Employer Social Media Policies, Cyber Security and Other Web Notes

Employer Social Media Policies, Cyber Security and Other Web Notes

As the various forms of social media have become increasingly pervasive, employers have struggled with appropriate responses to employees' use of the social media sites. One question in particular that has arisen is the extent to which employers can seek to regulate and even discipline employees' use of social media to comment on the employer or their workplace. A recent decision by a three-judge panel of the National Relations Board, addressing the social media policies of Costco Wholesale Corp. held that the company's social media policy violated its employees' rights under the National Labor Relations Act. A copy of the NLRB's September 7, 2012 Decision and Order can be found here.

I should note at the outset that this NLRB ruling was discussed by a panel at the Advisen Management Liability Insights Conference in New York last Thursday. In addition, a work colleague also forwarded me a copy of the Blank Rome law firm's September 2012 memo about the NRLB's ruling. I acknowledge here my indebtedness to the conference panel and to my work colleague for identifying this topic and suggesting many of the comments in this post.

The NLRB's Costco ruling arose out of efforts at the company's Milford, Connecticut facilities to organize the facilities' meat department employees. In connection with these activities, the concerned union filed charges with NLRB alleging that the company had violated the employees' rights under the National Labor Relations Act. Among other things, the Union alleged that the company had certain unlawful rules in its employee handbook. Among these rules is one stating that "any communication transmitted, stored or displayed electronically must comply with the policies outlined in the Costco Employment Agreement."

The rule goes on to state that statements "posted electronically (such as [to] online message boards or discussion groups) that damage the Company, defame any individual or damage any person's reputation, or violate the policies outlined in the Costco Employee Agreement may be subject to discipline, up to and including termination of employment."

The Administrative Law Judge who heard the union's charges upheld this rule, determining that employees would reasonably conclude that the company's purpose in devising h the rule was to ensure a "civil and decent workplace."

The NLRB rejected the ALJ's determination, concluding to the contrary that the rule "allows employees to reasonably assume that it pertains to - among other things-certain protected concerted activities, such as communications that are critical to the Respondent's treatment of its employees." The Rule, the NLRB said, "clearly encompasses concerted communications protesting [Costco's] treatment of its employees." Costco's maintenance of the rule therefore "has a reasonable tendency to inhibit employees' protected activity" and as such "violates" the National Labor Relations Act."

The Blank Rome law firm's memo comments that the NLRB's ruling, (the NLRB's first binding decision on the issue) "serves as a reminder to employers to review the scope of their social media policies and to carefully analyze how they may be construed."

As noted in a September 21, 2012 memorandum from the Franczek Radelet law firm about the ruling (here), the need to review social media policies applies to both union and non-union employers, adding that "now more than ever, all employers should continue to review and update all of their policies to ensure that they are specific, narrowly tailored to their business needs, and do not sweep so broadly so as to interfere with employee rights under federal labor law."

In thinking about the potential EPL insurance implications of this development, it is important to note that many EPL policies have National Labor Relations Act exclusions, precluding coverage for claims based upon alleged violations of the NLRA or similar federal, state and local statutes. However, many insurers are willing upon request to amend this exclusion to provide a carve-back specifying that the NLRA exclusion does not apply to claims for retaliation.

A retaliation carve-back to the EPL policy's NLRA exclusion would not preserve coverage for all claims asserting that a company's social media policy violates the NLRA. However, Costco's social media policy not only contemplated discipline for violation of the policy, but expressly allowed for employee termination. The retaliation claim coverage carve-back to the NLRA exclusion might preserve coverage for a claim by an employee that he or she was terminated in retaliation for engaging in activity that contravened a social media policy that violated the NLRA - or to put it more simply, in retaliation for engaging in activity protected by the NLRA. However, even among carriers who are willing to extend the carve-back to the NLRA exclusion, the carriers sometimes restrict the carve-back so that it does not extend to extend coverage to class or mass action claims.

Jay Rockefeller's Cyber Security Letter: On September 19, 2012, John D. Rockefeller, IV, the Democratic Senator from West Virginia, sent a letter to the CEOs of all of the Fortune 500 companies, asking each CEO to voluntarily respond by October 19, 2012 to several broad questions pertaining to the company's view on cybersecurity and to the federal government's efforts to promulgate national cybersecurity standards. A copy of hte letter Senator Rockefeller sent to IBM's CEO can be found here.   

