In case you haven’t heard, there’s another legislative trend sweeping the nation involving state-level legislation that aims to protect the social media passwords of employees, job applicants, and students.
Since 2012, at least 28 states either have enacted or are considering laws to restrict the ability of employers or school administration to demand the passwords as a conditional requirement for employment or admission. These laws are part of the evolving framework of privacy protection on the Internet.
Rhode Island became the 17th state to enact this type of legislation when Governor Chafee signed the bill on June 30th this year. The legislation, which was drafted by the American Civil Liberties Union, bars schools and employers from requesting or requiring social media passwords or otherwise accessing private accounts. It prohibits employers from threatening or disciplining applicants or employees who refuse to provide access.
An analysis of the Rhode Island law by Philip Gordon and Joon Hwang, attorneys at Littler Mendelson, emphasizes the tricky landscape multi-state employers face due to the inconsistent details of the password protection laws of different states. As a general rule, the authors advise employers to avoid seeking passwords to social media accounts unless there is a “strong business need” such as conducting a workplace investigation.
With limited exceptions…
According to Littler, the Rhode Island law contains prohibitions similar to those in other states’ laws. However, it only offers limited exceptions that would allow employers to protect legitimate business interests. And, importantly, it gives employees expansive rights to file civil suits for both compensatory and punitive damages. The potential for legal action in this case goes far beyond most states’ laws that greatly limit damages.
“Social media account” is broadly defined to include email, blogs, text messages, website profiles, videos or images, or podcasts. However, employers may require access to these types of accounts that are set up and managed for the benefit of the employer.
The Rhode Island law gives employers the right to require access to passwords when the information in social media accounts is “reasonably believed” to be pertinent to an investigation of employee misconduct or unlawful act. It also acknowledges that other laws, such as those governing securities, may permit employers to gain access to employees’ private accounts.
Public information is still fair game.
Neither the Rhode Island law nor similar laws of other states prohibit employers from accessing public information about applicants and employees that may be found on the Internet. Comprehensive background screening depends on this distinction. But it is worth noting that the line between “public” and “private” online information about individuals is a moving target.
Be careful what you wish for and remember, you can’t unring the proverbial bell.