VOL. 129 | NO. 123 | Wednesday, June 25, 2014
Tennessee’s Online Privacy Act Will Protect Employees
By DALE CONDER JR.
Employees and job applicants will have more than the New Year to celebrate on Jan. 1 as Tennessee’s Employee Online Privacy Act protecting employees’ and job applicants’ online privacy takes effect.
The Act limits an employer’s ability to gain access to personal Internet accounts. And any person or entity, including the state and local governments, with one or more employees is an employer.
The statute prohibits employers from asking for passwords that allow access to an employee’s personal Internet accounts; compelling employees to add the employer or an employment agency to the list of contacts associated with a personal Internet account; compelling an employee to access personal Internet accounts in the employer’s presence so the employer can observe the contents; and taking adverse action, failing to hire, or otherwise penalizing an employee or applicant because the individual refused to disclose the information outlined above.
Is there any information that an employer can ask for?
An employer can require disclosure of information necessary to gain access to the employee’s personal Internet account if the employer is conducting an investigation and “there is specific information on the employee’s personal Internet account regarding compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct.”
Also, the employer can gain access if it has specific information about an employee transferring, without authorization, “the employer’s proprietary information, confidential information, or financial data to an employee’s personal Internet account.”
And in this latter case, the employer can discipline or discharge an employee for transferring this information without consent.
Employers can restrict employee access to certain websites while the employee is using the employer’s network or a communications device provided by the employer. And an employer can monitor, review, access, or block electronic data stored on such devices provided this is not prohibited by state or federal law.
An employer can require disclosure of the username and password for: (1) an electronic communications device that the employer provides or pays for in whole or in part; and (2) an account or service the employer provides because of the employment relationship with the employee.
Employers can “screen employees or applicants before hiring or . . . monitor or retain employee communications” in three situations: (1) the employer is a “self-regulatory organizations as defined in the Securities and Exchange Act; (2) for purposes of law enforcement employment; or (3) for purposes of an investigation into law enforcement officer conduct performed by a law enforcement agency.”
What are the penalties for violating the Act?
The state’s attorney general or the victim can sue you. The damages are $1,000 per violation and if the suit is brought by the victim, this person can recover attorney’s fees and costs.
Because of this statute, you should review your job applications, employment policies, and employee handbooks before January 1. And before asking for this information, monitoring an employee’s online life, or cooperating with a third party claiming a right to this information, consult with your attorney.
Conder is a member of the law firm Rainey, Kizer, Reviere & Bell.