Illinois Bars Employers from Obtaining Social Media Credentials

Monday, August 20, 2012

David Navetta


Article by Boris Segalis and Nihar Shah

Following in the footsteps of Maryland, Illinois Governor Pat Quinn signed a law amending the state’s Right to Privacy in the Workplace Act to prohibit employers from asking current and prospective employees for their personal social media account credentials.

The Maryland and Illinois legislation is a response to reports that circulated earlier this summer suggesting that employers sought job applicants’ social media account credentials to consider the candidates’ behavior on social media in the hiring process. At least 15 other states, including California and Michigan, are considering similar laws.

Under the Illinois statute, employers that require employees or prospective employees “to provide any password or other related account information in order to gain access [to]… a social networking website… [or] profile,” are subject to the state Attorney General’s power to levy minimum fines of $100 to $300 per violation, with much more substantial fines possible at the Attorney General’s discretion.

The extension of workplace privacy protections to social media account credentials continues the trend of stronger privacy protections for employees at the federal and state levels.

For example, as we previously reported, beginning in the fall of 2010, the National Labor Relations Board has reinterpreted the National Labor Relations Act to establish broad protections for union and non-union employees’ statements on social media.

In addition, both states and the federal government (particularly, the EEOC) have been combating the use of credit reports in the hiring process.

Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers.

Employers must ensure that their policies that impact employee privacy (e.g., social media policies, monitoring policies, BYOD policies and others) are and remain consistent with the evolving legal requirements.

Cross-posted from InfoLawGroup

Possibly Related Articles:
General Legal
Legal Privacy Regulation Social Media legislation Employees Login Policies and Procedures Jobs
Post Rating I Like this!
Lisa Simpson I'm surprised that Facebook hasn't come out with a statement about this being in direct violation of their TOS.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.