In Ehling v. Monmouth-Ocean Hospital Service Corp., the U.S. District Court for New Jersey permitted a former employee’s claim for invasion of privacy after a supervisor allegedly gained unauthorized access to her Facebook account to proceed for discovery.
The plaintiff, a registered nurse and paramedic, alleged that her employer accessed private postings on her Facebook account in retaliation for her union activity. A supervisor allegedly coerced another employee, who was Facebook “friends” with the plaintiff, to sign to into her Facebook account, so the supervisor could see the posts the plaintiff had restricted to her “friends.” The supervisor copied the following post:
An 88 yr old sociopath white supremacist opened fire in the Wash D.C. Holocaust Museum this morning and killed an innocent guard (leaving children). Other guards opened fire. The 88 yr old was shot. He survived. I blame the DC paramedics. I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a different! WTF!!!! And to the other guards…go to target practice.
The Hospital sent a letter, including this post, to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services. The Hospital said it was concerned that the posting showed a disregard for patient safety. The plaintiff sued, claiming the letters were a malicious attempt to attack her, damage her reputation and employment opportunities, and put her nursing license and paramedic certification status at risk.
One of the plaintiff’s legal theories was common law invasion of privacy. The claim was premised on the supervisor’s alleged unauthorized accessing of the plaintiff’s private Facebook postings. The Hospital moved to dismiss, arguing that the plaintiff did not have a reasonable expectation of privacy in her Facebook posting. The Court denied the motion to dismiss.
The plaintiff argued that she had a reasonable expectation of privacy in her Facebook posting, because her comment was disclosed to only those people she had individually invited to view a restricted access webpage. The Hospital argued that the plaintiff cannot have a reasonable expectation of privacy, because her commentary was disclosed to dozens, if not hundreds, of people. However, there was no evidence about how many Facebook “friends” the plaintiff had at the time of the posting, and therefore no indication of how many people had permission to view the posting. The Court ruled the claim could survive a motion to dismiss because the plaintiff “may have had a reasonable expectation that her Facebook posting would remain private, considering that she actively took steps to protect her Facebook page from public viewing.”
Many states are considering legislation to specifically address the privacy of social media accounts. Maryland and Illinois already have passed laws that prohibit employers from requesting or requiring an employee or applicant to disclose a user name or password for a personal social media account. Maryland’s law is effective October 1, 2012. The Illinois legislation goes into effect January 1, 2013.