New social media privacy laws that have been enacted in several states around the country, or those in the works, present something of a mixed bag for businesses.
While the laws generally limit companies from asking job seekers and employees for access to their social media accounts under most circumstances, they do provide some rules for when they can do so legally.
Utah on Tuesday joined a growing list of states with online privacy laws that restrict what employers can and cannot do with to regard to the social media accounts of their current employees as well as job seekers.
Utah's Internet Employment Privacy Act (H.B. 100) went into effect on Tuesday and basically prohibits companies from asking workers for usernames and passwords that control access to their personal accounts on Facebook, LinkedIn, Twitter and other social media sites. The law prohibits companies from taking adverse action, such as firing, retaliating or refusing to hire anyone that refuses to provide such information.
It allows employees to bring a private cause of action against an employer that violates these provisions and provides for fines of up to $500 for each violation.
More than half a dozen states including California, Maryland, Michigan, Illinois and Arkansas have similar laws in place. In each case the statutes were prompted by concerns that employers are becoming too aggressive in seeking the access credentials to social media accounts of job seekers and employers.
Maryland's law, for instance, was passed after a controversial incident where a state Division of Corrections worker was asked to provide his Facebook login credentials during a recertification interview.
Similarly, Michigan's law came after an elementary school teacher's aide was fired for refusing to provide school authorities access to her Facebook profile. The request came after a parent complained about seeing what they called an inappropriate photo of her on the social media site.
Others like the National Labor Relations Board (NLRB) and the Council of State Governments have also chipped in on cases involving disputes between employees and businesses over social media usage.
The Council said it has received several reports of people being asked to delete social media accounts, supply private login credentials and "friend" the human resources director or manager as a condition of employment.
The laws have raised some concern among companies in regulated industries. The Financial Industry Regulatory Authority (FINRA), for instance, is seeking exemptions in the state laws that would allow Wall Street brokers and dealers to keep an eye on the non-personal social media chatter of their employees.
According to FINRA, it is seeking the exemptions solely to ensure that when stockbrokers talk about stocks on sites such as Facebook, LinkedIn and Twitter, they are complying with their company's policies regarding such disclosure.
The laws limit a company's ability to investigate the activities of prospective or current employees on social media sites, said Scott Sweeney, an attorney at Wilson Elser Moskowitz Edelman & Dicker LLP in Denver. But at the same time, they also codify a company's rights to obtain some forms of personal login information, he said.