On June 18, 2012, the Pennsylvania House of Representatives introduced the Social Media Privacy Protection Act, which would protect the privacy of employee online user names and passwords.
A summary of the bill, and what this could mean for PA employers, follows after the jump…
Which PA employers does this bill cover?
All of them. More specifically, “a person engaged in a business, an industry, a profession, a trade or other enterprise in this Commonwealth or a unit of State or local government. The term includes an agent, a representative or a designee of the employer.”
What is protected?
Anything online with a username and password. In legal speak, this, “[i]ncludes, but is not limited to, social networking Internet websites and any other forms of media that involve any means of creating, sharing and viewing user generated information through an account, service or Internet website.”
What privacy protections are afforded?
- No requests for employee user names or passwords. The bill provides that an “employer may not request or require that an employee or prospective employee disclose any user name, password or other means for accessing a private or personal social media account, service or Internet website.”
- No discipline or retaliation either. An employer may: (a) “not discharge, discipline or otherwise penalize or threaten to discharge, discipline or otherwise penalize an employee for an employee’s refusal to disclose any [covered information]”; or (b) “[f]ail or refuse to hire any prospective employee as a result of the prospective employee’s refusal to disclose any [covered information].”
Are there any exceptions?
There are three:
- “The employer’s right to promulgate and maintain workplace policies governing the use of an employer’s electronic communication devices. This includes policies regarding the employee’s use of the Internet, social media accounts, services or Internet websites and e-mail use pertaining to the employer.”
- “The employer’s right to monitor the usage of the employer’s electronic communication devices so long as the employer is in compliance with [the privacy protections described above].”
- “The employer’s right to obtain or view any information concerning an employee or prospective employee that exists within the public domain.”
Notably, there are no exceptions for employers to request user names or passwords in connection with a workplace investigation based on a reasonable belief that an employee has violated a workplace policy (e.g., confidentiality, anti-harassment). Although, presumably, if Employee A and Employee B are Facebook friends and Employee A is accused of sexually harassing Employee B on Facebook, Employee B could voluntarily provide her employer with access to her Facebook account so as to permit the employer to see what Employee A has posted about her.
What are the penalties for breaking these rules?
A civil penalty of up to $5,000 in addition to reimbursement for reasonable attorney fees.
What are the chances of this bill passing?
Not anytime soon. The House is on recess until September. Moreover, the bill has 29 sponsors (26 Democrats, 3 Republicans), which indicates to me a lack of bipartisan support. Pennsylvania’s House is Republican controlled and PA’s Governor, Tom Corbett, is also a Republican. Do the math…