Illinois Becomes Second State to Prohibit Employers from Requiring Access to Employees’ and Prospective Employees’ Social Media Web Sites

On August 1, 2012, Illinois joined Maryland (law passed in March 2012) in prohibiting employer access to social media web sites of their employees and prospective employees.  There are a number of other states that are also considering such prohibitory legislation (California, Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, South Carolina and Washington), as is the United States Congress.  In April 2012, Representatives Eliot Engel and Jan Schakowsky introduced the Social Networking Online Protection Act (2012 H.R. 5050), and the Password Protection Act of 2012 (2012 S. 3074) was introduced in the Senate in May 2012, which prohibit employers from requiring access to their employees’ social media web sites.  In July, Delaware passed a law prohibiting public and private academic institutions from requiring that a student or applicant disclose password or account information granting the academic institution access to the student’s or applicant’s social networking profile or account.  A companion bill dealing with employers is still being considered by the Delaware legislature.

The new Illinois law amends Section 10 of the Right to Privacy in the Workplace Act.  It prohibits an employer from requesting or requiring any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.  This Act goes into effect January 1, 2013.

The Illinois law defines “social networking website” as an Internet-based service that allows individuals to construct a public or semi-public profile within a bounded system, created by the service; or to create a list of other users with whom they share a connection within the system; or to view and navigate the employee’s or prospective employee’s list of connections and those made by others within the system.  It does not include electronic mail.

The new Illinois law is not intended to nor does it prohibit an employer from obtaining information about a prospective employee or an employee’s information that is in the public domain or that is otherwise obtained in compliance with the new law.

Under the new Illinois law, an employee may file a complaint with the Director of Labor or, failing timely resolution, may bring a civil action for injunctive relief and to recover actual damages plus costs.  For a willful and knowing violation of this Act, the employee may recover $200 plus costs, reasonable attorney’s fees, and actual damages.  Any employer or prospective employer or his agent who violates the provisions of this Act is guilty of a petty offense and subject to a $1,000 fine.  The new law also prohibits retaliation for opposing employer’s conduct reasonably believed to violate the new law.

Employers are advised to ensure compliance with these laws in both Illinois and Maryland and to keep their eyes on the other states.

Cheryl Orr and Heather Sager Contribute Articles to The Recorder’s Special Issue on Privacy

Partners Cheryl Orr and Heather Sager contributed articles in today’s special section on Privacy in The Recorder.  Cheryl’s article, Employer’s BYOD dilemna, looks at the issues and approaches employers are taking as employees use dual devices, i.e. one device for both work and personal use.  Heather’s article, Why can’t we be ‘friends’?, looks at what companies need to know when drafting their social media policies.  Copies of both articles are available via this link.

New Jersey District Court Denies Employer’s Motion to Dismiss Plaintiff’s Cause of Action After Employee’s Supervisor Gains Unauthorized Access to Employee’s Facebook Account

In Ehling v. Monmouth-Ocean Hospital Service Corp., the District Court in New Jersey recently denied the employer’s motion to dismiss the plaintiff’s cause of action for invasion of privacy in connection with a supervisor having gained unauthorized access to her private Facebook account.  The plaintiff nurse, who was also the union president at the hospital, had posted comments on her Facebook wall about the news story out of Washington, D.C. in 2009 concerning the killing of a security guard at the Holocaust Museum by a white supremacist in which she expressed her opinion or rant that the paramedics in D.C. should have let the shooter die rather than help him after he was shot during the incident:  “He survived [and] I blame the DC paramedics.  I want to say 2 things to the DC  medics.  1.  WHAT WERE YOU THINKING?  and 2.  This was your opportunity to really make a difference!  WTF!!!!  And to the other guards…. go to target practice.”  The supervisor apparently wanted access to plaintiff’s Facebook comments because of her leadership role with the union, and convinced a co-worker to give him access to her private account so he could copy her postings. When he saw the comments about the D.C. incident he sent a copy to the State Board of Nursing suggesting that it represented an improper disregard for patient safety.

On the employer’s motion to dismiss the invasion of privacy claim on the grounds that there can be no expectation of privacy with respect to Facebook postings, the court decided that the question whether the plaintiff had a reasonable expectation of privacy was for a jury to decide based on the circumstances, including the number of “friends” who had access to her Facebook wall where the plaintiff claimed that she had restricted access to her friends but did not provide access to any supervisors or members of management.  The court did not address the separate question whether a rant expressing an opinion about a news report could be considered an expression of one’s “private affairs” subject to protection under invasion of privacy law, and did not address the fact that Facebook specifically includes in its Privacy Policy a disclaimer to the effect that there is no guarantee of privacy and that users make postings at their own risk inasmuch as anyone with access can copy or share comments with anyone they choose.

NLRB Clarifies Standards to be Applied to Claims Involving Employee Use of Social Media

Acting General Counsel Lafe Solomon recently issued an NLRB Report clarifying the standards to be applied to claims involving employee use of social media.  The Report, which summarized recent cases concerning employer policies restricting employee use of social media, like Facebook, as well as cases involving discipline imposed in response to postings on social media, makes clear that the Board will apply traditional analysis to issues concerning social media.

With respect to employer policies addressing the use of social media, the cases show that the Board’s focus will be on whether the policy in question “would reasonably tend to chill employees in the exercise of their Section 7 right” to engage in protected concerted activity.  Employer policies will be found to be unlawfully overbroad to the extent they directly prohibit using social media to discuss terms and conditions of employment, or could “reasonably be construed by employees as prohibiting” such discussions.  Policies that prohibit “disparaging” comments about the employer, “inappropriate” references to the work environment, and “unprofessional” or “disrespectful” postings are unlawfully overbroad because they could reasonably be construed by employees as prohibiting complaints about the work environment or discussions about the terms and conditions of employment.  To pass NLRB muster, employers should focus their social media policies on the same type of activities that are prohibited in the workplace, such as harassment, threats and discrimination, and should also include a specific savings clause to make clear that the policy is not intended to limit or interfere with the right of employees to discuss wages, hours and the terms and conditions of employment.

With respect to cases involving discipline or the discharge of employees for comments posted on social media, the Board applies traditional analysis to determine whether the comments at issue are “protected” because they concern the terms and conditions of employment as opposed to unprotected personal griping, and whether the postings are “concerted” because they seek or result in co-worker comments.  The cases cited in the Report show that postings about personal gripes at work or disparaging comments about the manner in which the employer conducts its business will not be protected, whereas comments addressed to working conditions, including the actions of supervisors and the terms and conditions of employment, are protected.  The cases also show that the Board will engage in a traditional analysis to determine whether or not a posting is “concerted” by looking at such factors as the intent or purpose of the posting (personal rant/complaint or attempt to engage other employees) and the response to the posting (whether or not co-workers participated in an on-line discussion).  An employer’s reaction to postings will also be subject to traditional “surveillance” analysis in which the Board will look at the manner in which the employer learned about the social media postings at issue; that is, whether it unlawfully obtained information about the postings surreptitiously, or lawfully learned about them because a manager or supervisor is a “friend” invited to read the postings.  All of these factors must be considered in connection with a determination to discharge an employee based on social media activity.

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy