Bill Text: IL SB2784 | 2017-2018 | 100th General Assembly | Introduced
Bill Title: Amends the Right to Privacy in the Workplace Act. Makes a technical change in a Section concerning prohibited inquiries.
Sponsorship: Partisan Bill (Republican 1)
Status: (Failed) 2019-01-09 - Session Sine Die [SB2784 Detail]
Download: Illinois-2017-SB2784-Introduced.html
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| 1 | AN ACT concerning employment.
| |||||||||||||||||||
| 2 | Be it enacted by the People of the State of Illinois, | |||||||||||||||||||
| 3 | represented in the General Assembly:
| |||||||||||||||||||
| 4 | Section 5. The Right to Privacy in the Workplace Act is | |||||||||||||||||||
| 5 | amended by changing Section 10 as follows:
| |||||||||||||||||||
| 6 | (820 ILCS 55/10) (from Ch. 48, par. 2860)
| |||||||||||||||||||
| 7 | Sec. 10. Prohibited inquiries; online activities. | |||||||||||||||||||
| 8 | (a) It shall be unlawful for any employer
to inquire, in a | |||||||||||||||||||
| 9 | written application or in any other manner, of any
prospective | |||||||||||||||||||
| 10 | employee or of the the prospective employee's previous | |||||||||||||||||||
| 11 | employers,
whether that prospective employee has ever filed a | |||||||||||||||||||
| 12 | claim for benefits under
the Workers' Compensation Act or | |||||||||||||||||||
| 13 | Workers' Occupational Diseases Act or
received benefits under | |||||||||||||||||||
| 14 | these Acts.
| |||||||||||||||||||
| 15 | (b)(1) Except as provided in this subsection, it shall be | |||||||||||||||||||
| 16 | unlawful for any employer or prospective employer to: | |||||||||||||||||||
| 17 | (A) request, require, or coerce any employee or | |||||||||||||||||||
| 18 | prospective employee to provide a user name and password or | |||||||||||||||||||
| 19 | any password or other related account information in order | |||||||||||||||||||
| 20 | to gain access to the employee's or prospective employee's | |||||||||||||||||||
| 21 | personal online account or to demand access in any manner | |||||||||||||||||||
| 22 | to an employee's or prospective employee's personal online | |||||||||||||||||||
| 23 | account; | |||||||||||||||||||
| |||||||
| |||||||
| 1 | (B) request, require, or coerce an employee or | ||||||
| 2 | applicant to authenticate or access a personal online | ||||||
| 3 | account in the presence of the employer; | ||||||
| 4 | (C) require or coerce an employee or applicant to | ||||||
| 5 | invite the employer to join a group affiliated with any | ||||||
| 6 | personal online account of the employee or applicant; | ||||||
| 7 | (D) require or coerce an employee or applicant to join | ||||||
| 8 | an online account established by the employer or add the | ||||||
| 9 | employer or an employment agency to the employee's or | ||||||
| 10 | applicant's list of contacts that enable the contacts to | ||||||
| 11 | access the employee or applicant's personal online | ||||||
| 12 | account; | ||||||
| 13 | (E) discharge, discipline, discriminate against, | ||||||
| 14 | retaliate against, or otherwise penalize an employee for | ||||||
| 15 | (i) refusing or declining to provide the employer with a | ||||||
| 16 | user name and password, password, or any other | ||||||
| 17 | authentication means for accessing his or her personal | ||||||
| 18 | online account, (ii) refusing or declining to authenticate | ||||||
| 19 | or access a personal online account in the presence of the | ||||||
| 20 | employer, (iii) refusing to invite the employer to join a | ||||||
| 21 | group affiliated with any personal online account of the | ||||||
| 22 | employee, (iv) refusing to join an online account | ||||||
| 23 | established by the employer, or (v) filing or causing to be | ||||||
| 24 | filed any complaint, whether orally or in writing, with a | ||||||
| 25 | public or private body or court concerning the employer's | ||||||
| 26 | violation of this subsection; or | ||||||
| |||||||
| |||||||
| 1 | (F) fail or refuse to hire an applicant as a result of | ||||||
| 2 | his or her refusal to (i) provide the employer with a user | ||||||
| 3 | name and password, password, or any other authentication | ||||||
| 4 | means for accessing a personal online account, (ii) | ||||||
| 5 | authenticate or access a personal online account in the | ||||||
| 6 | presence of the employer, or (iii) invite the employer to | ||||||
| 7 | join a group affiliated with a personal online account of | ||||||
| 8 | the applicant. | ||||||
| 9 | (2) Nothing in this subsection shall limit an employer's | ||||||
| 10 | right to: | ||||||
| 11 | (A) promulgate and maintain lawful workplace policies | ||||||
| 12 | governing the use of the employer's electronic equipment, | ||||||
| 13 | including policies regarding Internet use, social | ||||||
| 14 | networking site use, and electronic mail use; or | ||||||
| 15 | (B) monitor usage of the employer's electronic | ||||||
| 16 | equipment and the employer's electronic mail without | ||||||
| 17 | requesting or using any employee or prospective employee to | ||||||
| 18 | provide any password or other related account information | ||||||
| 19 | in order to gain access to the employee's or prospective | ||||||
| 20 | employee's personal online account. | ||||||
| 21 | (3) Nothing in this subsection shall prohibit an employer | ||||||
| 22 | from: | ||||||
| 23 | (A) obtaining about a prospective employee or an | ||||||
| 24 | employee information that is in the public domain or that | ||||||
