Over the weekend, Colorado Governor John Hickenlooper signed a bill making Colorado the eighth state to have a social media workplace privacy law. (The others are MD, IL, CA, MI, UT, NM, and AR). You can view a copy of the new CO law here.
The new law places three restrictions on employers with respect to access of employee and applicant social media accounts:
- No requests for social media user names and passwords;
- No forced-friending or requiring that the employer be added as a contact; and
- No requiring that privacy settings be changed.
There are a few carve-outs that allow employers to obtain full access to an employee or applicant’s social-media account. One is if an employer reasonably believes that an employee has download proprietary information. Another carve-out applies to satisfy “applicable securities or financial law or regulatory requirements.” There is nothing in the new law that expressly permits an employer to get this information to investigate purported violations of non-harassment policies. Although, I suppose an employer could rely upon the “regulatory” requirements exception.
Next up for a new social media workplace privacy law appears to be Washington, where a bill now sits on the Governor’s desk for signature.