(b)(1)It shall be unlawful for any employer to request or require any employee or prospective employee to provide any user name and password, password, or other means of authentication to gain access to the employee's or prospective employee's personal internet account.
(2)An employer may request or require an employee to disclose any user name and password, password, or other means of authentication for accessing any accounts or services provided by the employer or by virtue of the employee's employment relationship with the employer or that the employee uses for business purposes.
Note: Paragraph 1 retains the ban on asking for account information for personal accounts, and paragraph 2 authorizes asking for the info for business/employeer provided accounts.
So, unlike the headline, in fact this bill moves to legalize access to the businesses social media accounts.
The people talking about how a company could argue that their (say) Twitter account was a business account seem to miss the fact that such an argument takes place in court.
However, I still worry about possible misinterpretation of the clause involving business use of personal accounts. I don't trust lawyers or judges. Sure, court decisions are probably correct well over 90% of the time, but that's just not good enough for me.
So now that you've rejected the lawmaking and justice systems wholesale, what do you propose to put instead?
The only place this law causes friction is when employees are either using personal accounts for business purposes or business accounts for personal purposes. It's a good law because it encourages a separation of the personal and professional spheres of one's life.
Right, which you shouldn't be doing so that you retain that clear separation.
This is the part that fucks the whole thing up. It's too vulnerable to misinterpretation or abuse.
It's also already a prosecutable offense to lock your company out of a business related account, so what is the point of establishing more legislation?
The reason for the legislation is that Illinois companies are specifically not permitted to demand credentials for personal social media accounts; it creates an exception to at-will employment in Illinois that would enable you to sue your employer if you were terminated incident to refusing credentials.
Only if you let HN and reddit rashly interpret your court decisions for you...
> It's also already a prosecutable offense to lock your company out of a business related account, so what is the point of establishing more legislation?
Because by itself, the previous language created an ambiguous situation. All the new bill does is clarify that the ban on asking for login credentials for a personal account doesn't override the offense of locking your company out of a business-related account.
No, I think it's pretty clear. Once information is publish via the company's twitter account, it becomes public information. It would be a very long stretch for retweeting public information to change the nature of a personal account to fall under this law.
Not to mention, Illinois' has notoriously labor friendly courts (I live in IL). While landing in court is an obvious problem for the employee to defend/prosecute, the reputation/record of IL labor courts make it an even steeper hill for an employeer to climb than for the employee.
While I would hope that most startups are above this kind of behavior, since startups tend to ask their people to use their personal accounts for marketing purposes, I have to at least have some concern...
In reality, anything that amounts of an exception to the at-will doctrine creates an enormous minefield for employers. Terminated employees are very frequently disgruntled and can be counted on, over time, in the large, to bring meritless cases. Employers who want to survive without being stuck up for settlements are going to become very process-bound for how they handle credentials.
Think of it this way: worst-case downside to employee from this law: early termination. Downside to employer: horrifically expensive legal debacle.
While Twitter is the obvious example, what about a Github account? I've patched bugs or merged pull requests for my employer's projects from my own account. Would that qualify?
Personal Github accounts are already a little bit fraught for that reason. The Illinois statute revision doesn't change the calculus; if you're an IL employee with a Github account you care about, you (a) don't want to be working for anyone who demands credentials to it, and (b) now have an avenue to extract a few tens of thousands of dollars from that employer should they ever be dumb enough to ask and then fire you.
ANY type of legalized access to employee social media accounts is bad. Period.
Yet this is what we get when we freely throw any of our personal information online.
You get that under at-will employment, there's a UNIVERSE of unreasonable requests employers can make that will permit them to fire you directly, right?
It still legalizes asking for accounts and there's still room for misinterpretation.
and a better article:
The bill specifically says that the employer cannot fire someone for NOT giving up their facebook password or whatever, so that's good at least (however unenforceable it might be)
Serfdom is a somewhat appropriate term, if your actions are monitored and controlled 24x7.
If I were Facebook, et al, I would be opposing this with everything I had. Nothing will hurt Facebook more than people being concerned that posting on it will negatively impact their jobs.
By your logic, no anti-discrimination law is enforceable either, because you'd have to be a complete nitwit to actually tell an employee they were being fired for being a woman, or African American. In practice, employers always make up excuses for unlawful termination.
Also, in practice, each of these exceptions to at-will employment is a vast gaping constantly-looming risk for employers, since litigation is extraordinarily expensive and terminated employees are extremely quick to threaten suit. I've seen meritless discrimination suits brought at previous employers; they're settled immediately no matter how wrong they are.
So the net effect of laws like this is to create an incentive for employers to be extremely careful and process-bound for how they handle credentials, because credentials in Illinois are officially an employment law minefield.
Even if they don't fire you, you've negatively impacted chances of promotion and possibly put yourself on the top of the layoff list. The balance of power in the US is very strongly tipped towards the employer; we really don't need to add more to it.
