PA 15-6—sSB 426
Labor and Public Employees Committee
AN ACT CONCERNING EMPLOYEE ONLINE PRIVACY
SUMMARY: This act generally prohibits employers from requesting or requiring an employee or job applicant to (1) provide the employer with a user name, password, or other way to access the employee's or applicant's personal online account (see below); (2) authenticate or access such an account in front of the employer; or (3) invite, or accept an invitation from, the employer to join a group affiliated with such an account.
It bars employers from:
1. firing, disciplining, or otherwise retaliating against an employee who (a) refuses to provide this access or (b) files a complaint with a public or private body or court about the employer's request for access or retaliation for refusing such access or
2. refusing to hire an applicant because the applicant would not provide access to his or her personal online account.
Under the act, a “personal online account” is an online account the employee or applicant uses exclusively for personal purposes unrelated to any of the employer's business purposes, including e-mail, social media, and retail-based Internet web sites. It does not include any account created, maintained, used, or accessed by an employee or applicant for the employer's business purposes.
The act provides exceptions for accounts and devices the employer provides and certain types of investigations. Covered employers include the state and its political subdivisions, but the act does not apply to a state or local law enforcement agency conducting a preemployment investigation of law enforcement personnel.
The act allows employees and applicants to file a complaint with the labor commissioner, who can impose civil penalties on employers of up to $25 for initial violations against job applicants and $500 for initial violations against employees. Penalties for subsequent violations can be up to $500 for violations against applicants and up to $1,000 for violations against employees.
EFFECTIVE DATE: October 1, 2015
The act specifies several circumstances under which its prohibitions do not apply.
Employer's Accounts and Devices
The act allows an employer to request or require an employee or applicant to provide access to:
1. any account or service (a) provided by the employer or by virtue of the employee's work relationship with the employer or (b) that the employee uses for the employer's business purposes and
2. any electronic communications device the employer supplied or paid for, in whole or in part.
It defines an “electronic communications device” as any electronic device capable of transmitting, accepting, or processing data, including a computer, computer network and computer system, as defined in state law, and a cellular or wireless telephone.
The act allows employers conducting certain investigations to require employees or applicants to provide access to a personal online account, but they cannot require disclosure of the user name, password, or other means of accessing the account. (For example, an employee under investigation could be required to privately access an account and then allow the employer to see the account's contents. )
Employers can require this access when conducting investigations:
1. to ensure compliance with (a) applicable state or federal laws, (b) regulatory requirements, or (c) prohibitions against work-related employee misconduct or
2. into an employee's or applicant's unauthorized transfer of the employer's proprietary information, confidential information, or financial data to or from a personal online account operated by an employee, applicant, or other source.
The investigations must be based on the employer receiving specific information about the employee's or applicant's personal online account activity or unauthorized transfer of information.
The act permits an employer to discharge, discipline, or otherwise penalize an employee or applicant who transferred the employer's proprietary information, confidential information, or financial data to or from the employee's or applicant's personal online account without the employer's permission.
Monitoring and Blocking Data
The act allows an employer, in compliance with state and federal law, to monitor, review, access, or block electronic data (1) stored on an electronic communications device paid for, in whole or in part, by the employer or (2) traveling through, or stored on, an employer's network.
State and Federal Laws
The act specifies that it does not prevent an employer from complying with state or federal laws, regulations, or rules for self-regulatory organizations (e. g. , the Securities and Exchange Commission's rules).
The act allows employees and applicants to file complaints with the labor commissioner alleging an employer requested or required access to a personal online account or retaliated for a refusal to provide access. The commissioner must investigate each complaint and may hold a hearing, after which she must send each party a written decision. Any employee or applicant who prevails in a hearing must be awarded reasonable attorneys' fees and costs.
If the commissioner finds an employer violated the act's ban on requesting access to an employee's account, or retaliated against an employee for refusing to provide access, she may (1) impose a civil penalty against the employer of up to $500 for an initial violation and $1,000 for each subsequent violation and (2) award the employee all appropriate relief, including rehiring or reinstatement, back pay, reestablishment of benefits, or any other relief the commissioner deems appropriate.
If she finds an employer violated the act's ban on requesting access to an applicant's account, or refused to hire an applicant for refusing to provide access, she may impose a civil penalty against the employer of up to $25 for an initial violation and $500 for each subsequent violation.
The commissioner can ask the attorney general to bring a civil suit to recover any of the above civil penalties. Any party aggrieved by the commissioner's decision may appeal to Superior Court.
OLR Tracking: LRH; JKL; PF; BS