Following a nationwide trend, New Jersey is now the 12th state to pass a social media privacy law (A2878). The new law, which takes effect on December 1, 2013, prohibits employers from requiring employees and job applicants to disclose their user names, passwords and other means of access to their accounts or profiles on social networking websites through electronic communications devices. The law also prohibits employers from requesting or requiring employees and applicants to disclose whether they have a personal account or profile on a social networking website.
Accordingly, employers should review and amend their workplace policies and practices regarding recruiting, hiring, workplace privacy and electronic communications. Employers also should ensure that all supervisors and personnel with managerial and hiring authority are trained on the requirements of the new law.
Under the new law, "electronic communications devices" include computers, telephones, personal digital assistants and other similar devices. A "personal account" is defined as an account, service or profile on a social networking website that is used by an employee or job applicant exclusively for personal communications that are unrelated to the employer's business. It does not include social media accounts or profiles created, maintained, used or accessed by employees or job applicants for the employer's business purposes. The new law prohibits employers from requiring individuals to waive the protections of the law as a condition of employment. It also protects individuals from employer retaliation for failing or refusing to provide such information, or for filing a complaint or participating in an investigation alleging that the employer violated the law.
The new law does not interfere with an employer's right to conduct investigations to ensure compliance with applicable laws, regulatory requirements or prohibitions against work-related employee misconduct. This includes misconduct based on the receipt of specific information about an employee's activity on a personal account or an employee's unauthorized transfer to a personal account of the employer's proprietary, confidential or financial information. The new law also does not prevent an employer from viewing, accessing or utilizing information about an employee or job applicant that can be obtained in the public domain. Employers are also permitted to implement and enforce policies regarding the use of employer-provided electronic communications devices or regarding any accounts or services provided by the employer or used for business purposes;
Persons whose rights are violated may bring an action in civil court within one year of the violation and a court may award injunctive relief, consequential and compensatory damages and reasonable attorneys' fees.
Employers that violate the new law will be subject to a $1,000 civil penalty for the first violation, and $2,500 for each subsequent violation.