It’s Time for Oregon Employers to Review their Social Media Policies (Again!)

August 27, 2014

You’re probably sick of hearing that it’s time to review your company’s social media policy (or for your company to adopt one, if it doesn’t have one already).  That’s entirely understandable.  That being said: It’s probably time for your company to review its social media policy (or to adopt one).  There are two reasons for this.  First, on May 30, 2012, the National Labor Relations Board (“NLRB” or “Board”) issued an important guidance memorandum detailing examples of typical provisions contained social media policies that the Board views as unlawful.  Included in its list of examples are many provisions that seem entirely innocuous on their face.  If your company has not reviewed and revised its social media policy since the Board issued this guidance memorandum, it is likely that your policy contains one or more well-intentioned provisions of the type the Board has now deemed “unlawful.”  Second, on January 1 of this year, Oregon’s new social media “password protection” law went into effect.  Therefore, even if you have reviewed and revised your company’s social media policy since the Board issued its guidance memorandum, you will probably want to revise it again to include provisions designed to ensure compliance with the new Oregon law.

Oregon’s New Social Media Law

ORS 659A.330, which went into effect on January 1, makes it unlawful for an Oregon employer to: (a) request that a job applicant or employee disclose his password to a social media account; (b) compel an employee or applicant to add it to a contact list associated with a social media account (e.g., to add the employer as a LinkedIn “connection” or a Facebook “friend”); (c) compel an applicant or employee to access her password-protected social media content in the presence of an employer representative, so that he may view it (a practice commonly known as “shoulder surfing”); or (d) retaliate against an applicant or employee in any way for refusing to “connect,” disclose his password, or allow “shoulder surfing.”

You can find a detailed analysis of the law (including what it means to “compel” an employee to connect, who qualifies as an “employer” for purposes of the law, and how management and supervisory personnel should be trained to comply with the law) at:  However, for present purposes, the bottom line is that, to minimize the chance that your company will violate the new law, and limit its liability for any violations that might occur despite your company’s best compliance efforts, your social media policy should add provisions stating that: (a) with the exception of employer-owned accounts, no employee will be asked to provide a password to an account, compelled to add the employer (or any supervisor) to a contact list, or compelled to access password-protected social media content in the presence of a supervisor or employer representative; (b) an employee is free to reject a social media invitation sent by any coworker or superior, and will suffer no negative job consequences as a result; (c) an employee who feels he has been penalized for rejecting a social media invitation, or opposing any other practice prohibited by ORS 659A.330, should complain to human resources or another designated company representative; and (d) engaging in any prohibited retaliation, or other violation of the policy, will subject the violator to serious discipline.

The Evolving Federal Law: the NLRB’s Ever Expanding Focus on Non-Union Employers

Many non-union employers believe that the National Labor Relations Act (“NLRA” or “Act”) does not apply to them.  This is understandable, given that the Act is largely concerned with collective bargaining.  However, it is also false.  Make no mistake about it: even a nonunion employer can face liability under the NLRA for engaging in an “unfair labor practice.”

The NLRA protects the right of unionized and non-union employees to engage in “concerted activities” to improve their working conditions and terms of employment.  As a result, any employer that is engaged in “interstate commerce” (which includes all but very small businesses) is at risk of being found to have engaged in an unfair labor practice if it takes actions that—whether intentionally or unintentionally—discourage employee from engaging in such concerted activities.

Recently, one of the major focuses of the NLRB, the agency charged with enforcing the NLRA, has been the social media policies of non-union employers.  In numerous decisions and guidance memoranda issued in just the past few years, the Board has found that an employer’s social media policy violates the Act by discouraging employees from engaging in concerted activity through social media.  For example, it has found “unlawful” provisions in social media policies that:

