On March 25, 2015, the United States House of Representative, Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade approved draft legislation which would replace state data breach notification laws with a national standard. This draft legislation comes on the heels of the President’s call for a national data breach notification law. The proposed
As we have previously anticipated, yesterday New Jersey joined the multitude of other states which have enacted laws limiting employer access to employee social media accounts.
The law prohibits employers from requesting or requiring a current or prospective employee to provide or disclose any user name or password, or in any way provide the employer access to, a personal account.
Additionally, the law goes on to prohibit employers from requiring an individual to waive or limit any protection granted under the law as a condition of applying for or receiving an offer of employment. Specifically, the law states that an agreement to waive any right or protection is against the public policy of New Jersey and is void and unenforceable.
The law also prohibits employer retaliation or discrimination against an individual because the individual: refuses to provide or disclose any user name or password, or in any way provide access to, a personal account; reports an alleged violation to the Commission of Labor and Workforce Development; testifies, assists, or participates in an investigation, proceeding, or action concerning a violation of the law; or otherwise opposes a violation of the law.
Notably, the law permits the Commissioner of Labor and Workforce Development to collect civil penalties in an amount not to exceed $1,000 for the first violation and $2,500 for each subsequent violation.
Based on the Governor’s recommendations, the final law does not prevent an employer from implementing and enforcing a policy pertaining to the use of an employer issued electronic communications device or any accounts or services provided by the employer or that the employee uses for business purposes.
While the law prohibits certain employer activity, it does permit employers to conduct investigations regarding: work-related employee misconduct based on information about activity on social media; or an employee’s actions based on information about the unauthorized transfer of an employer’s proprietary, confidential, or financial information to social media. Logically, the law also does not prevent an employer from viewing, accessing, or utilizing information about a current or prospective employee that can be obtained in the public domain.
It appears that New Jersey is just the next in the line of states which will adopt similar provisions limiting employer access to an employee’s personal social media accounts. While it is difficult to say the impact the law will have, at a minimum, employers must begin to assess their own internal hiring and human resources practices to make sure they comply with this law.…
In the face of increasing incidences of and rising public concern regarding identity theft, the California Legislature is considering a bill with new personal information data disclosure requirements for California businesses and a broad definition of what constitutes personal information.
California Assembly Bill 1291, would require businesses who have customer personal information and have…
Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously…