Business Law

Susan Park: Idaho needs law to protect employees' online privacy

Assistant professor of business law at Boise State's College of Business and EconomicsApril 16, 2014 

Susan Park, Boise State.JPG

Susan Park


About a year ago, Justin showed up for a job interview in New York. To his surprise, the interviewer asked for his Facebook username and password so she could access his profile to learn more about him.

Michael, a prison guard in Maryland, had to give his boss access to his Facebook profile before he could return from a leave of absence.

A few years before that, the city of Bozeman, Mont., required all job applicants to provide the same log-in credentials to their social media accounts.

These stories might sound exaggerated, but they aren't. They really happened to Justin, Michael and many other employees and job applicants in recent years.

Employers do have a legitimate right to observe public content employees post on the Internet. But a demand for access to an entire social media account, which often includes private information such as messages and photos that are not publicly available, pushes the boundaries of reasonable inquiry.

Many state legislatures across the country have responded. Twelve states recently passed legislation that generally prohibits employers from requiring access to personal social media accounts. Thirty-two other states and Congress are considering similar bills.

Idaho is one of only six states not considering this issue at all.

Historically, content posted on the Internet is not private, at least according to most court decisions. However, that view may be shifting. A federal court in New Jersey recently held that a person who limits access to her Facebook content to a select number of contacts does in fact have some expectation of privacy.

Nonetheless, many experts who study employment law note a decline in employee privacy. Some believe it is virtually nonexistent. Thus, privacy rights supporters are encouraged by this legislative trend.

However, many of the current statutes are inadequate. For instance, some fail to clarify what makes an online account "personal" and therefore off-limits. Given that many employees use a single social media account for both personal and professional purposes, this issue must be better defined.

Other statutes fail to provide for any exceptions, such as investigations into violation of employment policies or an employer's right to access its own equipment. Several also lack penalty or enforcement provisions, leaving employers in the dark about what might happen if the law is violated.

A well-crafted statute covers employees, job applicants and even independent contractors. The law should place off-limits any personal Internet accounts, defined as those used primarily for personal communications unrelated to the employer's interests.

Employers should have a limited right to view content, but never to receive log-in or password information, based upon a reasonable belief that the employee has used the account to violate a known, written workplace policy.

Lastly, the statute should specify the consequences for violating its provisions. A civil cause of action, with fines imposed that are high enough to be taken seriously, would be appropriate.

As always, employers are advised to consult with HR specialists to draft and enforce reasonable social media policies.

Idaho Statesman is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service