California passed a new law taking effect January 1, 2013 that prohibits employers from “requiring or requesting” employees and applicants to provide their passwords to social media accounts. This law was passed after a few cases made the news where employers were actually asking for this information. As I argued before, this law was probably not necessary as California law probably already prohibited this type of conduct to begin with.
However, now that the law is taking effect, there are also new questions that employers are facing under the law. For example, if an employer has the right policies in place that limit an employee’s expectation of privacy, it is pretty well established that the employer may monitor the employee’s internet use and record this. However, under the new law, what if an employee accesses their social media accounts during work? Or on a break? Can employers still monitor employees and record the employee’s login and password information?
I would argue that employers can still monitor employees’ internet use as long as they have made the proper disclosures through a handbook or policies that limit the employees’ expectation of privacy in using the company network or computers. The new law only prohibits employers from requiring employees to divulge their passwords. If the employer notifies the employees that it is recording all activity by the employees on the company network or computers, then the employees have made a voluntary decision to continue to access their account knowing that their employer is monitoring and/or recording the activity. Granted, the law is just going into effect next week, so obviously there is no case law to rely upon in making this argument, so employer will have to wait to see how the law is ultimately interpreted by the courts.