By: James P. Flynn
The New Jersey Legislature was overwhelmingly in favor of a measure that would have barred employers from obtaining social media IDs and other social media related information from employees and applicants. Click here for A2878 as passed. But Governor Chris Christie vetoed A-2878 because it would frustrate a business’s ability “to safeguard its business assets and proprietary information” and potentially conflict with regulatory requirements on businesses in regulated industries such as finance and healthcare. Click here for the Governor's Veto Statement. While the Governor thought the bill well-intentioned, he conditionally vetoed it for painting “with too broad a brush,” citing the trade secrets/proprietary information concern as a primary motivation: “In view of the over-breadth of this well-intentioned bill, I return it with my recommendations that it be more properly balanced between protecting the privacy of employees and job candidates, while ensuring that employers may appropriately screen job candidates, manage their personnel, and protect their business assets and proprietary information.”
The Governor specifically recommended the bill be revised to:
- Create an exception to allow investigation of work place misconduct or unauthorized transfer of confidential or proprietary data to a personal account;
- Add language confirming that an employer may view, access, or utilize information about a current or prospective employee that can be obtained in the public domain;
- Carve out of the definition of “personal account” any account, service or profile created, maintained, used or accessed by a current or prospective employee for business purposes of the employer or to engage in business related communications;
- Eliminate provisions that would create a civil cause of action for affected employees or applicants;
- Add a proviso stating that nothing in the act shall prevent an employer from implementing and enforcing a policy pertaining to the use of an employer issued electronic communications device or any accounts or services provided by the employer or that the employee uses for business purposes; and
- Add a proviso stating that nothing in the act should be construed to prevent an employer from complying with the requirements of State or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.
Click here for the bill as revised after the Governor's veto statement.
These last two provisos are important ones, especially for the financial services industry and the healthcare industry. They are important because FINRA, for example, has laid out certain monitoring and record keeping requirements concerning social media used to communicate with clients and prospective clients concerning potential financial transactions. See, e.g., FINRA Guidance here.
There are likewise data security requirements emerging out of HIPAA and other bodies of law that may require security and monitoring of social media. Click here for a discussion of such issues by Dan Goldman (@danielg280), legal counsel at Mayo Clinic and Advisory Board member to the Mayo Clinic Center for Social Media. In an age of BYOD (Bring Your Own Device) and the consolidation of business and personal activity to a single mobile device, failure to include such exceptions would force employers into hard choices between required monitoring and desired seamlessness of the business/personal transition.
While many states have in the last year adopted such statutes, the interplay between the Governor and the Legislature in New Jersey plays out the competing interests nicely, and hopefully starts a trend toward a more measured approach to such questions. Accommodating these competing interests is not only a legislative challenge, but is one faced by employers and businesses every day.