On May 12, 2013, Colorado's governor signed H.B. 1046 into
law to forbid employers from requiring or requesting that
prospective and current employees disclose their username and
password to their personal social media accounts. Several other
states have codified similar laws, including Maryland, Illinois,
California, Michigan, Utah, New Mexico (which ostensibly applies to
prospective employees only), and Arkansas. A number of other states
and the U.S. Congress have introduced such legislation. To
understand the new Colorado law, this alert discusses its coverage,
prohibitions, exceptions, and remedies.
The coverage of the new Colorado law is expansive, as the term
"employer" means a person engaged in a business,
industry, profession, trade, or other enterprise in the state (or a
unit of the state or local government), including an agent,
representative, or designee thereof.
Under the new Colorado law, an employer may not request or
require that an employee or applicant disclose any user name,
password, or other means for accessing his or her personal account
or service through his or her electronic communications
An employer also may not discharge, discipline, or otherwise
penalize (or threaten to discharge, discipline, or otherwise
penalize) an employee for his or her refusal to disclose any
information protected under the new Colorado law.
Moreover, an employer may not fail or refuse to hire an
applicant because he or she refuses to disclose any information
protected under the new Colorado law.
The new Colorado law allows an employer to require an employee
to disclose any user name, password, or other means for accessing
non-personal accounts or services that provide access to the
employer's internal computer or information systems.
This new Colorado law also does not prevent an employer
conducting an investigation to ensure compliance with
applicable securities or financial law or regulatory requirements
based on the receipt of information regarding the use of a personal
Web site, Internet Web site, Web-based account, or similar account
by an employee for business purposes; or
investigating an employee's electronic communications based
on the receipt of information regarding the unauthorized
downloading of the employer's proprietary information or
financial data to a personal Web site, Internet Web site, Web-based
account, or similar account.
An aggrieved applicant or employee may institute a civil action
in a court of competent jurisdiction within one year after the date
of the alleged violation, and is entitled to
compensatory and consequential damages; and
reasonable attorney fees and court costs.
The new Colorado law's coverage, prohibitions, and
exceptions are analogous to the social media laws adopted in other
states, and the bills pending in the U.S. Congress and numerous
state legislatures. It should be noted, however, that the new
Colorado law arguably offers more lucrative remedies than any of
its counterparts. As Colorado's new plaintiff-friendly law
continues a growing national trend, it is imperative that employers
within the state and across the nation proceed with
caution and prepare accordingly.
1."Electronic Communications Device" means a
device using electronic signals to create, transmit, and receive
information, including computers, telephones, personal digital
assistants, and other similar devices.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Last week, a plaintiff sued the creator and the operator of the Esteem criminal background database—LexisNexis and First Advantage—alleging that they gave prohibited information to potential employers, which ultimately barred him from getting a job. Tsang v. LexisNexis Risk Solutions, Inc., No. CV-14-0493 (N.D. Cal. Jan. 31, 2014).
It is rare these days for a California appellate court to weigh in on whether an
employer is vicariously liable for accidents involving an employee that occur
during the employee’s commute to and from work.
Given the myriad government regulations applicable to credit unions and the need for strict financial controls, a credit union might perceive that an employee handbook is low on its list of priorities.
Most plan administrators know that the recipe for a group health plan’s COBRA obligation includes three ingredients – a qualifying event that occurs while the individual is covered by the plan that triggers a loss of such coverage.
We were happy yesterday to refer readers to a great treatise by our friend, Ellen Pinkos Cobb, Esq., entitled "Bullying, Violence, Harassment, Discrimination and Stress" which she updated for 2014. As a number of clamoring readers reminded us, we forgot to tell you where to get it.