Legal Alert: Michigan Employers Just Got Unfriended
On December 28, 2012, Governor Snyder signed into law the Internet Privacy Protection Act (“IPPA”). Michigan now joins a handful of other states in prohibiting employers from viewing and/or negatively using employees’ personal information posted on Facebook, Twitter, Gmail or any other personal internet account.
IPPA generally prohibits Michigan employers from engaging in two activities: (1) requiring applicants and employees to disclose or allow access to personal internet accounts; and (2) disciplining, terminating, failing to hire or otherwise penalizing an employee or applicant for not giving an employer access to information regarding personal internet accounts. Even if you have never accessed or requested access to an employee’s or applicant’s personal internet accounts, there are several key aspects of the IPPA that affect every Michigan employer and which should be accounted for in your Human Resources practices.
Does the IPPA Extend to My Supervisors? Yes. The IPPA defines an employer to include its agents and representatives, which includes supervisors and management.
What if an Employee Voluntarily “Friends” His/Her Supervisor? Although an employee who voluntarily allows a supervisor access to his/her personal internet account may not be a per se employer violation, employers are at a heightened risk for violating the IPPA (and other employment laws) if they allow their supervisors to accept such an invitation. For example, an employee might argue that access was really not voluntary and/or there was “pressure” from the supervisor to allow access. Additionally, a supervisor might discover information that he or she would not otherwise be allowed to ask of the employee (such as pregnancy, age, religion, political views, alcoholism, medical conditions, etc.). Because a supervisor’s knowledge is imputed to the employer, once the information is known to the supervisor, the employer has the burden of proving that it did not use the protected information in making its employment decisions. Adopting a policy that prohibits management from accessing information of non-management employees is the best way to avoid any unintended violation of the IPPA or other
Can An Employer Still Access Electronic Devices Paid For By the Employer? Yes. One of IPPA’s exceptions is that it does not prohibit employers from requesting or requiring an employee to disclose information needed for the employer to access or operate: (1) a cell phone, iPad, laptop or other electronic communications device paid for (in whole or in part) by the employer; (2) an account or service provided by the employer, obtained by virtue of the employee’s work relationship with the employer, or used for the employer’s business purposes.
Are There Any Other Exceptions to the IPPA? Yes. For example, employers can also still do the following (subject to other applicable laws):
1. Discipline or discharge an employee for unauthorized use or disclosure of an employer’s confidential and proprietary information on or to an employee’s personal internet account.
2. As long as there is specific information to justify doing so, investigate and require disclosure of activity on an employee’s personal internet account, for purposes of ensuring: (a) compliance with state and federal laws and/or prohibitions against work-related employee misconduct; and/or (b) there has been no unauthorized use of the employer’s confidential and proprietary information.
3. Restrict employee access to certain websites while using an electronic communications device paid for by an employer or while using the employer’s network.
4. Monitor, review, or access electronic data stored on an electronic communications device paid for, in whole or in part, by the employer or while using the employer’s network, in accordance with state and federal law.
5. Comply with an employer’s duty to screen employees or applicants prior to hiring or to monitor or retain employee communications that is established under federal law or by a self-regulatory organization (as defined in section 3(a)(26) of the Securities and Exchange Act).
6. View, access, or utilize information about an employee or applicant that can be obtained without private access information or that is available in the public domain.
If Employers Can Still Obtain Access To Employee Information That is Public, Is Googling Information About An Employee or Applicant Okay? Electronically accessing public information on the internet is not unlawful. However, there may be hidden pitfalls in doing so. As indicated above, an employer might discover information that it would not be allowed to ask in a job interview or at work (such as pregnancy, age, religion, political views, alcoholism, medical conditions, etc.). Once the information is known to the employer, the employer will have the burden of proving that it did not use the protected information in making its hiring/employment decision.
How Can Employers Safely Screen Applicants? Employers can and should utilize third parties to conduct background checks for certain information (such as criminal convictions and motor vehicle records) as long as the employer and the third party comply with applicable laws.
Take Aways. The IPPA is the most recent development in a trend of laws limiting employers’ ability to obtain information about current and prospective employees’ activities outside the workplace – even if those activities involve the employer or other
co-workers. The IPPA intends to ensure that employees and applicants are judged on their merits and their qualifications, not their private activities. Employers should carefully reevaluate their Human Resources policies and practices in light of this new law.
The IPPA also contains similar provisions affecting educational institutions and personal account information of students. For information regarding educational institutions or questions regarding this newsflash or the IPPA, please contact Rhoades McKee’s Employment and Labor attorneys