The LA Times is reporting this evening that Governor Brown has signed two bills that prohibit universities and employers from requesting social media accounts.  The Governor quite appropriately made the announcement via his Twitter account (https://twitter.com/JerryBrownGov).  

Gov. Jerry Brown has signed twin bills prohibiting universities and employers from requiring that applicants give up their email or social media account passwords, making the announcement, appropriately, on Twitter, Facebook, Google+, LinkedIn and MySpace.

State officials are concerned that some businesses and university managers have started asking for the passwords, in some cases to check the background of job applicants. In the case of universities, some coaches have asked athletes for access to Facebook accounts to make sure their players are not getting into trouble.

“California pioneered the social media revolution. These laws protect Californians from unwarranted invasions of their social media accounts,” Brown tweeted. He later announced it with a press release.

Sen. Leland Yee (D-San Francisco) authored SB 1349, arguing that having universities request passwords is an “unacceptable invasion of personal privacy’’ because students often post personal information, including their religion and sexual orientation, on social networking sites.

Assemblywoman Nora Campos (D-San Jose) authored AB 1844, which prohibits an employer from requiring or requesting an employee or applicant for a job from disclosing a user name or password for the purpose of accessing personal social media.

Original story available here.

This is comes as no surprise.  Prohibiting access to passwords has been the trend not only in California but in other jurisdictions around the country as well.  For a good summary of this issue and a commentary advocating greater protection, see this article by Anita Ramisatry.

WORD TO THE WISE

If your company is in the habit of requesting this information from employees, consider implementing training and a new policy revision now before the law goes into effect.  It may also be a good time to review your polcies and practices with respect to employee privacy, keeping in mind these two main concerns:

Legally recognized privacy interests are generally of two classes: (1) interests in precluding the dissemination or misuse of sensitive and confidential information (“informational privacy”); and (2) interests in making intimate personal decisions or conducting personal activities without observation, intrusion, or interference (“autonomy privacy”). (Hill v. National Collegiate Athletic Assn. 7 Cal.4th 1, 35 (1994).

Applied to the employee-employer context, those two distinct protections (and corresponding risks) can be understood as follows:

Informational Privacy:  An employer’s failure to safeguard confidential information about an employee through allowing files to be accessed may give rise to a cause of action.

Autonomy Privacy:  An employer’s interference with the private life and activities of an employee through invasive conduct or policies is also actionable.  The new social media legislation falls in this second category.

Check back soon for a new post summarizing the five greatest risks relating to an employer’s invasion of an employee’s right to privacy.