New Utah Internet Employment Privacy Act could impact workplace, hiring

Published: Sunday, May 12 2013 6:07 p.m. MDT

The Utah Legislature recently passed the Internet Employment Privacy Act, prohibiting employers from asking employees or applicants for employment to turn over their passwords or user names for their personal social media accounts like Facebook and Twitter. Employers found in violation of the law could face a $500 fine for each occurrence.

Shutterstock

Enlarge photo»

SALT LAKE CITY — A new law taking effect this week may impact the way employers screen potential candidates and how they treat their employees.

The Utah Legislature recently passed the Internet Employment Privacy Act, prohibiting employers from asking employees or applicants for employment to turn over their passwords or user names for their personal social media accounts like Facebook and Twitter. Employers found in violation of the law could face a $500 fine for each occurrence.

The measure is set to take effect Tuesday, making Utah the seventh state in the nation to enact such a law.

While some companies worry the law will take a toll on their hiring procedures, a local labor and employment expert said the news is not all bad for businesses.

Greg Saylin, partner with the Salt Lake City law offices of Dorsey & Whitney, said the time has come for employers to take another look at social media policies.

“Previously, employers were asking for that information, particularly in the application process,” Saylin said. “The idea was to … find out who you really are.”

Employers will still be able to search the Web for publicly available information, but depending upon an individual’s social media settings, private information will be much less accessible. While companies may not have as much access as they would like, there may be some unexpected advantages to be gained from the new law, he said.

“There is wisdom in the application process of the employer not wanting to know (too much about a prospective hire),” Saylin explained. “If you (as an employer) … find information that you’re not legally able to consider when making an employment decision, you have now put yourself on notice of those things."

Even if an employer doesn't use that information, an applicant could come back and potentially use that against the company, he said.

Not being able to ask for social media passwords can be a protection for employers in the long run when it comes to making hiring or employment decisions, Saylin said. The statute does not absolve employers from performing background checks on prospective employees, he noted.

Employers are also not prohibited from complying with their duty to screen employees and applicants before hiring them, or otherwise complying with applicable law. In addition, employers still need to conduct proper due diligence in making hiring decisions to avoid potential negligence litigation, he said.

Saylin acknowledged that the Internet Employment Privacy Act does allow an employer to require employees to disclose user names and passwords in some limited circumstances, such as if the employee uses an electronic communication device that was supplied by or paid for by the employer, as well as when an account or service was provided by the employer and used for the employer’s business purposes.

Businesses are also permitted to discipline or fire employees for transferring proprietary or confidential information or financial data through an employee’s social media account. Companies may also restrict or prohibit employees from logging onto certain websites while using an electronic communication device supplied by or paid for by the employer or while on an employer’s network.

Saylin also said the law allows employers to ask for username and password information when the employer has reason to believe that an employee has improperly disclosed its proprietary, confidential or financial information, or that an employee’s personal Internet activity raises concerns about compliance with applicable laws, regulations and prohibitions against work-related employee misconduct.

“(The new law) is clearly designed to protect the privacy of job applicants and employees,” he said. “(However), the law has been evenly drafted so that it protects the employee, but it also takes into consideration the concerns employers would have by the implementation of such a law.”

Saylin said employers that have not reviewed their social media policies recently should do so before the new law takes effect.

Laws and regulations relating to social media are cutting-edge and in a state of constant change, he said, so in order to avoid potential lawsuits, it is important to understand the new law and what it means to the company.

Email: jlee@deseretnews.com

Twitter: JasenLee1

Get The Deseret News Everywhere

Subscribe

Mobile

RSS