Personal social media – like Facebook, Twitter, and MySpace – provide a wealth of information about a person’s true extracurricular activities. Photos can reveal illegal or unbecoming conduct. Status updates admit what a person is doing at any given time. Social media applications even have GPS trackers pinpointing a user’s exact location. These social media sites have for obvious reasons served as an enticing alternative for employers who wish to engage in background checks and monitor employee conduct.
Well, perhaps no more. Effective January 1, 2013, Labor Code section 980 (AB 1844) will prohibit an employer from requesting a job applicant or employee for access to his or her social media, except in limited circumstances. Section (b) of the new statute provides that an employer may not “require or request” a job applicant or employee to do any of the following:
(1) Disclose a username or password for the purpose of accessing personal social media;
(2) Access personal social media in the presence of the employer; or
(3) Divulge any personal social media.
The meaning of this third rule against asking an employee to “divulge any personal social media” is far from clear. Because divulge is used in a very general sense, and not with respect to any specific information, “divulge” apparently means telling the employer which types of accounts the employee has (e.g. Facebook versus MySpace). Yet Legislative history materials, including the California Senate’s analysis, suggest that “divulge” means to disclose specifically the username and password of an account. Until courts interpret the statute more specifically, employers should be careful not to inquire into an employee’s social media practices altogether.
Despite the above, the new law would not prohibit the following:
Accessing employer-issued electronic devices. The new law defines “social media” so broadly it includes e-mails and text messages. Legislators carved out an exception for when employers must access Personal Digital Assistants (“PDAs”) such as Blackberries and iPhones, which may be protected by a password known only to the employee. Generally, employees have no privacy rights to employer-issued PDAs and computers.
Requesting the employee to “divulge” for a bona fide investigation. An employer may request that the employee “divulge any personal social media” if it is relevant to a formal investigation. The new law “does not alter an employer's existing rights and obligations to request an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations, provided that the social media is used solely for purposes of that investigation or a related proceeding.” Lab. Code § 980(c). Because the definition of the term “divulge” in this context is undefined, it remains unclear whether the employer can request the username and password beyond merely asking what types of accounts the employee has. Until this ambiguity is resolved, employers should err on the side of caution when requesting a username or password during a bona fide investigation.
Befriending? The three prohibitions listed above all contemplate a job applicant or employee taking the affirmative step of giving information or else logging in while the employer overlooks so that the employer can step into the employee’s shoes. As written, the law does not appear to prohibit the employer who has its own account from making a “friend request” to the employee or from asking to join the employee’s network. Similarly, the law does not seem to prohibit the employer from using a third party’s account or a strawman account to befriend the employee to be able to view the employee’s web pages. Notwithstanding these alternatives, it is advisable to not use a strawman or third party account to access information as this practice could lead to claims of fraud, misrepresentation, and violation of privacy.
The Legislature did not provide for any specific penalties for violating this new law. As such, existing law under the Labor Code Private Attorneys General Act would likely allow an aggrieved employee to file a civil lawsuit, to receive a specific penalty amount, and to obtain an attorney’s fee award.
Interestingly, the Department of Labor Standards Enforcement has disclaimed any desire or responsibility to investigate or enforce any alleged violations of this new law.