By: James P. Flynn

The New Jersey Legislature was overwhelmingly in favor of a measure that would have barred employers from obtaining social media IDs and other social media related information from employees and applicants. Click here for A2878 as passed.  But Governor Chris Christie vetoed A-2878 because it would frustrate a business’s ability “to safeguard its business assets and proprietary information” and potentially conflict with regulatory requirements on businesses in regulated industries such as finance and healthcare. Click here for the Governor's Veto Statement. While the Governor thought the bill well-intentioned, he conditionally vetoed it for painting “with too broad a brush,” citing the trade secrets/proprietary information concern as a primary motivation: “In view of the over-breadth of this well-intentioned bill, I return it with my recommendations that it be more properly balanced between protecting the privacy of employees and job candidates, while ensuring that employers may appropriately screen job candidates, manage their personnel, and protect their business assets and proprietary information.”

The Governor specifically recommended the bill be revised to:

  • Create an exception to allow investigation of work place misconduct or unauthorized transfer of confidential or proprietary data to a personal account;
  • Add language confirming that an employer may view, access, or utilize information about a current or prospective employee that can be obtained in the public domain;
  • Carve out of the definition of “personal account” any account, service or profile created, maintained, used or accessed by a current or prospective employee for business purposes of the employer or to engage in business related communications;
  • Eliminate provisions that would create a civil cause of action for affected employees or applicants;
  • Add a proviso stating that nothing in the act shall prevent an employer from implementing and enforcing a policy pertaining to the use of an employer issued electronic communications device or any accounts or services provided by the employer or that the employee uses for business purposes; and
  • Add a proviso stating that nothing in the act should be construed to prevent an employer from complying with the requirements of State or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.

Click here for the bill as revised after the Governor's veto statement.

These last two provisos are important ones, especially for the financial services industry and the healthcare industry. They are important because FINRA, for example, has laid out certain monitoring and record keeping requirements concerning social media used to communicate with clients and prospective clients concerning potential financial transactions. See, e.g., FINRA Guidance here.

There are likewise data security requirements emerging out of HIPAA and other bodies of law that may require security and monitoring of social media. Click here for a discussion of such issues by Dan Goldman (@danielg280), legal counsel at Mayo Clinic and Advisory Board member to the Mayo Clinic Center for Social Media. In an age of BYOD (Bring Your Own Device) and the consolidation of business and personal activity to a single mobile device, failure to include such exceptions would force employers into hard choices between required monitoring and desired seamlessness of the business/personal transition.

While many states have in the last year adopted such statutes, the interplay between the Governor and the Legislature in New Jersey plays out the competing interests nicely, and hopefully starts a trend toward a more measured approach to such questions. Accommodating these competing interests is not only a legislative challenge, but is one faced by employers and businesses every day.

Back to Health Law Advisor Blog

Search This Blog

Blog Editors

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Health Law Advisor posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.