Earlier this month, legislators in Montana gave final approval to H.B. 342 which would limit an employer’s ability to access the personal social media accounts of applicants and employees.  The bill now goes to Governor Steve Bullock’s (D) office for consideration.

If signed, Montana would join become the most recent state to join the list of 19 states which limit an employer’s access to personal social media accounts.  A similar bill was signed earlier this year in Virginia.  Like many of the other laws which have been passed on this issue, the Montana bill would prohibit:

  • An employer from requiring prospective or current employees from sharing their login credentials;
  • Requiring an individual to access the account in a supervisor’s presence;
  • Requiring any communications which the individual made through their personal account to be turned over; and
  • Companies from retaliating against applicants of employees for their refusal to disclose their personal social media information.
Notably, and unlike many of the laws already in place in other states, the proposed Montana law would permit employers to request login credentials when the employer has specific information about  the employee’s activity that indicates work-related employee misconduct, criminal defamation or the unauthorized transfer by the employee of the employer’s proprietary or confidential information, trade secrets, financial data.  Similarly, employees are required to provide login credentials if the required to ensure the employer is complying with federal laws, federal regulations or the rules of a self-regulatory organization or if an investigation is underway and the information from the employee is necessary to make a factual determination in the investigation.
As previously mentioned, it is anticipated that similar legislation will continue to be introduced throughout 2015 and into the future.
Tags: access, business, employee, employer, Facebook, H.B. 342, Montana, password, privacy, social, social media, social networking
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
A Deepfake of a Baltimore High School Principal Raises Significant Employment Issues
May 9, 2024
OCR Official Speaks About Compliance Concerns for HIPAA Covered Entities and Business Associates
August 21, 2023
NJ Mental Health Provider’s Response to Negative Online Reviews Costs Practice $30,000 in OCR Penalty
June 6, 2023