This post was co-authored by Brian Finch and Joseph P. Mastrosimone.
The facts that the recent terror strike in San Bernardino, Calif., occurred at a work-sponsored holiday party and that the victims were murdered or injured by a coworker will undoubtedly give employers and human resources professionals pause. But the problem of workplace violence is not a new one. According to the Federal Occupational Safety and Health Administration, nearly 2 million workers count themselves as victims of workplace violence each year, with 403 Americans murdered at work in 2014 alone.
CIOs and CISOs should also take note, however. Consistent with many terrorism (and criminal) investigations, law enforcement has been working hard to review the "digital footprint" of the alleged shooters. Such forensic work often proves highly useful as part of efforts to determine why the crime occurred, whether other perpetrators were involved and whether any clues were missed that could have prevented the tragedy.
The question then becomes: Should my company be monitoring the online behaviors of our employees? The reality is that the current state of employment and insurance law sends mixed signals--variously encouraging or discouraging such pre-crime investigations.
Generally speaking, employers are forbidden under Title VII of the 1964 Civil Rights Act to take an employee's national origin or religion (among other things) into account when making an employment decision. Not only does that law make it unlawful for employers to refuse to hire or discharge employees based on those characteristics, but it also prohibits an employer from singling out certain classes of employees for heightened scrutiny. Thus, any special review of employees' or applicants' social media postings could only be done across an employer's entire workforce.
While the National Labor Relations Board, as well as city and state legislatures, have taken measures to prohibit adverse employment actions based on an employee's private social media posts, such laws do not address the separate issue of whether employers can review information that can be found through a simple Internet search. Examples include Facebook posts, tweets, readily identifiable website or blog comments and other information that does not require specific or formal permission by the user to be viewed.
Remember, though, that every bit of information an employer finds on an employee increases the risk of a discrimination suit should that employee eventually be disciplined or discharged. Searching an employee's or applicant's public Facebook account for evidence of potential violence or terrorist sympathies, for instance, is far more likely to uncover details about the person's religion, national origin, disability or sexual orientation.
Creating "knowledge" of those protected areas makes it easier for a disciplined or discharged employee to claim that the reason for the adverse action was not because of poor job performance but because of his or her personal background. Thus, the search for social media clues to prevent potential violence creates the real risk of employment discrimination lawsuits and liability.
Even the research for and use of public records creates risk for employers. The U.S. Equal Employment Opportunity Commission has taken the position that using arrest and criminal records has a disparate impact on minorities and advises employers to seek and use that information only if it is job-related and consistent with business necessity. Cities and states have joined in, passing so-called "ban the box" statutes forbidding employers from asking job applicants about their criminal record on employment applications.
These liabilities aside, one must also consider that the law--however unintentionally--may actually incentivize employers to refrain from searching social media for signs of radicalized or violent employees. Theoretically, if an employer might have learned of an employee's propensity for violence via a social media search but negligently failed to do so, it could be liable to workplace victims under a negligent hiring or negligent retention claim. But such claims are often unsuccessful because employees are limited to obtain redress through a workers' compensation program rather than a suit against the employer for failing to "screen" employees.
In this odd way, state laws intended to protect and compensate injured workers may, in fact, increase the likelihood of their being exposed to workplace violence.
On the opposite side of this employment law thicket, there is the possible impact of social media searches on terrorism insurance policies. The popularity of terrorism policies has waxed and waned since September 11, 2001, with the most reliable buyers of such policies being commercial real estate owners in major metropolitan areas. Risk managers and CISOs should consider the possible benefits of social media searches as it relates to terrorism insurance.
Overall, the slapdash approach to workplace safety in the era of increased risk for terrorism presents a confounding problem for employers. Before implementing any sort of social media monitoring program, CIOs and CISOs should work closely with their counsel and risk managers to weigh all the benefits and risks.
More generally, policymakers should consider ways to allow employers to better utilize the monitoring tools at their disposal to watch for possibly radicalized individuals. We can and must do better for American workers and businesses.
Mr. Mastrosimone (@JoeMastrosimone) is an Associate Professor of Law at Washburn University School of Law, where he teaches labor law and employment law. He previously served as the Chief Legal Counsel for the Kansas Human Rights Commission.
Mr. Finch (@BrianEFinch) is the co-chair of the Global Security Services practice at Pillsbury Winthrop Shaw Pittman LLP.