Though it's human nature to complain about work, employees who air their complaints on the Web might want to think twice.

A recent California state appellate court ruling confirms the conventional wisdom that once someone posts something personal to the Internet, it's public information. Cynthia Moreno found that out the hard way after publishing an essay about her hometown on her MySpace blog. Six days after detailing the myriad qualities that repulsed her about Coalinga, Calif., Moreno had second thoughts and removed the text from the site. But Roger Campbell, the principal of Coalinga High School, had already copied the essay.

Campbell submitted Moreno's “An Ode to Coalinga” to the local newspaper, the Coalinga Record, which published it in the “Letters to the Editor” section. Though Moreno, a college student, no longer lived in Coalinga, her parents and sister did–and they began to suffer the consequences of the ode's publication. The family received death threats. Someone fired a gun at their home. They were forced to flee the town, closing a 20-year-old, family-owned business.

Moreno filed suit against the school district, the newspaper and the newspaper's publisher, citing invasion of privacy and intentional infliction of emotional distress. The trial court dismissed the suit against the publisher under California's anti-SLAPP law, which protects media from lawsuits that limit their right to publish information of public interest.

On April 2, a California state appellate court affirmed the lower court's decision on the invasion of privacy claims in Moreno v. Hanford Sentinel Inc., holding that once Moreno published her essay online, she waived her right to keep those musings private. However, the three-judge panel reversed the decision on the emotional distress claim, remanding it to the lower court.

Because sites like MySpace and Facebook are social networks principally used to communicate with friends, many people incorrectly assume employers will understand the information is not intended for them. But Moreno shows that once someone places information in the public sphere, anyone has a right to access it.

“[Employers] can feel comfortable that if an employee posts something to Facebook or MySpace, that's considered a public disclosure,” says Jeffrey Neuburger, a partner at Proskauer Rose and the legal correspondent for PBS's digital media publication MediaShift. “They can use that information without worrying about running afoul of the right of privacy or misappropriation.”

Moreno, however, raises important questions about what difference security settings make on social networking sites, as well as exactly how employers can use information they discover.

Password Protection

Moreno identified herself only by her first name on MySpace with the hope of maintaining some anonymity. When the Coalinga Record republished her ode, the editor printed Moreno's full name. But the court decided anyone could readily determine Moreno's true identity based on pictures of herself she posted to the page.

Had Moreno gone a step further and protected her posting with a password, she would have had a stronger argument that she intended the ode to remain private, says Gregory Iskander, of counsel at Littler Mendelson. “Not to mention that if you obtain [unauthorized] access to a password-protected site, there are other issues, such as computer fraud laws,” he says.

The first case testing password-protected postings is, at press time, winding its way through New Jersey's federal court. Two employees of the chain restaurant Houston's complained about work on a password-protected MySpace forum. But a third employee helped their boss access the forum to read the nasty comments. He fired the two disgruntled employees, who then filed suit, citing invasion of privacy, among several other complaints.

As in Moreno, the plaintiffs in Pietrylo v. Hillstone Restaurant Group posted the disparaging comments in a social setting under the assumption that no one else had a right to use those comments in a different context.

“The argument would be that there was a reasonable expectation of privacy … because [the disclosure] was really only intended to be made to a select group of friends or people who were meant to have access to it,” Neuburger says. “And the fact that someone was able to circumvent that and access the information shouldn't convert that private disclosure into a public disclosure.”

Termination Justification

While the exact legal protection provided by a password on MySpace remains to be seen, how an employer can use private facts has a more clear-cut response.

“What you do with that information is still going to be governed by other law,” says Eric Goldman, an associate professor at Santa Clara University School of Law and academic director of the school's High Tech Law Institute. “If you see information that's been posted into the quasi-public/quasi-private sphere and use it to engage in retaliation, it's still retaliation.”

Employers should carefully examine the facts of a particular case before using Web-gleaned information to dismiss an employee, Iskander says.

And, as evidenced by the continued examination of Moreno's emotional distress claim, Iskander says employers need to beware of potential tort violations.

As Goldman says, “I cannot imagine a situation where I would say, 'Hey, look at what my student wrote. I'm going to get a friendly newspaper to publish it.' It's such common sense.”

