Last week, CA became the third state to pass a law that bans employers from requesting online usernames and passwords from employees and job candidates. Maryland was the first state to pass such a law; Illinois was the second.
As in the other two states, not only is it illegal to request online information, but also CA employers may not retaliate against anyone who refuses to turn it over.
There are two carve-outs in the CA law to protect legitimate employer interests. An employer may:
- require an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations; or
- require or request an employee to disclose a username, password, or other method for the purpose of accessing an employer-issued electronic device.
Meanwhile, in NJ, the Senate Labor Committee voted 4-0-1 in favor of a similar bill. Under the proposed NJ legislation, the aggrieved party may seek injunctive relief, compensatory damages, counsel fees and court costs. According to Law.com (here), the 1 absention came from a Republican Senator who wishes to amend the bill by removing that private cause of action.
That legislation now goes to Governor Christie for signature.