The 2012 year end was an uncharacteristically busy time for the Michigan Legislature and Governor Rick Snyder. In a lame duck session that normally sees little activity, the legislature sent over 200 bills to the governor for signature. Among the new laws signed by Governor Snyder is one that protects employees’ online password privacy.
The new Michigan Internet Privacy Protection Act prohibits employers and educational institutions from asking applicants, employees and students for passwords and other account information used to access private e-mail accounts and social network accounts, such as Facebook and Twitter. The law also prohibits employers from disciplining, discharging or otherwise penalizing an employee or applicant who fails to disclose information that allows access to a personal account.
Signing the new law, Governor Snyder commented, “Potential employees and students should be judged on their skills and abilities, not private online activities.”
While protecting employees’ private social networking accounts, the Michigan law still allows employers discretion to monitor and control use of employer-owned and controlled electronic resources. The law does not affect an employer's ability to access and regulate employees’ use of social media on electronic communication devices paid for in whole or in part by the employer. Significantly, the Michigan law does not prohibit an employer from disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal internet account without the employer’s authorization. Further, the new law does not prohibit or restrict an employer from viewing, accessing or utilizing information about an employee or applicant that can be obtained without any access to personal password information or that is available in the public domain.
With this new law, which took immediate effect on December 28, 2012, Michigan joins a growing list of states protecting online employee privacy that include Maryland, Illinois, Delaware, California, and New Jersey. Similar legislation was introduced in at least seven other states and at the federal level in 2012, but did not pass.
The new Michigan law and the likelihood of continued activity in this area at the federal and state levels in 2013 should prompt employers to review and update their internet usage policies to ensure that those policies clearly communicate to employees permissible and impermissible activity.