Beginning on January 1, 2017, the Illinois state legislature amended the Right to Privacy in the Workplace Act, 820 ILCS 55 (“The Act”) to broaden the limitations employers have in regard to access to an employee’s personal online accounts.
Impact of the Right to Privacy in the Workplace Act
The Act that became effective in 2013 made it unlawful for an employer to request or require an employee to provide passwords or account information to gain access to an employee’s account or profile on a social networking site, or to demand access to an employee’s account or profile.
Employers are not only prohibited from gaining access to these personal accounts, but it is also unlawful to “request, require or coerce any employee or prospective employee to provide a user name and password or any password or other related account information in order to gain access to the employee’s or prospective employee’s personal online account or to demand access in any manner to an employee’s or prospective employee’s personal online account.” It should be noted that these guidelines apply to both employers and prospective employers.
Additionally, an employer cannot require an employee to access an online account in the employer’s presence, nor can the employer require an employee to join an online account established by the employer to the employee’s list of contacts that would enable the contacts to access the employee’s personal account. Furthermore, the employer is prohibited from discharging or discriminating against an employee who refuses to take any of the above mentioned actions, or to refuse to hire an applicant based on his or her refusal to take these actions.
Rights of Employers under the Right to Privacy in the Workplace Act
The Act outlines rights that employers retain regarding use of social media in the workplace. The employer has the right to maintain lawful workplace policies concerning the use of the employer’s electronic equipment, such as policies regarding internet use. The employer also has a right to monitor the usage of the employee’s work e-mail. Furthermore, the employer also has a right to obtain information about an employee or prospective employee that is available in the public domain. Additionally, the Act further clarifies that nothing in the Act shall prohibit or restrict an employer’s duty to screen potential employees and to monitor employee communications as required under Illinois insurance laws or federal law.
Although an employer cannot request or require an employee to provide a user name and password, the amended Act states that an employer may request or require an employee to “share specific content that has been reported to the employer” if it is for one of the following reasons:
- ensuring compliance with applicable laws or regulatory requirements;
- investigating an allegation, based on receipt of specific information, of the unauthorized transfer of an employer’s proprietary or confidential information or financial data to an employee or applicant’s personal account;
- investigating an allegation, based on receipt of specific information, of a violation of applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct;
- prohibiting an employee from using a personal online account for business purposes; or
- prohibiting an employee or applicant from accessing or operating a personal online account during business hours, while on business property, while using an electronic communication device supplied by, or paid for by, the employer, or while using the employer’s network or resources, to the extent permissible under applicable laws.
Additional Prohibitions in the Right to Privacy in the Workplace Act
If an employer inadvertently obtains the information prohibited under the Act, the employer is not liable unless the employer uses that information to access the employee’s personal accounts or if after becoming aware of receiving the information, the employer fails to delete the information as soon as reasonably practicable. Exceptions to this rule could be if the employer is retaining the information to be used in an ongoing investigation of a breach or suspected breach of “computer, network, or data security.”
It is important for Illinois businesses to be aware of its rights and obligations as an employer in regard to an employee’s use of personal accounts in the workplace, as well as the prohibition against accessing an employee’s personal accounts.
For more information about this article, or Illinois employment law in general, please feel free to contact John W. Albee at Albee Law PC via telephone at (312) 279-0115 or via email at jalbee@albeelaw.com.
