PRIVACY + SECURITY BLOG

News, Developments, and Insights

Anonymous Bloggers

An interesting recently-filed lawsuit raises the issue of whether a company can file a lawsuit just to find out the identity of an anonymous blogger in order to fire him.

The case involves an employee of Allegheny Energy Service who posted an anonymous comment to a Yahoo! message board devoted to his company. He made the posting from his home computer. In the post, he attacked the company’s management as well as the company’s diversity program, using a racial slur in the process.

The company filed a “John Doe” lawsuit against the anonymous blogger for a tort claim of “breach of fiduciary duty and breach of duty of loyalty.” The employee was completely unaware that a lawsuit had been filed against him.

Three months after filing the lawsuit, the company filed an emergency motion to prevent “John Doe” from posting more messages. It claimed that Doe’s posting violated the company’s anti-harassment policy. The company obtained a subpoena and served it on Yahoo. Yahoo sent an email to the employee that Yahoo would respond within 15 days unless the employee filed a motion to quash. The employee claimed he never received the email. Yahoo subsequently turned over the employee’s identity to Allegheny Energy. Afterwards, Allegheny Energy filed papers to discountinue its civil action against the employee. The employee was then fired for making the racial slur.

The employee has now sued, claiming: (1) abuse of process; (2) wrongful use of civil proceedings; (3) intrusion upon seclusion; (4) public disclosure of private facts; and (5) wrongful discharge.

Had the subpoena been challenged, many courts would have been reluctant to enforce the subpoena for the employee’s identity. The First Amendment protects the anonymity of speakers. As a result, to obtain an anonymous speaker’s identity, the company would have to establish that it had a bona fide case that could withstand a motion to dismiss — and even, as one court held in a recent case, a motion for summary judgment. I don’t know much about the merits of the cause of action that the company brought its case under, but I’m dubious about it given that the case was devised solely to unmask the employee’s identity.

The filing of the lawsuit with the primary motive of obtaining the employee’s identity strikes me as an improper use of the legal process. This cause of action is outside my expertise, so I really can’t assess how strong a case the employee has.

The employee may have a strong claim for intrusion upon seclusion. The company deliberately sought to ferret out information about the employee that was private. The key issue will be whether the method of filing a lawsuit to obtain the information is highly offensive to a reasonable person, which it must be in order for the employee to prevail on this claim.

The claim for public disclosure, however, is weaker, in that the disclosure of the employee’s identity was only done to other company employees. The tort requires widespread disclosure, and this disclosure may not be widespread enough. There are, however, a minority of jurisdictions that will allow for a case where the disclosure is to a more limited audience.

I also wonder about the employment law issues. I’m not an expert here, but can a person create a hostile work environment by posting something on the Internet while at home and not at work? Was the termination of the employee against public policy? If it was based on the wrongful obtaining of his identity, then it very well might be.

The case also raises larger policy issues about employee speech and privacy outside of the workplace. The comment made by the blogger was quite offensive. He wrote: “[W]e were force fed ‘love thy n*****’ with [Allegheny Energy’s] DIVERSITY program.” Should a company have any business in finding out which employee made this comment and disciplining him even though he made the comment at his home?

Related Posts:

1. Solove, A Victory for Anonymous Blogging

Originally posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01