Vedder Price

Vedder Thinking | Articles Illinois and Federal Legislation to Restrict Employer Access to Social Networking Accounts

Newsletter/Bulletin

Governor to Sign Amendment to the Illinois Right to Privacy in the Workplace Act

The office of Illinois Governor Pat Quinn recently announced that Governor Quinn will sign legislation that will amend Illinois’ Right to Privacy in the Workplace Act, 820 ILCS 55/1 et seq. (the Act), to prohibit employers from requesting or requiring employees and applicants for employment to disclose their log-in credentials for, or to grant access to, their social media accounts. Once the legislation has been signed, Illinois will be the second state in the country (after Maryland) to prohibit employers from requesting or requiring social networking log-in credentials from applicants and employees.

The legislation will amend Section 55/10 of the Act, titled "Prohibited Inquiries," by adding the following provisions:

  • (b)(1) It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee's or prospective employee’s account or profile on a social networking website.
  • (2) Nothing in this subsection shall limit an employer's right to (A) promulgate and maintain lawful workplace policies governing the use of the employer's electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use; and (B) monitor usage of the employer's electronic equipment and the employer’s electronic mail without requesting or requiring any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's account or profile on a social networking website.
  • (3) Nothing in this subsection shall prohibit an employer from obtaining about a prospective employee or an employee information that is in the public domain or that is otherwise obtained in compliance with this amendatory Act of the 97th General Assembly.
  • (4) For the purposes of this subsection, "social networking website" means an Internet-based service that allows individuals to: (A) construct a public or semi-public profile within a bounded system, created by the service; (B) create a list of other users with whom they share a connection within the system; and (C) view and navigate their list of connections and those made by others within the system. "Social networking website" shall not include electronic mail.

Notably, the Illinois law contains no express exceptions, including for legitimate workplace investigations. It also does not address the issue of employees who save their personal social media passwords on their employer computers.

Pending Federal Legislation to Limit Employer Access to Employee Social Media and Personal Internet Sites

Congress is attempting to extend this type of restriction to employers nationwide with two currently pending bills, the Social Networking Online Protection Act (SNOPA), introduced in the House on April 27, 2012, and the Password Protection Act of 2012 (PPA), introduced in both the House and the Senate in May 2012.

SNOPA would prohibit employers from requiring or requesting that an employee or applicant for employment provide the employer with a user name, password or any other means for accessing a private e-mail account or social networking account of the employee or applicant. Notably, SNOPA also prohibits institutions of higher learning and elementary and secondary schools from requiring or requesting access to a student or applicant’s private e-mail account or social networking website.

The PPA would not only prohibit employers from requiring or requesting log-in credentials from their employees and applicants for employment, but it would prohibit employers from compelling or coercing employees and applicants to provide access to, and subsequently retrieving information from, the online servers on which private user information is stored if that information is secured against general public access by the user. For example, if an employee looks at his or her Facebook or Gmail account from a workplace computer, the PPA would prohibit the employer from requiring the employee to disclose his or her password or to allow access to the employee's social media account, because that action would provide the employer with access to another computer (that of Facebook or Google). However, the PPA would not prevent an employer from accessing its own computer systems to recover evidence of an employee’s social media and Internet activities that occurred on the employer’s own computers. The PPA also would not apply to students, employees who work with children under age 13 or designated government employees.

Next Steps for Employers

Employers with employees in Illinois should review their human resources policies and practices to make sure they conform to this change in Illinois law. In addition, employers should advise recruiters and managers who interact with applicants and employees in Illinois of this change to ensure their compliance.

Vedder Price will continue to monitor developments in proposed Internet and social media legislation. Should you have any questions concerning the change in Illinois law or any other Internet law and technology concerns, please to not hesitate to contact any of the attorneys in Vedder Price's Internet Litigation and Dispute Resolution practice group.

To read the full alert in PDF, please click the link below.