• Illinois Bans Employers from Asking Employees or Applicants to Disclose Social Media Passwords
  • August 9, 2012
  • Law Firm: Duane Morris LLP - Philadelphia Office
  • On August 1, 2012, Illinois Governor Pat Quinn signed an amendment to the Illinois Right to Privacy in the Workplace Act (P.A. 097-0875), which prohibits employers from requesting or requiring that employees or job applicants provide the employer with access to the employee's or applicant's social media accounts. The amendment, which goes into effect on January 1, 2013, subjects employers who willfully violate the prohibitions to fines of up to $200 per violation and also allows employees or applicants who allege violations to pursue civil court actions to recover actual damages, attorneys' fees and costs.

    Under the new law, Illinois employers are prohibited from asking or requiring that an employee or applicant provide his or her password or other account information for—and from otherwise demanding or obtaining access to the private portions of—an employee's or applicant's social networking account or profile. The Illinois Right to Privacy in the Workplace Act also prohibits discrimination based on an employee or applicant's use of lawful products off-duty.

    The Act has no exceptions to the password inquiry prohibition, but provides that the prohibitions do not limit an employer's right to obtain information about employees or applicants that is in the public domain (e.g., information posted publicly on social media websites). The Act also expressly acknowledges an employer's right to maintain lawful workplace policies on the use of the employer's computer system or equipment and to monitor employees' use of the employer's electronic equipment and email systems.

    Illinois becomes the third state to pass such password privacy legislation, following Maryland's similar employer prohibition and Delaware's prohibition in the student-school context. California, Michigan and New Jersey appear likely to follow with their own versions. Altogether, at least 15 states have introduced similar password privacy legislation, lauded by civil liberties groups and social media companies as necessary to protect employees' privacy rights from unnecessary invasion by employers. The U.S. House of Representatives Committee on Education and the Workforce also is currently considering the Social Networking Online Protection Act (H.R. 5050), which includes a similar prohibition. While similar, the prohibitions under each statute or proposed legislation are different, with some limited to specific employers or industries, and should be reviewed closely to ensure compliance.

    From a practical perspective, Illinois employers should consider taking this opportunity to review their application and hiring process, as well as their social media and computer use policies, to potentially ensure against all prohibited inquiries of employees or applicants.