10 Comments on Employees’ private site insults managers — what can HR do?

Pat on Tue, 12th May 2009 9:12 am


I believe the companies policy should prevail, if they have one. If they do not have an established policy I do not see how they can win. In addition it was a “protected” site, with that in mind I really do not see how the company can win unless the empoyee that gave the password did so of her own free will and that can be proved. It is still a slippery slope as free speech in a protected enviroment should be the law of the land.

2kmaro on Tue, 12th May 2009 9:44 am


Expectation of privacy: Old addage – if more than one person knows a secret, it’s not secret any more. Those that set up the site should have known that someone was going to “violate security”. Additionally – if they don’t realize the lack of total security at internet sites, then they were plain dumb in setting it up in the first place.
It would seem that the employee providing the access caved without even testing the waters by refusing to give up the login information and seeing if her claimed fears were realized – easy enough to then give it up and have a firmer legal leg to stand on with regards to having been forced to reveal it under duress. Who’s to say they aren’t a simple brown-noser who went running to the supervisor to better her own position and is now trying to save face and cover her own tracks.
Frankly I put most of this in the category of talking about how crappy things are at the office over BBQ in the back yard on a weekend with neighbors. But these morons chose to put it into a location where public discovery is not only possible, but probable moves it into a different category – and the court has now got to untangle the mess.
Should the supervisor have gone there – well, he got access and human nature being what it is. It is his follow up actions that are in question to me. Since for the time being he could have simply kept a covert eye on things and considered it as a ‘backyard BBQ’ and possibly a healthy place to vent for the employees, taking it public with the company seems a bit out of line at the moment. But the fact that there were also “sexually explicit” comments and mention of illegal activities again puts it on another plane.
Tough call.
But if it’d been me and I’d uncovered it, I’d have probably fired the two also on grounds of total stupidity (putting it on the web), for being plain old mean acting trouble makers and of course, admitting participation in illegal activities.

Keith on Tue, 12th May 2009 2:18 pm


This is a really going to be interesting. A lot of states have laws that prohibit adverse employment actions against employees who are doing legal activities on their off-time. Often the employer has to show how public confidence will be lost (e.g. in the case of police officers) or show a huge detriment on business (e.g. significant sales would be lost) to outweigh the off-duty rights of employees.

Also, since this site was apparently set up by employees for other employees to vent about work-related matters, it could be covered under employee rights as derived through judicial rulings on the National Labor Relations Act.

Janice on Tue, 12th May 2009 3:16 pm


One, I agree with the actions being stupid. But on the hand, there is no such thing as freedom of speech and the more people whine and cry about someone said something to hurt their feelings. We can all just the flush the whole thought of any freedom speech down the toliet.

People just need to get over it and move on.

Carla on Tue, 12th May 2009 3:34 pm


I have seen several articles regarding Facebook and MySpace, and the outcome typically is not in favor of the employee who is posting their opinions. However, in this case unless the company has a policy that clearly states that employees cannot have private sites setup for the purpose of “venting” and then list all of the things they did wrong…the company should not win. The manager should have never cohersed the employee, that is abuse of power, and that is an unethical. Then the fact that he went on the site as “someone” else could be a crime based on the internet laws, if there are any for his state. If the site was set to private…it was private for those invited, not to be intruded. The company should have a progressive discipline policy that the manager possibly could have used, but even that is shaded gray…because again the site was set to private, not public. Over all this company should seriously consider settling out of court and possibly firing the idiot manager who even put them in this situation.

Teri on Tue, 12th May 2009 4:52 pm


Give me a break guys, this was a private site that was password protected; the act by the manager should violate privacy or some other law,(not a laywer). This is the opposite of the case against Micrsoft that said ” Welcome” and the violator won the lawsuit for illegal access,because they were Welcome to the site, this manager was not welcome, not allowed, TOTAL VIOLATION!!! What are passwords for if they can be violated to suit whatever the purpose. I know if some one accessed a protected account of mine I would want them procecuted, tell me you wouldn’t. It does not matter if this was a stupid idea, it was just plain wrong to gain access that was not allowed and then fire those employees.

