On September 14, 2023, New York Governor Kathy Hochul signed a new law, A.836, that significantly impacts the relationship between employers and employees in the digital realm. This law prohibits employers from requesting or requiring that employees or job applicants disclose the login information to their personal social media accounts.

The New York State Assembly Bill 2023 (A.836) prevents employers from obtaining an employee or job applicant’s personal online account information as a condition of hiring, employment status, or for use in disciplinary actions. Specifically, the new law prohibits employers from requesting, requiring, or coercing employees and job applicants to:

1. Disclose their username, password, or other login information used to access their personal account through an electronic communications device.

2. Access their personal account in the employer’s presence.

3. Reproduce photos, videos, or other information contained in their personal account through means prohibited under the law.

The new law defines “personal account” to refer to an account or profile on an electronic medium where users can create, share, and view user-generated content (videos or photos), blogs, podcasts, instant messages, or internet website profiles or locations, which are used by an employee or applicant exclusively for personal purposes. It defines “electronic communications” device to include any device that uses electronic signals to create, transmit, and receive information (computers, phones, PDAs, and other similar devices).

Who Is Covered?

The new law includes a broad definition of “employer.” Persons or entities engaged in business in New York state, the state of New York and any political subdivision or civil division thereof, and public authorities, commissions or public benefit corporations are deemed employers subject to the requirements of the new law, as are their agents, representatives, or designees.

Exceptions to the Rule

Importantly, A.836 contains exceptions for employers. Employers are permitted to seek access to personal internet accounts if necessary to comply with the requirements of federal, state or local law. Further, employers may require employees to disclose their usernames, passwords, or other means of accessing “non-personal accounts” that provide access to the employer’s internal computer or information systems.

Impact on Employee Rights

This law is a significant step forward in protecting the privacy rights of employees and job applicants. By restricting employer access to personal social media accounts, it ensures that individuals do not have to sacrifice this particular privacy for the sake of employment. The law also prohibits employers from retaliating against employees and applicants who refuse to provide the login information to their personal internet accounts, further safeguarding employee rights.