On May 21, 2013, Washington's governor signed a new law protecting employee social networking accounts.
The new law, which goes into effect on July 28, 2013, prevents employers from requesting, requiring or coercing an employee or applicant to disclose login information for the employee's personal social networking account. Employers also may not ask employees to access such accounts in the employer's presence; add the employer to the employee's contacts; or alter third party access settings. Work-related accounts and devices paid for or supplied by the employer are exempt.
If an employer inadvertently receives login information, it is not liable for possessing the information but may not use it to access the employee's account.
Importantly, employers may still:
- Comply with the requirements of state or federal law;
- Conduct investigations to comply with laws against work-related employee misconduct based on receiving information about the employee's activity; and
- Conduct investigations based on receiving information about the unauthorized transfer of proprietary or confidential information or financial data.
The law creates a private cause of action for employees and applicants. Prevailing plaintiffs may be awarded equitable relief, actual damages, a $500 penalty, and reasonable attorneys' fees and costs. However, a court may also award reasonable expenses and attorneys' fees to a prevailing defendent if the judge determines that the action was frivilous and without reasonable cause.
Washington joins Maryland, Illinois, California, Michigan, Utah, Arkansas, and Colorado in enacting such laws. New Mexico has enacted similar legislation, but it prohibits access only to the accounts of prospective employees.
To read more about this law, see Substitute Senate Bill 5211.