You may have heard that several states have enacted legislation designed to protect employees’ privacy rights in the contents of their social media. Connecticut has just jumped into that category with the passage of Senate Bill 426, “An Act Concerning Employee Online Privacy,” which was recently signed by Governor Dannel Malloy and becomes effective October 1, 2015.
This new statute prohibits employers from requesting or requiring an employee or job applicant to (1) provide the employer with a user name, password, or other way to access the employee’s or applicant’s personal online account; (2) authenticate or access such an account in front of the employer; or (3) invite, or accept an invitation from, the employer to join a group affiliated with such an account. And if, notwithstanding this express prohibition, the employer is inclined to ask and the employee/applicant refuses to comply or files a complaint protesting the request, the employer may not retaliate against that worker or refuse to hire him. According to the statute, an online account is one that the employee (or applicant) uses exclusively for personal purposes, unrelated to the employer or its business. This would include e-mail, social media, or retail-based Internet websites.
The Act does not prohibit the employer from seeking information about accounts and devices that it provides to its workforce, and it also makes an exception for certain types of investigations, including circumstances where the employer receives information about an employee’s activity that implicates compliance with state or federal laws, regulations, or employee misconduct, or where the employee or applicant is suspected of sharing confidential, proprietary or financial data to or from his personal online account. Even in those circumstances, the employer may only require that the employee provide access; it cannot force disclosure of the worker’s user name, password, or other access information. If the employer’s investigation shows that the worker engaged in that wrongful conduct, the employer may fire, discipline, or “otherwise penalize” the worker.
Nothing in the statute prevents the employer from monitoring, reviewing, accessing, or blocking electronic data on an electronic communications device that it provides to its workers or where information is traveling through or stored on the employer’s network. And it also does not interfere with the employer’s compliance with state or federal laws, regulations, or rules, for example, the Securities Exchange Commission.
The full text of the statute is available at http://www.cga.ct.gov/2015/TOB/S/2015SB-00426-R01-SB.htm