Illinois Second State to Enact Law Barring Employers from Obtaining Current or Prospective Employees' Social Media Account Credentials

By Boris Segalis and Nihar Shah. Earlier this week, following in the footsteps of Maryland, Illinois Governor Pat Quinn signed a law amending the state’s Right to Privacy in the Workplace Act to prohibit employers from asking current and prospective employees for their personal social media account credentials. The Maryland and Illinois legislation is a response to reports that circulated earlier this summer suggesting that employers sought job applicants’ social media account credentials to consider the candidates’ behavior on social media in the hiring process. At least 15 other states, includingCalifornia and Michigan, are considering similar laws.

Under the Illinois statute, employers that require employees or prospective employees “to provide any password or other related account information in order to gain access [to] … a social networking website … [or] profile,” are subject to the state Attorney General’s power to levy minimum fines of $100 to $300 per violation, with much more substantial fines possible at the Attorney General’s discretion.

The extension of workplace privacy protections to social media account credentials continues the trend of stronger privacy protections for employees at the federal and state levels. For example, as we previously reported, beginning in the fall of 2010, the National Labor Relations Board has reinterpreted the National Labor Relations Act to establish broad protections for union and non-union employees’ statements on social media. In addition, both states and the federal government (particularly, the EEOC) have been combating the use of credit reports in the hiring process. Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers. Employers must ensure that their policies that impact employee privacy (e.g., social media policies, monitoring policies, BYOD policies and others) are and remain consistent with the evolving legal requirements.