|
| | 100TH GENERAL ASSEMBLY
State of Illinois
2017 and 2018
SB0202 Introduced 1/24/2017, by Sen. John J. Cullerton SYNOPSIS AS INTRODUCED:
| | 820 ILCS 55/10 | from Ch. 48, par. 2860 |
|
Amends the Right to Privacy in the Workplace Act. Makes a technical change
in
a Section concerning prohibited inquiries.
|
| |
| | A BILL FOR |
|
|
| | SB0202 | | LRB100 04913 JLS 14923 b |
|
|
| 1 | | AN ACT concerning employment.
|
| 2 | | Be it enacted by the People of the State of Illinois, |
| 3 | | represented in the General Assembly:
|
| 4 | | Section 5. The Right to Privacy in the Workplace Act is |
| 5 | | amended by changing Section 10 as follows:
|
| 6 | | (820 ILCS 55/10) (from Ch. 48, par. 2860)
|
| 7 | | Sec. 10. Prohibited inquiries; online activities. |
| 8 | | (a) It shall be unlawful for any employer
to inquire, in a |
| 9 | | written application or in any other manner, of any
prospective |
| 10 | | employee or of the the prospective employee's previous |
| 11 | | employers,
whether that prospective employee has ever filed a |
| 12 | | claim for benefits under
the Workers' Compensation Act or |
| 13 | | Workers' Occupational Diseases Act or
received benefits under |
| 14 | | these Acts.
|
| 15 | | (b)(1) Except as provided in this subsection, it shall be |
| 16 | | unlawful for any employer or prospective employer to: |
| 17 | | (A) request, require, or coerce any employee or |
| 18 | | prospective employee to provide a user name and password or |
| 19 | | any password or other related account information in order |
| 20 | | to gain access to the employee's or prospective employee's |
| 21 | | personal online account or to demand access in any manner |
| 22 | | to an employee's or prospective employee's personal online |
| 23 | | account; |
|
| | SB0202 | - 2 - | LRB100 04913 JLS 14923 b |
|
|
| 1 | | (B) request, require, or coerce an employee or |
| 2 | | applicant to authenticate or access a personal online |
| 3 | | account in the presence of the employer; |
| 4 | | (C) require or coerce an employee or applicant to |
| 5 | | invite the employer to join a group affiliated with any |
| 6 | | personal online account of the employee or applicant; |
| 7 | | (D) require or coerce an employee or applicant to join |
| 8 | | an online account established by the employer or add the |
| 9 | | employer or an employment agency to the employee's or |
| 10 | | applicant's list of contacts that enable the contacts to |
| 11 | | access the employee or applicant's personal online |
| 12 | | account; |
| 13 | | (E) discharge, discipline, discriminate against, |
| 14 | | retaliate against, or otherwise penalize an employee for |
| 15 | | (i) refusing or declining to provide the employer with a |
| 16 | | user name and password, password, or any other |
| 17 | | authentication means for accessing his or her personal |
| 18 | | online account, (ii) refusing or declining to authenticate |
| 19 | | or access a personal online account in the presence of the |
| 20 | | employer, (iii) refusing to invite the employer to join a |
| 21 | | group affiliated with any personal online account of the |
| 22 | | employee, (iv) refusing to join an online account |
| 23 | | established by the employer, or (v) filing or causing to be |
| 24 | | filed any complaint, whether orally or in writing, with a |
| 25 | | public or private body or court concerning the employer's |
| 26 | | violation of this subsection; or |
|
| | SB0202 | - 3 - | LRB100 04913 JLS 14923 b |
|
|
| 1 | | (F) fail or refuse to hire an applicant as a result of |
| 2 | | his or her refusal to (i) provide the employer with a user |
| 3 | | name and password, password, or any other authentication |
| 4 | | means for accessing a personal online account, (ii) |
| 5 | | authenticate or access a personal online account in the |
| 6 | | presence of the employer, or (iii) invite the employer to |
| 7 | | join a group affiliated with a personal online account of |
| 8 | | the applicant. |
| 9 | | (2) Nothing in this subsection shall limit an employer's |
| 10 | | right to: |
| 11 | | (A) promulgate and maintain lawful workplace policies |
| 12 | | governing the use of the employer's electronic equipment, |
| 13 | | including policies regarding Internet use, social |
| 14 | | networking site use, and electronic mail use; or |
| 15 | | (B) monitor usage of the employer's electronic |
| 16 | | equipment and the employer's electronic mail without |
| 17 | | requesting or using any employee or prospective employee to |
| 18 | | provide any password or other related account information |
| 19 | | in order to gain access to the employee's or prospective |
| 20 | | employee's personal online account. |
| 21 | | (3) Nothing in this subsection shall prohibit an employer |
| 22 | | from: |
| 23 | | (A) obtaining about a prospective employee or an |
| 24 | | employee information that is in the public domain or that |
| 25 | | is otherwise obtained in compliance with this amendatory |
