General Assembly |
File No. 292 |
January Session, 2015 |
Senate, March 30, 2015
The Committee on Labor and Public Employees reported through SEN. GOMES of the 23rd Dist., Chairperson of the Committee on the part of the Senate, that the substitute bill ought to pass.
AN ACT CONCERNING EMPLOYEE ONLINE PRIVACY.
Be it enacted by the Senate and House of Representatives in General Assembly convened:
Section 1. (NEW) (Effective October 1, 2015) (a) For purposes of this section:
(1) "Applicant" means any person actively seeking employment from an employer;
(2) "Employee" means any person engaged in service to an employer in the business of his or her employer;
(3) "Employer" means any person engaged in business who has employees, including the state and any political subdivision thereof, except "employer" shall not include any state or municipal law enforcement agency conducting a preemployment investigation of law enforcement personnel;
(4) "Electronic communications device" means any electronic device that is capable of transmitting, accepting or processing data, including, but not limited to, a computer, computer network and computer system, as those terms are defined in section 53a-250 of the general statutes, and a cellular or wireless telephone;
(5) "Personal online account" means any online account that is used by an employee or applicant exclusively for personal purposes and unrelated to any business purpose of such employee's or applicant's employer or prospective employer, including, but not limited to, electronic mail, social media and retail-based Internet web sites. "Personal online account" does not include any account created, maintained, used or accessed by an employee or applicant for a business purpose of such employee's or applicant's employer or prospective employer.
(b) Except as provided in subsection (c) of this section, no employer shall:
(1) Request or require that an employee or applicant provide such employer with a user name and password, password or any other authentication means for accessing a personal online account;
(2) Request or require that an employee or applicant authenticate or access a personal online account in the presence of such employer;
(3) Require that an employee or applicant invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the employee or applicant;
(4) Discharge, discipline, discriminate against, retaliate against or otherwise penalize any employee who (A) refuses to provide such employer with a user name and password, password or any other authentication means for accessing his or her personal online account, (B) refuses to authenticate or access a personal online account in the presence of such employer, (C) refuses to invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the employee, or (D) files, or causes to be filed, any complaint, whether verbally or in writing, with a public or private body or court concerning such employer's violation of this subdivision and subdivisions (1) to (3), inclusive, of this subsection; or
(5) Fail or refuse to hire any applicant as a result of his or her refusal to (A) provide such employer with a user name and password, password or any other authentication means for accessing a personal online account, (B) authenticate or access a personal online account in the presence of such employer, or (C) invite such employer or accept an invitation from the employer to join a group affiliated with any personal online account of the applicant.
(c) (1) An employer may request or require that an employee or applicant provide such employer with a user name and password, password or any other authentication means for accessing (A) any account or service provided by such employer or by virtue of the employee's employment relationship with such employer or that the employee uses for such employer's business purposes, or (B) any electronic communications device supplied or paid for, in whole or in part, by such employer.
(2) No employer shall be prohibited from discharging, disciplining or otherwise penalizing an employee or applicant that has transferred, without such employer's permission, such employer's proprietary information, confidential information or financial data to or from such employee or applicant's personal online account.
(d) Nothing in this section shall prevent an employer from:
(1) (A) Conducting an investigation for the purpose of ensuring compliance with applicable state or federal laws, regulatory requirements or prohibitions against work-related employee misconduct based on the receipt of specific information about activity on an employee or applicant's personal online account, or (B) conducting an investigation based on the receipt of specific information about an employee or applicant's unauthorized transfer of such employer's proprietary information, confidential information or financial data to or from a personal online account operated by an employee, applicant or other source. Any employer conducting an investigation pursuant to this subdivision may require an employee or applicant to allow such employer to access his or her personal online account for the purpose of conducting such investigation, provided such employer shall not require such employee or applicant to disclose the user name and password, password or other authentication means for accessing such personal online account; or
(2) Monitoring, reviewing, accessing or blocking electronic data stored on an electronic communications device paid for, in whole or in part, by an employer, or traveling through or stored on an employer's network, in compliance with state and federal law.
(e) Nothing in this section shall be construed to prevent an employer from complying with the requirements of state or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.
