New Jersey Passes Social Media Privacy Law

September 17, 2013

Tuesday, September 17, 2013, by Stella Kreilkamp
In late August, New Jersey governor Chris Christie signed a social media privacy law, which goes into effect December 1, 2013.  New Jersey is the twelfth state to do so, along with Arkansas, California, Colorado, Illinois, Maryland, Michigan, New Mexico, Oregon, Utah, Nevada, and Washington.  Social media privacy has become an increasingly widespread concern in recent years.  While there is no expectation of privacy for information in the public domain, employers cannot legally use that information when hiring.
Under the new bill, A-2878, employers are prohibited from requiring current or prospective employees to disclose their usernames and passwords for any personal accounts or social media sites.  Under the law, a personal account is defined as, “an account, service, or profile on a social networking website that is used by a current or prospective employee exclusively for personal communications unrelated to any business purposes of the employer.”  Personal accounts do not include accounts of employees that relate to business.  Employers are also not allowed to require employees to disclose whether they have accounts on social media sites. If employers violate the law, they are subject to a civil penalty of $1,000 fines for the first offense and $2,500 fines for any subsequent violations.  The bill also states that employers cannot retaliate when an employee opposes any violation of the act.
The statute includes exceptions that allow for employers to access their employees’ social media accounts in certain situations.  For example, employers can still conduct investigations into possible “work-related employee misconduct based on the receipt of specific information about activity on a personal account by an employee.”  Employers can also still investigate “an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information or financial data to a personal account by an employee.”

In late August, New Jersey governor Chris Christie signed a social media privacy law, which goes into effect December 1, 2013.

The law is considered “business-friendly” because Governor Christie conditionally vetoed a previous version of the bill, which was more employee-friendly.  One big difference between the two versions is that the previous version prohibited employers from asking about whether the employee or prospective employee had a social media account.  Also, the original bill provided employees with a private cause of action.
Employers have until December 1, 2013 to implement any changes.  Until then, they should make sure that their current policies do not conflict with the new bill.
The number of states enacting social media privacy laws has been quickly increasing over the last few years.  According to the National Conference of State Legislatures, “legislation has been introduced or is pending in at least 36 states.”  Last year, Congress introduced the Social Networking Online Protection Act; while it was not passed, it was reintroduced this year.  The New Jersey bill is one of many that will likely be introduced in the near future.