| 26 | | Act of the 97th General Assembly; |
|
| | SB0202 | - 4 - | LRB100 04913 JLS 14923 b |
|
|
| 1 | | (B) complying with State and federal laws, rules, and |
| 2 | | regulations and the rules of self-regulatory organizations |
| 3 | | created pursuant to federal or State law when applicable; |
| 4 | | (C) requesting or requiring an employee or applicant to |
| 5 | | share specific content that has been reported to the |
| 6 | | employer, without requesting or requiring an employee or |
| 7 | | applicant to provide a user name and password, password, or |
| 8 | | other means of authentication that provides access to an |
| 9 | | employee's or applicant's personal online account, for the |
| 10 | | purpose of: |
| 11 | | (i) ensuring compliance with applicable laws or |
| 12 | | regulatory requirements; |
| 13 | | (ii) investigating an allegation, based on receipt |
| 14 | | of specific information, of the unauthorized transfer |
| 15 | | of an employer's proprietary or confidential |
| 16 | | information or financial data to an employee or |
| 17 | | applicant's personal account; |
| 18 | | (iii) investigating an allegation, based on |
| 19 | | receipt of specific information, of a violation of |
| 20 | | applicable laws, regulatory requirements, or |
| 21 | | prohibitions against work-related employee misconduct; |
| 22 | | (iv) prohibiting an employee from using a personal |
| 23 | | online account for business purposes; or |
| 24 | | (v) prohibiting an employee or applicant from |
| 25 | | accessing or operating a personal online account |
| 26 | | during business hours, while on business property, |
|
| | SB0202 | - 5 - | LRB100 04913 JLS 14923 b |
|
|
| 1 | | while using an electronic communication device |
| 2 | | supplied by, or paid for by, the employer, or while |
| 3 | | using the employer's network or resources, to the |
| 4 | | extent permissible under applicable laws. |
| 5 | | (4) If an employer inadvertently receives the username, |
| 6 | | password, or any other information that would enable the |
| 7 | | employer to gain access to the employee's or potential |
| 8 | | employee's personal online account through the use of an |
| 9 | | otherwise lawful technology that monitors the employer's |
| 10 | | network or employer-provided devices for network security or |
| 11 | | data confidentiality purposes, then the employer is not liable |
| 12 | | for having that information, unless the employer: |
| 13 | | (A) uses that information, or enables a third party to |
| 14 | | use that information, to access the employee or potential |
| 15 | | employee's personal online account; or |
| 16 | | (B) after the employer becomes aware that such |
| 17 | | information was received, does not delete the information |
| 18 | | as soon as is reasonably practicable, unless that |
| 19 | | information is being retained by the employer in connection |
| 20 | | with an ongoing investigation of an actual or suspected |
| 21 | | breach of computer, network, or data security. Where an |
| 22 | | employer knows or, through reasonable efforts, should be |
| 23 | | aware that its network monitoring technology is likely to |
| 24 | | inadvertently to receive such information, the employer |
| 25 | | shall make reasonable efforts to secure that information. |
| 26 | | (5) Nothing in this subsection shall prohibit or restrict |
|
| | SB0202 | - 6 - | LRB100 04913 JLS 14923 b |
|
|
| 1 | | an employer from complying with a duty to screen employees or |
| 2 | | applicants prior to hiring or to monitor or retain employee |
| 3 | | communications as required under Illinois insurance laws or |
| 4 | | federal law or by a self-regulatory organization as defined in |
| 5 | | Section 3(A)(26) of the Securities Exchange Act of 1934, 15 |
| 6 | | U.S.C. 78(A)(26) provided that the password, account |
| 7 | | information, or access sought by the employer only relates to |
| 8 | | an online account that: |
| 9 | | (A) an employer supplies or pays; or |
| 10 | | (B) an employee creates or maintains on behalf of or |
| 11 | | under direction of an employer in connection with that |
| 12 | | employee's employment. |
| 13 | | (6) For the purposes of this subsection: |
| 14 | | (A) "Social networking website" means an |
| 15 | | Internet-based service that allows individuals to: |
| 16 | | (i) construct a public or semi-public profile |
| 17 | | within a bounded system, created by the service; |
| 18 | | (ii) create a list of other users with whom they |
| 19 | | share a connection within the system; and |
| 20 | | (iii) view and navigate their list of connections |
| 21 | | and those made by others within the system. |
| 22 | | "Social networking website" does not include |
| 23 | | electronic mail. |
| 24 | | (B) "Personal online account" means an online account, |
| 25 | | that is used by a person primarily for personal purposes. |
| 26 | | "Personal online account" does not include an account |