Friday, June 7, 2013

Employers: Think Carefully Before Seeking Access To Employees' Social Media

By Barbara I. Berschler

Given the recent passage of state laws prohibiting employers from requiring employees or applicants to divulge user names and passwords for their social media accounts, employers may find themselves facing a difficult dilemma.  How best, on the one hand, to protect their business’ confidential information and trade secrets and, on the other, not to invade the privacy of employees?

The first law in the nation to prohibit employers from seeking the user name and password of an employee’s social media account was passed in Maryland in 2012.  Since then, about ten states have either passed such social media legislation or are in the process of doing so.

Congress may get into the act.  However, unlike the quick reaction of some states, Congressional action may not come, if at all, for quite a while.  This can be viewed as the glass being both half empty and half full.  With no federal law, the impetus for state action may die down.  However, without a uniform federal standard, employers with operations in several states are likely to find themselves straddling different fences.

Since Maryland passed its law, the focus of enforcement has changed.  Maryland’s act prohibits the employer practice of requiring user names and passwords but says nothing about how the prohibition will be enforced.  By contrast, more-recently enacted state laws incorporate actual enforcement procedures and impose stiff penalties.  For example, Colorado requires an employee who thinks him/herself injured to file a complaint with the State Department of Labor (“CDOL”), which will then investigate, hold a hearing and issue findings.  CDOL can then fine the employer up to $1,000 for a first offense and up to $5,000 for subsequent offenses.  (One pending Congressional proposal titled the Social Networking Online Protection Act (SNOPA)    would, by contrast, authorize the US Secretary of Labor to issue civil penalties for as high as $10,000.00.)

Well, now that I have spoiled your lunch, what is to be done?

The legislation passed or being considered recognizes the employer’s need to protect its proprietary information and provide for exceptions to allow an employer to investigate unauthorized activities by employees.  For example, Maryland prohibits an employee from downloading unauthorized employer information or financial data to the employee’s “personal website, an internet website, a web-based account, or a similar account,” and allows an employer to “investigate” such behavior.

Thus, for those employers who are concerned about improper downloading or divulgence of proprietary information, you may wish to consider applying the following practices:

1.            Adopt clear guidelines in your employee procedures manual that prohibit divulging company proprietary information in any way without permission, and provide examples of the kinds of improper activity that will result in a disciplinary response.

2.            Periodically remind employees of their obligation not to divulge the company’s proprietary information in any media.

3.            Institute a monitoring program of social media sites which are popular and to which the employer can gain access independently.

By identifying clear guidelines as to what you expect of employees concerning the protection of the company’s proprietary information and monitoring social media in general, employers should be able to protect the interests of the company without running afoul of the minefield of legislation I have described.

No comments:

Post a Comment