Gary Lindberg on Tue, 12th May 2009 5:05 pm


This is an interesting new issue and one that is difficult to decide. We know that publicly damaging a company’s reputation is legitimate grounds for disciplinary action up to and including termination. However, this was a private forum with the reasonable expectation that the online emails would not become public. As long as the emails remained “private,” they would remain “protected” under the Constitutional right of free speech.

In this case, an employee voluntarily told her manager who naturally wanted to see what was being said. The employee readily gave her manager her log-in information. That act made it public information which means the emails lost their protection–especially since some emails offered references to violence and illegal drugs, let alone sexually explicit comments. In today’s world in which children and people are being shot dead in schools and offices and employers’ facilities, this becomes a public matter. If appropriate, legal authorities may need to take legal action.

If the employer (i.e. the manager) had threatened the employee with termination or other discipline to coerce the employee to give that information, I believe that the emails would have remained “protected” speech.

The employees who created that forum should have reasonably known that some day their forum would become known by the company and that everything would be uncovered. They were foolish and should have expected the company to take action.

To answer the three questions, my take is as follows:

1. Insulting the company is grounds for termination once it becomes “public.” Can employers create policies to limit what employees say online? I believe the answer is ‘no.” The right to free speech prevails, in accordance with the U. S. Constitution which overrides all states’ laws.

2. Yes the employees had an expectation of privacy–until one of their own violated the privacy by providing her log-in information to her manager. As I said, the participants should have expected this to happen sooner or later.

3. It was NOT illegal to get the password from his employee. However, if he had coerced her to provide it by threatening some action like discipline or termination, that would have made it a legitimate cause for lawsuits and the resultant penalties.

This is what I think about the situation.

JParr on Tue, 12th May 2009 5:26 pm


Three questions come to mind:

1. Did they use company-owned assets or facilities (computers or bandwidth) to create the group? If so, did they violate the company’s acceptable use policy?

2. Did they present themselves online as representing the company? If so, did they violate HR code of conduct / code of ethics policy in doing so?

3. Did they recruit membership to this website on work premises (or using company-owned assets or facilities)? If so, did they violate HR code of conduct / code of ethics policy in doing so?

This is a great reminder of why every company needs to have basic policies in place, and have every employee read and sign a copy of those policies.

If any of these is true, the employees could be legitimately dismissed with cause for breaking policy.

In either case, the supervisor should be dismissed for breaking policy as well. Sharing credentials and accessing computer resources without permission (ownership of “the group” is assumed to be based on who created it) are both grounds for termination, in my opinion, and should be clearly prohibited in an Acceptable Use or Information Security policy.

In both cases (the group creators, the supervisor), having signed copies of policies in their respective employee files makes the case open and shut: Here’s the policy, here is your signature indicating you’ve read and accepted this policy, here is YOU breaking this policy….. Your services are no longer required.

A simple 1-2 page document spelling out “Do’s” and “Don’ts”, signed by each employee can keep situations like this out of court, and prevent the loss of time, resources, and money trying to litigate the outcome.

Teri on Wed, 13th May 2009 10:57 am


When I wrote the comment yesteday, I realized the argrument could be made regarding the employee volunteraily giving her manager the password, the question is were there password policies from the site owner registered users.

If this was not done during company time and with company resources, then their should not be any ground for dismissal. If feelings getting hurt because someone said things that you did not like were reason for termination we would not have many politicians running the country today.

JParr on Wed, 13th May 2009 11:34 am


The other thing that went wrong, from the employees’ standpoint, is that they should have had the sense to remain TRULY anonymous by setting up a 2nd account NOT linked to their real profile.

If no one knew anyone’s identity, then no action can occur.