As use of social media sites continues to rise, employer attempts to access social media content and passwords from employees and applicants have come under mounting criticism. By appearing to threaten private communications, this employer practice has triggered a strong legislative reaction at the state and federal levels.
On August 1, 2012, Illinois became the second state, after Maryland, to prohibit employers from seeking access to employees’ and job applicants’ social media content and passwords. The new law (HB 3782) becomes effective January 1, 2013. Similar legislation is under consideration in other states, including Michigan, Minnesota, Missouri, and Ohio.
The new Illinois law amends the state’s Right to Privacy in the Workplace Act to make it illegal for an employer to ask potential and current employees for their social media passwords or otherwise demand access to their accounts.
The law states, in part:
It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.
While the law still allows employers to maintain lawful workplace policies related to the use of the employer’s electronic equipment, including policies regarding Internet usage, social networking site usage, and electronic mail usage, its potential reach may have unintended consequences. For example, the new law provides no exceptions for legitimate workplace investigations. As written, it appears that accessing an employee’s restricted social media account in order to conduct an investigation related to allegations of harassment or threats of workplace violence, for instance, may be off limits. Moreover, it may violate the law even to ask the employee if he or she is willing to provide voluntarily such information about a social media account.
The issues surrounding privacy and social media also are being addressed through legislative efforts at the national level. U.S. Representative Eliot Engel (DN. Y.) and U.S. Senator Jan Schakowsky (D-Ill.) have sponsored the Social Networking Online Protection Act. The Act would prohibit current or potential employers from requiring the username or password to an employee’s or job applicant’s private online accounts. The bill forbids employers from seeking such access in order to discipline, discriminate against, or deny employment to any individual. A violation would subject an employer to a civil penalty of up to $10,000.
Potential Implications for Employers
Even though the new Illinois legislation does not prohibit an employer from viewing information that is not restricted by privacy settings, it highlights the increasing regulation of this important medium. For example, the Equal Employment Opportunity Commission has issued regulations under the Genetic Information Nondiscrimination Act concerning the acquisition of genetic information in social media. (For more information, see our article, “Meet GINA: The First Statute to Ban Employer Internet Searches?” at http://www.disabilityleavelaw.com/2010/11/articles/ disability/meet-gina-the-first-statute-to-banemployer- internet-searches/ ) Employers wishing to utilize social media must tread carefully and monitor developments as U.S. Senators have called upon the Department of Justice and the EEOC to investigate whether certain emerging employer practices may violate existing privacy and employment laws. (For more information, see “Blumenthal, Schumer: Employer Demands for Facebook and Email Passwords as Precondition for Job Interviews May Be a Violation of Federal Law; Senators Ask Feds to Investigate http://www.blumenthal.senate.gov/newsroom/press/release/blumenthal-schumer-employer-demands-forfacebook-and-email-passwords-as-precondition-forjob-interviews-may-be-a-violation-of-federal-lawsenators-ask-feds-to-investigate)
Certainly, when accessing a potential candidate’s social media account, an employer generally has no means by which to filter the information it will obtain, and using a third-party recruiter is not an easy fix. (For more information, see our article, “Recruiter Misuse of Social Media Can Increase Risk of Liability” at http://www.workplaceprivacyreport.com/2012/07/articles/social-networking-1/recruitermisuse-of-social-media-can-increase-risk-of-liability/.) Thus, an employer likely will collect information that is not “job-related” and that could put it in legal jeopardy. Social media sites may reveal an individual’s age, race, national origin, disabilities, genetic information, sexual orientation, religion, and other protected characteristics and information. Thus, employers viewing an employee’s or applicant’s personal information on social media sites may trigger protections under anti-discrimination laws. Once this information becomes known to an employer, it is difficult to prove the employer did not rely upon it when making employment decisions. Scouring social media outlets for applicant and employee information present significant traps for the unwary.
Furthermore, employer responses to employee activity in social media and employer social media policies are receiving intense scrutiny from the National Labor Relations Board. In recent months, the NLRB has received charges of unfair labor practices against both union and non-union employers related to social media policies. A demand for access to an employee’s social media sites also may be seen to interfere with employee rights protected by the National Labor Relations Act.