Beginning on January 1, 2013, it will be illegal for employers to require job applicants or current employees to provide passwords to Facebook or other online social networking accounts. Last week, Illinois Governor Pat Quinn signed H.B. 3782, to amend Section 10 of the Illinois Right To Privacy In The Workplace Act, commonly known as the “Facebook Bill” (the “Act”).  Prior to this amendment, Section 10 only prohibited employers from inquiring about prospective employees’ previous claims or benefits under the Workers’ Compensation Act or the Workers’ Occupational Diseases Act. Illinois H.B. 3782 adds to this Act by making it unlawful for an employer to request passwords, or related information, from any employee or prospective employee in order to gain access to that employee’s or prospective employee’s account or profile on a social networking website.    

Under Section 15 of the Act, an employee or job applicant may file a complaint with the Illinois Department of Labor (IDOL) claiming that an employer or prospective employer violated the amended Act. The IDOL will then investigate and attempt to resolve the complaint. If the IDOL discovers that the employer violated the Act, then the IDOL may commence an action in the circuit court. Additionally, the employee or job applicant may bring a private cause of action in the circuit court after the IDOL’s investigation. 

While the Act does provide additional protections to both current and prospective employees, the Act clearly specifies that employers retain the right to:

  1. Create and maintain workplace policies for the use of the employer’s electronic equipment;
  2. Monitor the use of the employer’s equipment and the employer’s electronic mail; and
  3. Search the public domain for information about current or prospective employees. Therefore, employers may still forbid employees from using company equipment to access social networking sites such as Facebook. Additionally, employers may view information not protected by a privacy setting. For example, if a prospective employee has no security setting on Facebook, a prospective employer may search for and view the publicly available information. 

Illinois is the second state, following Maryland, to implement a “Facebook Bill.”  Currently, there are similar bills pending in California, Connecticut, New York, Washington, Delaware and New Jersey. This patchwork of state laws is problematic as national employers need to ensure that their policies comply with each of the state laws in effect. 

These “Facebook Bills” are a response to the ever increasing practice by employers of requesting access to Facebook accounts during the interview process. The first highly publicized incident occurred in 2010 when, during Robert Collins’ reinstatement interview with Maryland Department of Public Safety and Correctional Services, Mr. Collins was required to provide his Facebook login and password. Despite Mr. Collins’ reservations about providing the password, he did so in an attempt to preserve his job. Mr. Collins had to sit next to the interviewer as she logged onto his account and read Facebook postings from his family and friends. The “request” from prospective employers for Facebook passwords is problematic in that job applicants feel unable to say “no” without worrying about how it might negatively impact their prospective employment. 

Even employers in states that have not yet adopted these “Facebook Bills” should think twice before requesting password information from employees and job applicants. First, the “Facebook Bills” have attracted a lot of media attention; it might be bad publicity for employers to force employees to hand over passwords.  Additionally, sought-after job applicants may choose to not work for employees who demand such information. Even more importantly, employers need to remember that it is illegal to discriminate against an applicant or an employee because of that person’s race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability or genetic information. Therefore, employers who request social networking site passwords run the risk of giving up the defense of ignorance of protected categories that are displayed on the employees’ and job applicants’ Facebook pages. Furthermore, taking action against an employee or job applicant for complaining on their Facebook page about terms or conditions of employment could run afoul of the National Labor Relations Act. Such action can be considered chilling workers’ willingness to exercise Section 7 rights.  Finally, employers who request passwords to their employees’ or prospective employees’ social media sites, but who do not investigate the social media webpages, could face negligence suits if an employer could have discovered evidence of an employee’s potential for dangerous conduct on the social media site.      

Even employers who do not habitually request passwords from their employees and prospective employees need to take note of this Act. The Illinois “Facebook Bill” has no exceptions to its no password rule. Therefore, employers with good intentions of investigating complaints of misconduct or harassment through the use of social media could still be fined under the Act if they request employee social networking passwords.