SB 5211 as currently written is quite broad. It would prohibit an employer from “directly or indirectly” requiring any employee or applicant to submit “any password or other related account information” regarding his/her social networking website profile. “Social networking web site” is also broadly defined to include:
“an internet-based service that allows individuals to construct a public or semi-public profile within a system created by the service; create a list of other users with whom they share a connection within the system; and view and navigate their list of connections and those made by others within the system.”
The bill does not carve out any exceptions for:
1) Employer-owned or -paid devices,
2) Employee profiles which use or display the employer’s trademarks, copyrights, or other intellectual property, or
3) Profiles for which the employer provided the employee with significant assistance and resources to develop and maintain.
As our previous bloggers have noted, there is a potential conflict between SB 5211 and those court decisions which suggest a degree of employer ownership of employee online networking profiles that incorporate employer intellectual property, or in which the employer invested significant development and maintenance resources. See, e.g., Eagle v. Morgan, No. 11-4303, 2011 WL 6739448 (E.D. Pa. Dec. 22, 2011) (employer may have ownership of former employee’s LinkedIn profile); and PhoneDog v. Noah Kravitz, No. C11-03474 MEJ, 2011 U.S. Dist. LEXIS 129229 (N.D.Cal.) (November 8, 2011) (employer may have interest in former employee’s Twitter account). As noted above, SB 5211 makes no distinction for such profiles. Some might ask, “how will employers with court-recognized interests in employee online profiles enforce their rights in them, if by law they cannot effectively monitor those accounts?”
Yet another possible conflict is with the common law claims of negligent hiring and retention. That is, injured plaintiffs may use as evidence that an employee was negligently hired or kept on even after his/her social networking activity generated some kind of notice that the employee was not to be trusted (i.e. an employee delivery man posts on his Facebook account, “boy, another DUI last night.” Six months later, that employee runs over someone while drunk). Now, the defense might be that an employer cannot be found to have legal notice of the employee’s dangerousness, if not get such notice the employer would have had to break the law. But because the bill is broadly written, employers might shy away from even permissible online intelligence gathering regarding its current or prospective employees to avoid the appearance of unlawful searching and significant legal exposure.
Lastly, the law may be very expensive for employers, even for inadvertent violations. Aggrieved plaintiffs may file civil lawsuits for violations, and the court “may” award actual damages, $500 per-violation kickers, and attorneys’ fees to the prevailing employee / applicant. Of course, the awards are discretionary, not mandatory (hence the quotes in the preceding sentence), but the mere possibility of actual and bonus damages and fees is encouragement enough for perhaps an avalanche of lawsuits.
In the end, like any legislation, serious thought and consideration must be given to whether the law will do more good than bad. Such laws must be carefully written to achieve their intended purpose without doing too much collateral damage. We will monitor SB 5211 as it proceeds through the Washington legislature.