Bill Text: IL SB2784 | 2017-2018 | 100th General Assembly | Introduced
Bill Title: Amends the Right to Privacy in the Workplace Act. Makes a technical change in a Section concerning prohibited inquiries.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Failed) 2019-01-09 - Session Sine Die [SB2784 Detail]
Download: Illinois-2017-SB2784-Introduced.html
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
1 | AN ACT concerning employment.
| |||||||||||||||||||
2 | Be it enacted by the People of the State of Illinois, | |||||||||||||||||||
3 | represented in the General Assembly:
| |||||||||||||||||||
4 | Section 5. The Right to Privacy in the Workplace Act is | |||||||||||||||||||
5 | amended by changing Section 10 as follows:
| |||||||||||||||||||
6 | (820 ILCS 55/10) (from Ch. 48, par. 2860)
| |||||||||||||||||||
7 | Sec. 10. Prohibited inquiries; online activities. | |||||||||||||||||||
8 | (a) It shall be unlawful for any employer
to inquire, in a | |||||||||||||||||||
9 | written application or in any other manner, of any
prospective | |||||||||||||||||||
10 | employee or of the the prospective employee's previous | |||||||||||||||||||
11 | employers,
whether that prospective employee has ever filed a | |||||||||||||||||||
12 | claim for benefits under
the Workers' Compensation Act or | |||||||||||||||||||
13 | Workers' Occupational Diseases Act or
received benefits under | |||||||||||||||||||
14 | these Acts.
| |||||||||||||||||||
15 | (b)(1) Except as provided in this subsection, it shall be | |||||||||||||||||||
16 | unlawful for any employer or prospective employer to: | |||||||||||||||||||
17 | (A) request, require, or coerce any employee or | |||||||||||||||||||
18 | prospective employee to provide a user name and password or | |||||||||||||||||||
19 | any password or other related account information in order | |||||||||||||||||||
20 | to gain access to the employee's or prospective employee's | |||||||||||||||||||
21 | personal online account or to demand access in any manner | |||||||||||||||||||
22 | to an employee's or prospective employee's personal online | |||||||||||||||||||
23 | account; |
| |||||||
| |||||||
1 | (B) request, require, or coerce an employee or | ||||||
2 | applicant to authenticate or access a personal online | ||||||
3 | account in the presence of the employer; | ||||||
4 | (C) require or coerce an employee or applicant to | ||||||
5 | invite the employer to join a group affiliated with any | ||||||
6 | personal online account of the employee or applicant; | ||||||
7 | (D) require or coerce an employee or applicant to join | ||||||
8 | an online account established by the employer or add the | ||||||
9 | employer or an employment agency to the employee's or | ||||||
10 | applicant's list of contacts that enable the contacts to | ||||||
11 | access the employee or applicant's personal online | ||||||
12 | account; | ||||||
13 | (E) discharge, discipline, discriminate against, | ||||||
14 | retaliate against, or otherwise penalize an employee for | ||||||
15 | (i) refusing or declining to provide the employer with a | ||||||
16 | user name and password, password, or any other | ||||||
17 | authentication means for accessing his or her personal | ||||||
18 | online account, (ii) refusing or declining to authenticate | ||||||
19 | or access a personal online account in the presence of the | ||||||
20 | employer, (iii) refusing to invite the employer to join a | ||||||
21 | group affiliated with any personal online account of the | ||||||
22 | employee, (iv) refusing to join an online account | ||||||
23 | established by the employer, or (v) filing or causing to be | ||||||
24 | filed any complaint, whether orally or in writing, with a | ||||||
25 | public or private body or court concerning the employer's | ||||||
26 | violation of this subsection; or |
| |||||||
| |||||||
1 | (F) fail or refuse to hire an applicant as a result of | ||||||
2 | his or her refusal to (i) provide the employer with a user | ||||||
3 | name and password, password, or any other authentication | ||||||
4 | means for accessing a personal online account, (ii) | ||||||
5 | authenticate or access a personal online account in the | ||||||
6 | presence of the employer, or (iii) invite the employer to | ||||||
7 | join a group affiliated with a personal online account of | ||||||
8 | the applicant. | ||||||
9 | (2) Nothing in this subsection shall limit an employer's | ||||||
10 | right to: | ||||||
11 | (A) promulgate and maintain lawful workplace policies | ||||||
12 | governing the use of the employer's electronic equipment, | ||||||
13 | including policies regarding Internet use, social | ||||||
14 | networking site use, and electronic mail use; or | ||||||
15 | (B) monitor usage of the employer's electronic | ||||||
16 | equipment and the employer's electronic mail without | ||||||
17 | requesting or using any employee or prospective employee to | ||||||
18 | provide any password or other related account information | ||||||
19 | in order to gain access to the employee's or prospective | ||||||
20 | employee's personal online account. | ||||||
21 | (3) Nothing in this subsection shall prohibit an employer | ||||||
22 | from: | ||||||
23 | (A) obtaining about a prospective employee or an | ||||||
24 | employee information that is in the public domain or that | ||||||
