How will the current trend to legislate employee rights regarding social media access affect our law enforcement personnel practices? Not much if we continue to use reasonable and defensible practices. Recently, six states have passed legislation directly targeting employers’ access to and use of employees’ social media sites. We should expect that more would do so or be encouraged to do so. The legislation in New Jersey and Delaware is specifically oriented to educational institutions and Maryland’s is focused on hiring. But we should look at the elements in three other states that might signal the trend for the future – Illinois, California and Michigan.
In Illinois, 820ILCS55/10(2012), states, “It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.” It does indicate that this is not applicable to employer electronic equipment. It further states, “Nothing in this subsection shall prohibit an employer from obtaining about a prospective employee or an employee’s information that is in the public domain or that is otherwise obtained in compliance with this amendatory Act of the 97th General Assembly.”
California 2012 Cal ALS 618 (Chapter 2.5 § 980) states, “This bill would prohibit an employer from requiring or requesting an employee or applicant for employment to disclose a username or password for the purpose of accessing personal social media, to access personal social media in the presence of the employer, or to divulge any personal social media. This bill would also prohibit an employer from discharging, disciplining, threatening to discharge or discipline, or otherwise retaliating against an employee or applicant for not complying with a request or demand by the employer that violates these provisions.” It has provisions, however, for investigations of allegations of employee misconduct, “(b) An employer shall not require or request an employee or applicant for employment to do any of the following: (1) Disclose a username or password for the purpose of accessing personal social media. (2) Access personal social media in the presence of the employer. (3) Divulge any personal social media, except as provided in subdivision (c). (c) Nothing in this section shall affect an employer’s existing rights and obligations to request an employee to divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations, provided that the social media is used solely for purposes of that investigation or a related proceeding.”
Michigan, in its HB 5523 “Internet Privacy Protection Act,” states, “Sec. 3. An employer shall not do any of the following: (a) Request an employee or an applicant for employment to grant access to, allow observation of, or disclose information that allows access to or observation of the employee’s or applicant’s personal internet account. (b) Discharge, discipline, fail to hire, or otherwise penalize an employee or applicant for employment for failure to grant access to, allow observation of, or disclose information that allows access to or observation of the employee’s or applicant’s personal internet account.” It further has specific sections on employer’s rights, “Sec. 5. (1) This act does not prohibit an employer from doing any of the following: (a) Requesting or requiring an employee to disclose access information to the employer to gain access to or operate any of the following: (i) An electronic communications device paid for in whole or in part by the employer. (ii) An account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes. (b) Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal internet account without the employer’s authorization. (c) Conducting an investigation or requiring an employee to cooperate in an investigation in any of the following circumstances: (i) If there is specific information about activity on the employee’s personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct. (ii) If the employer has specific information about an unauthorized transfer of the employer’s proprietary information, confidential information, or financial data to an employee’s personal internet account.” It further has provisions, “(2) This act does not prohibit or restrict an employer from complying with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications that is established under federal law or by a self- regulatory organization, as defined in section 3(a)(26) of the securities and exchange act of 1934, 15 USC 78c(a)(26). (3) This act does not prohibit or restrict an employer from viewing, accessing, or utilizing information about an employee or applicant that can be obtained without any required access information or that is available in the public domain.”
Upon review of what just mentioned, one may notice each one of these legislative acts is slightly different. Most allow for some exception if the employer is conducting an investigation about employee misconduct. If your agency is in one of the states that have enacted this type of legislation, you should consult with your legal staff for specific guidance.
One interesting aspect of all of these, however, is that it doesn’t preclude obtaining data in the public domain. If your investigators are up to date and knowledgeable, they should certainly know how to access this type of data in social media sites without the assistance of the employee or candidate.
The next section of this article will discuss this issue on two fronts. The first will be the affect during the hiring process for new employees. The second addresses any potential impact to administrative investigations.
During the hiring phase in law enforcement we access numerous restricted and/or protected areas of a candidate’s personal data. For example, we require them to tell us about their medical history. If necessary, they might be required to provide a medical release so we can access their medical histories directly from the medical provider. We do similar requests for employment history and again, if necessary, request that the candidate sign a waiver to allow the prior employer to divulge this information. We use our law enforcement position to access the candidate’s driving and arrest histories. In many cases we access the candidate’s credit history. All of these are reasonable. In law enforcement we can show the relationship between the personnel data and performance indicators as relevant predictors of future success as a potential member of the agency or department.
If the candidate has a social media account, that information is as relevant as those described above. At LLRMI we have advocated that public safety agency employee candidates sign an affidavit or affirm their activity with any social media site. Again, if necessary, we would request that the employee candidate allow the background investigator access to this site. We don’t need their secret password! We have recommended that the background investigator do this in the presence of the candidate so that explanations can be given directly to the investigator. A candidate is not going to be screened out simply because s/he has a social media account. However, sometimes the candidate’s behavior as reflected in the social media site might reasonably warrant further inquiry during the background investigation.
The second relevant area in this topic is regarding access to an employee’s social media account during an administrative investigation. Again, at LLRMI, we recommend that your written policy specifically addresses this issue to put all employees on notice. None of our public safety agencies are routinely monitoring these types of social media sites, they certainly have much more to do. But when it comes to an agency’s notice that something on an employee’s social media site might have the potential to adversely affect the employee’s performance or ability to perform, or might have the potential to adversely affect the agency’s morale, operations or efficiency, we have a duty and responsibility to look into the matter. We must think of the impact that we’ve seen throughout the country when something in an employee’s site hits the local news media or is found by a civil plaintiff or criminal defense attorney.
Again, we don’t need the employee’s password. If it “directly, specifically and narrowly” relates to the employee’s job performance, we need to simply order them to allow us to have access to the site. Again, it’s recommended that you conduct any review in the employee’s presence. This will allow the employee an opportunity to clarify or explain any content in the site.
Note: Court holdings can vary significantly between jurisdictions. As such, it is advisable to seek the advice of a local prosecutor or legal adviser regarding questions on specific cases. This article is not intended to constitute legal advice on a specific case.