On August 29, 2013, Governor Christie signed into law a revised version of an employee social media privacy bill which incorporates employer-friendly changes the governor suggested when he conditionally vetoed the bill on May 6, 2013. The revised bill overwhelmingly passed in the state legislature, with a 74-0 vote in the New Jersey General Assembly and a 36-0 vote in the State Senate. The new law goes into effect on December 1, 2013.
As we previously reported in our Management Alert of May 20, 2013, the law prohibits New Jersey employers from requiring employees and job candidates to disclose user names, passwords, or other login information for accessing their social media accounts like Facebook or Twitter. At the same time, the law attempts to balance employee privacy concerns against the needs of employers to hire appropriate personnel, manage their operations, and protect their proprietary information. Governor Christie signed a similar law in December 2012, prohibiting colleges and universities from requiring applicants and students to disclose their social media accounts and passwords.
The Requirements of the Law
Employers will be prohibited from requiring or requesting employees or job candidates to disclose login information for their personal social media accounts. Any agreement between an employer and an employee or candidate to waive the privacy protections of the bill would be void and unenforceable.
The law also prohibits employers from retaliating or discriminating against any employee or candidate who:
- Refuses to provide login information for his or her social media accounts;
- Reports an alleged violation of the law to the Commissioner of Labor and Workforce Development;
- Testifies, assists, or participates in an investigation concerning a violation of the law; or
- Otherwise opposes a violation of the law.
Omitted from the law is a controversial provision that had been included in a prior version of the bill, but that was vetoed by Governor Christie, that would have prohibited employers even from asking an employee or candidate if he or she has any social media accounts. In his conditional veto statement of May 6, 2013, Governor Christie recommended that this provision be removed because it "paint[ed] with too broad a brush." For example, the Governor worried that, as written, the bill would have prohibited an employer interviewing a candidate for a marketing job from inquiring as to the candidate's use of social networking so as to gauge his or her technology skills and media savvy.
Perhaps the most significant revision in the final bill is the elimination of a provision that would have allowed employees or candidates to bring civil suits seeking money damages, injunctive relief and attorneys' fees against employers for alleged violations. This provision raised the specter of frivolous lawsuits by employees or candidates that would nevertheless prove costly for employers to defend against.
The new law limits enforcement to a civil penalty of up to $1,000 for the first violation and up to $2,500 for each subsequent violation.
In addition to scaling back some of the prior bill's more onerous aspects, the new law contains provisions that affirmatively protect employers' ability to continue to use social media and comply with other laws and regulations:
- The previous version of the bill prohibited employers from requiring access to employee or candidate "personal account[s]" but did not define the term. That was problematic because many employers have company social media accounts that are managed or curated by particular employees. Without statutory guidance, the ambiguity between what is a "business account" and what is a "personal account" created the potential for employers to be held liable for requesting login information to accounts that they viewed as their own. The new law addresses this problem by defining a "personal account" as one that is used by an employee or candidate exclusively for personal communications unrelated to any business purposes of the employer. An account is not personal, and therefore not subject to the privacy protections of the law, if it is used by an employee for the business purposes of his or her employer.
- Employers may continue to implement policies pertaining to the use of company-issued electronic devices or social media accounts used by employees for business purposes.
- Employers may continue to conduct investigations to ensure compliance with applicable laws or regulations, or prohibitions against workplace misconduct on the basis of specific information about activity on a personal account by an employee.
- Employers may continue to investigate specific allegations that an employee is transferring proprietary information or financial data to a personal account.
- Employers may continue to view and act on information pertaining to an employee that is available in the public domain.