For businesses that use social media to vet job applicants or to monitor employees, change is afoot. On Tuesday, May 21, Governor Inslee signed into law a bill that makes it illegal for any employer in Washington State to require an employee or applicant to provide access to his or her social media account. This law covers any employer with one or more employees, and it goes into effect July 28, 2013. Here’s the scoop:
The law prohibits employers from requesting, requiring, or coercing a current employee or job applicant into doing any of the following:
- Giving the employer the login information to a private social media account
- “Friending” a manager or other third person so the employer can view the individual’s account
- Requiring that the employee change his or her privacy settings to make the account publicly available
- Logging into the account in the employer’s presence so as to enable the employer to view the content
The law also expressly prohibits employers from taking any “adverse action” against an employee for refusing to engage in any of these prohibited acts. This means firing, refusing to hire, or disciplining the employee or applicant, or threatening to do so.
There is a narrow exception to the law for when access to an account is necessary for the company to make a factual determination during a workplace investigation. This applies only if the employer has information that leads it to believe (1) that some content on the employee’s account might violate the law, regulatory requirements, or prohibitions against employee misconduct, or (2) that the employee has disclosed the employer’s confidential information on the account. Even under these circumstances, however, the employer still may only ask to view the account – it may not request the employee’s password.
This law does not apply to a work-focused technology platform primarily intended to facilitate communications and collaboration among employees, such as an in-house intranet or social network. It also does not prevent the employer from requesting login information for an account, service, or device the employer provides or pays for or that is only provided by virtue of the employment relationship. The law also will not apply if the employer unintentionally learns an employee’s login information, such as through a company mobile device or program monitoring the employer’s network, so long as the employer does not use the login information to access the employee’s social networking account.
Violations of this law can have serious ramifications. Employees may bring a civil action against employers who violate the law and, if they win, will be entitled to a $500 statutory penalty, any actual damages suffered, and – importantly – reasonable attorney’s fees and costs. An employer who is sued for a violation but prevails will only be able to recover attorney's fees if it can prove the action was frivolous.
Eleven states have now enacted laws of this nature, and similar legislation is being considered in over thirty more. If you have any questions about this development or how this law impacts your business, please don’t hesitate to contact Diana Shukis or Greg Duff.
Greg Duff founded and chairs Foster Garvey’s national Hospitality, Travel & Tourism group. His practice largely focuses on operations-oriented matters faced by hospitality industry members, including sales and marketing, distribution and e-commerce, procurement and technology. Greg also serves as counsel and legal advisor to many of the hospitality industry’s associations and trade groups, including AH&LA, HFTP and HSMAI.