New Jersey has joined 12 other states in enacting a law that prohibits employers from requiring or requesting access to employees’ and applicants’ personal social media accounts. While New Jersey employers may continue to access and use any information about current employees and job hopefuls in the public domain, New Jersey Assembly Bill No. 2878 (“A2878”) prohibits employers from forcing their workers or job applicants to disclose personal information (such as usernames, passwords or other login information) for accessing accounts or services provided by websites such as Facebook and Twitter. The new law also forbids employers from retaliating against employees who refuse to provide login information to their social media accounts or who assist in the investigation or reporting of alleged violations of A2878. Signed by Governor Chris Christie on August 29, 2013, the new law becomes effective on December 1, 2013.
Employers dodged a bullet in early May 2013 when Governor Christie conditionally vetoed A2878 for being overbroad and potentially promoting frivolous employment litigation. As initially proposed by the state legislature, the privacy bill contained protections broader than any other state’s legislation to date. It would have forbidden employers from asking employees (or prospective employees) whether they even had any personal social media accounts. Governor Christie took issue with this provision, believing that such questions could reflect an employer’s legitimate interest in learning the technological sophistication or media savvy of its current employees or job applicants. He also disagreed with a provision allowing private suits to be filed by aggrieved individuals over alleged violations of the privacy bill. Instead, the Governor suggested that aggrieved individuals should report alleged violations to the state’s Department of Labor and Workforce Development, with employers facing civil penalties in the form of $1,000 fines for first violations and $2,500 for subsequent violations.
After reviewing and accepting the Governor’s suggested revisions, New Jersey Assembly members approved the revised privacy bill in a unanimous 77-0 vote. In August, the state Senate cleared the modified bill by a 36-0 vote.
The revised bill signed into law by the Governor attempts to balance employee privacy concerns against the needs of employers to hire appropriate personnel, manage their operations and protect their business assets and proprietary information. While personal social media accounts are off-limits, employers may continue to implement policies pertaining to the use of company-issued electronic devices or social media accounts used by their employees strictly for business purposes.
In addition, A2878 expressly grants employers the right to investigate compliance with applicable laws, regulations or prohibitions against workplace misconduct on the basis of specific information about activity on an employee’s personal social media account, as well as any specific allegations that an employee is either sharing or transferring a company’s proprietary information or financial data to his or her personal social media accounts.
Any agreements between an employer and employee or job candidate to waive the privacy protections afforded by A2878 are void and unenforceable under the law.
New Jersey employers (and businesses with operations in the Garden State) should ensure that their human resource departments (as well as their managers, supervisors and others involved in the hiring, promotion, discipline and termination process) are mindful of this new development. Many employees and applicants likely will be sensitive to questions about their social media activity. Creating awareness and training managers, supervisors and human resources personnel are critical to keeping up with laws as they respond to new technologies.