Social Media

After gaining prominence in 2012, state legislation restricting access to personal social media accounts by employers and schools has remained active.  Three more states have enacted their own restrictions thus far in 2013, and bills are pending in more than two dozen other states, according to the National Conference of State Legislatures. In 2012, Illinois and Maryland  enacted social media privacy laws restricting employers, Delaware and New Jersey enacted laws restricting academic institutions, and California and Michigan enacted both employer- and school-focused restrictions.

So far this year, Utah, New Mexico, and Arkansas have enacted their own restrictions. Utah enacted two laws — the Internet Employment Privacy Act and the Internet Postsecondary Education Privacy Act — as part of one bill, HB100, which was signed into law on March 26 and takes effect May 14. New Mexico enacted two separate bills — SB 371 and SB 422 — focusing on employers and post-secondary schools, respectively. Both bills were signed April 5 and take effect on June 14. In Arkansas, a bill imposing restrictions on public and private post-secondary schools was enacted as Act 998 on April 8.  Below is more information about each.Continue Reading Utah, New Mexico, Arkansas are Latest States to Restrict Access by Employers or Schools to Personal Social Media Accounts

Employees’ use of social media and other online services in their professional and personal lives has increased the risk of an employee bringing claims against a current or former employer.  In the past three years, for example, employers have had to defend against claims related to ownership of social media

Continue Reading Covington Event: Insurance Coverage for Employment-Related Liabilities

At a recent forum in New York, a team of Covington lawyers addressed the growing concern among companies that their most valuable assets could leave the building on a thumb drive in an employee’s pocket or be disclosed through an employee’s use of a social media site.  Addressing

Continue Reading 5 Privacy and Data Security Measures That Can Protect Your Company Against Trade Secret Theft

Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total.  The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau.  After

Continue Reading FTC Annual Report Reveals Identity Theft — Not Privacy — Is Top Consumer Complaint

A bill reintroduced in the U.S. House of Representatives on Wednesday would prohibit employers and schools from requesting or demanding access to employees’ or students’ personal social-media accounts.

The bill, titled the “Social Networking Online Protection Act,” would bar employers from requesting or requiring that employees or job applicants provide the employer access to personal e-mail or social-networking accounts.  The bill also would bar employers from firing or otherwise retaliating against an employee or applicant for refusing or complaining about such a request. Violations would carry a civil penalty of up to $10,000, and the bill would authorize the Secretary of Labor to seek an injunction against practices that violate the law.

The bill would establish similar protections for students or applicants at colleges and K-12 schools receiving federal funds. Continue Reading Bill Would Set Federal Restrictions on Employer, School Access to Personal Online Accounts

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from children under  13 years old without parental notice and consent.  Path did not admit any liability by entering into the consent decree, which is for settlement purposes only.

The FTC alleged that the Path application included an “Add Friends” feature that allowed users to make new connections within the app.  Users were given three options when using the “Add Friends” functionality:  “Find friends from your contacts,” “Find Friends from Facebook,” or “Invite friends to join Path by email or SMS.”  Regardless of which option was chosen, Path automatically collected and stored contact information from the address book on the user’s mobile phone.  The FTC argued that this practice was contrary to representations made in the company’s privacy policy that only certain technical information, such as IP address, browser type, and site activity information, was automatically collected from the user.  Under the settlement, Path agreed to implement a comprehensive privacy program and obtain biennial, independent privacy assessments for the next twenty years. Continue Reading FTC Settles Deception, COPPA Charges Against Social Networking App Path

On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential consumer compliance, legal, reputation, and operational risks associated with the use of social media, along with expectations for managing those risks. 

The proposed guidance defines “social media” as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.”  The FFIEC warns that social media can impact a depository institution’s risk profile by increasing the risk of harm to consumers, compliance and legal risk, operational risk, and reputational risk. 

Continue Reading FFIEC Proposes Social Media Guidance

New Jersey earlier this month became the latest state to bar college and university officials from demanding access to students’ or applicants’ personal online accounts.  Gov. Chris Christie signed the law, which takes effect immediately, on Dec. 3.

Under the new law, which applies to public and private higher-education institutions, schools cannot require a student or applicant to “in any way provide access” to “a personal account or service through an electronic communications device,” nor may schools “in any way inquire as to whether a student or applicant” has a social-media account. Schools may not retaliate against students who refuse to provide access to their accounts, and the law voids any agreement to waive the statute’s protections.Continue Reading New Jersey Restricts Colleges’ Access to Students’ Personal Accounts, Considers Similar Protections for Employees

The National Labor Relations Board (NLRB) continues to be active in considering whether companies’ social media policies run afoul of U.S. labor laws.  In the latest decision implementing the approach reflected in a series of NLRB reports analyzing employer social media policies under the National Labor Relations Act (NLRA), an administrative law

Continue Reading NLRB Finds DISH Network Social Media Policy Unlawful

California is the latest state to enact legislation restricting the circumstances under which employers or schools can demand access to employees’ or students’ personal social media accounts.

California Gov. Jerry Brown signed two bills into law on Sept. 27.  The first, A.B. 1844, bars employers from requiring or requesting that employees or job applicants disclose personal social media usernames or passwords, access personal social media accounts in the employer’s presence, or otherwise “[d]ivulge any personal social media.” Employers are barred from firing or otherwise retaliating against anyone who refuses to comply with a request that is prohibited under the law. Employers may require employees to disclose information needed to access employer-issued devices and may request access to personal social media the employer reasonably believes is relevant to a misconduct investigation.

S.B. 1349 creates parallel protections for students, prospective students and student groups at public and private colleges and universities.Continue Reading New California Laws Restrict Employer, College Access to Personal Social-Media Content