Recap of Washington State’s Employer Social Media Password Bill

[Post by Venkat Balasubramani]

SB 5211 (passed by Senate April 27, 2013)

Both chambers of the Washington legislature passed Substitute Senate Bill 5211, and it now awaits the Governor’s signature. No Washington legislators voted against it.

Here are the key provisions:

- the bill restricts employers from (1) asking for passwords; (2) engaging in shoulder-surfing; (3) asking employees to change settings; or (4) asking employees to add them as friends;

- the statute does not define it, but uses the phrase “personal social networking account” to describe what is off limits; shutterstock_45295237.jpg

- the statute contains a carve-out for employer investigations, but limits this to scenarios where employers merely request information (and not passwords) in order to investigate (1) legal violations or (2) suspicion of misappropriation by employees;

- the statute excludes employer-supplied devices, as well as intranets and other platforms “that [are] intended primarily to facilitate work-related information exchange, collaboration, or communication by employees or other workers” [Twitter!];

- finally, the statute provides for a private right of action and authorizes a court to award $500 in statutory damages and attorney’s fees.

The statute tackles the social media ownership question by excluding accounts that are “provided by virtue of the employee’s employment relationship with the employer .. [or] online account[s] paid for or supplied by the employer.” Earlier versions of the statute had more specific definitions for what constitutes a social network. One iteration also limited the private right of action.

Although I acknowledge that employee social networking activity that is private should be off-limits for employers, I still think this was a solution in search of a problem. With states’ well established failings in the era of regulating the internet, I predict this will create more problems than it will solve. Among other things, it’s unclear what is covered by “social media” and equally unclear when an account is “personal” or “business”-related. (In practice they often seem mixed.) Eric delves into some of these issues in taking a look at California’s social media legislation in this post: “Big Problems in California’s New Law Restricting Employers’ Access to Employees’ Online Accounts.”

Two approaches legislatures should consider taking when enacting these statutes is (1) making them only apply to prospective employees; and (2) getting rid of a private right of action or, at least, including an administrative exhaustion component. The Littler law firm has a great roundup of legislation from various states as well as some of the pitfalls these statutes may present: “Social Media Password Protection and Privacy — The Patchwork of State Laws and How it Affects Employers” [pdf].

Other coverage on employer social media bills generally:

Littler: “Social Media Password Protection and Privacy — The Patchwork of State Laws and How it Affects Employers” [pdf]

WIlliam Carleton: “Checking in on sate social media password laws

Eric Meyer: “Wooooo pig sooie! Arkansas gets a workplace social media privacy law

Lexology “Three more states hop on the social media legislation bandwagon

[image credit: shutterstock/Andre Blais "high-tech background with targeted eye-scan"]