Though it's human nature to complain about work, employees who air their complaints on the Web might want to think twice.

A recent California state appellate court ruling confirms the conventional wisdom that once someone posts something personal to the Internet, it's public information. Cynthia Moreno found that out the hard way after publishing an essay about her hometown on her MySpace blog. Six days after detailing the myriad qualities that repulsed her about Coalinga, Calif., Moreno had second thoughts and removed the text from the site. But Roger Campbell, the principal of Coalinga High School, had already copied the essay.

Campbell submitted Moreno's “An Ode to Coalinga” to the local newspaper, the Coalinga Record, which published it in the “Letters to the Editor” section. Though Moreno, a college student, no longer lived in Coalinga, her parents and sister did–and they began to suffer the consequences of the ode's publication. The family received death threats. Someone fired a gun at their home. They were forced to flee the town, closing a 20-year-old, family-owned business.

Moreno filed suit against the school district, the newspaper and the newspaper's publisher, citing invasion of privacy and intentional infliction of emotional distress. The trial court dismissed the suit against the publisher under California's anti-SLAPP law, which protects media from lawsuits that limit their right to publish information of public interest.

On April 2, a California state appellate court affirmed the lower court's decision on the invasion of privacy claims in Moreno v. Hanford Sentinel Inc., holding that once Moreno published her essay online, she waived her right to keep those musings private. However, the three-judge panel reversed the decision on the emotional distress claim, remanding it to the lower court.

Because sites like MySpace and Facebook are social networks principally used to communicate with friends, many people incorrectly assume employers will understand the information is not intended for them. But Moreno shows that once someone places information in the public sphere, anyone has a right to access it.

“[Employers] can feel comfortable that if an employee posts something to Facebook or MySpace, that's considered a public disclosure,” says Jeffrey Neuburger, a partner at Proskauer Rose and the legal correspondent for PBS's digital media publication MediaShift. “They can use that information without worrying about running afoul of the right of privacy or misappropriation.”

Moreno, however, raises important questions about what difference security settings make on social networking sites, as well as exactly how employers can use information they discover.

Password Protection

Moreno identified herself only by her first name on MySpace with the hope of maintaining some anonymity. When the Coalinga Record republished her ode, the editor printed Moreno's full name. But the court decided anyone could readily determine Moreno's true identity based on pictures of herself she posted to the page.

Had Moreno gone a step further and protected her posting with a password, she would have had a stronger argument that she intended the ode to remain private, says Gregory Iskander, of counsel at Littler Mendelson. “Not to mention that if you obtain [unauthorized] access to a password-protected site, there are other issues, such as computer fraud laws,” he says.

The first case testing password-protected postings is, at press time, winding its way through New Jersey's federal court. Two employees of the chain restaurant Houston's complained about work on a password-protected MySpace forum. But a third employee helped their boss access the forum to read the nasty comments. He fired the two disgruntled employees, who then filed suit, citing invasion of privacy, among several other complaints.

As in Moreno, the plaintiffs in Pietrylo v. Hillstone Restaurant Group posted the disparaging comments in a social setting under the assumption that no one else had a right to use those comments in a different context.

“The argument would be that there was a reasonable expectation of privacy … because [the disclosure] was really only intended to be made to a select group of friends or people who were meant to have access to it,” Neuburger says. “And the fact that someone was able to circumvent that and access the information shouldn't convert that private disclosure into a public disclosure.”

Termination Justification

While the exact legal protection provided by a password on MySpace remains to be seen, how an employer can use private facts has a more clear-cut response.

“What you do with that information is still going to be governed by other law,” says Eric Goldman, an associate professor at Santa Clara University School of Law and academic director of the school's High Tech Law Institute. “If you see information that's been posted into the quasi-public/quasi-private sphere and use it to engage in retaliation, it's still retaliation.”

Employers should carefully examine the facts of a particular case before using Web-gleaned information to dismiss an employee, Iskander says.

And, as evidenced by the continued examination of Moreno's emotional distress claim, Iskander says employers need to beware of potential tort violations.

As Goldman says, “I cannot imagine a situation where I would say, 'Hey, look at what my student wrote. I'm going to get a friendly newspaper to publish it.' It's such common sense.”