Friday, February 26, 2010

To Facebook Or Not To Facebook? That Is the Question For Investigators.


Lessons I learned from attending the LACBA’s program “Brave New Web: Social Network's Challenges to Copyright, Privacy and Legal Ethics.”

Last night I attended a program presented by the Los Angeles County Bar Association on social media. The program was presented by and for the Entertainment Law and Intellectual Property section so it wasn’t unusual that I was the only employment lawyer in the room. I expected to get a general overview of legal issues inherent in social media, from the perspective of the entertainment law experts on the panel, so that I could glean new policies or procedures to recommend to my own clients -in-house counsel and human resource professionals, - for their company’s social media policies. As the panel’s discussion/debate turned to legal ethics, however, I was reminded of something Bill Vaughan said, “People learn something every day, and a lot of times it's that what they learned the day before was wrong.”

That is, before I attended the program, I believed that anything a person posted on their social media website page or profile was “public” information. That is, that a person could not expect to keep their age a secret if they posted on their Myspace page the year they were born. I am not alone in that thinking. One of the panelists, Adam Clayton Powell, III, Vice Provost for Globalization at USC stated his comparable opinion, “Anything on Facebook is as public as if it was published in the LA Times.” Although this specific circumstance has not arisen for me in my own investigations, I did not up until this point find any legal or ethical dilemma in looking at an employee’s Facebook page during an investigation into that employee’s wrongdoing. For example, if an investigator must discern whether an employee made sexually offensive comments about a coworker on their Facebook Wall, it made common sense that the investigator would go onto Facebook and look at the posting to verify the accuracy of the alleged misconduct.

But, to my surprise, another member of the panel, Chris Kelly, Chief Privacy Officer for Facebook (and candidate for California Attorney General),pictured with me above, pointed out that Facebook is unlike other social media websites (MySpace, Twitter, etc.) in that Facebook has selective privacy settings which allow the Facebook member to decide which of their “friends” can view certain posted comments, thereby creating an expectation of privacy over the “private” information. (MySpace and other social networking sites have a binary privacy setting, which is less selective.) Other sites have no privacy settings at all.) Moreover, Facebook’s Terms of Use prohibits the unauthorized sharing of information. That is, your Facebook “friend”, whom you have allowed to see your birthday, cannot then go tell all of his friends that you are 35 (but you don’t look a day over 30.) This was a point that even panelist, Ben Sheffner, Counsel for Legal Affairs at NBC Universal, found surprising. Last, it is unethical for an attorney/investigator to use deceit to obtain access to the Facebook page of someone they are investigating. Presumably, the alleged wrongdoer would not “friend” the investigator or their company’s human resources if they knew that that person through subterfuge was actually seeking access to information or pictures that might impeach the alleged wrongdoer’s version of events, a point made by the fourth panelist, Roland Trope of Trope & Schramm.

Yet, despite Mr. Kelly’s argument that users have a selective expectation of privacy on Facebook, the issue of whether a person has a right to privacy on their Facebook profile is not set in stone, even in California. Facebook is currently being sued in a class action lawsuit that challenges its “privacy settings” as misleading and alleges that the settings actually expose users’ private information without permission.

That being said, as an attorney /investigator, I have been persuaded that it is not prudent, whether it is 1) a question of ethics, 2) a concern for violating the Terms of Use or 3) an invasion of privacy, to look at a person’s Facebook profile without the users express permission during an investigation. I will, however, take a party or witnesses’ statements on the content of a Facebook page and, in all fairness, I will also seek permission from the “accused” to see their Facebook information in order to disprove the alleged behavior. In any other circumstance, however, pending an investigation, Facebook is off limits. Do you agree? Is this going too far? What should an attorney/investigator do when the alleged misconduct is a social media profile/page that’s purpose is to “badmouth” the employer, as was the case in Pietrylo v. Hillstone Restaurant Group?,

Is the invasion of privacy justified? Do non-attorney investigators have to consider the ethical issues also? Leave your comments.

Tuesday, February 23, 2010

Another Reason to Shop at Costco


California Supreme Court Helps Keep the Lid on Pandora’s Box Investigations

I don’t need another reason to shop at Costco. I love the discounts, buying in bulk for my large family and the bin candy licorice. But, thanks to the California Supreme Court, I now have another reason to love Costco. According to the holding in Costco Wholesale Corporation v. Superior Court of Los Angeles County, (November 2009), a lawyer’s communications with clients, made for the purpose of giving advice, are absolutely protected from disclosure to adversaries, regardless of whether the communication contains factual or legal content. By upholding the sanctity of the attorney-client privilege, even when the attorney is conducting a fact-finding investigation in order to render a legal opinion, the California Supreme Court gave neutral attorney-investigators and their clients the ability to keep a lid on “Pandora’s Box Investigations.”

