Michigan Becomes Latest State to Enact Social Media Privacy Law
Notably, the statute contains a number of exceptions, including for when:
1. The employer pays for an “electronic communications device,” in whole or in part;
2. The account or service is provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes;
3. An employee transfers the employer’s “proprietary or confidential information or financial data” to the employee’s personal internet account without authorization;
4. The employer is conducting a workplace investigation, provided that the employer has “specific information” about activity on the employee’s personal internet account or the unauthorized transfer of the employer’s data to the employee’s account; or
5. The employer is “monitoring, reviewing, or accessing electronic data” traveling through its network.
The law also does not restrict an employer from complying with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications as required under federal law or by a “self-regulatory organization” as defined by the Securities Exchange Act of 1934 (such as the Financial Industry Regulatory Authority, or FINRA, which has issued guidance regarding the need for regulated institutions to monitor their employees’ business-related social media communications).
With the enactment of this statute, Michigan joins California, Maryland, Illinois, and New Jersey in restricting employers from accessing employees’ and applicants’ social media accounts. Delaware and New Jersey have also passed laws protecting the privacy of students’ social media accounts. The coming year should see additional legislative activity in this area, as social media privacy bills are under consideration in Missouri, Texas, and other jurisdictions.
Orignally posted by Michael Epshteyn on 2 Januay 2013 on Hogan Lovells Chronicle of Data Protection blog