As a growing number of states pass legislation which will
protect individuals' social media accounts from employer
scrutiny, they have encountered a surprising adversary –
FINRA and other securities regulators.
To date, at least six states have enacted social media employee
privacy laws (which were blogged about
here) and upwards of thirty-five states have considered
legislation since the beginning of 2013. Washington State may soon
join the ranks with
SB 5211, a bill unanimously passed by both chambers of
Washington legislature on April 27, 2013, which now awaits the
Governor's signature. Social media password protection
laws, although unique to each state, generally restrict employers
from requesting or requiring that employees or applicants provide
their social media user names, passwords, and account information.
Supporters believe the laws are necessary to protect employee and
prospective employee privacy and to prevent against unlawful
employer action in response to an employee's social media
FINRA, the Financial Industry Regulatory Authority, fears that
the new employee privacy laws may directly conflict with securities
rules and threaten investor protection. With an increasing number
of financial firms taking to Facebook and Twitter to interact with
investors and give financial advice, FINRA has set forth various
guidelines governing social media use. Under FINRA rules,
securities firms must "adopt policies and procedures
reasonably designed to ensure that their associated persons who
participate in social media sites for business purposes are
appropriately supervised," and broker-dealers must be able to
"retrieve and supervise business communications regardless of
whether they are conducted from a device owned by the firm or by
the associated person."
FINRA Regulatory Notice 11-39 (August 2011). According to
FINRA, if the employee of a broker-dealer is engaging in business
communications over a social networking site, the broker-dealer
must have access to the account for general monitoring and for its
records. Broker-dealers must also be able to freely follow up on
red flags, or misuse of an account. FINRA fears that the adoption
of social media employee privacy laws may conflict with monitoring
and reporting requirements and could force some employers into a
lose-lose situation—violate state law or violate a FINRA
rule. FINRA worries that employers who choose the former will
increase investor risk and the potential for securities fraud.
FINRA has sent letters to lawmakers in approximately ten states
seeking carve-outs to social media employee privacy laws for the
financial services industry. Many of the laws already include
narrow exemptions, which allow for employers to require disclosure
if an employee's alleged misconduct has risen to a certain
level. FINRA does not appear satisfied with these exemptions, which
may be too limited for broker-dealers to be in full compliance with
monitoring, recording and supervision requirements. California has
rejected FINRA's request for an exception for the financial
services industry, but it remains to be seen how the states will
react in general.
FINRA is not alone in its concerns that social media privacy
laws are too broad. On May 6, 2013, Governor Christie of New Jersey
conditionally vetoed a social media employee privacy
Bill which he criticized for its over-breadth and for putting
employers at increased risk.
While it is too soon to predict how this conflict between
employee privacy interests and financial industry oversight will be
resolved, what is apparent is the increasingly complex issue of
handling privacy in the age of social media.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.