The New Jersey General Assembly voted today on a new version of an employee social media privacy bill which incorporates revisions suggested by Governor Chris Christie when he conditionally vetoed the bill on May 6, 2013. The Assembly passed the revised version with an overwhelming vote of 74-0. The bill is expected to receive similar support in the Senate, where the earlier version passed 28-0, and from Governor Christie.
Like its predecessor, the revised bill prohibits employers from requiring employees and candidates to disclose user names, passwords, or other login information for accessing their social media accounts like Facebook or Twitter. The revised bill, however, attempts to balance employee privacy concerns against the needs of employers to hire appropriate personnel, manage their operations, and protect their proprietary information. Governor Christie signed a similar law in December 2012, prohibiting colleges and universities from requiring applicants and students to disclose their social media accounts and passwords.
The Requirements of the Bill
Under the proposed law, employers are prohibited from requiring or requesting employees or job candidates to disclose login information for their personal social media accounts. Any agreement between an employer and an employee or candidate to waive the privacy protections of the bill would be void and unenforceable.
The revised bill also prohibits employers from retaliating or discriminating against any employee or candidate who:
- Refuses to provide login information for his or her social media accounts;
- Reports an alleged violation of the law to the Commissioner of Labor and Workforce Development;
- Testifies, assists, or participates in an investigation concerning a violation of the law; or
- Otherwise opposes a violation of the law.
The revised bill eliminates a controversial provision that would have prohibited employers even from asking an employee or candidate if he or she has any social media accounts. In his conditional veto statement, Governor Christie recommended that this provision be removed because it "paint[ed] with too broad a brush." For example, the Governor worried that, as written, the bill would have prohibited an employer interviewing a candidate for a marketing job from inquiring as to the candidate's use of social networking so as to gauge his or her technology skills and media savvy.
Perhaps the most significant revision in the new bill is the elimination of a provision that would have allowed employees or candidates to bring civil suits seeking money damages, injunctive relief and attorneys' fees against employers for alleged violations. This provision raised the specter of frivolous lawsuits by employees or candidates that would nevertheless prove costly for employers to defend against.
The revised bill limits enforcement to a civil penalty of up to $1,000 for the first violation and up to $2,500 for each subsequent violation.
In addition to scaling back some of the prior bill's more onerous aspects, the revised bill contains provisions that affirmatively protect employers' ability to continue to use social media and comply with other laws and regulations:
- The previous version of the bill prohibited employers from requiring access to employee or candidate "personal account[s]" but did not define the term. That was problematic because many employers have company social media accounts that are managed or curated by particular employees. Without statutory guidance, the ambiguity between what is a "business account" and what is a "personal account" created the potential for employers to be held liable for requesting login information to accounts that they viewed as their own. The revised bill addresses this problem by defining a "personal account" as one that is used by an employee or candidate exclusively for personal communications unrelated to any business purposes of the employer. An account is not personal, and therefore not subject to the privacy protections of the bill, if it is used by an employee for the business purposes of his or her employer.
- Employers may continue to implement policies pertaining to the use of company-issued electronic devices or social media accounts used by employees for business purposes.
- Employers may continue to conduct investigations to ensure compliance with applicable laws or regulations, or prohibitions against workplace misconduct on the basis of specific information about activity on a personal account by an employee.
- Employers may continue to investigate specific allegations that an employee is transferring proprietary information or financial data to a personal account.
- Employers may continue to view and act on information pertaining to an employee that is available in the public domain.