Wisconsin has joined the ever-increasing number of states legislating against employers’ access to employees’ and applicants’ social media sites.  On Tuesday, April 8, Wisconsin Governor Scott Walker signed the Wisconsin Social Media Protection Act, 2013 Wisconsin Act 208 (the “Act”), into law, which prohibits both public and private employers, regardless of size, from requesting or requiring employees or applicants to provide their information to their personal internet accounts.  The Act applies similarly to landlords with respect to tenants and prospective tenants and to educational institutions with regard to students and prospective students. 

Employers will want to ensure that their policies and procedures do not run afoul of this new law, which authorizes a $1,000 penalty for violating its prohibitions in addition to other remedies.  The Act became effective on April 10, 2014 and can be accessed here

What Employers Cannot Do Under the Act 

The Act prohibits employers from requesting or requiring that an employee or applicant disclose access information for the employee’s or applicant’s personal internet account or otherwise grant access to or allow observation of that account (i.e., “shoulder-surfing”).  Employers are also prohibited from discharging or otherwise discriminating against an employee who refuses to disclose access information for, grant access to or allow observation of the employee’s personal internet account or who opposes such prohibited practices.  With regard to applicants, an employer may not refuse to hire an applicant simply for exercising his or her rights under the Act. 

Additionally, employers are prohibited from discharging or otherwise discriminating against an employee for filing a complaint or testifying or assisting in an action or proceeding to enforce the rights granted under the Act.  Further, the Act limits how collective bargaining agreements can address employer access to employees’ personal internet sites. 

“Employer” is defined broadly under the Act, including any activity, enterprise or business employing at least one individual.  It also expressly includes the state, its political subdivisions and any office, department, independent agency, authority, institution, association, society or other body in state or local government, including the legislature and the courts.  “Access information” is defined as a username, password and any other security information that protects access to a personal internet account (i.e., answers to security questions).  “Personal internet account” means any internet-based account that is created and used by an individual exclusively for purposes of personal communications.  This likely includes all social media networking sites, such as Twitter, Facebook and LinkedIn, but could also potentially include other types of internet-based services such as an email account.

The Act will be enforced by the Wisconsin Department of Workforce Development’s Equal Rights Division, which will process complaints in the same manner as employment discrimination complaints under the Wisconsin Fair Employment Act.  Employers violating the Act face a maximum $1,000 fine in addition to the other remedies authorized by the Wisconsin Fair Employment Act with regard to employment discrimination.

What Employers Can Do Under the Act

While the prohibitions contained in the Act are fairly broad, there are some exceptions.  For example, in addition to other exceptions listed in the Act, employers are permitted to continue to do the following:

  • Request or require employees to disclose access information in order for the employer to gain access to or operate an electronic communications device supplied or paid for by the employer or in order for the employer to gain access to an account or service provided by the employer, obtained by virtue of the employee’s employment relationship or used for the employer’s business purposes.
  • Discharge or discipline employees for transferring proprietary or confidential information to the employee’s personal internet account without the employer’s authorization.
  • Require an employee to grant access to or allow observation of the employee’s personal internet account to conduct an investigation of any alleged unauthorized transfer as described above if the employer has reasonable cause to believe that such a transfer has occurred, or to conduct an investigation of any other alleged employment-related misconduct, violation of the law or violation of the employer’s work rules as specified in an employee handbook if the employer has reasonable cause to believe that activity on the employee’s personal internet account related to that misconduct or violation. However, in conducting such investigations, the employer may not require the employee to disclose access information for the account.
  • Restrict or prohibit access to certain sites while on an electronic communications device supplied or paid for by the employer or while using the employer’s network or resources.
  • View, access or use information about an employee or applicant that can be obtained without access information or that is available in the public domain.
  • Request or require an employee to disclose his or her personal electronic mail address.

Finally, an employer that inadvertently obtains access information through the use of an electronic device or program that monitors the employer’s network or through an electronic communications device supplied or paid for by the employer is not liable under the Act so long as the employer does not use that access information to access the employee’s personal internet account.

Practical Takeaways 

Employers will want to review internal policies and procedures to ensure compliance with this new law as soon as possible to avoid violations.  Additionally, employers may want to consider conducting training for those involved in the hiring process or in the process of overseeing and disciplining employees to ensure that they understand the Act’s requirements.