Public Act 099-0610
 
HB4999 EnrolledLRB099 17796 JLS 42158 b

    AN ACT concerning employment.
 
    Be it enacted by the People of the State of Illinois,
represented in the General Assembly:
 
    Section 5. The Freedom From Location Surveillance Act is
amended by changing Section 5 as follows:
 
    (725 ILCS 168/5)
    Sec. 5. Definitions. For the purpose of this Act:
    "Basic subscriber information" means name, address, local
and long distance telephone connection records or records of
session time and durations; length of services, including start
dates, and types of services utilized; telephone or instrument
number or other subscriber number or identity, including any
temporarily assigned network address; and the means and source
of payment for the service, including the credit card or bank
account number.
    "Electronic device" means any device that enables access
to, or use of:
        (1) an electronic communication service that provides
    the ability to send or receive wire or electronic
    communications;
        (2) a remote computing service that provides computer
    storage or processing services by means of an electronic
    communications system; or
        (3) a location information service such as a global
    positioning service or other mapping, locational, or
    directional information service.
    "Electronic device" does not mean devices used by a
governmental agency or by a company operating under a contract
with a governmental agency for toll collection, traffic
enforcement, or license plate reading.
    "Law enforcement agency" means any agency of this State or
a political subdivision of this State which is vested by law
with the duty to maintain public order or enforce criminal
laws.
    "Location information" means any information concerning
the location of an electronic device that, in whole or in part,
is generated by or derived from the operation of that device.
    "Social networking website" has the same meaning ascribed
to the term in paragraph (4) of subsection (b) of Section 10 of
the Right to Privacy in the Workplace Act.
(Source: P.A. 98-1104, eff. 8-26-14.)
 
    Section 10. The Right to Privacy in the Workplace Act is
amended by changing Section 10 as follows:
 
