In late September 2012, California Governor Jerry Brown signed two groundbreaking social media privacy laws collectively known as the Social Media Privacy Act. On that occasion, Governor Brown appropriately took to social media to explain why he signed the bills stating: “Today I am signing Assembly Bill 1844 and Senate Bill 1349, which prohibit universities and employers from demanding your email and social media passwords. California pioneered the social media revolution. These laws protect Californians from unwarranted invasions of their social media accounts.” This comprehensive legislation took effect on January 1, 2013.
AB 1844 confers expanded privacy rights on both employees and job applicants. Under the law, an employer cannot require or request employees or applicants to disclose their usernames or passwords so that the employer can access their personal social media information. Nor can an employer require or ask an employee or applicant to access personal media in the employer’s presence or divulge any personal social media content or information.
In addition, the law defines social media in very broad terms and protects electronic media beyond what would naturally be thought of as social media, such as Facebook and Twitter. The law impressively protects videos, photographs, blogs, video blogs, podcasts, instant messages, text messages, email, online services or accounts, and Internet Website profiles or locations. At its core, the law prohibits employers from discharging, disciplining, threatening to discharge or discipline, or otherwise retaliating against employees or applicants who refuse to comply with a demand to divulge their usernames or passwords.
While the law is generally expansive, it has important limits. The law does not restrict an employer’s existing rights to ask an employee for personal social media that it reasonably believes is relevant to an investigation of alleged employee misconduct or employee violations of applicable laws and regulations. But, of course, when an employee provides social media on that basis, the law provides that it must be used solely for purposes of the investigation or related proceedings. What is more, an employee cannot use the law as the ground for denying her employer access to an employer-issued electronic device. Employers may continue to require or request that employees disclose username and passwords so that they can access their own equipment.
Under SB 1349 public and private postsecondary schools cannot require students, prospective students or student groups to disclose usernames and passwords to access their social media. Nor can they require these individuals and groups to access their social media in the presence of a school employee or agent. Further, the law protects students and prospective students from having to divulge any personal social media information.
California’s comprehensive legislation follows closely on the heels of similar legislation in other states. In May 2012, Maryland’s governor signed SB 433 which prohibits an employer from requesting or requiring that an employee or applicant disclose usernames, passwords or other means of accessing on online account. In August 2012, Illinois enacted a very similar law that prevents employers from asking employees or prospective employees for passwords or other information to access a social networking Website or profile. Both Delaware and New Jersey have enacted statutes that prevent postsecondary institutions from requiring students or prospective students to hand over their social media usernames and passwords. Michigan has joined California in enacting comprehensive legislation that prohibits employers and schools from requiring employees, job applicants, students, and prospective students to grant access to their personal Internet accounts.
Nationally, social media privacy protection is an issue that is becoming increasingly in vogue. At present, several other state legislatures are considering bills that would extend social media privacy protection to employees. Hawaii, New Hampshire, Kansas, Maine, and Minnesota are considering bills that would protect employees and applicants’ usernames and passwords from employer inquiries. Some of these bills also forbid employers from requesting that an applicant access her social media in the employer’s presence.
Who Owns a Social Media Account: Employer or Employee?
PhoneDog, LLC v. Kravitz, a recent case in the U.S. District Court for the Northern District of California brought this important issue to light. Kravitz was a PhoneDog employee and, as part of his employment, was given and maintained the Twitter account “@PhoneDog_Noah.” PhoneDog instructed Kravitz to use this account to disseminate information and promote PhoneDog’s services. During Kravitz’s four years at PhoneDog, the account generated nearly 17,000 followers. After resigning from PhoneDog, Kravitz eventually obtained a position with one of PhoneDog’s competitors, TechnoBuffalo.
PhoneDog alleged that Kravitz never relinquished control of the Twitter account after he resigned. Rather, PhoneDog alleged that Kravitz simply changed the handle to “@noahkravitz” and continued to use it as a free lance contributor and employee of TechnoBuffalo. Asserting that the Twitter account was its property, PhoneDog brought four causes of action against Kravitz, including misappropriation of trade secrets, intentional interference with prospective economic advantage, negligent interference with prospective economic advantage, and conversion.
Fortunately for the parties, this case settled out of court. Unfortunately for employers, it settled before any precedent-setting opinion could be written. But this case does teach an important lesson: an employer should consciously address an employee’s use of social media when using it on the employer’s behalf. A clear social media policy addressing this issue will prevent dual claims to important sources of commercial information when an employee is fired or resigns.