From the “Who Did This, Anyway?” File: Wisconsin Now Prohibits Employers from Requesting Employee Personal Social Media Passwords.

Blog Pic - WI CapitolIn what strikes me as a solution in search of a problem, Wisconsin law was recently changed to prohibit employers from “request[ing] or requir[ing] an employee  or applicant for employment, as a condition of employment, to disclose access information for the personal Internet account of the employee or applicant or to otherwise grant access to or allow observation of that account.” While I’m guessing that some employer somewhere in the state requested this information at some point (or someone just imagined they might do it some day), I am not aware of any employers who actually requested employees’ private social media passwords.

With all the hype about this new employee privacy right, I think it’s important for employees and employers alike to realize that employers still have many rights when it comes to social media, IT, and what employees may do on the employer’s time and equipment.

What does the new law prohibit?

Wisconsin employers cannot request or require user name and password information (among other security information) that protects access to fingerprintemployees’ personal Internet accounts. The law prohibits any adverse employment action based upon an employee’s refusal to provide the information or exercise of his or her rights under the statute. The penalty for violation isn’t significant – up to $1,000. However, if an employee is discharged or otherwise discriminated against in violation of this law (or an applicant not hired in violation of the law), a complaint may be filed with the Wisconsin Department of Workforce Development’s Equal Rights Division (ERD). It will be handled like any discrimination complaint by ERD, with the possible remedy being the same one afforded in discrimination cases:  making the discriminated-against employee whole. This can mean significant liability for the employer, so it’s advisable to comply with the law.

What rights do EMPLOYERS have regarding employee use of social media?

It seems many employees operate under the mistaken notion that their work e-mail account and devices provided by the employer are private. Not so. In fact, as this law reiterates, if the employer supplied or paid employee at computerfor (in whole or in part) the IT device used for electronic communications, the employer may require employees to provide access to the device (including requiring user names and passwords necessary to access the device). This also applies to account services provided by the employer (again, including user names and passwords).

When using electronic communications devices provided by the employer,  the employer may restrict which sites are accessed on the device. The same is true when the employee is using the employer’s network, time, or other resources. Think of it as a property rights issue – if the property is the employer’s, the employer has the right to say who uses it and how it is used.

What About the Employer’s Proprietary Information?

If an employee transfers confidential or other proprietary information maintained by the employer to his or her personal account without the employer’s authorization, the employer may discipline the employee for this. That information belongs to the employer (or its clients, if the employer is maintaining the information for them) and the Internetemployer is well within its rights to restrict access to it. It is helpful if the employee handbook or employment agreement directly references this, too. Employers may also require employees to provide access to the employee’s personal Internet accounts IF the employer “has reasonable cause to believe that activity on the employee’s personal Internet account relating to” alleged transfers of information or other employment-related misconduct has occurred.

Violation of a work rule specified in an employment handbook is one type of misconduct for which the employer may demand access. This is yet another good reason to have a carefully-drafted, legally-compliant employee handbook prepared (or, at least, reviewed) by an attorney familiar with your business.

If an employee or applicant for employment posts information online (say, compromising photos on facebook), an employer is also perfectly within its rights to access information that can be obtained without access information or that is available in the public domain. In other words, if the applicant or employee is naive enough to post something they would not want their employer to see, that information can and will be used against them. And, why not?

So, the bottom line on this is that not much has changed for most people – but, if you’re an employer who previously requested access to your employee’s personal Internet accounts, stop that right now.

Disclaimer fine printCovering my bases: There is no legal advice contained in this post. Legal advice entails applying the law to specific facts. I don’t know what your facts are and any resemblance to them here is purely coincidental. Instead, this post is meant to provide general information, which may or may not be complete and accurate. If you need legal guidance, please feel free to contact me using the contact information on my firm’s web site – www.salberglaw.com.

Leave a Reply

Your email address will not be published. Required fields are marked *