Court ruling a warning to companies on workers' Facebook privacy

Decision expected to be influential because few courts have tackled how law such as the Stored Communications Act applies to social media

A recent federal court ruling is a warning to companies that workers' non-public Facebook postings are private and uninvited employers have no right to read them.

The ruling, handed down last month, stemmed from a lawsuit filed by a paramedic against Monmouth-Ocean Hospital Service Corp. (MONOC) in New Jersey. Deborah Ehling was disciplined after posting on her Facebook wall a comment criticizing Washington, D.C., paramedics' handling of a deadly shooting at the U.S. Holocaust Memorial Museum

The U.S. District Court decision is significant because it is one of very few rulings addressing whether Facebook postings meant only for users' "friends" are protected under the federal Stored Communications Act. Passed in 1986, the act extends protection to electronic communications that are configured to be private.

"The message that we're getting here is that the courts will take very seriously the privacy interests of someone who is using social media and designates it as private communications," Robert Quackenboss, a partner in the labor employment group of the law firm Hunton & Williams, said on Thursday.

While the ruling only applies to the parties in the case, the decision is expected to be influential because so few courts have addressed the issue of how privacy protections apply to social media. Because the district court was on relatively virgin ground, it was particularly thoughtful in addressing the legal issues.

"The first federal court to do so with sound reasoning ends up being very persuasive to other courts that take up the matter subsequently," Quackenboss said.

MONOC suspended Ehling for a post that followed the June 2009 shooting, in which white supremacist James W. von Brunn, 88, opened fire in the Holocaust museum, killing a guard and sending visitors, including children, diving for cover. Other guards returned fire, wounding von Brunn in the head.

Ehling's post, which was not explained in the court's decision, read, in part, "I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference! WTF!!!! And to the other guards....go to target practice."

In suspending Ehling, who was president of the Professional Emergency Medical Services Association union at the time, MONOC officials said the posting was a "deliberate disregard for patient safety."

[Also see: Storify shows how Facebook privacy more illusion than fact]

Ehling had configured Facebook to show her postings only to roughly 300 "friends," which included co-workers, but not management. Unbeknownst to Ehling, Tim Ronco, another paramedic who was on her friends list, was taking screenshots of her postings and sending them to MONOC manager Andrew Caruso, who then sent them to Stacy Quagliana, executive director of administration at MONOC, according to the court ruling.

Caruso, who was friends with Ronco, but not his boss, never asked to be informed of Ehling's Facebook activity and never asked for the screenshots. "In fact, Caruso was surprised that Ronco showed him plaintiff's Facebook posts," federal Judge William J. Martini said in his ruling.

Nevertheless, the court found that the postings were private and protected by the Stored Communications Act, because Ehling had configured her Facebook settings, so only her "friends" could see writings.

Ultimately, the court ruled in favor of MONOC based on an exception in the Stored Communications Act, which is part of the federal Electronics Communications Privacy Act. Because Ronco was authorized to see the postings, he could share them with other people, including Ehling's employer.

"The court said there's no liability because she authorized the spy to see [the posts," said David Straite, a digital privacy lawyer for the law firm Kaplan Fox & Kilsheimer. "And that's important. This spy had no obligation to keep her private thoughts private."

Had MONOC management coerced Ronco into providing the screenshots or had asked for them, then the company would have been guilty of violating Ehling's privacy. Under the SCA, the company would then be liable for punitive damages and lawyer fees.

"Sometimes, frankly, that's all you need to attract plaintiff lawyers to a claim," Quackenboss said.

The court did not address the issue of whether a company would violate an employee's privacy, if the employer had hired someone to spy on workers' Facebook postings.

However, the ruling is an indicator that the federal courts would see that as a conscious attempt to underhandedly bypass people's privacy settings of social media. "It's just a step short of coercion," Quackenboss said.

Copyright © 2013 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.