Tennessee Limits Employers' Access to Private Social Media Accounts of Employees, Job Applicants

  • May 13, 2014

Key points:

  • Effective January 1, 2015
  • Applicable to all employers
  • Employee right to bring civil action

Tennessee has joined the growing number of states that prohibits employers, including government entities, from requesting or requiring access to the private social networking or online accounts of employees and job applicants. The Employee Online Privacy Act of 2014, signed by Governor Bill Haslam on April 29, 2014, will take effect January 1, 2015, but the new law will not apply to a contract entered into prior to that date that permits an employer action prohibited by the Act unless or until the contract is renewed on or after that date.

The Act bars an employer, regardless of size, from:

1. requesting or requiring an employee or an applicant to disclose a password that allows access to the employee’s or applicant’s personal Internet account;

2. compelling an employee or an applicant to add the employer or an employment agency to the employee’s or applicant’s list of contacts associated with a personal Internet account;

3. compelling an employee or an applicant to access a personal Internet account in the presence of the employer in a manner that enables the employer to observe the contents of the employee’s or applicant’s personal Internet account; or 

4. taking adverse action, failing to hire, or otherwise penalizing an employee or applicant because of a failure to disclose information or take an action specified above.

A “personal Internet account” is an online account used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer. “Adverse action” is to discharge, threaten, or otherwise discriminate against an employee in any manner that affects the employee’s employment, including compensation, terms, conditions, location, rights, immunities, promotions, or privileges.

However, an employer is not prohibited from:

1. Requesting or requiring an employee to disclose a username or password required only to access an electronic communications device supplied by or paid for wholly or in part by the employer, or an account or service provided by the employer that is obtained by virtue of the employee’s employment relationship with the employer, or used for the employer’s business purposes;

2. Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal Internet account without the employer’s authorization;

3. Conducting an investigation or requiring an employee to cooperate in an investigation under certain circumstances;

4. Restricting or prohibiting an employee’s access to certain websites while using an electronic communications device supplied by or paid for wholly or in part by the employer or while using an employer’s network or resources, in accordance with state and federal law;

5. Monitoring, reviewing, accessing, or blocking electronic data stored on an electronic communications device supplied by or paid for wholly or in part by the employer, or stored on an employer’s network, in accordance with state and federal law;

6. Complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications that is established under federal law or by a “self-regulatory organization” (as defined in the Securities and Exchange Act of 1934, 15 U.S.C. § 78c(a)), for purposes of law enforcement employment, or for purposes of an investigation into law enforcement officer conduct performed by a law enforcement agency; or

7. Viewing, accessing, or using information about an employee or applicant that can be obtained without violating the prohibited conduct or information that is available in the public domain.

The attorney general and reporter may bring a civil action against an employer on behalf of an aggrieved resident of Tennessee. If the court finds a violation, it will award the state not more than $1,000 for each violation found.

An individual subject to a violation of the Act may bring a civil action against an employer for injunctive relief and may recover not more than $1,000 in damages for each violation against the individual found plus reasonable attorney fees and court costs.

For additional information on the Act and assistance in complying with its requirements, please contact a member of our Privacy, e-Communication and Data Security practice or the Jackson Lewis attorney with whom you regularly work.

©2014 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Focused on labor and employment law since 1958, Jackson Lewis P.C.'s 950+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients' goals to emphasize inclusivity and respect for the contribution of every employee. For more information, visit https://www.jacksonlewis.com.