Illinois General Assembly

  Bills & Resolutions  
  Compiled Statutes  
  Public Acts  
  Legislative Reports  
  IL Constitution  
  Legislative Guide  
  Legislative Glossary  

 Search By Number
 (example: HB0001)
Search Tips

Search By Keyword

Illinois Compiled Statutes

 ILCS Listing   Public Acts  Search   Guide   Disclaimer

Information maintained by the Legislative Reference Bureau
Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process. Recent laws may not yet be included in the ILCS database, but they are found on this site as Public Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the Guide.

Because the statute database is maintained primarily for legislative drafting purposes, statutory changes are sometimes included in the statute database before they take effect. If the source note at the end of a Section of the statutes includes a Public Act that has not yet taken effect, the version of the law that is currently in effect may have already been removed from the database and you should refer to that Public Act to see the changes made to the current law.

820 ILCS 55/10

    (820 ILCS 55/10) (from Ch. 48, par. 2860)
    Sec. 10. Prohibited inquiries; online activities.
    (a) It shall be unlawful for any employer to inquire, in a written application or in any other manner, of any prospective employee or of the prospective employee's previous employers, whether that prospective employee has ever filed a claim for benefits under the Workers' Compensation Act or Workers' Occupational Diseases Act or received benefits under these Acts.
    (b)(1) Except as provided in this subsection, it shall be unlawful for any employer or prospective employer to:
        (A) request, require, or coerce any employee or
    
prospective employee to provide a user name and password or any password or other related account information in order to gain access to the employee's or prospective employee's personal online account or to demand access in any manner to an employee's or prospective employee's personal online account;
        (B) request, require, or coerce an employee or
    
applicant to authenticate or access a personal online account in the presence of the employer;
        (C) require or coerce an employee or applicant to
    
invite the employer to join a group affiliated with any personal online account of the employee or applicant;
        (D) require or coerce an employee or applicant to
    
join an online account established by the employer or add the employer or an employment agency to the employee's or applicant's list of contacts that enable the contacts to access the employee or applicant's personal online account;
        (E) discharge, discipline, discriminate against,
    
retaliate against, or otherwise penalize an employee for (i) refusing or declining to provide the employer with a user name and password, password, or any other authentication means for accessing his or her personal online account, (ii) refusing or declining to authenticate or access a personal online account in the presence of the employer, (iii) refusing to invite the employer to join a group affiliated with any personal online account of the employee, (iv) refusing to join an online account established by the employer, or (v) filing or causing to be filed any complaint, whether orally or in writing, with a public or private body or court concerning the employer's violation of this subsection; or
        (F) fail or refuse to hire an applicant as a result
    
of his or her refusal to (i) provide the employer with a user name and password, password, or any other authentication means for accessing a personal online account, (ii) authenticate or access a personal online account in the presence of the employer, or (iii) invite the employer to join a group affiliated with a personal online account of the applicant.
    (2) Nothing in this subsection shall limit an employer's right to:
        (A) promulgate and maintain lawful workplace policies
    
governing the use of the employer's electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use; or
        (B) monitor usage of the employer's electronic
    
equipment and the employer's electronic mail without requesting or using any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's personal online account.
    (3) Nothing in this subsection shall prohibit an employer from:
        (A) obtaining about a prospective employee or an
    
employee information that is in the public domain or that is otherwise obtained in compliance with this amendatory Act of the 97th General Assembly;
        (B) complying with State and federal laws, rules, and
    
regulations and the rules of self-regulatory organizations created pursuant to federal or State law when applicable;
        (C) requesting or requiring an employee or applicant
    
to share specific content that has been reported to the employer, without requesting or requiring an employee or applicant to provide a user name and password, password, or other means of authentication that provides access to an employee's or applicant's personal online account, for the purpose of:
            (i) ensuring compliance with applicable laws or
        
regulatory requirements;
            (ii) investigating an allegation, based on
        
receipt of specific information, of the unauthorized transfer of an employer's proprietary or confidential information or financial data to an employee or applicant's personal account;
            (iii) investigating an allegation, based on
        
receipt of specific information, of a violation of applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct;
            (iv) prohibiting an employee from using a
        
personal online account for business purposes; or
            (v) prohibiting an employee or applicant from
        
accessing or operating a personal online account during business hours, while on business property, while using an electronic communication device supplied by, or paid for by, the employer, or while using the employer's network or resources, to the extent permissible under applicable laws.
    (4) If an employer inadvertently receives the username, password, or any other information that would enable the employer to gain access to the employee's or potential employee's personal online account through the use of an otherwise lawful technology that monitors the employer's network or employer-provided devices for network security or data confidentiality purposes, then the employer is not liable for having that information, unless the employer:
        (A) uses that information, or enables a third party
    
to use that information, to access the employee or potential employee's personal online account; or
        (B) after the employer becomes aware that such
    
information was received, does not delete the information as soon as is reasonably practicable, unless that information is being retained by the employer in connection with an ongoing investigation of an actual or suspected breach of computer, network, or data security. Where an employer knows or, through reasonable efforts, should be aware that its network monitoring technology is likely to inadvertently to receive such information, the employer shall make reasonable efforts to secure that information.
    (5) Nothing in this subsection shall prohibit or restrict an employer from complying with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization as defined in Section 3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C. 78(A)(26) provided that the password, account information, or access sought by the employer only relates to an online account that:
        (A) an employer supplies or pays; or
        (B) an employee creates or maintains on behalf of or
    
under direction of an employer in connection with that employee's employment.
    (6) For the purposes of this subsection:
        (A) "Social networking website" means an
    
Internet-based service that allows individuals to:
            (i) construct a public or semi-public profile
        
within a bounded system, created by the service;
            (ii) create a list of other users with whom they
        
share a connection within the system; and
            (iii) view and navigate their list of connections
        
and those made by others within the system.
        "Social networking website" does not include
    
electronic mail.
        (B) "Personal online account" means an online
    
account, that is used by a person primarily for personal purposes. "Personal online account" does not include an account created, maintained, used, or accessed by a person for a business purpose of the person's employer or prospective employer.
(Source: P.A. 98-501, eff. 1-1-14; 99-610, eff. 1-1-17.)