Quantcast
Home / News in Brief / New law protects employee social media accounts

New law protects employee social media accounts

An employer cannot require an employee to turn over usernames or passwords for personal social media accounts under a new law signed by Gov. Terry McAuliffe last month and taking effect July 1.

The new statute, Virginia Code § 40.1-28.7:5, applies to social media accounts of current and prospective employees, and adds state and local governments to the broad definition of private employers under Code § 40.1-2.

Although the law says an employer can’t refuse to hire a job applicant “for exercising his rights” under the statute, it does not prohibit an employer from viewing information about a current or prospective employee that is “publicly available.”

House Bill 2081, signed on March 23, law defines a “social media account” as a “personal account with an electronic medium or service where users may create, share or view user-generated content,” including videos, photographs, blogs, podcasts, messages, emails or website profiles or locations.

The law draws a line between an employee’s personal social media account and accounts linked to the employer. The statute prohibits employers from requiring an employee to disclose a user name and password to a personal account, or requiring that another employee, supervisor or an administrator be added to the list of contacts for the employee’s account.

However, an employer may maintain access to job-related online content, as the statute excludes from the definition of “social medial accounts” accounts opened by an employee at the employer’s request; accounts provided to an employee by an employer, such as the employee’s email account or a proprietary software account; and accounts set up by an employee on behalf of an employer.

The statute also protects an employer’s right to access an account set up by an employee to impersonate an employer through the use of the employer’s name, logos or trademarks.

Some employers, including law firms, may provide smartphones, laptop computers, or other electronic devices for their employees’ use. If an employer inadvertently receives an employee’s username and password to, or other login information for, an employee’s account, through a device provided by the employer or a network monitoring program used by the employer, the employer won’t be liable for having that information, but “shall not use the information to gain access to an employee’s social media account.”

An employer is prohibited from taking action against an employee or threatening discipline or discharge of an employee who exercises her rights under the statute.

The new law explicitly says that nothing in the statute “affects an employer’s existing rights” to request an employee to share a username or password for a social media account that is “reasonably believed to be relevant to a formal investigation or related proceedings” involving allegations of an employee’s violation of federal, state or local laws or of the employer’s written policies. A username or password provided in this context is to be used only for the purpose of the formal investigation or related proceeding.

One comment

  1. In my opinion, this statute does nothing to protect employees’ social media accounts. Subsection (F) eliminates any true protection and may actually provide support for employers who want to access employees’ social media accounts. Why is this law getting PR as “protection” for employees?

Leave a Reply