New Law Bans Employers From Demanding Access to Personal Social Media Accounts
On Dec. 27, 2012, Michigan Governor Rick Snyder signed into law The Internet Privacy Protection Act (the Act). The Act, which is now in effect, severely restricts an employer’s access to social media pages of applicants and employees.
Specifically, the Act prohibits employers from asking an applicants or employee to grant access to, allow observation of, or disclose information (such as passwords) that allows the employer access to or observation of the applicant or employee's personal Internet account. The Act also prohibits employers from discharging, failing to hire or otherwise penalizing an employee or applicant for failing to provide such access or information.
However, the Act specifically allows employers to do all of the following:
- Request or require access to or to gain access to operate:
- an electronic communications device paid for by the employer, or
- an account or service provided by the employer.
- Discipline or discharge an employee for the unauthorized transfer of the employer’s proprietary or confidential information or financial data to the employee’s personal Internet account.
- Investigate and require an employee to cooperate in an investigation where there is specific information about:
- the activity on the employee’s personal Internet account, for purposes of ensuring compliance with applicable laws, regulations or prohibited work–related misconduct, or
- the unauthorized transfer of the employer’s proprietary or confidential information or financial data to the employee’s personal Internet account.
- Prohibit employee access to certain Web sites (i.e., pornography) via devices paid for in whole or in part by the employer or via the employer’s network or resources, as permitted by state and federal law.
- Monitor, review or access electronic data stored on electronic communications equipment paid for in whole or in part by the employer or traveling through or stored on an employer’s network, as permitted by state and federal law.
The Act's prohibitions do not affect an employer’s compliance with a duty to screen employees or applicants or to monitor or retain employee communications in compliance with federal law or by certain self-regulating organizations (under the Securities and Exchange Act). Nor does it create any duty for an employer to search or monitor personal Internet accounts. Moreover, an employer cannot be liable under the Act for failing to request or require access to the personal Internet account of an employee or applicant.
Notably, the Act exposes individual employees to a criminal prosecution for a misdemeanor offense, punishable by a fine up to $1000. In addition, the Act allows the offended individual to file a civil lawsuit to enjoin violations. Such individuals may also recover up to $1000 in damages, reasonable attorney’s fees and court costs, provided he or she serves a written demand 60 days prior to initiating the suit in district court. As an affirmative defense, an employer may assert that it acted to comply with requirements of a federal or state law.
The Act has similar prohibitions for educational institutions and their students.
Although the prohibitions of the Act discussed above should be carefully scrutinized by employers, employers can rest assure that anything visible to the public remains fair game.
If you have any questions, contact the author of this Rapid Report or another experienced Plunkett Cooney employment attorney.
Rapid Reports are distributed by the firm of Plunkett Cooney. Any questions or comments concerning the matters reported may be addressed to Theresa Smith Lloyd or any other members of the practice group. The brevity of this update prevents comprehensive treatment of all legal issues, and the information contained herein should not be taken as legal advice. Advice for specific matters should be sought directly from legal counsel. Copyright © 2013. All rights reserved PLUNKETT COONEY, P.C.