California Passes Law Restricting Employers From Requiring Access to the Employees/Applicants Social Media Sites
California Governor Jerry Brown recently signed into law AB 1844 prohibiting employers from requiring job applicants or employees to grant access to their personal social media sites, except if access is reasonably required to investigate allegations of employee misconduct or violation of laws or regulations.
The new law makes it illegal for employers to require or request an applicantor employee’s personal social media user name or password. It also forbids employers from requiring or requesting the employee or applicant to (1) access personal social media in the presence of the employer or (2) “divulge any personal social media.” While the law does not itself contain an explicit right of private action, it is likely that a court would find that an employee/applicant could bring one for a violation.
Social media is defined in the law as “an electronic service or account, or electronic content, including, but not limited to videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or Internet Web site profiles or locations.” The law prohibits retaliation against an employee who refuses to comply with a demand that violates the statute.
Of course, some laws, especially in certain regulated industries, require that communications to the public be monitored by the employer. For example, federal and state securities laws require supervision of employee-client communications and retention of relevant records, including social-media information. In AB1844 there is an exception to allow employer access in order to investigate potential misconduct or legal violations. Beyond that, however, it is unclear how courts will handle apparent conflicts with laws requiring company supervision beyond investigations of specific allegations.
Employers should note that even without AB 1844 or a similar state law, requiring employees to disclose the content of their social media sites is not without risk. For example, Facebook’s chief privacy officer offered her legal opinions to try to convince employers and others not to engage in this practice: “We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person. …It also potentially exposes the employer who seeks this access to unanticipated legal liability.
“Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).”
Employers need to evaluate these issues carefully, including whether there is any regulatory or other legal justification for requiring access to employees’ social media under the investigation exception or other laws.