New Washington Social Media Law Protects Employees’ Accounts
In response to growing issues related to privacy and an employee’s online presence, Governor Jay Inslee recently signed s new law making it unlawful for employers to require an employee or applicant to disclose social networking website usernames or passwords, or to force an employee or applicant to add any person to the employee’s list of social networking contacts. This law will become effective July 28.
Washington joins a host of other states that have taken legislative action to protect employee social media accounts. Utah, New Mexico, California, and Michigan have passed similar laws, and more than 20 other states have similar bills pending.
Pertinent aspects of the new Washington law include:
- The law applies to “any person, firm, corporation, or the state of Washington, its political subdivisions, or municipal corporations.” Employers of any size are therefore covered by the law.
- The law specifically states that it does not prohibit an employer from using public domain to obtain information about an employee or applicant Thus, employers may continue to access publicly
available social networking profiles or comments. (Be sure to read up on the articles related specifically to Facebook and LinkedIn or give me a call to discuss some of the other risks and implications related to using even public information.) - Employer-maintained social networking accounts remain fully accessible and are not impacted by this law. Employers are also still free to enforce existing social media policies that do not conflict with the new law or the National Labor Relations Act.
- Certain workplace investigations are specifically exempt from the new law. When employers are conducting workplace investigations surrounding an employee’s activity on his or her personal social networking account, they are permitted to request content from an employee’s account but are still prohibited from requesting an employee’s login information. Under this narrow exception,
the purpose of the investigation must be to: “(i) ensure compliance with applicable laws, regulatory
requirements, or prohibitions against work-related employee misconduct; or (ii) to investigate an
allegation of unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to the employee’s personal social networking account.”
With this new law in mind, employers whose policies currently require employees or applicants to disclose personal username and passwords should begin implementing a change to those policies. Employers should also train anyone involved in making employment decisions on the new law’s provisions.
If an employer determines that it may need social media content to investigate legal compliance, work-related misconduct, or the improper disclosure of the employer’s proprietary or confidential information, then the law allows employers to request content from personal social media sites. Employers should consider seeking advice of counsel when considering whether such a need exists in a particular situation.
Employers should periodically review their existing social media policies and practices to make sure that they are in compliance with all current laws.