Employee advocacy and/or engagement has been all the rage for a few years now. It makes sense. Having a fleet of employees engaged in social media to promote their employer is a tremendous asset. Most of those employees willingly participate, share, “like” and otherwise promote their employers on social media. However, what if an employee refuses to participate? Can an employer require participation? Can an employer terminate an employee who refuses to “like” or “follow” a company social media page?
New Illinois Law Is Instructive:
Before January 1, 2017, the Illinois Right to Privacy in the Workplace Act (“RPWA”) prohibited employers from requiring employees to provide their social media login credentials (like usernames and passwords), among other things. Illinois was not alone. According to the National Conference of State Legislatures, at least 25 states have passed social media privacy laws that apply to employers. Those laws range from prohibiting employers from “shoulder surfing” in order to see employee social media activity, to prohibiting employers from requiring employees to disclose login information, and some apply to applicants, while others apply to employees as well as applicants. A summary of some tips for dealing with these wide-ranging laws (particularly problematic for multi-state employers) can be found in the post titled New Password Protection Laws in the Workplace.
Effective January 1, 2017, new amendments to the RPWA expand the law in at least two significant ways that may spread across the United States, or into any federal legislation on the topic:
1) First, the amendments now make the law applicable to “personal online accounts,” rather than just “social networking websites.” So, not only are an employee’s accounts on Facebook, LinkedIn, Instagram and other “social networking websites” subject to the RPWA, but so are (at least arguably) an employee’s other “personal online accounts” like web-based email accounts (Gmail, Yahoo and the like), and possibly other accounts including online dating accounts, and online gaming accounts.
2) Second, employers in Illinois cannot require or coerce employees and applicants to invite employers to join groups connected with employees’ personal online accounts. Similarly, employers cannot require or coerce employees and applicants to join the employers’ online accounts or to add employers to the employees’ contact lists in their personal online accounts. Finally, employers cannot retaliate against employees or applicants for refusing to engage in these prohibited activities.
What Does This New Law Mean?
So, what does this mean? Essentially, employers in Illinois cannot require an employee to connect, follow, “like” or otherwise join the employee’s online accounts with the employers’ online accounts. So, if an employee does not want to “like” his employer’s Facebook page, he cannot be forced to do so, and he cannot be retaliated against for refusing to do so.
The main theory behind the new amendments is that employee privacy should be protected from overreaching employers. Simply, if/when employees connect with an employer’s Facebook page, for example, the employer may then have access (or at least notice) of the employees’ other Facebook activity and personal information.
For employers attempting to engage employees in employee advocacy programs, this new law requires attention. Employees can certainly voluntarily engage in online employee advocacy activities. However, employers cannot mandate (and not even request) it via use of employees’ personal online accounts. So any programs to incentivize, gamify, etc. employee use of personal online accounts in promoting employer online accounts would face legal challenges in Illinois.
What Can An Employer Do Under the Law?
The new law confirms that employers can (and should) have lawful policies related to employee use of social media. Some of those such policies may include items like protection of confidential/trade secret information, prohibition of harassing and racist behavior, compliance with Federal Trade Commission (“FTC”) requirements on endorsements and disclosures, and appropriate use of employer email and computer use. Furthermore, employers can ask employees to turn over online information when employers are investigating alleged disclosures of confidential/trade secret information, and/or other allegations of employee misconduct and illegal activity. Finally, employers can also prohibit employees from going online for personal reasons during work time, and/or using company resources for personal online activities. And, employers can still monitor employee online activity during work hours, if they wish.
The new law also provides for the situation when an employer inadvertently learns of an employee’s personal private information. The employer should delete personal online account information obtained inadvertently, within a reasonably practicable time. The employer should also take steps to secure the inadvertently obtained personal online account information from disclosure. So the information obtained should be deleted, and not disseminated. Finally, of course, employers are prohibited from using (and/or allowing others to use) the inadvertently obtained personal information.
While harnessing the power of loyal employees can help any employer, laws may be catching up a bit. Now, in Illinois, for example, an employer cannot require or even coerce employees to link personal online accounts with employer accounts. The impetus behind these amendments is to protect employee privacy. It is likely that other states, and perhaps the federal government, will take similar or further actions to protect employee privacy. As technology changes, so will applicable laws, and companies must remain informed and adapt to both new laws and new technologies.
DISCLAIMER: Information provided on this website is not legal advice. It does not create an attorney-client relationship. Nor should you act on anything stated in this article without conferring with the Author or other legal counsel regarding your specific situation.