Utah social media password law takes effect May 14

by Darryl J. Lee

Utah’s Internet Employment Privacy Act (IEPA) goes into effect May 14, making Utah the latest state to prohibit employers from requiring employees or job applicants to disclose their passwords or user names for personal social media accounts. Similar legislation has been enacted in California, Delaware, Illinois, Maryland, Michigan, and New Jersey.

The law provides that employers may not:

  • Request that employees or applicants disclose user names and passwords that allow access to their “personal Internet accounts”; or
  • Take adverse action against, fail to hire, or otherwise penalize employees or applicants for failing to disclose user names and passwords.

The law doesn’t prohibit employers from viewing information on social media websites that can be obtained without a username or password. If an employer violates the IEPA, the employee or applicant can sue for damages, but a court can’t award more than $500.


The IEPA does not prohibit employers from:

  • Requesting or requiring employees to disclose user names or passwords needed only to gain access to (1) an electronic communications device supplied by or paid for in whole or in part by the employer or (2) an account or service provided by the employer, obtained by virtue of the employee’s employment, and used for the employer’s business purposes;
  • Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to a personal Internet account without the employer’s consent;
  • Conducting an investigation or requiring employees to cooperate in an investigation to ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct if (1) there is specific information about activity on an employee’s personal Internet account or (2) the employer has specific information about an unauthorized transfer of its proprietary or confidential information or financial data to an employee’s personal Internet account;
  • Restricting or prohibiting employees’ access to certain websites while they are using (1) electronic communications devices supplied by or paid for in whole or in part by the employer or (2) the employer’s network or resources in accordance with state and federal law; or
  • Monitoring, reviewing, accessing, or blocking electronic data stored on electronic communications devices supplied by or paid for in whole or in part by the employer or stored on the employer’s network in accordance with state and federal law.

More information is available in the May issue of Utah Employment Law Letter.

Darryl J. Lee is a shareholder with Kirton McConkie in Salt Lake City. He can be reached at dlee@kmclaw.com or 801-328-3600.

About Utah Employment Law Letter:
Excerpted from Utah Employment Law Letter written by attorneys at the law firm of Kirton McConkie. The contents of the UTAH EMPLOYMENT LAW LETTER are intended for general information purposes only and should not be construed or relied upon as legal advice or a legal opinion on any specific facts or circumstances. Anyone needing specific legal advice should consult an attorney. For further information about the content of any article in this newsletter, please contact the attorneys at Kirton McConkie..
Bookmark and Share Send to a Colleague

Currently there are no comments related to this article. You have a special honor to be the first commenter. Thanks!

Leave a Reply