Well, no one who has been reading this blog should be surprised by the news tonight out of the General Assembly.
Indeed, I’ve written about proposed bills that limit employer access to employee’s personal online account for years now with a lot back in 2013. (See prior posts here, here, here, and here.)
And now, finally, we have it. The General Assembly has passed Senate Bill 426 entitled “An Act Concerning Employee Online Privacy”. And barring a veto from the Governor, this new law will become effective October 1, 2015.
There are several components to the measure but the important thing to note at the outset is that it applies to nearly all employers (with some limited exceptions in the law enforcement area).
The Office of Legislative Research does a good job recapping it so for this post, I’m simply going to provide the salient points from the report and provide a link to the recap.
What Does The Bill Do Generally?
This bill prohibits employers from requesting or requiring an employee or job applicant to (1) provide the employer with a user name, password, or other way to access the employee’s or applicant’s personal online account (see below); (2) authenticate or access such an account in front of the employer; or (3) invite, or accept an invitation from, the employer to join a group affiliated with such an account.
What Are Employers Prohibited from Doing?
1. firing, disciplining, or otherwise retaliating against an employee who (a) refuses to provide this access or (b) files a complaint with a public or private body or court about the employer’s request for access or retaliation for refusing such access and
2. refusing to hire an applicant because the applicant would not provide access to his or her personal online account.
What Is Meant By A “Personal Online Account”?
[It’s an] online account the employee or applicant uses exclusively for personal purposes unrelated to any of the employer’s business purposes, including e-mail, social media, and retail-based Internet web sites.
What is Excluded?
It does not include any account created, maintained, used, or accessed by an employee or applicant for the employer’s business purposes.
Are There Any Other Exceptions?
The bill makes exceptions for accounts and devices the employer provides and for certain types of investigations.
What Types of Investigations Are We Talking About?
Employers can conduct an investigation:
1. based on receiving specific information about activity on an employee’s or applicant’s personal online account to ensure compliance with (a) applicable state or federal laws, (b) regulatory requirements, or (c) prohibitions against work-related employee misconduct or
2. based on receiving specific information about an employee’s or applicant’s unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to or from a personal online account operated by an employee, applicant, or other source.
An employer conducting these investigations can require an employee to provide access to a personal online account, but cannot require disclosure of the user name, password, or other means of accessing the personal online account. For example, an employee or applicant under investigation could be required to privately access a personal online account, but then provide the employer with access to the account content.
The bill permits an employer to discharge, discipline, or otherwise penalize an employee or applicant who transferred, without the employer’s permission, the employer’s proprietary information, confidential information, or financial data to or from the employee or applicant’s personal online account.
Are There Any Penalties for Failing to Comply?
The bill allows employees and applicants to file a complaint with the labor commissioner, who can impose civil penalties of up to $25 for initial violations against job applicants and $500 for initial violations against employees. Penalties for subsequent violations can be up to $500 for violations against applicants and up to $1,000 for violations against employees.
Can An Employer Still Monitor or Block These Accounts at Work?
The bill allows an employer, in compliance with state and federal law, to monitor, review, access, or block electronic data (1) stored on an electronic communications device paid for in whole or in part by the employer or (2) traveling through or stored on an employer’s network.
Do Other Federal Rules (Such as Those Promulgated by the SEC) Still Apply?
The bill specifies that it does not prevent an employer from complying with state or federal laws, regulations, or rules for self-regulatory organizations (e.g., the Securities Exchange Commission’s rules).
For now, employers should become generally aware that this bill is likely to be signed by the governor and start considering what policies and practices you have that may be impacted by this bill. And watch for more on this from your employment counsel and here on this blog as warranted.
But I’ll leave you with this:
The fiscal analysis predicts 10 people a year will file complaints related to this.
We will soon find out.