  • Prohibit employees from discussing their compensation or conditions of employment
  • Prohibit “negativity and gossip” or “disparaging or defamatory” comments
  • Require employees to behave “in a positive manner” at all times
  • Prohibit “discourteous or impolite” behavior
  • Instruct employees not to release “confidential,” “non-public,” or “proprietary” information of the company—or the “personal information” of its employees—without specifying that these terms do not include information about wages or working conditions
  • Proscribe “negative conversations” about managers
  • Instruct employees not to “share confidential information” with coworkers, unless necessary for work purposes, without clearly defining “confidential information” to exclude information about wages or working conditions
  • Caution employees to only post information that is “completely accurate and not misleading”
  • Instruct employees not to “reveal non-public company information on any public site,” including information relating to the “financial performance of the company” or the “performance, compensation or status in the company” of another employee
  •  Prohibit employees from discussing company performance, cost increases, or customer wins or losses online
  • Instruct employees to “avoid harming the image and integrity of the company”
  • Caution employees to secure permission before posting content on social media, if they suspect the post might violate company policy
  • Prohibit employees from posting photos, music, videos, and the quotes or personal information of others without obtaining the owner’s permission
  • Prohibit employees from using the employer’s logos and other trademarks in posts
  • Prohibit discussion of “any legal matters” or disputes involving the company
  • Direct employees to adopt a “professional tone” in social media conversations and to avoid “picking fights” or broaching “objectionable or inflammatory” topics
  •  Encourage employees “to resolve concerns about work by speaking with co-workers, supervisors, or managers” and using other “internal resources” in lieu of “airing their grievances online”
  • Instruct employees to “think carefully” before “friending” coworkers
  • Require employees to report any “unusual or inappropriate” social media activity or any “unsolicited or inappropriate electronic communications”
  • Prohibit employees from “expressing their personal opinions” to the public or to friends and acquaintances regarding their “work satisfaction” or their wages, hours, or working conditions
  • Prohibit any employee communications with the media
  • Require that employees obtain prior authorization before communicating with the media

In the case of each of these provisions, the Board found that a typical employee would reasonably interpret it as prohibiting him from discussing one or more of the conditions of his employment with his coworkers.  Consequently, the Board concluded that each provision had the effect of discouraging employees from engaging in protected “concerted activity,” thereby violating the Act.

Plainly, this is a very long list of disapproved language.  Moreover, many of the provisions the Board has declared “unlawful” appear quite innocuous on their face.  Indeed, many are of the type that conscientious and well-meaning employers—genuinely concerned with their employees’ working environments—routinely included in social media policies before the Board began its crusade against “unlawful” social media provisions.

Consequently, employers should now review even very well-thought-out and carefully drafted social media policies, if they were drafted before 2013.  Fortunately, the Board has at least provided some guidance on what type of provisions it views as permissible.  For example, it has opined that the NLRA is not violated by provisions in social media polices that:

  • Direct employees to use their “best judgment” and “exercise personal responsibility” in their online interactions
  • Caution employees that “harassment, bullying, discrimination, or retaliation that would not be permissible in the workplace is not permissible between co-workers online, even if it is done after hours, from home and on home computers”
  • Prohibit “inappropriate postings that may include discriminatory remarks, harassment, and threats of violence or similar inappropriate or unlawful conduct”
  • Advise employees to avoid posts that “could be viewed as malicious, obscene, threatening, or intimidating”
  • Prohibit online “harassment and bullying,” defined to include “offensive posts meant to intentionally harm someone’s reputation” and “posts that could contribute to a hostile work environment on the basis of race, sex, disability, religion, or any other status protected by law or company policy”
  • Require employees to obtain “prior written authorization” before posting anything online that “could reasonably be attributed to the Employer”
  • Prohibit making any statement or giving any opinion “on behalf of” the employer
  • Require that an employee’s public posts referencing the employer contain disclaimer language clarifying that the employee’s views are the employee’s own and do not represent the views of the company
  • Require employees to maintain the confidentiality of the employer’s trade secrets and “confidential information,” while providing sufficient, specific examples of “confidential information” to clarify that it does not include information about wages or working conditions

This guidance from the Board illustrates the importance of defining terms like “confidential information” and “proprietary information” in social media policies, to clarify that the terms do not include information about wages or working conditions.  More generally, the Board’s guidance emphasizes the importance of including multiple, specific examples in a social media policy of the types of behaviors the policy is designed to discourage (e.g., harassment and bullying), to better alert employees that discussions about working conditions are not among the behaviors that the policy prohibits.  Indeed, as a guidance memorandum that the Board released on May 30, 2012 states:

[R]ules that are ambiguous as to their application to [protected] activity and that contain no limiting language or context to clarify that the rules do not restrict [protected] rights are unlawful.  In contrast, rules that clarify and restrict their scope by including examples of clearly illegal or unprotected conduct, such that they could not reasonably be construed to cover protected activity, are not unlawful.

Employers with social media policies drafted more than a year or two ago should review them with these principles in mind.


Dan Webb Howard is an employment attorney and appellate practitioner with the law firm of Gleaves Swearingen LLP in Eugene, Oregon. If you have any questions relating to this article, you can reach him at

DISCLAIMER: The information in this article is offered for general information and educational purposes only.  It does not constitute legal advice and does not create an attorney-client relationship.  You should not act on the information in this article before seeking the advice of an attorney.