Don’t Ask, Don’t Entail: Watch out for new workplace data privacy laws

Federal law can complicate things, as may be seen in the case of Ehling v. Monmouth-Ocean Hospital Service Corp.

In our last article, we discussed the importance of developing privacy and cybersecurity policies to address potential risks arising from employees who use third-party file-hosting services to store company data. We thereby emphasized the reality that if you have employees with laptop computers, some proportion of them is bound to be storing company data on assets that your company does not control. In this article, we consider an inevitable corollary to that reality: Some proportion of your employees (probably a significant portion of them) are using online social media — from Facebook to Twitter to Instagram, to name a few — in ways that your company does not control.

Now, in developing privacy and cybersecurity policies to address this reality, it is important to recognize that such policies must serve not only to protect company confidences, but also to ensure that company personnel do not inadvertently violate a host of new state laws protecting employee use of social media. For example, on May 23, 2014, Louisiana Governor Bobby Jindal signed into law the Personal Online Account Privacy Protection Act. Under the Act, an employer may not “[r]equest or require an employee or applicant for employment to disclose any username, password, or other authentication information that allows access to the employee’s or applicant's personal online account.” “Personal online account” includes any online service that an employee “uses exclusively for personal communications unrelated to any business purpose of the employer.” In short, under Louisiana law, it is now generally illegal for employers to ask or require that employees hand over the passwords to their private Facebook or Twitter accounts.

Contributing Author

author image

Richard Martinez

Richard Martinez is a trial attorney at Robins, Kaplan, Miller & Ciresi L.L.P. Rick’s practice focuses substantially on technology, primarily in the areas of intellectual...

Bio and more articles

Contributing Author

author image

Mahesha Subbaraman

Mahesha Subbaraman is an associate at Robins, Kaplan, Miller & Ciresi L.L.P., focusing on data privacy, cybersecurity issues and complex business litigation.

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.