- NJASA
- Legal Corner - Feb/Mar 2015
-
Social Media Password Protection
Recently, along with many other states, New Jersey enacted social media protection legislation. Under N.J.S.A. 34: 6B-5 et seq. (“the act”) an employer may not require or request a current or prospective employee to provide or disclose any user name or password, in any manner, so as to provide the employer with access to a personal account through an electronic communications device. Thus, for example, although as an employer you may ask for voluntary disclosure of such information, employers cannot use methods such as “soldier surfing,”[1] to compel an applicant to accept a “friend request,” or require an applicant to change their privacy settings to permit more information to be available to the public.In addition, employers are not permitted to require an individual to waive or limit any of the protections granted by the act as a condition of applying for or receiving an offer of employment. Any such agreement to waive the protection provided by the act is by its terms against public policy and void. [2] Employers are also prohibited from retaliating or discriminating against an individual because the individual (1) refuses to provide a user name, password or other access to a personal account through an electronic communication device; (2) reports an alleged violation of the act to the Commissioner of Labor and Workforce Development; (3) testifies, assists or participates in an investigation, proceeding, or action concerning a violation of this act; or (4) otherwise opposes a violation of the act.
An employer who violated the provisions of the act is subject to a civil penalty in an amount not to exceed $1,000.00 for the first violation and $2,500.00 dollars for each subsequent violation.[3] There are some important exceptions that spell out options that are still available to New Jersey employers. The act does not prevent employers from complying with the requirements of State or Federal statutes, rules, regulations or case law of self-regulatory organizations. Employers are not prevented from implementing and enforcing a policy that governs the use of an employer issued electronic communications device, or any accounts or services provided by the employer or that the employee uses for business purposes. Employers are also not prevented from conducting an investigation to ensure compliance with applicable laws, regulations, or prohibitions against work-related employee misconduct based upon the receipt of specific information about activity on a personal account. One caveat here is that the employer would need to have obtained the information in a valid manner.
The act defines an electronic communications device as “any device that uses electronic signals to create, transmit, and receive information, including a computer, telephone, personal digital assistant, or other similar device.”
The statute contains an expansive definition of employer. An employer is “an employer or employer's agent, representative, or designee.” The term “employer” does not include the Department of Corrections, State Parole Board, county corrections departments, or any State or local law enforcement agency. Finally a personal account is defined as, “an account, service or profile on a social networking website that is used by a current or prospective employee exclusively for personal communications unrelated to any business purposes of the employer. This definition shall not apply to any account, service or profile created, maintained, used or accessed by a current or prospective employee for business purposes of the employer or to engage in business related communications.”[4]
The act does not prevent employers from viewing or accessing or utilizing information about a current or prospective employee that is available in the public sphere.[5] Until more is known through case law, employees, including school administrators, should always be cautious as to any information they share publicly through electronic means. Likewise, as the lead administrators in their school districts, school administrators must to be attuned to how personal information about an employee’s on-line conduct has been obtained, before proceeding with an investigation and/or with disciplinary action.
Any administrator faced with the necessity to investigate employee social media activity is urged to first consult with his/her board attorney to obtain specific advice on how to proceed.
[1] Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
[2] N.J.S.A. 34:6B-7.
[3] N.J.S.A. 34:6B-9.
[4] N.J.S.A. 34:6B-5 (1).
[5] N.J.S.A. 34:6B-10.