This image was lost some time after publication.

Yesterday and over the weekend, we revealed that Facebook employees check out user profiles and activity for lunch-time giggles and to help them get laid. We also reported on a tipster who told us about a Facebook employee who allegedly looked up a user's password, logged into her account, and changed her profile picture to a graphic image. What does it add up to for Facebook and its privacy-violating employees? Potentially, a barrelful of legal trouble.

This is according to a lawyer we called, Pryor Cashman managing partner and labor issues specialist Ronald Shechtman. His job is to help companies cover their ass when employees like those we're hearing about at Facebook screw up and break the rules.

Here's who Shechtman thinks could face litigation and why.

Facebook employees who cruise user-profiles for laughs and covert dating intelligence.

There's an expectation someone would be entitled to having their name and image information handled with due care. This would not be due care.

  • A Facebook programmer who facilitates changing a user's profile picture to an obscene image.
  • The issues of defamation and libel would apply. There's no question here. This would be malice and intentional wrongdoing.

  • Facebook, the company.
  • The company's defense would be that what the employee did was unauthorized that the company wouldn't have accepted it. But then the company has to prove it had systems in place to make sure this couldn't happen. The company's got a burden of proof to get over.

Schechtman also told us that agreements like Facebook's terms of service — what he calls "contracts of adhesion" — don't always stand up in court. So the burden of proof would remain on Facebook if these accusations were to prove true.

And so far, Facebook hasn't denied that improper access took place. It hasn't explained how it makes sure employees do not have access to information they do not need to perform their jobs, and how it makes sure those employees don't abuse their access. It only says that access is "restricted." We've asked. We're still listening, of course. Anybody want to help us out?