(f) Any employee or applicant may file a complaint with the Labor Commissioner alleging violations of subsection (b) of this section. Upon receipt of the complaint, the commissioner shall investigate such complaint and may hold a hearing. After the hearing, the commissioner shall send each party a written copy of his or her decision. Any employee or applicant who prevails in such hearing shall be awarded reasonable attorney's fees and costs.
(g) If the commissioner finds an employee has been aggrieved by an employer's violation of subdivision (1), (2), (3) or (4) of subsection (b) of this section, the commissioner may (1) levy against the employer a civil penalty of up to five hundred dollars for the first violation and one thousand dollars for each subsequent violation, and (2) award such employee all appropriate relief including rehiring or reinstatement to his or her previous job, payment of back wages, reestablishment of employee benefits or any other remedies that the commissioner may deem appropriate.
(h) If the commissioner finds an applicant has been aggrieved by an employer's violation of subdivision (1), (2), (3) or (5) of subsection (b) of this section, the commissioner may levy against the employer a civil penalty of up to twenty-five dollars for the first violation and five hundred dollars for each subsequent violation.
(i) Any party aggrieved by the decision of the commissioner may appeal the decision to the Superior Court in accordance with the provisions of chapter 54 of the general statutes.
(j) The commissioner may request the Attorney General to bring an action in the Superior Court to recover the penalties levied pursuant to subsections (f) and (h) of this section.
This act shall take effect as follows and shall amend the following sections: | ||
Section 1 |
October 1, 2015 |
New section |
LAB |
Joint Favorable Subst. |
The following Fiscal Impact Statement and Bill Analysis are prepared for the benefit of the members of the General Assembly, solely for purposes of information, summarization and explanation and do not represent the intent of the General Assembly or either chamber thereof for any purpose. In general, fiscal impacts are based upon a variety of informational sources, including the analyst's professional knowledge. Whenever applicable, agency data is consulted as part of the analysis, however final products do not necessarily reflect an assessment from any specific department.
OFA Fiscal Note
Agency Affected |
Fund-Effect |
FY 16 $ |
FY 17 $ |
Attorney General |
GF - Potential Cost |
Zero to 10,000 |
Zero to 10,000 |
Labor Dept. |
GF - Potential Revenue Gain |
Up to 3,750 |
Up to 10,000 |
Note: GF=General Fund
Explanation
The bill prohibits certain actions regarding employers requiring access to personal on-line accounts, and establishes civil penalties of up to $500 for initial violations and up to $1,000 for subsequent violations. This results in a potential revenue gain of up to $3,750 in FY 16 and up to $10,000 annually thereafter, and a potential cost to the Office of the Attorney General (OAG) of zero to $10,000 annually beginning in FY 16.
The bill allows an employee to file a complaint with the Labor Commissioner, and requires the Department of Labor (DOL) to investigate any complaint. It allows DOL to levy a penalty of $25 (job applicant) or $500 (employee) for initial violations and $500 (job applicant) or $1,000 (employee) for subsequent violations. It is anticipated that there will be fewer than 10 violations annually, resulting in a revenue gain of up to $3,750 in FY 16 and up to $10,000 annually thereafter.
The Labor Commissioner may request OAG to bring an action in Superior Court to recover any penalties established under the bill. The potential fiscal impact to OAG is a cost of zero to $10,000 annually beginning in FY 16 for potential litigation costs related to the recovery of any such penalties.
There is no impact to the Judicial Department from allowing any aggrieved party to appeal to the Superior Court. The number of appeals is not anticipated to be great enough to need additional resources. The court system disposes of over 400,000 cases annually.
The Out Years
The annualized ongoing fiscal impact identified above would continue into the future subject to inflation.
OLR Bill Analysis
AN ACT CONCERNING EMPLOYEE ONLINE PRIVACY.
This bill prohibits employers from requesting or requiring an employee or job applicant to (1) provide the employer with a user name, password, or other way to access the employee's or applicant's personal online account (see below); (2) authenticate or access such an account in front of the employer; or (3) invite, or accept an invitation from, the employer to join a group affiliated with such an account.
It bars employers from:
1. firing, disciplining, or otherwise retaliating against an employee who (a) refuses to provide this access or (b) files a complaint with a public or private body or court about the employer's request for access or retaliation for refusing such access and
2. refusing to hire an applicant because the applicant would not provide access to his or her personal online account.
