Companies typically think that harmful or false statements may come from disgruntled customers or competitors. In Part 1 and Part 2 of this three-part series, we explored the options that companies have when an anonymous defamatory statement is posted on social media, a blog or the company’s own website. But what happens when the anonymous postings appear to come from an employee within the company? Reputational harm can be particularly bad when it comes from an employee with access to company trade secrets or other confidential information. Employers must have appropriate policies in place to proactively deal with employees who engage in this kind of conduct, but they also have to recognize that there are limits on what can be done given employees’ rights to engage in protected activity under the National Labor Relations Act (NLRA).
The harm that anonymous postings by an employee can exact was illustrated in a recent high-profile example of anonymous postings on Twitter by an employee of the National Security Council (NSC). The employee was posting anonymous tweets under the account @natsecwonk. These postings had been made over a two-year period and included personal and often offensive attacks on President Obama, others at the White House and the State Department. The employee had a top security clearance, and even though his postings did not release classified or highly sensitive information, they were critical of President Obama’s handling of sensitive foreign policy issues, like the terrorist attack on the U.S. diplomatic mission in Benghazi, Libya. The NSC realized that the postings appeared to be from someone within the agency and unmasked the employee by planting intentionally inaccurate information with the employee to see if it would end up in a tweet. After confronting the employee, he admitted that he was the author of the posts. The employee was fired as a result of the postings.
Protections afforded employees under the NLRA
Companies are probably familiar with the protections that employees are afforded when trying to organize to get better working conditions. Meetings organized by employees in the lunch room to discuss working conditions are the kinds of traditional activities for which employees cannot be fired or retaliated against. The lines related to what is protected are much more blurred when dealing with social media and the employer-employee relationship. For example, in one NLRB case, an employee, who was part of a union, was suspended and then fired for posting negative postings on her Facebook account about her supervisor. Other employees were Facebook friends and responded to her postings. The company had a policy that prohibited employees from making disparaging comments about supervisors and depicting the company in any way over the internet without the company’s permission, and the company referred to the policy as a reason for the employee’s termination. The NLRB found that the employee’s postings were protected concerted activity and that the policies were unlawful.
Employees, however, do not have a license to say anything they want on social media, anonymously or otherwise. Employees can be disciplined or terminated for defamatory statements about others that are not related to the employees’ work environment or for revealing trade secrets or other commercially sensitive information. For example, a day care worker was fired for a Facebook posting in which he made disparaging comments about the day care center’s director, who was also a family member. The 7th Circuit affirmed summary judgment in favor of the day care center in a Title VII action brought by the employee. When employers confront anonymous postings on social media that they believe to be an employee’s, they must analyze whether the comments are related to the terms and conditions of the employee’s employment and are related to issues discussed by fellow employees or mere griping.
Practical ways to deal with anonymous postings by employees
Companies should insure that they have policies in place that make it clear that targeted conduct, such as malicious, obscene, threatening, racist or harassing postings, as well as defamatory and false statements about the company, is prohibited and could result in discipline or termination. The policy should also prohibit the use of social media to make statements about other employees in the work place that could expose the company to claims of discrimination or a hostile-work environment. The company’s policies must also make it clear that employees cannot post trade secrets, misuse trademarks or post other confidential commercial information.
Their policies, however, should be reviewed to make sure they are not limiting protected employee speech. Policies may be overbroad if they contain blanket prohibitions on “offensive” or “inappropriate” postings. Companies can specify in their policies that employees not use company computers or mobile devices for non-work activity. For example, in the NSC matter discussed above, the NSC had a policy that employees could not access their social media accounts because of security concerns of the NSC related to the sensitive information involved in the agency’s work.