|
| Public Act 099-0610
|
| HB4999 Enrolled | LRB099 17796 JLS 42158 b |
|
|
AN ACT concerning employment.
|
Be it enacted by the People of the State of Illinois,
|
represented in the General Assembly:
|
Section 5. The Freedom From Location Surveillance Act is |
amended by changing Section 5 as follows:
|
(725 ILCS 168/5)
|
Sec. 5. Definitions. For the purpose of this Act: |
"Basic subscriber information" means name, address, local |
and long distance telephone connection records or records of |
session time and durations; length of services, including start |
dates, and types of services utilized; telephone or instrument |
number or other subscriber number or identity, including any |
temporarily assigned network address; and the means and source |
of payment for the service, including the credit card or bank |
account number. |
"Electronic device" means any device that enables access |
to, or use of: |
(1) an electronic communication service that provides |
the ability to send or receive wire or electronic |
communications; |
(2) a remote computing service that provides computer |
storage or processing services by means of an electronic |
communications system; or |
|
(3) a location information service such as a global |
positioning service or other mapping, locational, or |
directional information service. |
"Electronic device" does not mean devices used by a |
governmental agency or by a company operating under a contract |
with a governmental agency for toll collection, traffic |
enforcement, or license plate reading.
|
"Law enforcement agency" means any agency of this State or |
a political subdivision of this State which is vested by law |
with the duty to maintain public order or enforce criminal |
laws.
|
"Location information" means any information concerning |
the location of an electronic device that, in whole or in part, |
is generated by or derived from the operation of that device.
|
"Social networking website" has the same meaning ascribed |
to the term in paragraph (4) of subsection (b) of Section 10 of |
the Right to Privacy in the Workplace Act.
|
(Source: P.A. 98-1104, eff. 8-26-14.)
|
Section 10. The Right to Privacy in the Workplace Act is |
amended by changing Section 10 as follows:
|
(820 ILCS 55/10) (from Ch. 48, par. 2860)
|
Sec. 10. Prohibited inquiries; online activities. |
(a) It shall be unlawful for any employer
to inquire, in a |
written application or in any other manner, of any
prospective |
|
employee or of the prospective employee's previous employers,
|
whether that prospective employee has ever filed a claim for |
benefits under
the Workers' Compensation Act or Workers' |
Occupational Diseases Act or
received benefits under these |
Acts.
|
(b)(1) Except as provided in this subsection, it shall be |
unlawful for any employer or prospective employer to: |
(A) request, or require, or coerce any employee or |
prospective employee to provide a user name and password or |
any password or other related account information in order |
to gain access to the employee's or prospective employee's |
personal online account or profile on a social networking |
website or to demand access in any manner to an employee's |
or prospective employee's personal online account; or |
profile on a social networking website. |
(B) request, require, or coerce an employee or |
applicant to authenticate or access a personal online |
account in the presence of the employer; |
(C) require or coerce an employee or applicant to |
invite the employer to join a group affiliated with any |
personal online account of the employee or applicant; |
(D) require or coerce an employee or applicant to join |
an online account established by the employer or add the |
employer or an employment agency to the employee's or |
applicant's list of contacts that enable the contacts to |
access the employee or applicant's personal online |
|
account; |
(E) discharge, discipline, discriminate against, |
retaliate against, or otherwise penalize an employee for |
(i) refusing or declining to provide the employer with a |
user name and password, password, or any other |
authentication means for accessing his or her personal |
online account, (ii) refusing or declining to authenticate |
or access a personal online account in the presence of the |
employer, (iii) refusing to invite the employer to join a |
group affiliated with any personal online account of the |
employee, (iv) refusing to join an online account |
established by the employer, or (v) filing or causing to be |
filed any complaint, whether orally or in writing, with a |
public or private body or court concerning the employer's |
violation of this subsection; or |
(F) fail or refuse to hire an applicant as a result of |
his or her refusal to (i) provide the employer with a user |
name and password, password, or any other authentication |
means for accessing a personal online account, (ii) |
authenticate or access a personal online account in the |
presence of the employer, or (iii) invite the employer to |
join a group affiliated with a personal online account of |
the applicant. |
(2) Nothing in this subsection shall limit an employer's |
right to: |
(A) promulgate and maintain lawful workplace policies |
|
governing the use of the employer's electronic equipment, |
including policies regarding Internet use, social |
networking site use, and electronic mail use; or and |
(B) monitor usage of the employer's electronic |
equipment and the employer's electronic mail without |
requesting or using requiring any employee or prospective |
employee to provide any password or other related account |
information in order to gain access to the employee's or |