    (820 ILCS 55/10)  (from Ch. 48, par. 2860)
    Sec. 10. Prohibited inquiries; online activities.
    (a) It shall be unlawful for any employer to inquire, in a
written application or in any other manner, of any prospective
employee or of the prospective employee's previous employers,
whether that prospective employee has ever filed a claim for
benefits under the Workers' Compensation Act or Workers'
Occupational Diseases Act or received benefits under these
Acts.
    (b)(1) Except as provided in this subsection, it shall be
unlawful for any employer or prospective employer to:
        (A) request, or require, or coerce any employee or
    prospective employee to provide a user name and password or
    any password or other related account information in order
    to gain access to the employee's or prospective employee's
    personal online account or profile on a social networking
    website or to demand access in any manner to an employee's
    or prospective employee's personal online account; or
    profile on a social networking website.
        (B) request, require, or coerce an employee or
    applicant to authenticate or access a personal online
    account in the presence of the employer;
        (C) require or coerce an employee or applicant to
    invite the employer to join a group affiliated with any
    personal online account of the employee or applicant;
        (D) require or coerce an employee or applicant to join
    an online account established by the employer or add the
    employer or an employment agency to the employee's or
    applicant's list of contacts that enable the contacts to
    access the employee or applicant's personal online
    account;
        (E) discharge, discipline, discriminate against,
    retaliate against, or otherwise penalize an employee for
    (i) refusing or declining to provide the employer with a
    user name and password, password, or any other
    authentication means for accessing his or her personal
    online account, (ii) refusing or declining to authenticate
    or access a personal online account in the presence of the
    employer, (iii) refusing to invite the employer to join a
    group affiliated with any personal online account of the
    employee, (iv) refusing to join an online account
    established by the employer, or (v) filing or causing to be
    filed any complaint, whether orally or in writing, with a
    public or private body or court concerning the employer's
    violation of this subsection; or
        (F) fail or refuse to hire an applicant as a result of
    his or her refusal to (i) provide the employer with a user
    name and password, password, or any other authentication
    means for accessing a personal online account, (ii)
    authenticate or access a personal online account in the
    presence of the employer, or (iii) invite the employer to
    join a group affiliated with a personal online account of
    the applicant.
    (2) Nothing in this subsection shall limit an employer's
right to:
        (A) promulgate and maintain lawful workplace policies
    governing the use of the employer's electronic equipment,
    including policies regarding Internet use, social
    networking site use, and electronic mail use; or and
        (B) monitor usage of the employer's electronic
    equipment and the employer's electronic mail without
    requesting or using requiring any employee or prospective
    employee to provide any password or other related account
    information in order to gain access to the employee's or
    prospective employee's personal online account or profile
    on a social networking website.
    (3) Nothing in this subsection shall prohibit an employer
from:
        (A) obtaining about a prospective employee or an
    employee information that is in the public domain or that
    is otherwise obtained in compliance with this amendatory
    Act of the 97th General Assembly; .
        (B) complying with State and federal laws, rules, and
    regulations and the rules of self-regulatory organizations
    created pursuant to federal or State law when applicable;
        (C) requesting or requiring an employee or applicant to
    share specific content that has been reported to the
    employer, without requesting or requiring an employee or
    applicant to provide a user name and password, password, or
    other means of authentication that provides access to an
    employee's or applicant's personal online account, for the
    purpose of:
            (i) ensuring compliance with applicable laws or
        regulatory requirements;
            (ii) investigating an allegation, based on receipt
        of specific information, of the unauthorized transfer
        of an employer's proprietary or confidential
        information or financial data to an employee or
        applicant's personal account;
            (iii) investigating an allegation, based on
        receipt of specific information, of a violation of
        applicable laws, regulatory requirements, or
        prohibitions against work-related employee misconduct;
            (iv) prohibiting an employee from using a personal
        online account for business purposes; or
            (v) prohibiting an employee or applicant from
        accessing or operating a personal online account
        during business hours, while on business property,
        while using an electronic communication device
        supplied by, or paid for by, the employer, or while
        using the employer's network or resources, to the
        extent permissible under applicable laws.
    (4) If an employer inadvertently receives the username,
password, or any other information that would enable the
employer to gain access to the employee's or potential
employee's personal online account through the use of an
otherwise lawful technology that monitors the employer's
network or employer-provided devices for network security or
data confidentiality purposes, then the employer is not liable
for having that information, unless the employer:
        (A) uses that information, or enables a third party to
    use that information, to access the employee or potential
    employee's personal online account; or
        (B) after the employer becomes aware that such
    information was received, does not delete the information
    as soon as is reasonably practicable, unless that
    information is being retained by the employer in connection
    with an ongoing investigation of an actual or suspected
    breach of computer, network, or data security. Where an
    employer knows or, through reasonable efforts, should be
    aware that its network monitoring technology is likely to
    inadvertently to receive such information, the employer
    shall make reasonable efforts to secure that information.
    (5) Nothing in this subsection shall prohibit or restrict
an employer from complying with a duty to screen employees or
applicants prior to hiring or to monitor or retain employee
communications as required under Illinois insurance laws or
federal law or by a self-regulatory organization as defined in
Section 3(A)(26) of the Securities Exchange Act of 1934, 15
U.S.C. 78(A)(26) provided (3.5) Provided that the password,
account information, or access sought by the employer only
relates to an online account that:
        (A) an employer supplies or pays; or
        (B) an employee creates or maintains on behalf of or
    under direction of an employer in connection with that
    employee's employment. a professional account, and not a
    personal account, nothing in this subsection shall
    prohibit or restrict an employer from complying with a duty
    to screen employees or applicants prior to hiring or to
    monitor or retain employee communications as required
    under Illinois insurance laws or federal law or by a
    self-regulatory organization as defined in Section
    3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C.
    78(A)(26).
    (6) (4) For the purposes of this subsection: ,
        (A) "Social social networking website" means an
    Internet-based service that allows individuals to:
            (i) (A) construct a public or semi-public profile
        within a bounded system, created by the service;
            (ii) (B) create a list of other users with whom
        they share a connection within the system; and
            (iii) (C) view and navigate their list of
        connections and those made by others within the system.
        "Social networking website" does shall not include
    electronic mail.
        (B) "Personal online account" means an online account,
    that is used by a person primarily for personal purposes.
    "Personal online account" does not include an account
    created, maintained, used, or accessed by a person for a
    business purpose of the person's employer or prospective
    employer.
    For the purposes of paragraph (3.5) of this subsection,
"professional account" means an account, service, or profile
created, maintained, used, or accessed by a current or
prospective employee for business purposes of the employer.
    For the purposes of paragraph (3.5) of this subsection,
"personal account" means an account, service, or profile on a
social networking website that is used by a current or
prospective employee exclusively for personal communications
unrelated to any business purposes of the employer.
(Source: P.A. 97-875, eff. 1-1-13; 98-501, eff. 1-1-14.)