Key point 4-04. Many states recognize "invasion of privacy" as a basis for liability. Invasion of privacy may consist of any one or more of the following: (1) public disclosure of private facts; (2) use of another person's name or likeness; (3) placing someone in a "false light" in the public eye; or (4) intruding upon another's seclusion.
A federal court in New Jersey ruled that an employer may have invaded the privacy of an employee by accessing her Facebook account without permission.
A registered nurse and paramedic (the "plaintiff") worked for an emergency response company. She alleged that her employer retaliated against her as a result of her union activities. She maintained an account on Facebook, a social networking website. If someone was not invited to be her Facebook "friend," he or she could not access and view postings on her Facebook "wall." Many of her coworkers were invited to be her Facebook friends. She did not invite any members of her employer's management team as friends.
The plaintiff alleged that her employer "gained access to her Facebook account by having a supervisor summon an employee, who was also one of the plaintiff's Facebook friends, into an office" and "coercing and threatening the employee into accessing his Facebook account on the work computer in the supervisor's presence." The plaintiff claimed that the supervisor viewed and copied her Facebook postings accessed through the coworker's account. One such posting contained a highly offensive and derogatory comment that the supervisor forwarded to the state board of nursing. The supervisor alleged that the company was concerned that the plaintiff's Facebook posting showed a disregard for patient safety.
The plaintiff sued her former employer on the basis of several grounds, including a violation of a state wiretapping law, and invasion of privacy.
State wiretapping law
The plaintiff claimed that the employer violated the New Jersey Wiretapping and Electronic Surveillance Control Act ("NJ Wiretap Act") "by accessing without permission and improperly monitoring the electronic communications being stored on the plaintiff's Facebook account."
The NJ Wiretap Act provides that: "A person is guilty of a crime of the fourth degree if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or electronic communication while that communication is in electronic storage." "Electronic storage," as used in the NJ Wiretap Act, is defined as: "(1) Any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (2) Any storage of such communication by an electronic communication service for purpose of backup protection of the communication."
Based on the definition of "electronic storage," New Jersey courts have held that the NJ Wiretap Act "protects only those electronic communications, which are in the course of transmission" and does not apply to electronic communications received by the recipient, placed in post-transmission storage, and then accessed by another without authorization because "the strong expectation of privacy with respect to communication in the course of transmission significantly diminishes once transmission is complete."
This is consistent with federal courts' interpretation of similar provisions of the federal Wiretap Act.
The court concluded: "In this case, plaintiff clearly failed to state a claim under the NJ Wiretap Act. She does not allege that her Facebook posting was in the course of transmission when the supervisor viewed it. To the contrary, her complaint clearly states that the posting was live on the Facebook website for all of plaintiff's Facebook friends to "access and view." Because the posting was in post-transmission storage when the supervisor accessed it, "this communication does not fall under the purview of the NJ Wiretap Act."
Invasion of privacy
The plaintiff also claimed that her employer's unauthorized "accessing of her private Facebook postings" amounted to an invasion of her privacy. The court rejected the employer's request to dismiss the claim. The court noted that "to state a claim for intrusion upon one's seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person." The court continued:
Privacy in social networking is an emerging, but underdeveloped, area of law. There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view …. On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications …. Courts, however, have not yet developed a coherent approach to communications falling between these two extremes. Although most courts hold that a communication is not necessarily public just because it is accessible to a number of people, courts differ dramatically in how far they think this theory extends …. Most courts have adopted the concept of "limited privacy," which is "the idea that when an individual reveals private information about herself to one or more persons, she may retain a reasonable expectation that the recipients of the information will not disseminate it further."
In this case, plaintiff argued that she had a reasonable expectation of privacy in her Facebook posting because her comment was disclosed to a limited number of people who she had individually invited to view a restricted access webpage. The employer claimed that plaintiff cannot have a reasonable expectation of privacy because the comment was disclosed to dozens, if not hundreds, of people.
The court concluded: "Plaintiff has stated a plausible claim for invasion of privacy, especially given the open-ended nature of the case law. Plaintiff may have had a reasonable expectation that her Facebook posting would remain private, considering that she actively took steps to protect her Facebook page from public viewing."
What this means for churches
Church leaders should assume that employees' Facebook accounts are private, and that any unauthorized access may constitute an invasion of privacy for which monetary damages may be available. Such inspections or access should never be undertaken without legal advice. Ehling v. Monmouth-Ocean Hosp. Service Corporation, 872 F.Supp.2d 369 (D.N.J. 2012).