The Details
Similar to the social media privacy laws of other states, Connecticut’s law prohibits employers from requesting or requiring an employee or applicant to provide a user name and password, password, or any other authentication means for accessing a personal online account.
A personal online account is one that is used by the employee or applicant “exclusively for personal purposes and unrelated to any business purpose of such employee’s or applicant’s employer or prospective employer, including, but not limited to, electronic mail, social media and retail-based Internet web sites.”
Under the law, employers also are prohibited from requiring an employee or applicant to authenticate or access a personal online account in front of the employer. Further, employers are prohibited from requiring an employee or applicant to invite the employer or accept an invitation from the employer to join a group affiliated with the employee’s or applicant’s account.
The Connecticut law does not prohibit employers from conducting certain investigations, such as one to ensure compliance with state or federal laws or regulatory requirements or prohibitions against work-related employee misconduct based on the receipt of specific information about activity on an employee’s or applicant’s personal online account. In addition, the law does not “prevent an employer from complying with the requirements of state or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.”
Employers may monitor, review, access, or block electronic data stored on an electronic communications device paid for, in whole or in part, by the employer, or traveling through or stored on the employer’s network. This may be helpful for employers who have a duty to monitor certain employee communications. For example, in expressing concerns over the effects of state social media laws, the Financial Industry Regulatory Authority (FINRA) noted that its Regulatory Notices 10-06 and 11-39 provide that securities firms must establish procedures to review registered representatives’ written and electronic business correspondence, including interactive electronic communications that the firm or its personnel send through social media sites.
In addition, FINRA requires firms to adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are reasonably supervised to make certain that their communications are fair and balanced. Of course, employers in regulated businesses should review carefully the prohibitions, as well as the exceptions, under state laws in order to shape a strategy for compliance.
As always, please contact your Human Resources Business Partner if you have any questions.
Published in cooperation with Jackson Lewis P.C. This content provides practical information concerning the subject matter covered and is provided with the understanding that ADP is not rendering legal advice.
|