Connecticut has joined a list of twenty-one states with a statute designed to preserve the privacy of personal online accounts of employees and limit the use of information related to such accounts in employment decision-making. Legislation directed to online privacy of employees has also passed this year in Montana, Virginia, and Oregon, and such legislation is pending in a number of other states.

Connecticut’s law, effective as of October 1, 2015, applies to “personal online accounts” – broadly defined as online accounts, such as e-mail, social media, and retail-based web sites, used exclusively for personal purposes by a current or prospective employee.

The statute prohibits employers from requiring or requesting that a current or prospective employee: disclose a username or password to his or her personal online account; authenticate or access a personal online account in the presence of the employer; or offer to or accept from the employer an invitation to join a group affiliated with the employee’s personal online account. Employers may not take adverse action against a current employee who refuses to engage in any of the foregoing activities, or fail or refuse to hire a prospective employee as a result of a refusal to engage in such activities.

Exceptions within the law allow employers to request or require that a current or prospective employee provide a user name and password or other means for accessing:

  • Any account or service provided by the employer or by virtue of the employment relationship;
  • Any account or service used by the employee for the employer’s business purposes; or
  • Any computer or smartphone supplied or paid for by the employer.

In addition, employers may require an employee to provide access – but not a password or other means of access – to his or her personal online account in order to conduct an investigation related to (i) ensuring compliance with laws, regulations, or other rules prohibiting employee misconduct, or (ii) a suspected unauthorized transfer of confidential information or financial data to or from any personal online account. However, the employer may only conduct such an investigation pursuant to “specific information” about relevant activity on the employee’s personal online account.

Notably, the law does not restrict the employer’s ability to monitor, access, or block data that is either stored on a computer or phone paid for by an employer or transmitted through or stored on an employer’s network. The law also does not prevent an employer from complying with laws, regulatory requirements, or rules of self-regulatory organizations.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Laura E. Goldsmith Laura E. Goldsmith

Laura Goldsmith is a partner in the Technology, Media and Telecommunications Group and member of the Privacy & Cybersecurity Group and Life Sciences Group. Her practice focuses on matters in technology, intellectual property, privacy and data protection across a range of industries including…

Laura Goldsmith is a partner in the Technology, Media and Telecommunications Group and member of the Privacy & Cybersecurity Group and Life Sciences Group. Her practice focuses on matters in technology, intellectual property, privacy and data protection across a range of industries including life sciences, media, entertainment, sports, sports betting, software, professional and financial services, healthcare, retail, fashion and communications.

Laura structures and negotiates complex technology transactions, such as license agreements, joint development agreements, supply, manufacturing or other services agreements, and software-as-a-service agreements.  In particular, she regularly represents life science companies in licensing deals, co-commercialization arrangements, research collaborations, strategic acquisitions, and other transactions.

Laura also counsels clients in navigating compliance with international, federal and state laws related to privacy and data protection in the context of transactions, vendor relationships, internal compliance and external-facing policies.  She is an editor of and contributor to Proskauer’s Privacy Law Blog and contributor to the State Privacy Laws and Financial Privacy chapters of the Proskauer on Privacy treatise published by PLI.

Laura is a member of the Proskauer Women’s Alliance Steering Committee and previously served as its co-chair.

Prior to her legal career, Laura worked as a consultant to global pharmaceutical companies formulating drug development strategy and clinical trial design. She also conducted scientific research in pharmacology and biology at Duke University Medical Center and her research has been published in peer-reviewed journals.

While at Boston University School of Law, Laura served as the Editor-in-Chief for the Review of Banking & Financial Law and interned for Judge Kiyo A. Matsumoto of the U.S. District Court for the Eastern District of New York.