prospective employee's personal online account or profile |
on a social networking website. |
(3) Nothing in this subsection shall prohibit an employer |
from: |
(A) obtaining about a prospective employee or an |
employee information that is in the public domain or that |
is otherwise obtained in compliance with this amendatory |
Act of the 97th General Assembly; . |
(B) complying with State and federal laws, rules, and |
regulations and the rules of self-regulatory organizations |
created pursuant to federal or State law when applicable; |
(C) requesting or requiring an employee or applicant to |
share specific content that has been reported to the |
employer, without requesting or requiring an employee or |
applicant to provide a user name and password, password, or |
other means of authentication that provides access to an |
employee's or applicant's personal online account, for the |
purpose of: |
|
(i) ensuring compliance with applicable laws or |
regulatory requirements; |
(ii) investigating an allegation, based on receipt |
of specific information, of the unauthorized transfer |
of an employer's proprietary or confidential |
information or financial data to an employee or |
applicant's personal account; |
(iii) investigating an allegation, based on |
receipt of specific information, of a violation of |
applicable laws, regulatory requirements, or |
prohibitions against work-related employee misconduct; |
(iv) prohibiting an employee from using a personal |
online account for business purposes; or |
(v) prohibiting an employee or applicant from |
accessing or operating a personal online account |
during business hours, while on business property, |
while using an electronic communication device |
supplied by, or paid for by, the employer, or while |
using the employer's network or resources, to the |
extent permissible under applicable laws. |
(4) If an employer inadvertently receives the username, |
password, or any other information that would enable the |
employer to gain access to the employee's or potential |
employee's personal online account through the use of an |
otherwise lawful technology that monitors the employer's |
network or employer-provided devices for network security or |
|
data confidentiality purposes, then the employer is not liable |
for having that information, unless the employer: |
(A) uses that information, or enables a third party to |
use that information, to access the employee or potential |
employee's personal online account; or |
(B) after the employer becomes aware that such |
information was received, does not delete the information |
as soon as is reasonably practicable, unless that |
information is being retained by the employer in connection |
with an ongoing investigation of an actual or suspected |
breach of computer, network, or data security. Where an |
employer knows or, through reasonable efforts, should be |
aware that its network monitoring technology is likely to |
inadvertently to receive such information, the employer |
shall make reasonable efforts to secure that information. |
(5) Nothing in this subsection shall prohibit or restrict |
an employer from complying with a duty to screen employees or |
applicants prior to hiring or to monitor or retain employee |
communications as required under Illinois insurance laws or |
federal law or by a self-regulatory organization as defined in |
Section 3(A)(26) of the Securities Exchange Act of 1934, 15 |
U.S.C. 78(A)(26) provided (3.5) Provided that the password, |
account information, or access sought by the employer only |
relates to an online account that: |
(A) an employer supplies or pays; or |
(B) an employee creates or maintains on behalf of or |
|
under direction of an employer in connection with that |
employee's employment. a professional account, and not a |
personal account, nothing in this subsection shall |
prohibit or restrict an employer from complying with a duty |
to screen employees or applicants prior to hiring or to |
monitor or retain employee communications as required |
under Illinois insurance laws or federal law or by a |
self-regulatory organization as defined in Section |
3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C. |
78(A)(26). |
(6) (4) For the purposes of this subsection: , |
(A) "Social social networking website" means an |
Internet-based service that allows individuals to: |
(i) (A) construct a public or semi-public profile |
within a bounded system, created by the service; |
(ii) (B) create a list of other users with whom |
they share a connection within the system; and |
(iii) (C) view and navigate their list of |
connections and those made by others within the system. |
"Social networking website" does shall not include |
electronic mail. |
(B) "Personal online account" means an online account, |
that is used by a person primarily for personal purposes. |
"Personal online account" does not include an account |
created, maintained, used, or accessed by a person for a |
business purpose of the person's employer or prospective |
|
employer. |
For the purposes of paragraph (3.5) of this subsection, |
"professional account" means an account, service, or profile |
created, maintained, used, or accessed by a current or |
prospective employee for business purposes of the employer. |
For the purposes of paragraph (3.5) of this subsection, |
"personal account" means an account, service, or profile on a |
social networking website that is used by a current or |
prospective employee exclusively for personal communications |
unrelated to any business purposes of the employer. |
(Source: P.A. 97-875, eff. 1-1-13; 98-501, eff. 1-1-14.)
|