Again: this law tips the balance of power AWAY from employers.
The text of the bill instead discusses the demand side "It shall be unlawful for any employer to request".
I am not seeing the punishment this unlawful act would result in. Maybe there isn't one. However, I am not a lawyer and anyone relying on this post for official legal advice is a moron.
On the job, assuming you've actually been out there, for quite a few years its "normal" for coworkers and bosses and such to friend each other and talk smack about each other and the boss. From observation of extensive experience the biggest problem with social media mixing with work tends to be professional contacts both making and reading highly unprofessional comments outside of work resulting in huge raging arguments / battles at work. (edited to emphasize battles between employees not mgmt vs employee. Although this inevitably drags mgmt into it when one employee whines about another's comments online about their religion/ethnicity/orientation/blah make it impossible for them to ever work together again, even though the topic would never have been discussed on company property at any civilized employer. Most of the mgmt where I work would relish a law prohibiting people from work socializing in any manner, especially social media flamewars, outside work.)
If you work for an employer who does not care about the law, then the law is not going to affect them, this is correct.
This does not distress me.
The other significant part, that employers can request account information for accounts "that the employee uses for business purposes" but can't "discharge, discipline, or otherwise penalize or threaten to discharge, discipline, or otherwise penalize an employee for an employee's refusal to disclose" I see as mostly placing requirements on employers: Make sure your staff is not becoming the "face" of your brand with their personal accounts.
Passwords authenticate you as you. It's preached constantly to people that they DO NOT GIVE PASSWORDS for others to use on their behalf! Even in IT, where people tend to know the implications, the trend is away from common accounts for work and toward individual admin accounts to increase accountability.
If I, for some over riding reason, NEEDED to give a coworker my password for an operational emergency, I would change it as soon as possible. I would never give it to anyone at my company for records keeping or access.
If I have trusted your account, without knowing that it is your business account, my expectation of privacy for personal information I have shared with you is now broken.
It's an easy cop-out to say don't share anything you don't want shared with everyone. Too easy.
I do want to be able to share with just certain friends, and I don't want to unexpectedly have that shared, semi-private, information shared with the company they work for. This is a serious flaw with the bill.
Now, wether there should be legal ramifications for such a violation of trust may be a worthwhile questions, but not one that this bill, which only amends an existing law, even even attempting to consider.
You don't have a right to whatever boss you want at whatever job you want. Sometimes the boss is an asshole. You do have a right to quit. Use it!
I see this bullshit argument time and time again on HN. Not everyone is an intelligent, skilled worker with experience and the ability to pick and choose jobs. The vast majority of people are vying for the same unskilled or barely skilled jobs and are just desperately trying to keep food on the table. ANY legislation that further reduces their bargaining power is abhorrent.
However, part of building value as an employee (in fact as a human being) is deciding what levels are treatment are unacceptable and standing up against them.
Are you suggesting that someone of less skill or experience has no right (forget legally - morally) to quit their job, even if it means a future of greater economic risk?
If your husband or wife, brother or sister, parent, best friend, roomate - whomever - comes to you and tells you that they are going to have trouble meeting their obligations to you because they quit their unjust job, tell them, "you did the right thing. You need to value yourself and love yourself. I'll do my best to get by until you can pay me back, and I'll help you find a job that respects you in the mean time."
Well that's true, I don't disagree. However, to be valuable on the bottom rung to large companies, you need to either show real management potential (and have a decent manager) - the good option - or simply be as drone-like and exploitable as possible.Are you suggesting that someone of less skill or experience has no right (forget legally - morally) to quit their job, even if it means a future of greater economic risk?
> Are you suggesting that someone of less skill or experience has no right (forget legally - morally) to quit their job, even if it means a future of greater economic risk?
No, I'm suggesting the opposite. However, society enforces the judgement by it's attitude toward the unemployed.
> If your husband or wife, brother or sister, parent, best friend, roomate - whomever - comes to you and tells you that they are going to have trouble meeting their obligations to you because they quit their unjust job, tell them, "you did the right thing. You need to value yourself and love yourself. I'll do my best to get by until you can pay me back, and I'll help you find a job that respects you in the mean time."
Of course, but a lot of these people don't have a support network, or their support network has no ability to financially support them.
You might be able to ask for friends for help, but people are going to ask themselves if it's worth putting their loved ones through hell to keep their password to themselves.
I feel like the "Don't work there!" argument is ignoring the fact that we needed unions to get to where we are with employment practices.
If an employee fears for their job, they will put up with almost anything, whether lawful or not. Employee protection regulations have real bite exactly when they are almost not needed; when employees can just walk away from a job and be certain to find a new one.
In many cases, an employeer can simply say, "The law allows me to ask for you facebook account information, please give it to me," and the employee wouldn't know otherwise. The original law was meant to ban that activity. The new bill opens up a small loophole so the the employeer can ask for account information for business related accounts.