Yes, I made up that term. I made up the term “Pandora’s Box Investigation” based on my experience as a neutral attorney/investigator that has first-hand experience in conducting this type of investigation. A “Pandora’s Box Investigation” - named after the Greek mythological Goddess, Pandora who released all of God’s evils into the world by lifting the lid off her mythical box - is an investigation that through interviews and review of evidence reveals misdeeds well beyond the initial misconduct which instigated the investigation. The misdeeds are so egregious and create so much additional liability for the client if revealed, that the client, upon advice from her litigator, chooses to keep the investigation and the attorney/investigator’s conclusions or recommendations privileged. That is, an impartial investigation is often used as an employer’s defense in claims of harassment or wrongful termination so many employers opt to present the investigation in order to demonstrate that they acted reasonably with respect to the employee. In this instance, the employer is waiving its privilege. But, in the case of a Pandora’s Box Investigation, the employer chooses to keep the investigation under wraps so as not to expose itself to further liability and rely on the merits of the case or other available defenses in order to prevail.

For example, in Costco Wholesale Corporation v. Superior Court of Los Angeles County, Costco became aware that plaintiff’s attorneys were challenging the classification of retail industry managers as “exempt” from overtime and other wage laws. Anticipating a claim, Costco hired a wage and hour specialist, an attorney, to “investigate” Costco and provide an opinion as to whether Costco was properly classifying its own managers. For example, a company can call an employee Vice-President of Waste Management, but if the employee spends his day cleaning toilets, he will not be considered exempt. After interviewing Costco’s employees and analyzing their duties under the law, the attorney provided Costco with a legal opinion which contained a recitation of applicable facts, legal standards and analysis. A year after the receipt of the opinion letter, Costco reclassified many of its warehouse managers to non-exempt employees, making them eligible for overtime and other benefits. Presumably, the investigator found that Costco had misclassified the employees and Costco rectified this by making the appropriate changes.

A year and a half after that, Costco was sued in a class action lawsuit for misclassifying its employees and violating the wage and hour laws. The plaintiff’s attorneys wanted to see the content of that attorney’s report, assuming that it had evidence and an opinion that stated Costco was violating wage and hour laws – they wanted to open the Pandora’s Box, so to speak. Not surprisingly, Costco wanted to keep the lid on it. Costco’s counsel argued that the investigator/attorney’s factual findings and opinion should not be revealed to their adversaries or the court, i.e. it was protected by the attorney-client privilege, pursuant to Evidence Code 954. In November, 2009, the California Supreme Court agreed that the report was protected by the attorney-client privilege, even if the outside counsel gathered facts in the process of rendering legal advice, summaries of those facts were included in the written communications she prepared and those facts were otherwise discoverable in litigation.

Therefore, consistent with Costco Wholesale Corporation v. Superior Court of Los Angeles County, employers should feel reassured when using a neutral attorney/ investigator to investigate employee wrongdoing, in that the investigation will most likely be privileged in the event that the investigation reveals unanticipated potential employer liabilities. In order to ensure the investigation is deemed privileged until the employer/client decides to waive that privilege during litigation, the following Proactive Strategies should be implemented.

• Make sure, when retaining your neutral attorney/investigator to put the request for “legal advice” in writing and that the retainer agreement includes a reference or provision which states that a “privileged” legal opinion, not just a fact-finding will be provided at the conclusion of the investigation.

• Make sure all communications between the client and the attorney/investigator are marked “CONFIDENTIAL.” Make sure that the final work product from the attorney/investigator is marked “ATTORNEY WORK PRODUCT” and that it is not disseminated to third parties.

• In the memorandum (or letter) to the complainant or accused at the end of the investigation (which I recommend to inform the parties that the investigation is concluded and its results), provide a brief “summary” of the investigator’s conclusion, not the entirety of the factual findings and conclusions or recommendations. That way, a court will not deem the privileged “waived” by disclosure to third parties.

One last caveat, remember that ultimately, the investigator’s conversations, the investigation’s factual findings, the conclusions and recommendations will most likely be used as a defense in litigation and that the attorney-client privilege, in that instance, is waived by the company. That was the case in Wellpoint Health Networks v. Superior Court where the attorney/investigator was hired to determine whether misconduct occurred and demonstrate the employer made reasonable efforts to protect its employees from harassment. Therefore, an employer should anticipate this inevitability and only discuss confidential information with its company’s litigator, not with the neutral attorney-investigator. Once the privilege is waived, anything said to the investigator is discoverable and can be used against the employer.

Have you experienced a Pandora’s Box Investigation? What lessons did you learn?

