On August 1, 2012, Illinois Governor Pat Quinn signed a new law that will make it unlawful for employers to ask job applicants and current employees to provide passwords or log-in information for their social networking websites. Under the law, employers will be prohibited from obtaining any information about a prospective or current employee that is not in the public domain.
Amendment to the Right to Privacy in the Workplace Act
The new law, HB 3782, will amend the Right to Privacy in the Workplace Act (820 ILCS §§ 55/1 et seq.) which previously prohibited employers from requesting that prospective or current employees provide information such as their off-duty use of lawful products or claims for benefits under the Illinois Workers’ Compensation Act or Workers’ Occupational Diseases Act.
Under the amended Act, which will go into effect on January 1, 2013, employers will further be prohibited from requesting that prospective or current employees provide the employer with the following information:
- The password or other related account information in order to gain access to the employee’s social networking website; or
- Access to any non-public portion of the employee’s account or profile on a social networking website.
However, the law will not prohibit employers from obtaining information about prospective or current employees that is in the public domain and is not shielded by the owner with a privacy setting. Furthermore, the law will not enjoin employers from maintaining social media policies that govern their employees’ access to social networking websites while at work. The law also does not include email within its definition of a social networking website.
While Illinois is only the second state in the country, next to Maryland, to enact a law prohibiting employers from requesting private social networking account information from prospective or current employees, several other states are currently considering such legislation. Similar bills have been introduced in California, New York, and Washington. Moreover, the U.S. Congress is currently considering two bills—the Social Networking Online Protection Act and the Password Protection Act of 2012—that will similarly prohibit employers from requiring prospective or current employees to provide them with private information about social networking accounts.
Impact on Employers
The objective of Illinois’ new law is clear: employers cannot use non-public information gleaned from a prospective or current employee’s social networking account to make hiring decisions. Although this seems to put employers at a disadvantage when vetting job applicants or monitoring current employees, it actually prevents employers from being exposed to liability by obtaining information about an employee or candidate that they may not want to know.
Take, for example, the Facebook page that manifests an employee’s religious beliefs or the private Twitter page that discusses an employee’s battle with HIV or schizophrenia. Even if the employer elects not to hire these employees for a reason unrelated to their religious belief or disability, the employer’s mere knowledge of their status within a “protected class” could expose it to liability if the employee later challenges the employer’s decision not to hire. In the same vein, even if the employees are hired and later terminated, the employer may face an uphill battle trying to discredit a discriminatory termination lawsuit predicated on the employee’s protected status. Therefore, by prohibiting employers from acquiring information about prospective or current employees that is not in the public domain, the law actually incentivizes employers to avoid exposing themselves to potential liability.
Employers must tread lightly when using social media to research prospective or current employees. Most obviously, employers must completely avoid requesting login information, user names, or passwords tied to a social networking website from prospective or current employees. Employers also must avoid acquiring any information from a current or prospective employee’s social networking website that is not available in the public domain. Employers that do rely on publicly available information on social networking websites must be sure to carefully consider the information that they are using to insure that it is not protected by federal or state discrimination laws.