25 | is otherwise obtained in compliance with this amendatory | ||||||
26 | Act of the 97th General Assembly; |
| |||||||
| |||||||
1 | (B) complying with State and federal laws, rules, and | ||||||
2 | regulations and the rules of self-regulatory organizations | ||||||
3 | created pursuant to federal or State law when applicable; | ||||||
4 | (C) requesting or requiring an employee or applicant to | ||||||
5 | share specific content that has been reported to the | ||||||
6 | employer, without requesting or requiring an employee or | ||||||
7 | applicant to provide a user name and password, password, or | ||||||
8 | other means of authentication that provides access to an | ||||||
9 | employee's or applicant's personal online account, for the | ||||||
10 | purpose of: | ||||||
11 | (i) ensuring compliance with applicable laws or | ||||||
12 | regulatory requirements; | ||||||
13 | (ii) investigating an allegation, based on receipt | ||||||
14 | of specific information, of the unauthorized transfer | ||||||
15 | of an employer's proprietary or confidential | ||||||
16 | information or financial data to an employee or | ||||||
17 | applicant's personal account; | ||||||
18 | (iii) investigating an allegation, based on | ||||||
19 | receipt of specific information, of a violation of | ||||||
20 | applicable laws, regulatory requirements, or | ||||||
21 | prohibitions against work-related employee misconduct; | ||||||
22 | (iv) prohibiting an employee from using a personal | ||||||
23 | online account for business purposes; or | ||||||
24 | (v) prohibiting an employee or applicant from | ||||||
25 | accessing or operating a personal online account | ||||||
26 | during business hours, while on business property, |
| |||||||
| |||||||
1 | while using an electronic communication device | ||||||
2 | supplied by, or paid for by, the employer, or while | ||||||
3 | using the employer's network or resources, to the | ||||||
4 | extent permissible under applicable laws. | ||||||
5 | (4) If an employer inadvertently receives the username, | ||||||
6 | password, or any other information that would enable the | ||||||
7 | employer to gain access to the employee's or potential | ||||||
8 | employee's personal online account through the use of an | ||||||
9 | otherwise lawful technology that monitors the employer's | ||||||
10 | network or employer-provided devices for network security or | ||||||
11 | data confidentiality purposes, then the employer is not liable | ||||||
12 | for having that information, unless the employer: | ||||||
13 | (A) uses that information, or enables a third party to | ||||||
14 | use that information, to access the employee or potential | ||||||
15 | employee's personal online account; or | ||||||
16 | (B) after the employer becomes aware that such | ||||||
17 | information was received, does not delete the information | ||||||
18 | as soon as is reasonably practicable, unless that | ||||||
19 | information is being retained by the employer in connection | ||||||
20 | with an ongoing investigation of an actual or suspected | ||||||
21 | breach of computer, network, or data security. Where an | ||||||
22 | employer knows or, through reasonable efforts, should be | ||||||
23 | aware that its network monitoring technology is likely to | ||||||
24 | inadvertently to receive such information, the employer | ||||||
25 | shall make reasonable efforts to secure that information. | ||||||
26 | (5) Nothing in this subsection shall prohibit or restrict |
| |||||||
| |||||||
1 | an employer from complying with a duty to screen employees or | ||||||
2 | applicants prior to hiring or to monitor or retain employee | ||||||
3 | communications as required under Illinois insurance laws or | ||||||
4 | federal law or by a self-regulatory organization as defined in | ||||||
5 | Section 3(A)(26) of the Securities Exchange Act of 1934, 15 | ||||||
6 | U.S.C. 78(A)(26) provided that the password, account | ||||||
7 | information, or access sought by the employer only relates to | ||||||
8 | an online account that: | ||||||
9 | (A) an employer supplies or pays; or | ||||||
10 | (B) an employee creates or maintains on behalf of or | ||||||
11 | under direction of an employer in connection with that | ||||||
12 | employee's employment. | ||||||
13 | (6) For the purposes of this subsection: | ||||||
14 | (A) "Social networking website" means an | ||||||
15 | Internet-based service that allows individuals to: | ||||||
16 | (i) construct a public or semi-public profile | ||||||
17 | within a bounded system, created by the service; | ||||||
18 | (ii) create a list of other users with whom they | ||||||
19 | share a connection within the system; and | ||||||
20 | (iii) view and navigate their list of connections | ||||||
21 | and those made by others within the system. | ||||||
22 | "Social networking website" does not include | ||||||
23 | electronic mail. | ||||||
24 | (B) "Personal online account" means an online account, | ||||||
25 | that is used by a person primarily for personal purposes. | ||||||
26 | "Personal online account" does not include an account |
| |||||||
| |||||||
1 | created, maintained, used, or accessed by a person for a | ||||||
2 | business purpose of the person's employer or prospective | ||||||
3 | employer. | ||||||
4 | (Source: P.A. 98-501, eff. 1-1-14; 99-610, eff. 1-1-17 .)
|