Reminder — New York Social Media Privacy Protections Go into Effect March 12, 2024

As we reported at the end of 2023, New York will soon join California, Colorado, Illinois, and a number of other states that protect employees’ and job applicants’ social media privacy. These protections are part of a bill that was signed into law by New York Governor Kathy Hochul on September 14, 2023.

Starting March 12, 2024, employers in New York are prohibited from requesting or requiring employees and job applicants to disclose their usernames, passwords, or login information to personal social media and other “personal accounts” as defined by the Act. The new legislation also prohibits employers from requiring employees and job applicants to access their social media accounts in the employers’ presence. The Act also defines “personal account” broadly to include “an account or profile on an electronic medium where users may create, share, and view user-generated content” that “is used by an employee or an applicant exclusively for personal purposes.”

Employers may not retaliate against employees by firing, disciplining, or otherwise penalizing employees for refusing to disclose their personal social media account information or accessing their accounts in front of their employer. Likewise, employers may not refuse to hire job applicants who refuse to disclose this information.

As our previous article reported, there are a number of exceptions to this prohibition, and employers will still be permitted to:

• Screen job applicants using information from publicly available social media accounts found without asking applicants to disclose their usernames.
• Access electronic devices it provides to an employee, as long as the employer provides prior notice of this access right, and the employee agrees to such conditions. Employers may not access an employee’s personal social media accounts on any employer-provided electronic device, however.
• Restrict employees’ access to certain websites while using the employer’s network or an employer-provided electronic device.
• Require employees to disclose login information for the employer’s business social media accounts and its internal IT systems.
• Accept voluntary friend or other contact requests from employees and job applicants.
• Comply with court orders to obtain or provide information from or access to an employee’s personal social media accounts.

If an employer operates in the State of New York, then it is likely subject to the new prohibitions.

Employers in states without social media protections for employees should still be wary before viewing or making employment decisions based on employees’ private social media or electronic accounts. Unauthorized access of an employee’s private social media or email accounts has been recognized by courts as a potential violation of the federal Stored Communications Act (SCA). The SCA is a criminal statute that makes it an offense if someone “intentionally accesses without authorization a facility through which an electronic service is provided or intentionally exceeds an authorization to access that facility and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage.” The SCA creates a civil cause of action with remedies including: (i) actual damages of at least $1,000; (ii) attorneys’ fees and costs; and (iii) punitive damages if the access was willful or intentional.

As we have reported previously, employers could be liable under the SCA for coercing an employee to monitor a colleague’s private social media account. Employers could also be liable for viewing an employee’s private email account if said employee forgets to log out of the account before returning their employer-provided cell phone.

Employers should also keep in mind that the National Labor Relations Act (NLRA) protects employees’ protected concerted activity, even if it takes place online. Employer surveillance of online protected concerted activity could violate the NLRA and is a particular area of concern for the current National Labor Relations Board General Counsel.

With March 12 approaching, New York employers should review their job application materials and policies to ensure compliance with the new privacy protections. Employers in other states should also ensure that their job applications and policies comply with applicable state and local laws.