Employer Recommendations for Complying with Michigan's Social Media Password Law
Michigan employers started 2013 with a new employment law. This new regulation was signed into law by Gov. Snyder on December 27, 2012 and is called the Michigan Internet Privacy Protection Act. Readers of this blog know that I have not been a fan of this new employment statute since it was first proposed (see here and here for past discussions as to why this regulation was not good for employers or workable as origianally proposed). However, after sharing these criticisms with the legislator who initially proposed this legislation, a number of exemptions were added, which at least make the Michigan Internet Privacy Protection Act tolerable and workable when it comes to the workplace.
Generally speaking, this new statute broadly prohibits employers from:
- Demanding their employees or job applicants to turn over passwords to social media or other Internet related accounts, e.g., Facebook, LinkedIn, Gmail or similar accounts. This restriction also precludes employers from asking employees or job job applicants to log into such accounts and then allowing the employer to peruse through the social media account.
- Making an adverse employment-related decision with respect to any employee or job applicant who refuses to turn over log-in information.
For a more thorough overview of Michigan's Internet Privacy Protection Act, see the short video interview I gave on this new statute. I explain the basics of the law and offer up a few critiques.
Employer Considerations In Response to the Michigan Internet Privacy Protection Act
After reviewing the interview, there are a number of "best practices" employers will want to make sure are in place with respect to social media and employment practices, especially in the context of hiring decisions and investigating employee misconduct involving social media.
A few points, however, that Michigan employers should immediately consider in response to Michigan's new Internet Privacy Protection Act include:
- It is important all levels of management know and understand what is and is not permitted under Michigan's Internet Privacy Protection Act. This is because the statute provides severe penalties against employers and potentially managers who violate it, including making it a misdemeanor punishable by a fine of up to $1,000.00, as well as giving a private cause of action to the individual who is the subject of a violation along with the recovery of "reasonable attorney fees and court costs."
- The Michigan Internet Privacy Protection Act includes a number of exemptions for when employers may lawfully ask for access to an employee social media or Internet account. One very important restriction permits employers to investigate and requiring an employee to cooperate in an investigation if there is information on the social media account of the employee that is necessary to investigate to ensure compliance with applicable prohibitions against work-related employee misconduct. Employers should, therefore, review their existing policies, handbooks, and employee agreements to make sure they are drafted to address and specify work related misconduct issues in order to fall under this potentially broad exemption.
For more information on Michigan's Internet Privacy Protection Act, contact Jason M. Shinn, who regularly represents companies and individuals in responding to workplace privacy and federal and Michigan employment laws and regulations.