Under the bill, a “personal online account” is an online account the employee or applicant uses exclusively for personal purposes unrelated to any of the employer's business purposes, including e-mail, social media, and retail-based Internet web sites. It does not include any account created, maintained, used, or accessed by an employee or applicant for the employer's business purposes.
The bill makes exceptions for accounts and devices the employer provides and for certain types of investigations. Employers covered by the bill include the state and its political subdivisions, but its prohibitions do not apply to a state or local law enforcement agency conducting a preemployment investigation of law enforcement personnel.
The bill allows employees and applicants to file a complaint with the labor commissioner, who can impose civil penalties of up to $25 for initial violations against job applicants and $500 for initial violations against employees. Penalties for subsequent violations can be up to $500 for violations against applicants and up to $1,000 for violations against employees.
EFFECTIVE DATE: October 1, 2015
EXCEPTIONS
The bill provides for a number of circumstances in which an employer can request or require an employee or applicant to provide a user name, password, or other authentication means for a personal online account.
Employer's Accounts and Devices
It allows an employer to request or require that an employee or applicant provide access to:
1. any account or service (a) provided by the employer or by virtue of the employee's work relationship with the employer or (b) that the employee uses for business purposes and
2. any electronic communications device the employer supplied or paid for, in whole or in part.
It defines “electronic communications device” as any electronic device capable of transmitting, accepting, or processing data, including a computer, computer network and computer system, as defined in state law, and a cellular or wireless telephone.
Investigations
The bill allows exceptions for certain investigations, with limitations. Employers can conduct an investigation:
1. based on receiving specific information about activity on an employee's or applicant's personal online account to ensure compliance with (a) applicable state or federal laws, (b) regulatory requirements, or (c) prohibitions against work-related employee misconduct or
2. based on receiving specific information about an employee's or applicant's unauthorized transfer of the employer's proprietary information, confidential information, or financial data to or from a personal online account operated by an employee, applicant, or other source.
An employer conducting these investigations can require an employee to provide access to a personal online account, but cannot require disclosure of the user name, password, or other means of accessing the personal online account. For example, an employee or applicant under investigation could be required to privately access a personal online account, but then provide the employer with access to the account content.
The bill permits an employer to discharge, discipline, or otherwise penalize an employee or applicant who transferred, without the employer's permission, the employer's proprietary information, confidential information, or financial data to or from the employee or applicant's personal online account.
Monitoring and Blocking Data
The bill allows an employer, in compliance with state and federal law, to monitor, review, access, or block electronic data (1) stored on an electronic communications device paid for in whole or in part by the employer or (2) traveling through or stored on an employer's network.
State and Federal Laws
The bill specifies that it does not prevent an employer from complying with state or federal laws, regulations, or rules for self-regulatory organizations (e.g., the Securities Exchange Commission's rules).
ENFORCEMENT
The bill allows employees and applicants to file complaints with the labor commissioner alleging an employer requested or required access to a personal online account or retaliated for a refusal to provide access in violation of this bill. The commissioner must investigate each complaint and may hold a hearing, after which she must send each party a written decision. Any employee or applicant who prevails in a hearing must be awarded reasonable attorneys' fee and costs.
If the commissioner finds an employer violated the bill's ban on requesting access to an employee's account, or retaliated against an employee for refusing to provide access, she can (1) levy a civil penalty against the employer of up to $500 for an initial violation and $1,000 for each subsequent violation and (2) award the employee all appropriate relief, including rehiring or reinstatement, back pay, reestablishment of wages, or any other relief the commissioner deems appropriate.
If she finds an employer violated the bill's ban on requesting access to an applicant's account, or refused to hire an applicant for refusing to provide access, she can (1) levy a civil penalty against the employer of up to $25 for an initial violation and $500 for each subsequent violation.
The commissioner can ask the attorney general to bring a civil suit to recover any of the above civil penalties. Any party aggrieved by the commissioner's decision can appeal to the Superior Court.
COMMITTEE ACTION
Labor and Public Employees Committee
Joint Favorable Substitute
Yea |
13 |
Nay |
0 |
(03/12/2015) |