Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
Nevada has joined the growing list of states that have enacted “social media password protection” legislation that restricts employers’ access to applicants’ and employees’ personal social media accounts. The full roster of states with such laws now includes: Arkansas; California; Colorado; Illinois; Maryland; Michigan; Nevada; New Mexico; Oregon; Utah; and Washington. The Nevada law goes into effect on October 1, 2013.
The Nevada law prohibits employers only from requesting or requiring that applicants or employees provide their user name, password, or other information needed to gain access to a personal social media account, as well as adverse employment action based upon a refusal to comply with such a request. This prohibition is narrower than that seen in many password protection laws which typically also prohibit employers from “shoulder surfing,” from compelling an employee or applicant to accept a friend or connection request and/or from requiring that an employee or applicant change privacy settings to permit the employer access to his or her restricted, personal social media account.
While the prohibited acts under Nevada’s law are relatively narrow, the scope of Nevada’s prohibition is relatively broad. Unlike many other password protection laws that are limited to social media, Nevada’s law appears to apply to virtually any kind of online account by defining “social media” as “any electronic service or account or electronic content, including, without limitation, videos, photographs, blogs, video blogs, podcasts, instant and text messages, electronic mail programs or services, online services or Internet website profiles.”
Nevada’s law has only two, narrow exceptions to its general prohibition. First, the law’s prohibitions do not apply to non-personal accounts. Second, the law does not “prevent an employer from complying with any state or federal law or regulation or with any rule of a self-regulatory organization.” This language, which is similar to language sponsored by securities industry groups, appears to be primarily intended to permit covered employers to comply with FINRA’s rules on supervising their employees’ posts in social media.
The Nevada law contains no provision specifically addressing remedies. The enacted Act states that the law will be codified in the chapter on employment practices, suggesting remedies available under that chapter will be available for a violation. However, because that chapter has different remedies depending on where the law is codified, it remains unclear what remedies will be available to a party aggrieved by an alleged violation of Nevada’s social media password protection law.
Nevada employers who may need access to social media content for legitimate business purposes, such as conducting a workplace investigation, should note two key limitations on the Nevada law. First, the law does not purport to prohibit employers from accessing any publicly available social media content. Second, the statute does not prohibit an employer from accepting social media content voluntarily provided by a co-worker. In addition, the statute does not purport to prohibit an employer from asking an employee to provide access to the restricted social media content of someone else, such as an applicant or co-worker, as long as the employer does not request access to the cooperating employee’s own social media content. However, this approach creates risks under another statute, the federal Stored Communications Act, that should be discussed with legal counsel before an employer pursues this course of action.