| 25 | is otherwise obtained in compliance with this amendatory | ||||||
| 26 | Act of the 97th General Assembly; | ||||||
| |||||||
| |||||||
| 1 | (B) complying with State and federal laws, rules, and | ||||||
| 2 | regulations and the rules of self-regulatory organizations | ||||||
| 3 | created pursuant to federal or State law when applicable; | ||||||
| 4 | (C) requesting or requiring an employee or applicant to | ||||||
| 5 | share specific content that has been reported to the | ||||||
| 6 | employer, without requesting or requiring an employee or | ||||||
| 7 | applicant to provide a user name and password, password, or | ||||||
| 8 | other means of authentication that provides access to an | ||||||
| 9 | employee's or applicant's personal online account, for the | ||||||
| 10 | purpose of: | ||||||
| 11 | (i) ensuring compliance with applicable laws or | ||||||
| 12 | regulatory requirements; | ||||||
| 13 | (ii) investigating an allegation, based on receipt | ||||||
| 14 | of specific information, of the unauthorized transfer | ||||||
| 15 | of an employer's proprietary or confidential | ||||||
| 16 | information or financial data to an employee or | ||||||
| 17 | applicant's personal account; | ||||||
| 18 | (iii) investigating an allegation, based on | ||||||
| 19 | receipt of specific information, of a violation of | ||||||
| 20 | applicable laws, regulatory requirements, or | ||||||
| 21 | prohibitions against work-related employee misconduct; | ||||||
| 22 | (iv) prohibiting an employee from using a personal | ||||||
| 23 | online account for business purposes; or | ||||||
| 24 | (v) prohibiting an employee or applicant from | ||||||
| 25 | accessing or operating a personal online account | ||||||
| 26 | during business hours, while on business property, | ||||||
| |||||||
| |||||||
| 1 | while using an electronic communication device | ||||||
| 2 | supplied by, or paid for by, the employer, or while | ||||||
| 3 | using the employer's network or resources, to the | ||||||
| 4 | extent permissible under applicable laws. | ||||||
| 5 | (4) If an employer inadvertently receives the username, | ||||||
| 6 | password, or any other information that would enable the | ||||||
| 7 | employer to gain access to the employee's or potential | ||||||
| 8 | employee's personal online account through the use of an | ||||||
| 9 | otherwise lawful technology that monitors the employer's | ||||||
| 10 | network or employer-provided devices for network security or | ||||||
| 11 | data confidentiality purposes, then the employer is not liable | ||||||
| 12 | for having that information, unless the employer: | ||||||
| 13 | (A) uses that information, or enables a third party to | ||||||
| 14 | use that information, to access the employee or potential | ||||||
| 15 | employee's personal online account; or | ||||||
| 16 | (B) after the employer becomes aware that such | ||||||
| 17 | information was received, does not delete the information | ||||||
| 18 | as soon as is reasonably practicable, unless that | ||||||
| 19 | information is being retained by the employer in connection | ||||||
| 20 | with an ongoing investigation of an actual or suspected | ||||||
| 21 | breach of computer, network, or data security. Where an | ||||||
| 22 | employer knows or, through reasonable efforts, should be | ||||||
| 23 | aware that its network monitoring technology is likely to | ||||||
| 24 | inadvertently to receive such information, the employer | ||||||
| 25 | shall make reasonable efforts to secure that information. | ||||||
| 26 | (5) Nothing in this subsection shall prohibit or restrict | ||||||
| |||||||
| |||||||
| 1 | an employer from complying with a duty to screen employees or | ||||||
| 2 | applicants prior to hiring or to monitor or retain employee | ||||||
| 3 | communications as required under Illinois insurance laws or | ||||||
| 4 | federal law or by a self-regulatory organization as defined in | ||||||
| 5 | Section 3(A)(26) of the Securities Exchange Act of 1934, 15 | ||||||
| 6 | U.S.C. 78(A)(26) provided that the password, account | ||||||
| 7 | information, or access sought by the employer only relates to | ||||||
| 8 | an online account that: | ||||||
| 9 | (A) an employer supplies or pays; or | ||||||
| 10 | (B) an employee creates or maintains on behalf of or | ||||||
| 11 | under direction of an employer in connection with that | ||||||
| 12 | employee's employment. | ||||||
| 13 | (6) For the purposes of this subsection: | ||||||
| 14 | (A) "Social networking website" means an | ||||||
| 15 | Internet-based service that allows individuals to: | ||||||
| 16 | (i) construct a public or semi-public profile | ||||||
| 17 | within a bounded system, created by the service; | ||||||
| 18 | (ii) create a list of other users with whom they | ||||||
| 19 | share a connection within the system; and | ||||||
| 20 | (iii) view and navigate their list of connections | ||||||
| 21 | and those made by others within the system. | ||||||
| 22 | "Social networking website" does not include | ||||||
| 23 | electronic mail. | ||||||
| 24 | (B) "Personal online account" means an online account, | ||||||
| 25 | that is used by a person primarily for personal purposes. | ||||||
| 26 | "Personal online account" does not include an account | ||||||
| |||||||
| |||||||
| 1 | created, maintained, used, or accessed by a person for a | ||||||
| 2 | business purpose of the person's employer or prospective | ||||||
| 3 | employer. | ||||||
| 4 | (Source: P.A. 98-501, eff. 1-1-14; 99-610, eff. 1-1-17.)
| ||||||
