by Sayema Hameed
On September 27, 2012, California Governor Jerry Brown signed into law A.B. 1844 and S.B. 1349, two bills which protect the privacy of employee and student social media, respectively. On the enactment of these two bills, Governor Brown said:[blockquote]The Golden State is pioneering the social media revolution and these laws will protect all Californians from unwarranted invasions of their personal social media accounts.[/blockquote]
S.B. 1349, entitled “Social media privacy: postsecondary education” (codified at Education Code Sections 99120-99122), prohibits public and private higher educational institutions from requiring a student, prospective student, or student group to disclose personal social media usernames, passwords, or content. The new law also prohibits the educational institutions from suspending, expelling, disciplining, or threatening to take any of those actions, for refusing to comply with such a demand. California is the second state to pass a law protecting the social media information of students, following Delaware.
A.B. 1844, entitled “Employer Use of Social Media” and codified at Labor Code Section 980, prohibits employers from requiring an employee or job applicant to disclose his or her social media username or password. This new law also prohibits an employer from “shoulder surfing,” i.e. requiring an employee or job applicant to access a personal social media account in the employer’s presence.
The new law also prohibits an employer from discharging, disciplining, threatening or otherwise retaliating against an employee or job applicant for not complying with the employer’s demand. The law does permit an employer to obtain passwords or other information needed to access employer-issued electronic devices.
With the enactment of A.B. 1844, California becomes the third state to pass an employee social media privacy law. In May 2012, Maryland enacted the Maryland User Name and Password Privacy Protection Act (SB 433/HB 964; Chapter 234), which becomes effective on October 1, 2012. In August 2012, Illinois amended the Right to Privacy in the Workplace Act (Illinois Public Act 097-0875), which becomes effective on January 1, 2013. Both the Maryland and Illinois laws prohibit an employer from requesting or requiring disclosure of employee/applicant social media log-in credentials.
Similar legislation is pending in eleven other states (Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, Pennsylvania, South Carolina and Washington).
At the federal level, bills to protect employee social media privacy have been introduced in both houses of Congress (Social Networking Online Protection Act (H.R. 5050) and Password Protection Act of 2012 (S. 3074/H.R. 5684)).
Under the new California law, employers are also not allowed to ask employees or job applicants to divulge any personal social media content, except in the event of an employer investigation of alleged employee misconduct or violation of the law, in which case the employer has the right “to request an employee to divulge personal social media reasonably believed to be relevant to” said investigation.
Thus, the new California law takes into account an employer’s legitimate interest in investigating employee misconduct, including claims of discrimination, harassment and retaliation. Even in the context of an investigation, however, the employer’s rights with respect to employee social media are limited. The employer may use the social media obtained during an investigation solely for the purposes of that investigation and not for an unrelated purpose. In addition, the employer cannot require an employee to turn over a personal social media username and password even during an investigation.