FREE TRIAL UPGRADE!
Thank you for investing in EnvironmentalHazmatHuman ResourcesHuman Resources, Hazmat & Environmental related content. Click 'UPGRADE' to continue.
CANCEL
YOU'RE ALL SET!
Enjoy your limited-time access to the Compliance Network!
A confirmation welcome email has been sent to your email address from ComplianceNetwork@t.jjkellercompliancenetwork.com. Please check your spam/junk folder if you can't find it in your inbox.
YOU'RE ALL SET!
Thank you for your interest in EnvironmentalHazmatHuman ResourcesHuman Resources, Hazmat & Environmental related content.
WHOOPS!
You've reached your limit of free access, if you'd like more info, please contact us at 800-327-6868.
CLOSE
 
 

...

Social media privacy laws by state

RegSenseSocial mediaEmployee RelationsAgency PublicationCompliance DocsPrivacy and Data SecurityPrivacy and Data SecurityHR ManagementFocus AreaHuman Resources

The following states have laws addressing social media privacy in the workplace:

Arkansas Ark. Code Ann. §11-2-124

Arkansas employers may not request, require, suggest, or cause a current or prospective employee to:

  • Disclose his or her username and password to the current or prospective employee’s social media account;
  • Add an employee, supervisor, or administrator to the list or contacts associated with his or her social media account; or
  • Change the privacy settings associated with his or her social medial account.
 

For the purposes of this law, “social media” means “a personal account with an electronic medium or service where users may create, share, or view user-generated content,” including:

  • Videos;
  • Photographs;
  • Blogs;
  • Podcasts;
  • Messages;
  • Emails; or
  • Website profiles or locations.

“Social media” does not include an account:

  • Opened by an employee at the request of the employer;
  • Provided to an employee by an employer such as a company email account or other software program owned or operated exclusively by the employer;
  • Set up by an employee on behalf of an employer; or
  • Set up by an employee to impersonate an employer through the use of the employer’s name, logos, or trademarks.

Employers may still view information about a current or prospective employer that is publicly available on the internet.

California AB 1844 Chapter 618

California employers are prohibited from requiring or requesting that an employee or applicant disclose a social media username or password, access social media for employer review, or otherwise divulge information from social media. However, employers may request that an employee divulge social media that is relevant to an investigation of misconduct or violations of law. Employers can also request or require access to an employer-issued electronic device.

California also has a social media law addressing institutions of higher education.

Chapter 619

Public and private post-secondary educational institutions and their employees and representatives may not request or require that a student, prospective student, or student group do any of the following:

  • Disclose a user name or password for accessing personal social media.
  • Access personal social media in the presence of the institution’s employee or representative.
  • Divulge any personal social media information.

Colorado HB 13-1046

Colorado’s Employee User Name and Password Privacy Protection law prohibits employers from:

  • Suggesting, requesting, or requiring employees or applicants to disclose a username, password, or other means of gaining access to a personal account or service through one’s personal electronic communications device.
  • Compelling an employee or applicant to include the employer in his or her list of contacts associated with a social media account.
  • Compelling an employee or applicant to change his or her social networking account’s privacy settings.

This law does not prevent employers from requiring an employee to disclose any user password or other means for accessing nonpersonal accounts or services that provide access to the employer’s internal computer or information systems.

Investigations into an employee’s unauthorized downloading of proprietary information or financial data are also exempted from the prohibitions in this law.

Connecticut SB 426

Effective October 1, 2015, employers in Connecticut may not:

  • Request or require an employee or applicant to provide a username and/or password to a personal online account;
  • Request or require an employee or applicant to authenticate or access a personal online account in the presence of the employer; or
  • Require an employee or applicant to invite the employer to join a group affiliated with the employee's or applicant's personal online account;

An employer may request or require that an employee or applicant provide a user name and/or password to access:

  • An account of service provided by the employer or used by the employee for company business; and
  • An electronic communications device supplied or paid for, in whole or in part, by the employer.

Delaware HB 109

Employers in Delaware may not request or require that employees or applicants:

  • Disclose a username or password to enable the employer to access personal social media.
  • Access a personal social media account in the presence of the employer.
  • Require personal social media to be used as a condition of employment.

