Washington is the latest U.S. state to pass legislation banning employers from requesting employees’ user names and passwords for their personal social media accounts. The law also prohibits employers from forcing workers to log in to their accounts in front of their employers so employers can view postings. Further, employers may not require employees to add employers as friends or ask employees to change their personal settings to make postings more visible to third parties. And, employers cannot punish employees for refusing to disclose their personal log-in information, reports Corporate Counsel.
Exceptions to the law are made if the employer is investigating an employee’s alleged misconduct or if an employee is accused of making unauthorized transfers of proprietary information. In those circumstances, employers still can’t require employees to turn over their log-in information, but they can ask employees to voluntarily provide the information. The law also doesn’t apply to social media sites and platforms used primarily for work purposes.
This has become an issue as the use of social media in and outside the workplace has grown exponentially. Some employers have contended that they need access to their employees’ personal social media accounts to protect proprietary information and business intelligence, as well as to meet federal financial regulations and minimize legal risk. Lawmakers are siding with the opposition, which blasts such attempts as an invasion of employees’ privacy.
The National Conference of State Legislatures reports that since 2012, 14 states have passed such laws: Arkansas, California, Colorado, Delaware, Illinois, Maryland, Michigan, Nevada, New Jersey, New Mexico, Oregon, Utah, Vermont, and now Washington. Legislation has been introduced or is pending in the remaining 36 states. Some states have similar laws protecting students at U.S. colleges and universities.
This is yet more evidence that information governance professionals are working in a rapidly shifting landscape and that they must stay up-to-date on changes in privacy legislation, as well as more traditional areas of change. In fact, the experts behind the Information Governance Reference Model felt that privacy and security are such a large part of the overall business environment that they should be called out specifically as key areas of risk that each organization should address.
A free white paper available from ARMA International, “IGRM Update: Privacy & Security Officers as Stakeholders,” recognizes the inter-relationships among privacy/security, business needs, legal/risk, records and information management, and IT as key to the effectiveness of information governance programs. This white paper and other resources related to information governance are available through the ARMA online bookstore at www.arma.org/bookstore.