- The new law (A.836) prevents employers from obtaining an employee’s or job applicant’s personal online account information as a condition of hiring, employment status, or for use in disciplinary actions.
- Employers covered by the new law are prohibited from retaliating against employees and applicants who refuse to provide the log-in information to their personal internet accounts.
- The new law defines “personal account” to refer to an employee’s or job applicant’s account or profile on an electronic medium where they can create, share, and view user-generated content exclusively for personal purposes.
- The new law contains a number of exceptions for employers.
On September 14, 2023, New York Governor Kathy Hochul signed a new law (A.836) that prohibits employers from requesting or requiring that employees or job applicants disclose the log-in information to their personal social media accounts. The new law also prohibits employers from retaliating against employees and applicants who refuse to provide such log-in information.
Specifically, the new law prohibits employers from requesting, requiring, or coercing employees and job applicants to: (i) disclose their username, password, or other log-in information used to access their personal account through an electronic communications device; (ii) access their personal account in the employer’s presence; or (iii) reproduce photos, videos, or other information contained in their personal account through means prohibited under the law.
The new law defines “personal account” to refer to an account or profile on an electronic medium where users can create, share, and view user-generated content (videos or photos), blogs, podcasts, instant messages, or internet website profiles or locations, which are used by an employee or applicant exclusively for personal purposes. It defines “electronic communications” device to include any device that uses electronic signals to create, transmit, and receive information (computers, phones, PDAs, and other similar devices).
The new law includes a broad definition of “employer.” Persons or entities engaged in business in New York state, the state of New York and any political subdivision or civil division thereof, and public authorities, commissions or public benefit corporations are deemed employers subject to the requirements of the new law, as are their agents, representatives, or designees.
Importantly, A.836 contains exceptions for employers. Employers are permitted to seek access to personal internet accounts if necessary to comply with the requirements of federal, state or local law.
Further, employers may require employees to disclose their usernames, passwords, or other means of accessing “nonpersonal accounts” that provide access to the employer’s internal computer or information systems. The new law also allows employers to request or require employees to disclose their log-in information to accounts that were provided by employers and are used for business purposes. Importantly, the employer must have provided the employee with prior notice of its right to request or require this information. Employers can also request or require employees to disclose their log-in information to an account the employer knows is used for business purposes.
Additionally the new law permits employers to access “electronic communication” devices that they pay for – in whole or in part – when the employer’s payment for the device was conditioned on the employer retaining the right to access the device and the employee was given prior notice and “explicitly agreed” to such conditions. However, this agreement between the employer and employee does not allow the employer to access any personal accounts on the device.
Finally, the new law allows employers to access, obtain, or provide information from an employee’s account to comply with a court order, and to restrict or prohibit employees from accessing certain websites while using the employer’s network or electronic communications devices.
Employers are still allowed to view, access, or utilize information about an employee or job applicant that is accessible without any required log-in information, or is available in the public domain. Similarly, employers may access or utilize information about an employee or job applicant that is voluntarily shared by an employee, client, or third party, for the purpose of obtaining reports of misconduct, or investigating misconduct or other information.
A.386 is scheduled to become effective in March 2024. In preparation for complying with the new law, businesses operating in New York should review and adjust their hiring practices to comply with the new plan. Additionally, employers should consider reviewing and revising their social media policies, including prohibiting retaliation against employees who refuse to provide access to their personal, non-business-related online accounts.
For more information on our company and how we help process background checks visit https://nsshire.com/contact/