The Federal Stored Communications Act, 18 U.S.C. § 2701, et seq. (“SCA”), makes it unlawful to, among other things, “intentionally access without authorization a facility through which an electronic communication service is provided.” Violators are subject to imprisonment and fines, and the statute expressly authorizes a civil action for damages, injunctive relief and attorneys fees. A federal court in New Jersey has now held that the statute may apply to those who access information posted by a Facebook account holder on his or her Facebook “wall.” The defendant-employer in the case, Monmouth-Ocean Hospital Service Corp. (“MONOC”), was able to avoid liability under the SCA because the plaintiff could not establish that her employer violated the “without authorization” component of the statute. Ehling v. Monmouth-Ocean Hospital Service Corp. But the case puts employers on notice that they must tread carefully in this area.
The plaintiff in Ehling, a registered nurse and paramedic, who worked for MONOC, a hospital specializing in emergency medical services, was disciplined by the hospital for posting on the “wall” of her Facebook profile page comments the hospital believed were in “deliberate disregard of patient safety.” Plaintiff had provided access to these comments only to Facebook account holders who were her Facebook “friends,” none of whom was a MONOC supervisor. One of these “friends,” however, gave a copy of the comments to a MONOC manager who, in turn, passed them on to MONOC’s Executive Director of Administration. There was no evidence that the manger solicited the information from the “friend,” and, indeed, the manger was surprised when he received the information. Plaintiff filed a complaint with the National Labor Relations Board, but the Board concluded that there was no violation of the National Labor Relations Act and no privacy violation because the wall post had been sent unsolicited to MONOC management. Plaintiff subsequently filed a lawsuit against MONOC asserting a variety of claims, one of which was that the hospital had violated the SCA in connection with her Facebook account.
The Court’s Rulings
The first issue the Court addressed was whether the SCA applied to the plaintiff’s Facebook wall posts. The Court noted that a Facebook “wall post can include written comments, photographs, digital images, videos, and content from other websites” and that “Facebook designed its website so that its servers would save this data indefinitely. As more and more wall posts are added, earlier wall posts move lower and lower down on the user’s Profile Page, and are eventually archived on separate pages that are accessible, but not displayed.” Analyzing plaintiff’s wall posts in terms of the SCA’s criteria for covered communications, the Court concluded that these wall posts were covered by the SCA because they were “(1) electronic communications, (2) that were transmitted via an electronic communication service, (3) that are in electronic storage, and (4) that are not public.” The Court had little difficulty finding that wall posts are electronic communications and that Facebook is an electronic communication service. The Court also found that wall posts are “in electronic storage,” given that the SCA’s definition of that term includes storage “for purposes of backup protection.” The Court concluded that “[b]ecause Facebook saves and archives wall posts indefinitely . . . wall posts are stored for backup purposes.” Finally, the Court found that plaintiff’s wall posts were not public because they were “configured to be private” within the meaning of the SCA, given that plaintiff had elected to limit access to her posts to her Facebook “friends.”
Nevertheless, the Court found no violation of the SCA in light of the statute’s “authorized user” exception, which applies “where (1) access to the communication was ‘authorized,’ (2) ‘by a user of that service,’ (3) ‘with respect to a communication . . . intended for that user.’ 18 U.S.C. § 2701(c)(2).” The Court found that MONOC had been given authorized access to plaintiff’s wall post because plaintiff’s Facebook “friend” was an authorized user of the Facebook “service,’ plaintiff’s wall posts were intended for him and he voluntarily supplied the content of the post to MONOC. The Court noted, however, that MONOC’s access would not have been authorized if MONOC had coerced or pressured the “friend” into providing access to the post.
It is not unusual for employers to have an interest in the information on their employees’ social media sites, because they believe employees are denigrating them, or for litigation purposes or for some other reason. It is one thing if the information simply falls into the employer’s lap, as occurred in the Ehling case. An employer should proceed with extreme caution, however, if it is thinking about actively pursing such information, keeping in mind the prohibitions of the SCA.
For answers to any questions regarding the SCA, social media issues or electronic discovery, please feel free to contact an attorney in the Gibbons Employment & Labor Law Department or the Gibbons E-Discovery Task Force.