Privacy Advisor

State Social Media Privacy Laws Top Legislative Roundup

May 24, 2013

By Jedidiah Bracy

Over the past two weeks, several states have enacted or initiated privacy legislation. California has moved forward a security breach notification law, and Maine has considered a 911 privacy bill. Topping state legislative action, however, are social media privacy laws—from Utah to New Jersey, states are clamping down on the employer practice of requiring employees and applicants to disclose social media passwords.

Employee Social Media Privacy

Two state social media privacy laws went into effect this month. Utah’s Internet Employment Privacy Act (IEPA) became effective on May 14, hr.blr.com reports. Under the new legislation, employers may not request employee or applicant usernames and passwords to “personal Internet accounts,” or “take adverse action” or fail to hire for not disclosing such information. There are at least five exceptions built into the IEPA, including situations when an employee transfers “employer’s proprietary or confidential information or financial data to an employee’s personal Internet account without the employer’s authorization.”

A new employee Internet privacy law also became law in Colorado. Effective as of May 11, House Bill 13-1046 bars employers from requiring employees and applicants to share social media account data or from firing or refusing to hire an applicant for not doing so. Employers found in violation could face up to $1,000 for the first offence and up to $5,000 for each subsequent offence.

COMPUTERWORLD reports that the slew of newly inked social media privacy laws “present something of a mixed bag.” One expert noted that the new state laws should prompt businesses to be “reviewing their social media policies continuously…These laws are changing on a frequent basis, so reviewing them with counsel or HR personnel is a wise thing to do.”

One of the biggest concerns is that these state laws may conflict with the Financial Industry Regulatory Authority (FINRA). According to FINRA, it is seeking exemptions in states with such laws to ensure that stockbrokers who discuss stocks on social media are complying with their firm’s disclosure policies. FINRA worries that the new laws will “conflict with securities rules and threaten investor protection,” Mondaq reports.

Data Breach Notification

The California Senate has unanimously passed legislation that would require individuals and organizations possessing personal information to notify their clients or customers if their data is breached. State Bill 46 was sponsored by California Attorney General Kamala Harris.

911 Privacy

The Maine state legislature is considering amending a law that would make 911 calls in cases of homicide exempt from the state’s open records law. Law enforcement is concerned the disclosure of the calls could jeopardize prosecutions, but state media organizations argue that open records laws allow for necessary government oversight.

Editor’s Note: For more on the conflict between open records and Big Data privacy concerns, see our recent report on “Assessing Public Information in the Digital Age.”