By Barbara I. Berschler
Given the recent passage of state laws prohibiting employers
from requiring employees or applicants to divulge user names and passwords for their
social media accounts, employers may find themselves facing a difficult dilemma. How best, on the one hand, to protect their
business’ confidential information and trade secrets and, on the other, not to invade
the privacy of employees?
The first law in the nation to prohibit employers from seeking
the user name and password of an employee’s social media account was passed in
Maryland in 2012. Since then, about ten states
have either passed such social media legislation or are in the process of doing
so. http://www.ncsl.org/issues-research/telecom/employer-access-to-social-media-passwords.aspx
Congress may get into the act. http://www.tlnt.com/2013/03/22/federal-social-media-privacy-law-introduced-in-congress/ http://abcnews.go.com/Technology/snopa-law-make-illegal-employers-passwords-reintroduced-congress/story?id=18422329#.UajNA9jHaaI However, unlike the quick reaction of some
states, Congressional action may not come, if at all, for quite a while. This can be viewed as the glass being both half
empty and half full. With no federal
law, the impetus for state action may die down.
However, without a uniform federal standard, employers with operations
in several states are likely to find themselves straddling different fences.
Since Maryland passed its law, the focus of enforcement has
changed. Maryland’s act prohibits the
employer practice of requiring user names and passwords but says nothing about
how the prohibition will be enforced. By
contrast, more-recently enacted state laws incorporate actual enforcement
procedures and impose stiff penalties. For
example, Colorado requires an employee who thinks him/herself injured to file a
complaint with the State Department of Labor (“CDOL”), which will then investigate,
hold a hearing and issue findings. CDOL
can then fine the employer up to $1,000 for a first offense and up to $5,000
for subsequent offenses. (One pending
Congressional proposal titled the Social Networking Online Protection Act
(SNOPA)http://www.govtrack.us/congress/bills/113/hr537/text would, by contrast, authorize the US
Secretary of Labor to issue civil penalties for as high as $10,000.00.)
Well, now that I have spoiled your lunch, what is to be
done?
The legislation passed or being considered recognizes the
employer’s need to protect its proprietary information and provide for
exceptions to allow an employer to investigate unauthorized activities by
employees. For example, Maryland
prohibits an employee from downloading unauthorized employer information or
financial data to the employee’s “personal website, an internet website, a
web-based account, or a similar account,” and allows an employer to
“investigate” such behavior.
Thus, for those employers who are concerned about improper
downloading or divulgence of proprietary information, you may wish to consider
applying the following practices:
1. Adopt clear guidelines in your
employee procedures manual that prohibit divulging company proprietary
information in any way without permission, and provide examples of the kinds of
improper activity that will result in a disciplinary response.
2. Periodically remind employees of
their obligation not to divulge the company’s proprietary information in any
media.
3. Institute a monitoring program of
social media sites which are popular and to which the employer can gain access
independently.
By identifying clear guidelines as to what you expect of
employees concerning the protection of the company’s proprietary information
and monitoring social media in general, employers should be able to protect the
interests of the company without running afoul of the minefield of legislation
I have described.
No comments:
Post a Comment