Judge Rules 'Shoulder Surfing' Might Violate Privacy
Like nearly 1 billion others, registered nurse and paramedic Deborah Ehling has a Facebook account. Unlike some of those other users, Ehling only allowed her friends to read her posts.
She hadn't friended any of her supervisors, but that didn't stop her employer, Monmouth-Ocean Hospital Service Corp., from allegedly accessing Ehling's posts, and then firing her based on one of them that supposedly "showed a disregard for patient safety."
The post that drew her employer's ire concerned the June 2009 shooting at the Holocaust Museum in Washington, D.C. The shooter killed a guard; other guards fired on the shooter, but he survived.
Shortly after the incident, Ehling posted that she "blamed the paramedics" for the shooter's survival. "I want to say 2 things to the DC medics. 1. WHAT WERE YOU THINKING? and 2. This was your opportunity to really make a difference!" she wrote.
One of Ehling's supervisors allegedly "coerced" a friend of Ehling's into signing on to Facebook in the supervisor's presence. The "shoulder-surfing" boss was able then to read Ehling's posts.
In July of 2011, Ehling was fired. She subsequently sued the hospital. Among other claims, she alleged that the hospital violated her privacy by obtaining access to her Facebook posts.
Last week, a federal judge ruled that the hospital might have gone too far. Ehling "has stated a plausible claim for invasion of privacy," U.S. District Court Judge William Martini wrote in a ruling denying the hospital's motion to dismiss the case. "Plaintiff may have had a reasonable expectation that her Facebook posting would remain private, considering that she actively took steps to protect her Facebook page from public viewing."
The ruling doesn't mean that Ehling will prevail, but allows the case to proceed to the next level. Still, whether it was reasonable for her to expect that the post wouldn't reach management is an open issue, points out cyberlaw expert Venkat Balasubramani. "A rant--such as the one at issue in this case--doesn’t seem like something that anyone would post online and necessarily expect to remain available only to a discrete or small group," he writes in a blog post about the case.
This lawsuit isn't the first court case dealing with "shoulder surfing" by employers, but it comes at a time when policymakers are increasingly concerned that companies are violating people's rights by demanding access to their social media accounts.
Earlier this year, Maryland passed legislation banning employers from asking workers or job applicants for their passwords to social media accounts. But that law doesn't appear to cover Ehling's situation, because the hospital didn't directly ask her for her password.