This law does not prevent employers from:

  • Requiring or requesting an employee to disclose a username, password, or other method for the purpose of accessing:
    • An electronic communication device supplied by or paid for in whole or in part by the employer; or
    • An account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes.
     
  • Monitoring, reviewing, accessing, or blocking electronic data stored on an employer’s network or on an electronic communications device supplied by or paid for in whole or in part by the employer.
  • Complying with a duty to screen employees, or applicants before hiring, or to monitor or retain employee communications:
    • That is established under federal or state law or by a self-regulatory organization, as defined in the Securities and Exchange Act of 1934, 15 U.S.C. § 78c(a)(26); or
    • In the course of a law enforcement employment application or law enforcement officer conduct investigation performed by a law enforcement agency.
  • Viewing, accessing, or using information about an employee or applicant that is in the public domain.

Illinois HB 3782 Public Act 97-0875

Effective January 1, 2013, state law prohibits employers from requesting or requiring that an employee or applicant provide a password or grant access to a personal social networking site which is not used for a business purpose. The law prohibits asking for access even in response to an employee complaint about improper conduct by coworkers. Employers may still search information in the public domain, however.

Effective January 1, 2014, if the social media information sought relates to a professional account used for business purposes, the law does not prohibit employers from complying with a duty to screen employees or applicants, or from monitoring or retaining employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization as defined in Section 3(A)(26) of the Securities Exchange Act of 1934.

Louisiana HB 340 The Personal Online Account Privacy Protection Act

Employers may not request or require applicants or employees to disclose information permitting access to personal online accounts.

Employers are not prohibited from:

  • Seeking information to access or operate:
    • An electronic communications device paid for or supplied in whole or in part by the employer; or
    • An account or service provided by the employer, obtained by virtue of the employee’s or applicant’s relationship with the employer, or used for the employer’s business purposes;
  • Disciplining or discharging employees for transferring the employer’s proprietary or confidential information or financial data to a personal online account without the employer’s authorization;
  • Conducting investigations or requiring employees or applicants to cooperate in investigations where:
    • There is specific information about activity on the employee’s personal online account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or
    • The employer has specific information about an unauthorized transfer of its proprietary information, confidential information, or financial data to an employee’s or applicant’s personal online account;
  • Conducting an investigation or requiring employees or applicants to cooperate in an investigation, including requiring them to share the content that has been reported in order to make a factual determination, without obtaining the username and password to the personal online account;
  • Restricting or prohibiting employees’ or applicants’ access to certain websites while using an electronic communications device paid for or supplied in whole or in part by the employer or while using an employer’s network or resources, in accordance with state and federal law;
  • Complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications that is established under state or federal law;
  • Viewing, accessing, or utilizing information about an employee or applicant that can be obtained without any required access information or that is available in the public domain; or
  • Requiring an employee to provide a personal email address in order to facilitate communication with the employee, in the event the employer’s email system fails.
 

Maine H 640

Effective October 15, 2015, employers in Maine may not:

  • Request or require that an applicant or employee disclose his or her password, social media account information, or any other means of accessing a personal social media account;
  • Require an employee or applicant to access a personal social media account in the presence of the employer or in the presence of an agent of the employer;
  • Requiring an applicant or employee to add anyone to the employee's or applicant's list of contacts associated with a personal social media account;
  • Requiring an applicant or employee to alter settings that affect a third party's ability to view the contents of his or her personal social media account.
 

Maryland HB 964/ SB 433

Employers are prohibited from requiring or requesting that an applicant or employee provide any username, password, or other means of accessing a personal electronic account such as email or social media. Employers may still require employees to provide access to internal company accounts, however.

Michigan HB 5523

Employers and educational institutions are prohibited from asking applicants, employees, and students for information about or access to their social media accounts. However, the law does not prevent an employer from:

  • Requiring an employee to disclose access information to the employer to gain access to:

  • An electronic communications device paid for in whole or in part by the employer,
  • An account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for business purposes

  • Disciplining an employee for transferring the employer’s proprietary or confidential information to the employee’s personal internet account without the employer’s authorization
  • Conducting a workplace investigation if the employer has specific information about activity on the employee’s personal internet account; or
  • Restricting or prohibiting an employee’s access to certain websites while using a device paid for (in whole or in part) by the employer or while using the employer’s network or resources
  • Monitoring, reviewing, or accessing electronic data stored on an electronic communications device paid for (in whole or in part) by the employer or traveling through or stored on an employer’s network.

