HR Management & Compliance

Utah social media password law takes effect May 14

By Utah Employment Law Letter May 2, 2013 HR Management & Compliance

Updated: May 2, 2013

by Darryl J. Lee

Utah’s Internet Employment Privacy Act (IEPA) goes into effect May 14, making Utah the latest state to prohibit employers from requiring employees or job applicants to disclose their passwords or user names for personal social media accounts. Similar legislation has been enacted in California, Delaware, Illinois, Maryland, Michigan, and New Jersey.

The law provides that employers may not:

Request that employees or applicants disclose user names and passwords that allow access to their “personal Internet accounts”; or

Take adverse action against, fail to hire, or otherwise penalize employees or applicants for failing to disclose user names and passwords.

The law doesn’t prohibit employers from viewing information on social media websites that can be obtained without a username or password. If an employer violates the IEPA, the employee or applicant can sue for damages, but a court can’t award more than $500.

Exceptions

The IEPA does not prohibit employers from:

Requesting or requiring employees to disclose user names or passwords needed only to gain access to (1) an electronic communications device supplied by or paid for in whole or in part by the employer or (2) an account or service provided by the employer, obtained by virtue of the employee’s employment, and used for the employer’s business purposes;

Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to a personal Internet account without the employer’s consent;

Conducting an investigation or requiring employees to cooperate in an investigation to ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct if (1) there is specific information about activity on an employee’s personal Internet account or (2) the employer has specific information about an unauthorized transfer of its proprietary or confidential information or financial data to an employee’s personal Internet account;

Restricting or prohibiting employees’ access to certain websites while they are using (1) electronic communications devices supplied by or paid for in whole or in part by the employer or (2) the employer’s network or resources in accordance with state and federal law; or

Monitoring, reviewing, accessing, or blocking electronic data stored on electronic communications devices supplied by or paid for in whole or in part by the employer or stored on the employer’s network in accordance with state and federal law.

More information is available in the May issue of Utah Employment Law Letter.

Darryl J. Lee is a shareholder with Kirton McConkie in Salt Lake City. He can be reached at dlee@kmclaw.com or 801-328-3600.

HR Management & Compliance

Leave a Reply Cancel reply

6 Steps to Conflict Resolution in the Workplace

Understanding EEO Job Categories for the EEO-1 Report

7 Tips for Retaining Employees During Addiction Treatment

Bringing Them Back: Key Considerations as Employers Bring Employees Back Into the Office

Recruiting & Talent Acquisition: Taking Storm in 2024

How Task Automation and Employee Self-Service Are Reshaping the HR Experience

Too Much Tech: How Cognitive Overload Harms Employee Engagement

HR and Compliance Trends for 2024 and Beyond