Employers Beware: New "Facebook Law" Has Far-Reaching Consequences for Businesses

Due to the passage of the so called “Facebook law” (the “Act”), starting on January 1, 2013, it will be illegal for Illinois employers to: (1) “request or require an employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website;” and (2) “demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.”  820 ILCS 55/10(b).  The law leaves no exceptions, even for openings that require thorough background checks.  Under the Act, a job applicant or employee may file a complaint with the Illinois Department of Labor (IDOL), which will then investigate the complaint.  If IDOL discovers that the employer violated the Act, then IDOL may commence an action in the circuit court.  If the complaint is not resolved by IDOL and IDOL does not commence an action, the Act provides the aggrieved party with a private right of action.  If the employee or prospective employee prevails in such action he or she is entitled to $200 plus actual damages, reasonable attorneys’ fees, and costs. MarylandandCaliforniacurrently have similar laws on the books, with at least ten other states considering following suit.  Such a patchwork of state laws may prove problematic to national employers, who will need to ensure that their policies comply with each of the state laws in effect.  Additionally, on April 27, 2012, the Social Networking Online Protection Act was introduced in the U.S. House of Representatives.  If passed, this law would impose similar restrictions on employers under federal law.  However, a federal law won’t lessen the burden on employers from complying with state laws that are more restrictive.

Though the Act was primarily intended to protect applicants from having to turn over passwords, by including employees in its provisions the law is likely to result in serious, unintended consequences for employers who may have legitimate reasons for wanting to see what employees are putting on these sites.  For example, employers investigating alleged workplace misconduct or violations of the law may find themselves in hot water under the statute.  Increasingly, employees use personal social networking sites for business-related purposes, such as communicating with customers, suppliers, or other employees.  Because the Act includes no exceptions to the ban on requesting social media passwords, it may prevent employers from investigating serious misconduct, such as harassment or dissemination of confidential information.  It may also hinder investigations into illegal activity, such as misappropriation of trade secrets or violations of securities or financial laws.  Likewise, the Act could frustrate discovery during litigation where a party is seeking relevant evidence contained in an employee’s social networking account.   Given these uncertainties, employers must take care when conducting investigations and responding to litigation requests so as not to unintentionally violate the Act.

Even employers in states without “Facebook laws” should think twice before requesting password information from job applicants and employees.  It is illegal to discriminate against an applicant or employee because of that person’s race, sex (including pregnancy), religion, national origin, age, or disability.  If such protected characteristics are disclosed from the social networking site and the prospective employee is not hired or a current employee is subject to adverse employment action, the employer runs the risk of a discrimination claim being brought.  Even if the protected characteristics had nothing to do with the employer’s decision, the fact that the employer had access to the information could be enough to cause trouble for the employer.  Likewise, the employer would be hard-pressed in proving ignorance of the protected category.  Further, because “Facebook laws” have attracted a lot of media attention, it might be bad publicity for employers to carry on a policy of requesting password information.  Moreover, sought-after job applicants may choose not to work for employers who demand such information.  Additionally, employers who request passwords from employees and prospective employees, could subject themselves to negligence suits if the employer could have discovered evidence from the social networking site of an employee’s potential for dangerous conduct.  Finally, taking action against an employee or applicant for complaining on a social networking site about the conditions of employment could run afoul of the National Labor Relations Act by chilling workers’ willingness to exercise their Section 7 rights—basic rights extended to employees to engage in “concerted activities” for the purpose of collective bargaining or other “mutual aid or protection.”

In light of this new law,Illinoisemployers should review their hiring and investigative practices and make sure all individuals involved in the hiring process or disciplinary process are aware of and comply with the following:

  • Do not ask employees or prospective employees for their social media passwords or information that would identify their social media account or profile (such as their screen name)
  • Do not request or demand that employees or prospective employees allow you access to their social media account or profile, even if you do not request that they disclose their password

Further, all employers, whether doing business in a state with a “Facebook law” or not, should keep the following in mind:

  • Any information learned about an employee or prospective employee through social media can be used against you if the individual suffers adverse employment action.

Contact Katherine Olson at (312) 334-3444 for further information.