An increasing number of Americans are using social media sites, such as Facebook and Twitter, both on and off the job. Some companies, in an effort to protect proprietary information or trade secrets and prevent exposure to legal liabilities, are requiring employees to turn over their usernames or passwords for their personal social media accounts. Driven by a desire to protect employee privacy, state governments are increasingly seeking to prevent employers from making such requests.
New Jersey is now the 12th state to provide employees such protection. On August 29, 2013, the New Jersey State Governor signed into law legislation that prohibits employers from requiring or requesting current and prospective employees to disclose their social media passwords. New Jersey’s new law covers all employers (including any agent or representative), except for state and county corrections departments, the state parole board, and state and local law enforcement agencies.
The act, which takes effect December 1, 2013, states that an employer may not “require or request a current or prospective employee to provide or disclose any user name or password, or in any way provide the employer access to, a personal account through an electronic communications device.” The law further prohibits an employer from retaliating or discriminating against an individual for (a) refusing to provide access to his/her personal account; (b) reporting a violation of this law; (c) participating in an investigation, proceeding or action concerning a violation of this act; or (d) otherwise opposing a violation of this act. Furthermore, the law expressly forbids an employer from “require[ing] an individual to waive or limit any protection granted under this act as a violation of public policy of this state and is void and unenforceable.”
The act, however, does provide a few exceptions. An employer is not prevented from complying with the requirements of state or federal statutes, rules or regulations, case law or rules of self-regulatory organizations. The act also does not prevent an employer from implementing and enforcing a policy pertaining to the use of an employer-used electronic communications device or any accounts provided by the employer or that the employee uses for business purposes. Similarly, an employer may still conduct an investigation for the purpose of ensuring compliance with applicable laws, regulatory requirements or prohibitions against work-related employee misconduct or unauthorized transfer of proprietary information, based on the receipt of specific information about activity on a personal account by an employee. Lastly, the law does not prevent an employer from viewing, accessing or utilizing information about a current or prospective employee that can be obtained in the public domain.
Although the law does not provide for a private cause of action, the Commissioner of Labor and Workforce Development may subject an employer to a civil penalty of up to $1,000 for the first violation and $2,500 for each subsequent violation.
Employers in New Jersey are now prohibited from taking any job action against employees who request information about job titles, wages or benefits from other employees or former employees in connection with an actual or potential claim of discrimination.