On May 19, Connecticut Governor Dannel P. Malloy signed into law S.B. 426, which prohibits companies from requiring access to their employees’ and job applicants’ personal online accounts. Employers may not demand log-in credentials or passwords for such accounts, require employees or candidates to authenticate or access such accounts in front of an employer, or obligate employees or candidates to invite or accept an invitation from an employer to join a group related to such accounts. The new law follows a trend of similar legislation as, according to the Bloomberg BNA Privacy & Data Security Law Resource Center, Connecticut is the 21st state to enact laws that restrict employer access to employees’ and job candidates’ personal online accounts.

Connecticut’s new law applies to online accounts that an employee or candidate uses for personal purposes only and does not apply to any accounts used for the employer’s business purposes, accounts paid for by the employer, or accounts to which the employee or candidate sends any proprietary materials of the employer. Although the statute does not limit the types of possible relevant online accounts, it offers email, social media, and retail website accounts as examples of online accounts covered by the act. Employers that violate the statute face civil penalties of up to $500 for the first violation and $1,000 for subsequent violations. Employees who are discharged following violation of the act may demand reinstatement. For more information, see the full statute.

Although access to employees’ and applicants’ personal online accounts, like social media accounts, may aid companies (for instance, in hiring and firing decisions), companies should carefully evaluate the applicable legal landscape before requiring that employees or candidates grant employers access.