Montana HB 343

Employers may not request or require an employee or an applicant to:

  • Disclose a username or password to allow the employer to access the employee's or applicant's personal social media account;
  • Access a personal social media account in the presence of the employer
  • Divulge any personal social media or information contained on personal social media.

Employers may require employees to provide their personal username or password to access personal social media if:

  • The employer has specific information about activity by the employee that indicates work-related employee misconduct or criminal defamation;
  • The employer has specific information about the unauthorized transfer by the employee of the employer's proprietary information, confidential information, trade secrets, or financial data to a personal online account or personal online service;
  • The employer is required to ensure compliance with applicable laws or regulations under the Security and Exchange Act of 1937.

Nevada AB 181

Employers may not, either directly or indirectly, request, require, or suggest that an employee or prospective employee disclose his or her user name, password, or other information that provides access to his or her personal social media account.

Employers may require employees to disclose the user name, password, or any other information to an account or service (other than a personal social media account) for the purpose of accessing the employer’s own internal computer or information system.

New Hampshire HB 1407

Employers may not:

  • Request or require that an employee or prospective employee disclose login information for accessing any personal account or service through an electronic communication device;
  • Compel an employee or applicant to add anyone, including the employer or the employer’s agent, to a list of contacts associated with an electronic mail account or personal account;
  • Require an employee or applicant to reduce the privacy settings associated with any electronic mail or personal account that would affect a third party’s ability to view the contents of the account;

This law does not prohibit employers from:

  • Obtaining information about an employee or prospective employee that is in the public domain; or
  • Conducting an investigation:
    • To ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct based on information about activity on an employee’s personal account or service received from an employee or other source; or
    • Of an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to a personal online account or service by an employee or other source.

New Jersey AB 2878

Employers may not request or require that current or prospective employee provide or disclose any user name or password, or in any way provide the employer access to a personal account through an electronic communications device. Employers may not ask employees to waive these rights, and may not retaliate or discriminate against an individual who refuses to provide access to a personal account through an electronic communications device.

Nothing in New Jersey's law prevents employers from::

  • Complying with the requirements of state or federal statutes, rules or regulations;
  • Implementing and enforcing a policy pertaining to the use of an employer-issued electronic communications device or any accounts or services provided by the employer and used by employees for business purposes;
  • Viewing, accessing, or utilizing information about a current or prospective employee that can be obtained in the public domain;
  • Conducting an investigation:
    • to ensure compliance with applicable laws, regulatory requirements or prohibitions against work-related employee misconduct based on the receipt of specific information about activity on a personal account by an employee; or
    • of an employee's actions based on the receipt of specific information about the unauthorized transfer of an employer's proprietary information, confidential information, or financial data to a personal account by an employee.

New Mexico SB 371 

Employers (except federal, state, or local law enforcement agencies) may not request or require that a prospective employee provide a password (or demand access in any manner) in order to gain access to the individual’s account or profile on a social networking website.

This law does not, however, limit an employer’s right to:

  • Have policies regarding workplace internet use, social networking site use, and electronic mail use.
  • Monitor usage of the employer’s electronic equipment and the employer’s email without requesting or requiring a prospective employee to provide a password in order to gain access to access to the individual’s account or profile on a social networking site.
  • Obtain information about a prospective employee that is available in the public domain.

Oklahoma HB 2372

Employers may not:

  • Require an employee or prospective employee to disclose a user name and password or other means of authentication for accessing a personal online social media account through an electronic communications device;
  • Require an employee or prospective employee to access the employee’s or prospective employee’s personal online social media account in the presence of the employer in a manner that enables the employer to observe the contents of such accounts if the account’s contents are not available to the general public;
  • Take retaliatory personnel action that materially and negatively affects the terms and conditions of employment against an employee solely for refusal to give the employer the user name or password to the employee’s personal online social media account; or
  • Refuse to hire a prospective employee solely as a result of the prospective employee’s refusal to give the employer the user name and password to the prospective employee’s personal online social media account.

