New Connecticut Law Protects Employee Online Privacy
Last week, Connecticut Governor Dannel Malloy signed into law Public Act No. 15-6, titled “An Act Concerning Employee Online Privacy” (“the Act”) which protects prospective and current employees from employer access to their personal online accounts. In so doing, Connecticut joins 20 other states (including Arkansas, California, Colorado, Illinois, Louisiana, Maryland, Michigan, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Oklahoma, Oregon, Rhode Island, Tennessee, Utah, Virginia, Washington, and Wisconsin) in restricting employer attempted forays into their employee’s social media activities. The Act goes into effect on October 1, 2015.
The Act specifically disallows employers from requesting (1) user names, passwords, or other means to access the employee’s or job applicant’s personal online account (including, but not limited to, e-mail, social media, and retail-based Internet websites); (2) authentication or access to a personal online account in the presence of the employer’s representative; or (3) an invitation or acceptance of an invitation from the employer to join a group affiliated with any personal online account.
Further, the Act prohibits retaliatory actions by any employer (including discharging, disciplining, and/or discriminating) against an employee who refuses to provide access to a personal online account; files a complaint with a public or private body or court about the employer’s request for access or retaliation for refusing such access; or refuses to hire an applicant because the applicant would not provide access to his or her personal account. However, several exceptions to this exist. First, employers may conduct an investigation into an employee’s personal online account based upon receiving specific information about activity on an employee’s or applicant’s personal online account to ensure compliance with applicable state or federal laws; regulatory requirements; or prohibitions against work-related employee misconduct. Additionally, an employer may investigate a personal online account based upon specific information about an employee’s or applicant’s unauthorized transfer of employer proprietary information or financial data to or from a personal online account operated by the employee, applicant, or other source. However, even in these exceptions the employer does not have full access and can only request the content and not the username, password, etc.
Under the Act employers still have protections in place, which include monitoring, reviewing, accessing or blocking electronic data stored on electronic communications devices paid for in whole or in part by the employer; or traveling through or stored on the employer’s network.
The new law gives prospective and current employees the right to file a complaint with the state labor commission, and in the event a violation is found, the state labor commissioner may access fines up to $1,000, as well as order rehiring of the employee, back pay, reinstatement of benefits, and other such relief as deemed appropriate.
We encourage our Connecticut members to have their human resource policies updated and in line with these new prohibitions under the Act well before the October 1 deadline.
- Can Employers Make Vaccines Mandatory in COVID-19? - November 12, 2020
- How to Handle Employees and I-9s - October 28, 2019
- Labor Day, a Celebration of Workers, or Is It? - August 22, 2019
Posted In: Legal
BECOME AN ACCA MEMBER