Thursday, February 4, 2010

Elvis Has Left The Building


How to Protect Your Company from the Legal Hazards of Social Media Abuse



I am often asked the question by clients, counsel and Human Resource professionals, “Do I think their company should ban employees from using social media while at work?” Often those concerned will complain that their employees spend too much time on Facebook rather than work. Or that they can’t make their employees “think” before they “tweet” something (in 140 characters or less) that another employee finds offensive. Or, they heard a rumor that there is an anonymous company blog that badmouths the bosses. These are valid concerns for employers and those who must manage employee’s behaviors and productivity. According to recent studies, the average worker admits to spending more than 2 hours per 8 hour workday on the internet. Employees surfing the internet, including social networking sites and blogs, account for nearly 45% of that wasted time.

Yet despite the drawbacks, social media sites (such as Facebook, Linkedin, Twitter and Myspace) have many business benefits. Social media sites can help employees augment their computer skills, hone communication skills, connect them with colleagues and mentors, and can be used to promote the values, goals and marketing interests of their employer. The challenge for a company now is to allow for the innovation of technology, including access to social media, while protecting itself and its employees from abuses. Therefore, my response to the question of whether a company should ban employees from using social media at work is always, “Elvis has left the building.” The social media train is moving too fast now for employers to stop it. According to Andrew S. Grove, chairman of Intel, “There are two companies – one that operates (with technology) and one that doesn’t…you’re either going to do it or you disappear.” In other words, social media is here to stay. Banning it is no longer an innovative, competitive, forward-thinking company’s best option.

Employers must accept the inevitability of social media’s presence in the workplace as much as they have accepted email, the fax machine and the intranet. Rather the best practice now for employers is to proactively plan for their employee’s abuse of social media and implement an iron clad policy which protects the employer from liability in the event of social media abuse. Certainly, there are no one-size-fits all policies that I can draft that would satisfy the needs of each and every company. Industry, company size, social media use and many other factors must be taken into consideration when designing these innovative policies. Fortunately, the internet is riddled with example social media policies. In case you do not believe me, here are 200 Sample Social Media Policies. I do not recommend or endorse any of these.

Nevertheless, in drafting or evaluating a social media policy make sure you include the following provisions that will deter employees from abusing social media and will allow your company cause for discipline or termination in the event that an employee does not comply with it:

1) State that an employee is permitted to access social media sites while at work as long as the use does not interfere with the optimum performance of their job. The company’s primary interest is in its employee’s productivity and the use of social media at the cost of this productivity undermines the Company’s business objectives.

2) State that the Company’s internet and email policies apply to employee’s accessing social media sites from company computers. That is, the company owns the computers and technology and can and does monitor this usage. Employees should not have an expectation of privacy while using social media.

3) State that the Company’s discrimination and harassment policies apply to employee’s accessing social media sites. Employees should be considerate of visual content displayed on their computer screens. Moreover, accessing sites that are pornographic, violent or have sexual or discriminatory content is prohibited. Finally, writing harassing, bullying or discriminatory statements about coworkers or management may also violate the harassment policy and is prohibited.

4) State that the Company has an expectation of loyalty from its employees that the employee will not make statements on behalf of the company or use the Company logo without express, written permission. Moreover, the Company expects that employees will not disparage or defame the company, its employees or its products on any social media site. The Company does not want its employees to respond to negative comments about the company, its employees or products without express, written consent.

5) State that the Company expects employees to act with high ethical standards when accessing social media websites. An employee must never represent him or herself or the Company in a false or misleading way. All statements must be true and not misleading. All claims must be substantiated. Finally, using social media for unlawful purposes is prohibited.

6) State that the Company’s trade secret and confidential communications policies apply to employee’s accessing social media sites. The Company expects that employees will not share company secrets, confidential information or discuss company litigation on social media sites. In the event that an employee inadvertently reveals such information, he or she should inform management immediately.

7) State that an employee who violates this Social Media Policy may be subject to discipline up to and including termination.

As important as the policy is to a company in protecting against abuse, so is its enforcement. Training management and staff is integral to Katz Consulting & Associates Proactive Lawsuit Prevention Strategies. Do not bury the policy in your handbooks. Train employees on the content of the policy. Train your management to treat employees consistently in the event that they determine employees are abusing social media. Inconsistent discipline may give rise to a claim of discrimination.

Finally, remind managers not to make promises or assurances that could amend the Company’s written policy. Once case, presently before the California Supreme Court, Quon v. Arch Wireless Operating Co, involves a sergeant on the Ontario, California SWAT team who sued his employer for violating his right to privacy because it monitored his sexual-text messaging (or “sexting”) from his department issued pager. Even though the department had a policy that expressly informed employees of its right to monitor their pagers, the sergeant’s supervisor promised him he would not monitor it. Appropriately training supervisory staff on the pitfalls of making these verbal assurances would have prevented this lawsuit.

Did I miss something? Is your policy consistent with my recommendations or do you have something to add? I’d love to hear your opinion.