Employers may:

  • Request or require an employee to disclose any username and password for accessing:
    • Any computer system, information technology network, or electronic communications device provided or subsidized by the employer;
    • Any accounts or services provided by the employer or by virtue of the employee’s employment relationship with the employer or that the employee uses for business purposes; and
  • Conduct an investigation:
    • To ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct based on the receipt of specific information about activity on a personal online social media account or service; or
    • Of an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to a personal social media account or service.

Oregon H2654

Employers may not:

  • Request or require an employee or applicant to disclose a personal social media username and password or otherwise require access to such an individual’s personal social media account.
  • Compel an employee or applicant to add the employer to the individual’s list of contacts associated with a social media website.
  • Compel an employee or applicant to access a personal social media account in the presence of the employer to enable that employer to view the otherwise private content of the account.

Oregon law does not prevent an employer from requiring an employee to disclose a username and/or password for a social media account provided by the employer, created on behalf of the employer, or to be used on behalf of the employer. Employers are also not prohibited from accessing information about an employee or applicant through social media when that information is publicly available.

Rhode Island S 2095Aaa and H 7124Aaa

Employers may not:

  • Request, require, or coerce an employee or applicant to disclose personal social media information;
  • Request, require, or coerce an employee or applicant to access a personal social media account in the presence of the employer or a representative;
  • Compel an applicant to add anyone to the applicant's list of contacts associated with a social media account; or
  • Discharge, discipline, or otherwise penalize any employee for refusing to divulge social media information.

This law does not prohibit employers from:

  • Accessing information about an employee or applicant that is publicly available; or
  • Requiring an employee or applicant to divulge personal social media account information when the employer reasonably believed the information to be relevant to an investigation fo allegations of employee misconduct or a workplace-related violation of applicable laws and regulations, when not otherwise prohibited by law or constitution (the information could be accessed and used solely to the extent necessary for purposes of that investigation or a related proceeding);
  • Complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications that is established by a self-regulatory organization or under state or federal law or regulation.

Tennessee Employee Online Privacy Act of 2014

Effective January 1, 2015, employers may not:

  • Request or require an employee or applicant to disclose a password that allows access to the individual’s personal Internet account;
  • Compel an employee or applicant to add the employer or an employment agency to the individual’s list of contacts associated with a personal Internet account;
  • Compel an employee or applicant to access a personal Internet account in the presence of the employer in a manner that enables the employer to observe the contents of the individual’s personal internet account; or
  • Take adverse action, fail to hire, or otherwise penalize an employee or applicant because of a failure to disclose information or take one of the actions listed here.

Employers are not prohibited from:

  • Requesting or requiring an employee to disclose a username or password required only to gain access to:
    • An electronic communication device supplied by or paid for wholly or in part by the employer; or
    • An account or service provided by the employer that is obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes
  • Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal Internet account without the employer’s authorization;
  • Conducting an investigation or requiring an employee to cooperate in an investigation if:
    • There is specific information on the employee’s personal Internet account regarding compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or
    • The employer has specific information about an unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to an employee’s personal Internet account;
     
  • Restricting or prohibiting an employee’s access to certain websites while using an electronic communications device supplied by or paid for wholly or in part by the employer or while using an employer’s network or resources, in accordance with state and federal law;
  • Monitoring, reviewing, accessing, or blocking electronic data stored on an electronic communications device supplied by or paid for wholly or in part by the employer, or stored on an employer’s network, in accordance with state and federal law;
  • Viewing, accessing, or using information about an employee or applicant that can be obtained without violating the prohibitions outlined above or information that is available in the public domain; or
  • Complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications:
    • That is established under federal law or by a “self-regulatory organization”, as defined in the Securities and Exchange Act of 1934;
    • For purposes of law enforcement employment; or
    • For purposes of an investigation into law enforcement officer conduct performed by a law enforcement agency.

Utah HB 100

Effective May 14, 2013, Utah’s Internet Employment Privacy Act prohibits both private and public employers from requesting that an employee or job applicant disclose a username and password, or a password that allows access to the personal internet account of an employee or applicant. Employers may not take adverse action against individuals who refuse to disclose such information.

The Internet Employment Privacy Act does not prohibit employers from:

  • Requesting or requiring a username and password to access the following:
    • An electronic communications device supplied by or paid for in whole or in part by the employer; and
    • An account or service provided by the employer, obtained by virtue of the employment relationship with the employer and used for the employer’s business purposes.
  • Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or other financial data to an employee’s personal internet account without authorization.
  • Conducting an investigation or requiring an employee to cooperating in an investigation if:
    • There is specific information about activity on the employee’s personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or
    • The employer has specific information about an unauthorized transfer of the employer’s proprietary or confidential information or financial data to an employee’s personal internet account.
  • Restricting or prohibiting an employee’s access to certain websites while using an electronic communications device supplied by, or paid for in whole or in part by, the employer or while using an employer’s network or resources, in accordance with state and federal law; or
  • Monitoring, reviewing, accessing, or blocking electronic data stored on an electronic communications device supplied by, or paid for in whole or in part by, the employer, or stored on an employer’s network, in accordance with state and federal law

HB 100 also provides similar protections for students in postsecondary colleges and universities.

Virginia HB 2081

Employers may not require current or prospective employees to disclose the username or password of their social media accounts. Employers also may not require that employees add an employee, supervisor, or an administrator to the list of contacts associated with the employee's social media account.

Employers may not:

  • Take action against or threaten to discharge, discipline, or otherwise penalize a current employee for refusing to provide username or password information; or
  • Refuse to hire an individual because of his or her refusal to provide username or password information;

Washington SB 5211

Employers in Washington may not:

  • Request, require, or otherwise coerce an employee or applicant to disclose login information for the individual’s social networking account.
  • Request, require, or otherwise coerce an employee or applicant to access his or her personal social networking account in the employer’s presence (to enable the employer to observe the contents of the account).
  • Compel or coerce an employee or applicant to add a person (including the employer) to the list of contacts associated with the individuals personal social networking account.
  • Cause an employee or applicant to alter the settings on his or her personal social networking account that affect a third party’s ability to view the contents of the account.

Employers may request or require content from an employee or applicant’s social networking account if:

  • The content is needed to make a factual determination in the course of conducting an investigation;
  • The employer undertakes the investigation in response to the receipt of information about the employee’s activity on his or her personal social networking account;
  • The purpose of the investigation is to:
    • Ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or
    • Investigate an allegation of unauthorized transfer of an employer’s proprietary, confidential, or financial information to the employee’s personal social networking account; AND
  • The employer does not request or require the employee to provide his or her login information.

Employers may still request access to accounts or services provided by virtue of the employee’s employment relationship and to electronic communication devices or online accounts paid for or supplied by the employer.

Wisconsin SB 223

Employers in Wisconsin may not:

  • Request or require that an applicant or employee disclose access information for, grant access to, or allow observation of the individual’s personal Internet account; OR
  • Discriminate against an employee or applicant who refuses to grant an employer access to his or her personal Internet account.

Employers are not prohibited from doing any of the following:

  • Requesting or requiring an employee to disclose access information to the employer for the employer to gain access to or operate an electronic communications device supplied by or paid for in whole or in part by the employer;
  • Requesting or requiring an employee to disclose access information to the employer for the employer to gain access to an account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes.
  • Discharging or disciplining an employee for transferring the employer’s proprietary or confidential information or financial data to the employee’s personal Internet account without the employer’s authorization.
  • Conducting an investigation or requiring an employee to cooperate in an investigation of any alleged unauthorized transfer of the employer’s proprietary or confidential information or financial data to the employee’s personal Internet account, if:
    • the employer has reasonable cause to believe that such a transfer has occurred, or of any other alleged employment-related misconduct, violation of the law, or violation of the employer’s work rules as specified in an employee handbook, AND
    • if the employer has reasonable cause to believe that activity on the employee’s personal Internet account relating to that misconduct or violation has occurred.
  • Restricting or prohibiting an employee’s access to certain Internet sites while using an electronic communications device supplied or paid for in whole or in part by the employer or while using the employer’s network or other resources.
  • Complying with a duty to screen applicants for employment prior to hiring or a duty to monitor or retain employee communications that is established under state or federal laws, rules, or regulations or the rules of a self-regulatory organization, as defined in 15 USC 78c(a) (26).
  • Viewing, accessing, or using information about an employee or applicant for employment that can be obtained without access information or that is available in the public domain.
  • Requesting or requiring an employee to disclose the employee’s personal electronic mail address.
['Employee Relations', 'Privacy and Data Security']
['Social media', 'Privacy and Data Security']
UPGRADE TO CONTINUE READING
Load More