Employer Access to Personal Social Networking Accounts (WA State)
(a) "Adverse action" means: Discharging, disciplining, or otherwise penalizing an employee; threatening to discharge, discipline, or otherwise penalize an employee; and failing or refusing to hire an applicant.
(b) "Applicant" means an applicant for employment.
(c) "Electronic communications device" means a device that uses electronic signals to create, transmit, and receive information, including computers, telephones, personal digital assistants, and other similar devices.
(d) "Employer" means any person, firm, corporation, partnership, business trust, legal representative, or other business entity which engages in any business, industry, profession, or other activity in this state and employs one or more employees, and includes the state, any state institution, state agency, political subdivisions of the state, and any municipal corporation or quasi-municipal corporation. "Employer" includes an agent, a representative, or a designee of the employer.
(e) "Login information" means a user name and password, a password, or other means of authentication that protects access to a personal social networking account.
RCW 49.44.200.
(1) An employer may not:
(a) Request, require, or otherwise coerce an employee or applicant to disclose login information for the employee's or applicant's personal social networking account;
(b) Request, require, or otherwise coerce an employee or applicant to access his or her personal social networking account in the employer's presence in a manner that enables the employer to observe the contents of the account;(c) Compel or coerce an employee or applicant to add a person, including the employer, to the list of contacts associated with the employee's or applicant's personal social networking account;
(d) Request, require, or cause an employee or applicant to alter the settings on his or her personal social networking account that affect a third party's ability to view the contents of the account; or(e) Take adverse action against an employee or applicant because the employee or applicant refuses to disclose his or her login information, access his or her personal social networking account in the employer's presence, add a person to the list of contacts associated with his or her personal social networking account, or alter the settings on his or her personal social networking account that affect a third party's ability to view the contents of the account.
Id.
…
(a) The employer requests or requires the content to make a factual determination in the course of conducting an investigation;
(b) The employer undertakes the investigation in response to receipt of information about the employee's activity on his or her personal social networking account;
(c) The purpose of the investigation is to:
(i) Ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or
(ii) investigate an allegation of unauthorized transfer of an employer's proprietary information, confidential information, or financial data to the employee's personal social networking account; and
(d) The employer does not request or require the employee to provide his or her login information.
Id. There are additional limitations beyond the above exceptions.
…
(3) This section does not:
(a) Apply to a social network, intranet, or other technology platform that is intended primarily to facilitate work-related information exchange, collaboration, or communication by employees or other workers;
(b) Prohibit an employer from requesting or requiring an employee to disclose login information for access to:
(i) An account or service provided by virtue of the employee's employment relationship with the employer; or
(ii) an electronic communications device or online account paid for or supplied by the employer;
(c) Prohibit an employer from enforcing existing personnel policies that do not conflict with this section;
(d) Prevent an employer from complying with the requirements of state or federal statutes, rules or regulations, case law, or rules of self-regulatory organizations; or(e) Apply to a background investigation in accordance with RCW 43.101.095. However, the officer must not be required to provide login information.
Id. Occasionally, employers inadvertently obtain employee login information for personal social networking accounts; there is a statutory provision for this occurrence as well.
(1) Award a prevailing employee or applicant injunctive or other equitable relief, actual damages, a penalty in the amount of five hundred dollars, and reasonable attorneys' fees and costs; and
LEARN MORE
–gw