16.5 Privacy Laws and the Impact of Digital Surveillance

After having a tough time at work, a young waitress named Ashley she decided to vent about her job on Facebook. The 22-year-old had finished an overtime shift at a North Carolina pizza parlor and discovered that the demanding customer who had stayed late had left a meager tip. Feeling frustrated, Ashley posted a short status update on her Facebook profile, calling the anonymous customer an unflattering name. Unfortunately for Ashley, she had connected with her coworkers on the social networking site. Two days after her angry post, Ashley’s manager called her in to show her a copy of her comments and promptly fired her (Lai, 2010 ). Ashley ’s story represents one of many examples of employers terminating their employees as a result of inappropriate comments or photographs on social networking sites; a study by Internet security firm Proofpoint found that 8 percent of companies have dismissed an employee for his or her behavior on social networking sites (Ostrow, 2010) . These cases highlight a blurring of personal and professional life in the Internet age, leaving many people uncomfortable with the notion that their employer can monitor what they say or do in their free time and use it as a reason for dismissal.

Social Networking: The Blurring of Personal and Professional

The privacy issue has strayed well beyond government legislation; it affects anyone currently employed or even just looking for a job. When employers consider whether or not to hire an individual, they no longer need to rely on just a résumé to obtain pertinent information. A simple Google search often reveals that a potential employee has a social networking site on the Internet, and the employer can access everything the candidate has posted online unless privacy settings allow otherwise. A 2010 survey by CareerBuilder.com revealed that 53 percent of companies check out candidates’ profiles on social networking sites such as MySpace, Twitter, LinkedIn, and Facebook before deciding to employ them, and a further 12 percent of companies intend to review social networking sites of potential employees in the future (Skinner, 2010).  Factors that affect an employer’s decision whether or not to hire candidates based on their social networking page include the use of drugs or drinking, the posting of discriminatory comments, or the posting of inappropriate or provocative photographs. On e survey also revealed that some candidates posted information on their social networking page that proved they had lied on their résumé (Skinner, 2010).

Once employees get hired, they still need to demonstrate care about what they post on social networking sites, particularly in relation to their jobs. Cheryl James, a hospital worker from Michigan, lost her job in 2010 after she posted a message on Facebook describing a patient as a “cop killer” and hoping that he would “rot in hell (Dahl, 2010).” A few years earlier, Virgin Atlantic Airlines terminated 13 crew members for describing passengers as “chavs” (a derogatory British term similar to “white trash”). A Virgin spokesman commented, “There is a time and a place for Facebook. But there is no justification for it to be used as a sounding board for staff of any company to criticize the very passengers who pay their salaries (Conway, 2008).”

Although employees might reasonably expect to face discipline for using social networking sites on company time—a 2009 study discovered that 54 percent of U.S. companies have banned workers from using social networks during work hours—the issue of whether companies can influence how their employees behave in their private lives is a little trickier (Gaudin, 2009).  The outcome of a 2009 federal court case in New Jersey may have some bearing on whether companies have the right to spy on their employees while the employees use password-protected sites on nonwork computers. The case, between restaurant employees Brian Pietrylo and Doreen Marino and managers at Houston’s in Hackensack, New Jersey, centered on a forum set up by Pietrylo on MySpace. The forum, which was password-protected and required an e-mail invitation to join, made fun of the restaurant décor and patrons and included sexual jokes and negative comments about restaurant supervisors. Restaurant hostess Karen St. Jean, who had received an invitation to the forum, showed the supervisors the site and believed they found it amusing; however, the management chain eventually fired Pietrylo and Marino, claiming that the pair’s online posts violated policies set out in the employee handbook, including professionalism and a positive attitude. Marino and Pietrylo filed for unfair dismissal, claiming that the restaurant managers had violated their privacy under New Jersey law. Following a trial in June 2009, a federal jury agreed that the restaurant had violated state and federal laws that protect the privacy of web communications. The jury awarded Pietrylo and Marino a total of $3,400 in back pay and $13,600 in punitive damages (Toutant, 2009).

Although the outcome of the New Jersey case may have some bearing on the use of social networking sites outside of work, employees should still exercise caution in the office. Companies have increasingly used technological advances to monitor Internet usage, track employees’ whereabouts through GPS-enabled cell phones, and even film employees’ movements via webcams or miniature video cameras. Lewis Maltby, author of the workplace rights book Can They Do That?, says, “There are two trends driving the increase in monitoring. One is financial pressure. Everyone is trying to get leaner and meaner, and monitoring is one way to do it. The other reason is that it’s easier than ever. It used to be difficult and expensive to monitor employees, and now, it’s easy and cheap (Petrecca, 2010).” Whereas employees using their own equipment outside of work hours might have a reasonable expectation of privacy, the situation changes when using company property. Nancy Flynn, founder of training and consulting firm ePolicy Institute, said, “Federal law gives employers the legal right to monitor all computer activity. The computer system is the property of the employer, and the employee has absolutely no reasonable expectations of privacy when using that system (Petrecca, 2010).” Because this lack of privacy covers everything from instant messages sent to coworkers to e-mails sent from personal accounts when employees use the company network, best practices indicate employees should separate their work life from their personal life as much as possible.

Restoration of Privacy

Social networking sites have come under fire for violating users’ privacy. In 2009, Facebook simplified its settings to keep up with the popularity of microblogging sites such as Twitter. One consequence of this action was that the default setting enabled status updates and photos to be seen across the entire Internet (see Chapter 11 “The Internet and Social Media” for more information about Facebook privacy settings).  The social networking site has also come under criticism for a temporary glitch that gave users unintended access to their friends’ private instant messages, and for a new feature in 2010 that enabled the company to share private information with third-party websites. Although Facebook simplified its controls for sharing information by consolidating them on a single page and making it easier for users to opt out of sharing information with third-party applications, public concern prompted 14 privacy groups to file an unfair-trade complaint with the Federal Trade Commission (FTC) in May 2010 (Ashford, 2010).  Congress is currently investigating whether more government regulation of social networking sites is necessary to protect people’s privacy.

Other companies, including Google, have actively attempted to restore users’ privacy. In response to revelations that the company had accidentally captured and archived wireless data with its Google Street View cars (which use cameras to provide panoramic views along many streets around the world), Google announced in 2010 that it would launch an encrypted search facility . The technology uses SSL (secure sockets layer) to protect Internet searches from interception while traveling across the web. Users can activate the secure search facility by typing “https” at the beginning of the URL instead of “http.” Although the technology provides a measure of security—the computer will not archive the search in its history or appear in the AutoFill during a subsequent search—it does not guarantee total privacy. Google maintains a record of search terms, and Internet users will still need to rely on the company’s promise not to abuse the data. However, if the encrypted search facility proves successful, it may become a role model for social networking sites, which could offer encryption for more than just log-ins.