Online Accounts and the Employer-Employee Relationship

The IRPWA provides guidelines for handling personal online accounts.

by Teresa M. Dickinson, Quinn Johnston
Teresa M. Dickinson

In today’s world, where having multiple social media accounts is the norm, one question many employers and employees have is how such accounts factor into the employer-employee relationship. Illinois law contains the Right to Privacy in the Workplace Act (the “Act”), which provides guidelines related to this issue.

What Can’t an Employer Do?

The Act defines “personal online account” as an online account that is used by a person primarily for personal purposes. A personal online account does not include an account created, maintained, used or accessed by a person for a business purpose of the person’s employer. Pursuant to the Act, an employer is prohibited from:

  1. Requiring an employee or applicant to provide his or her login information to a personal online account to the employer; 
  2. Requiring an employee or applicant to sign into a personal online account in the presence of the employer;
  3. Requiring an employee or applicant to invite the employer to join a group affiliated with the employee or applicant’s personal online account;
  4. Requiring an employee or applicant to join an online account established by the employer; 
  5. Taking action against an employee for refusing or declining to do any of the prohibited actions, or for filing a complaint regarding the employer’s violations of the Act; and 
  6. Failing or refusing to hire an applicant for the applicant’s refusal to do any of the prohibited actions.

The Act states that, in the event an employer inadvertently receives the username, password, or any other information that would enable the employer to gain access to the employee’s or applicant’s personal online account, the employer may not use that information—or enable a third party to use that information—to access the employee or applicant’s personal online account. The employer should delete this information as soon as is reasonably practicable, unless the information is being retained by the employer in connection with an ongoing investigation.

What Can an Employer Do?

The Act allows an employer to do the following: 

  1. Maintain lawful workplace policies governing the use of the employer’s electronic equipment, including policies regarding internet use, social networking site use and electronic mail use;
  2. Monitor usage of the employer’s electronic equipment and the employer’s electronic mail;
  3. Obtain information about an applicant or an employee that is in the public domain or that is otherwise obtained in compliance with the Act;
  4. Comply with state and federal laws, rules and regulations and the rules of self-regulatory organizations under federal or state law;
  5. Request or require an employee or applicant to share specific content that has been reported to the employer, for specific purposes including: (i) ensuring compliance with applicable laws or regulatory requirements; (ii) investigating allegations of the unauthorized transfer of an employer’s proprietary or confidential information or financial data to an employee or applicant’s personal account; (iii) investigating an allegation of a violation of applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; (iv) prohibiting an employee from using a personal online account for business purposes; or (v) prohibiting an employee or applicant from accessing or operating a personal online account during business hours, while on business property, while using an electronic communication device supplied or paid for by the employer, or while using the employer’s network or resources; and
  6. Comply with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications as required under Illinois insurance laws or federal law.


From both the employer and the employee/applicant perspectives, the Illinois Right to Privacy in the Workplace Act is very protective of an employee/applicant’s user name and password for personal online accounts. However, an employer may access any employee/applicant information that resides in the public domain. Employers may also monitor and institute policies with regard to employee use of the employer’s electronic equipment and may request or require an employee or applicant to share specific content that has been reported to the employer under certain circumstances as outlined above.

Analysis under the Act is very fact-specific. An employer, employee or applicant should speak with an experienced employment law attorney in order to further analyze application of the Act to specific scenarios.  PM

Add new comment

This question is used to prevent automated spam submissions.