The “Facebook” Amendment to the Right to Privacy in the Workplace Act Will Challenge Employer Ingenuity
On August 1, 2012, Governor Quinn signed into law HB 3782, which was dubbed the “Facebook bill.” The Facebook bill amended Illinois’ Right to Privacy in the Workplace Act to make it unlawful for any employer to request or require any employee or job applicant to: (i) provide any password or related account information to gain access to the employee’s or applicant’s account or profile on a social networking website (“account or profile”); or (ii) demand access in any manner to an employee’s or applicant’s account or profile. The law goes into effect January 1, 2013.
The second prohibition appears somewhat problematic. Without exceptions for legitimate business reasons, it broadly prohibits a demand to access in any manner an employee’s or applicant’s account or profile. Legitimate business reasons could include, for example, a need to determine whether an employee has: (i) threatened violence in the workplace; or (ii) made harassing statements about or to other employees based on protected classifications, such as race or sex. The courts may ultimately need to clarify this section, however, that will take some time.
To help ensure against liability, employers need to utilize their rights under the new law. Specifically, employers retain the right to: (i) govern the use of their electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use; and (ii) monitor usage of their electronic equipment and electronic mail without requesting or requiring any employee or applicant to provide any password or other related account information to gain access to the employee’s or applicant’s account or profile.
In light of these “rights,” the best defense is a strong offense. Employers are advised to implement strong, no-nonsense policies to govern and monitor an employee use of the employer’s electronic equipment, including policies regarding Internet use, social networking site use, and email use.
Such policies should, for example, provide that: (i) the employer’s electronic equipment and other technology resources (“electronic equipment”) may be used only for legitimate, business-related reasons, never for personal, non-business-related reasons; (ii) employees have no expectation of privacy in connection with their use of the employer’s electronic equipment and employer/employee email communications because their use will be monitored; (iii) employees are forbidden to use (and are required to report the use of) the employer’s electronic equipment for the creation or transmission of any information that may be construed to violate the employer’s harassment-free workplace policy, non-discrimination policy, and equal employment opportunity policy; and (iv) employees are prohibited from using the employer’s electronic equipment to search for, use, send, post or otherwise disclose confidential, private, privileged, proprietary, or business information to any individual for any non-business related reason.
Employers should also review and revise, if needed, their Human Resources practices and advise recruiters and other individuals who interact with employees and job applicants about the new law to ensure compliance.