSB Job Opportunities
Privacy Policy
Staff Directory
Terms of Use

Licensing/Compliance

Admissions
Client Assistance Office
Client Security Fund
IOLTA Reporting
Lawyer Discipline
MCLE
Member Fee FAQ
New Lawyer
Mentoring Program

Professional Liability Fund
Status Changes

Oregon State Bar Center

Phone: (503) 620-0222
Toll-free in Oregon: (800) 452-8260
Facsimile: (503) 684-1366

Building Location:
16037 SW Upper Boones Ferry Road
Tigard, OR 97224

Mailing Address:
PO Box 231935
Tigard, OR 97281

Oregon State Bar location Map

Copyright ©1997 Oregon State Bar  ®All rights reserved | ADA Notice | Mission Statement | Privacy Policy | Terms of Use