On August 1, 2012, Illinois joined Maryland (law passed in March 2012) in prohibiting employer access to social media web sites of their employees and prospective employees. There are a number of other states that are also considering such prohibitory legislation (California, Delaware, Massachusetts, Michigan, Minnesota, Missouri, New Jersey, New York, Ohio, South Carolina and Washington), as is the United States Congress. In April 2012, Representatives Eliot Engel and Jan Schakowsky introduced the Social Networking Online Protection Act (2012 H.R. 5050), and the Password Protection Act of 2012 (2012 S. 3074) was introduced in the Senate in May 2012, which prohibit employers from requiring access to their employees’ social media web sites. In July, Delaware passed a law prohibiting public and private academic institutions from requiring that a student or applicant disclose password or account information granting the academic institution access to the student’s or applicant’s social networking profile or account. A companion bill dealing with employers is still being considered by the Delaware legislature.
The new Illinois law amends Section 10 of the Right to Privacy in the Workplace Act. It prohibits an employer from requesting or requiring any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website. This Act goes into effect January 1, 2013.
The Illinois law defines “social networking website” as an Internet-based service that allows individuals to construct a public or semi-public profile within a bounded system, created by the service; or to create a list of other users with whom they share a connection within the system; or to view and navigate the employee’s or prospective employee’s list of connections and those made by others within the system. It does not include electronic mail.
The new Illinois law is not intended to nor does it prohibit an employer from obtaining information about a prospective employee or an employee’s information that is in the public domain or that is otherwise obtained in compliance with the new law.
Under the new Illinois law, an employee may file a complaint with the Director of Labor or, failing timely resolution, may bring a civil action for injunctive relief and to recover actual damages plus costs. For a willful and knowing violation of this Act, the employee may recover $200 plus costs, reasonable attorney’s fees, and actual damages. Any employer or prospective employer or his agent who violates the provisions of this Act is guilty of a petty offense and subject to a $1,000 fine. The new law also prohibits retaliation for opposing employer’s conduct reasonably believed to violate the new law.
Employers are advised to ensure compliance with these laws in both Illinois and Maryland and to keep their eyes on the other states.