Written by David Cohen with Michael Arnold
Since 2012, many states have enacted laws that restrict an employer’s capacity to access employees’ personal email and social media accounts. Last month, Connecticut joined the party and became the 21st state to enact an employer-employee social media privacy law.
The legislation Connecticut Governor Dannel Malloy signed prohibits employers from requiring employees or job applicants to disclose the password information of their personal email and social media accounts, or to invite the employer (or accept an invite from an employer) to join a group affiliated with any personal online account of the employee or applicant. The new law closely resembles laws passed in other states. It defines a “personal online account” as an online account that an employee or job applicant uses exclusively for personal purposes, including email, social media, and retail-based internet websites. Employers are specifically prohibited from discharging, disciplining, discriminating against, or retaliating against any employee or prospective employee who refuses to provide a username or access to his or her personal accounts.
The key takeaway for employers is to think twice before seeking access to employees’ personal online accounts. Employers must understand exactly when they may access employee social media accounts and other mediums they can use to track employee activities, such as a Google search. Certain employers believe that access to employees’ personal accounts is necessary to prevent disclosure of company trade secrets or to protect the employer from other possible exposure. Others use it also to screen an applicant or reconsider an offer if his or her account reveals inappropriate activity or poor judgment. Most state laws, including the new Connecticut law, do not restrict a company’s ability to compel access to an employee’s passwords under the former, but not necessarily under the latter, circumstances. From an employee’s perspective, social media privacy laws are critical to preventing potential invasions of privacy. Facebook and other internet websites have privacy settings for a reason. People often wish to conceal information regarding their personal life and families, which typically have limited application to the workplace. These laws validate that perspective.
Finally, even when employers are not subject to privacy laws, they take a risk when they snoop around employee or applicant social media accounts. Social media presents a more discrete method for employers to discover personal information like one’s religion or ethnicity. Once exposed to that information, it may be difficult to prove that they didn’t consider it in connection with a hiring or fire decision, and even if they do make that showing, getting there is often an expensive proposition for employers.
The law goes into effect on October 1, 2015.