New Jersey is expected to shortly join
Michigan, and Utah in prohibiting employers from seeking
employee or applicant passwords to social media accounts or
services. New Jersey's General Assembly passed
its bill on March 21, 2013, and that bill now awaits signature
by Governor Christie. Although there is no indication from the
governor whether he intends to sign the bill, ignore it, or veto
it, any action other than signature would simply be symbolic and
almost certainly overruled (the General Assembly passed the bill
75-2). New Jersey's law is more pro-employee/applicant than any
such law enacted to date, providing the broadest protections, the
narrowest exceptions, and the most generous remedies.
Specifically, the New Jersey bill would prohibit an employer
from requesting or requiring, as a condition of employment, that a
current or prospective employee "provide or disclose any user
name or password, or in any way provide the employer access
to," any personal social networking account, service or
profile. The italicized language appears to prohibit New Jersey
employers not only from "shoulder surfing,"
i.e., reviewing social media content by observing the
individual's access without requesting login credentials, but
also goes one step further. The bill apparently would prohibit an
employer from asking an employee who complains about the social
media activity of a coworker, such as online sexual harassment, for
access to the complaining employee's personal social
media account to observe what the alleged harasser posted.
Moreover, unlike similar laws in California, Michigan, and Utah,
the New Jersey bill contains no exception for workplace
investigation into suspected unlawful conduct or violations of
employer policies. Notably, the New Jersey bill does not contain a
narrower exception, such as the one in Maryland's law, which
includes a carve-out for investigations into suspected violations
of securities laws or regulations or into suspected
misappropriation of trade secrets.
The New Jersey bill adds a new prohibition not seen in any prior
law that actually could be detrimental to job applicants and
employees. Specifically, employers cannot "[i]n any way
require or request that a current or prospective employee
disclose whether the employee has a personal
account." Consequently, were an employer to search
publicly available social media content for information about an
employee or applicant and discover negative information that might
relate to the applicant or employee, such as racist comments or a
predilection for sex with minors, the employer could not ask
whether the account where the content is posted is, in fact, the
applicant's or employee's personal account. Moreover, if
the employer does inquire and the applicant or employee refuses to
confirm or deny whether he or she posted the offensive social media
content, New Jersey's law would make it a violation for the
employer to then take adverse action based on the individual's
refusal to respond. In other words, the employer would be worse off
if it tried to "do the right thing" and attempted to
verify the authenticity of information that, if true, would lead to
an adverse employment action.
The New Jersey bill also has the most generous remedial scheme.
"Facebook" laws in Maryland and California do not
expressly provide a private right of action. By contrast, the New
Jersey bill confers a private right of action on applicants or
employees to recover unlimited compensatory and consequential
damages. While the laws in Utah and Michigan also confer a
private right of action, damages are capped at $500 and $1,000 per
violation, respectively. Illinois' law does not cap damages;
however, it requires that applicants or employees first attempt to
resolve their complaint through the state labor department. No such
administrative exhaustion requirement applies under the New Jersey
To be sure, once the bill is likely enacted, it will not
entirely handcuff New Jersey employers from performing
investigations and background checks necessary to run a safe and
efficient operation without running afoul of the
law. However, before investigating information present
on an employee's or applicant's "personal
account," human resources professionals are encouraged to seek
guidance from inside or outside counsel to ensure compliance with
this proposed law. If approved, the law will go into effect
on the first day of the fourth month following its enactment.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Effective January 1, 2015, certain employers became subject to the employer mandate of the Patient Protection and Affordable Care Act, and thus subject to liability under the ACA Employer Shared Responsibility provisions.