As detailed in a September 19, 2012 memorandum from the Gibson Dunn law firm (here), Rockefeller's letter follows his unsuccessful efforts earlier this year to pass legislation intended to impose heightened cybersecurity standards on a national level. (Indeed, a cynical reader might say that the letter is basically just one long gripe to the CEOs that the legislation failed to pass due to a filibuster and the efforts of business lobbyists.)   The law firm memo also points out that the letter follows other efforts Rockefeller has made to focus on cybersecurity outside of the legislative process, including his successful efforts last year to have the SEC provide guidance to pubic companies on what disclosures they should make concerning the companies' cybersecurity risks and incidents.

The letters in and of themselves are unlikely to change anything. However, Rockefeller's continuing efforts underscore the fact that cybersecuity is likely to remain both a high profile issue and a highly politicized issue. At the same time, other companies will find themselves, as Google recently did, under increased pressure to make disclosures regarding cybersecurity risks and incidents.

With increasing public scrutiny on companies' cybersecurity preparedness and disclosure comes the increasing likelihood comes the increasing possibility that companies experiencing cybersecurity incidents -and their directors and officers -- may face claims from shareholders and other constituencies that they failed to implement appropriate cybersecurity measures or made misrepresentations about their cybersecurity preparedness. As recently noted in Rick Bortnick's Guest Post on this blog, potential D&O liability is one of the significant components of cyber risk. The high-profile nature of these issues and the level of scrutiny increase the likelihood that we will see claims against companies' directors and officers based on cybersecurity preparedness and cyber disclosure.

Concerns About JOBS Act Fundraising:  Another topic that the Advisen conference in New York addressed last week was whole topic of concerns with fundraising activities enabled by the recently enacted JOBS Act. The Act's provisions permitting crowdfunding and loosening restrictions on solicitation and advertising for exempted offerings at a minimum create a context within which liability claims could arise and also increase the possibility for fraud. The Act's provision raising from 500 to 2,000 the number of shareholders a company may have before it takes on SEC reporting obligations not only increases the potential scale of these problems but also ramps up the number of prospective claimants that might object.

As the panel at the Advisen conference discussed, these concerns will pose a host of challenges not only for prospective investors but for private company D&O underwriters, as well. A September 22, 2012 Wall Street Journal article entitled "On Crowdfunding and Other Threats" (here) reviews the steps that prospective investors can take to try to avoid getting scammed in a JOBS Act offering. Though the list of steps in the article are addressed to the investors hoping to avoid getting defrauded, the list also provides a useful starting point for D&O underwriters trying to think about and to  underwrite these risks. At a minimum, it seems clear that caution is indicated here, both for investors and for insurance underwriters.

Readers interested in a more positive perspective on the possibilities of new forms of funding such as "crowdfunding" may want to take a look at the article in this week's issue of Time Magazine entitled "The Kickstarter Economy" (here, subscription required). The article chronicles the successes of (and challenges for) the Kickstarter, the online fundraising portal. The article optimistically suggests that the online fundraising will support nascent enterprises that are well-intentioned and worthy. At the same time, the article also documents many initiatives that failed to live up to their own aspirations.

One of the panelists at the JOBS Act session at last week's Advisen conference was Carl Metzger of the Goodwin Proctor firm, who pointed out that his firm has a page on its website devoted to JOBS Act- related concerns. The firm's webpage, which can be found here, is a good one-stop resource on JOBS Act issues and developments.

German Court Dismisses Investors' Porsche Suit: As I have discussed in numerous posts on this blog (most recently here),  aggrieved investors who lost money short-selling VW shares and who claim they were misled by Porsche's management have been trying to pursue claims against Porsche and its senior officials in U.S. courts. (Background regarding the dispute can be found here.) After their initial U.S. federal court action was dismissed (about which refer here), some investors tried to pursue claims against Porches in Germany's courts. Now, according to press reports (refer here), the first two of these German lawsuits to be considered have been dismissed.

According to the news reports, the Braunschweig regional court determined that the allegedly misleading statements on which the investor claimants sought to rely in support of their claims against Porsche did not amount to "vicious behavior" that would have misled investors A statement on the court's website about the September 19, 2012 court determination (in German) can be found here. According to the news reports, three additional cases remain pending before the same German court.

The outcome of the two German cases highlights why the aggrieved investors tried first to assert their claims in the U.S., and why some investors are continuing to press the U.S. claims. The appeal of the dismissal of the original U.S. federal court lawsuit remains pending in the Second Circuit. In addition, other investors' New York state court common law claims have survived an initial motion to dismiss (about which refer here). This long-running litigation saga continues to grind on, but the outcome of the two recent German court decisions seems to suggest that whether investors are to have any hope of relief will depend on further developments in the U.S. proceedings, particularly the pending appeal in the Second Circuit.

Read other items of interest from the world of directors & officers liability, with occasional commentary, at the D&O Diary, a blog by Kevin LaCroix.

For more information about LexisNexis products and solutions connect with us through our corporate site.