Local chefs are spicing up the state’s culinary atmosphere, mixing c...Read More
Rise from the Ranks
Hispanic Business is Utah Business
Up for Grabs
Debt or Equity
R&R Barbeque: Finger Lickin’Good
Mid-Year Economic Forecast
Meeting & Event Planning Guide
First do no Harm
Clyde Snow & Sessions, a full-service law firm with offices in Utah, California and Oregon, is dedicated to serving the legal needs of regional, national and international clients.
In this fast paced economy (well, it’s picking up anyway!), clients need instant (right) answers to assist in navigating complex workplace scenarios that involve monitoring, reviewing, and accessing employees’ electronic communications. In other words, employers sometimes demand the legal right to snoop. Let’s consider a few increasingly common scenarios that may involve a client’s legitimate business interests to snoop on employee electronic communications.
Utah’s Internet Employment Privacy Act (“IEPA”)
To advise clients in handling the above scenarios, practitioners must have an understanding of the scope and limits of the IEPA. Approximately one year ago, Governor Herbert signed into law the Internet Employment Privacy Act (“IEPA” or the “Act”). Utah Code Ann. §§ 34-48-101 to 301 (LexisNexis 2013). Utah is one of 12 states that passed legislation governing employer’s rights to request personal Internet account passwords from job applicants or employees, and employer’s rights to review applicant’s and employee’s electronic communications. Utah’s Congress enacted this legislation in the wake of several high profile stories relating to employers demanding job applicant’s social media passwords in a pre-hire background check scenario.
Applies to All Utah Employers
The IEPA applies to all private and public employers that have “one or more workers or operators employed in the same business, or in or about the same establishment, under any contract of hire, express or implied, oral or written.” Utah Code Ann. § 34-48-102(2). While not explicit, the enacted language appears broad enough to apply to employees and independent contractors alike.
General Employer Snooping Prohibitions
Under the IEPA, employers may not: “request an employee or an applicant for employment to disclose a username and password, or a password that allows access to the employee's or applicant's personal Internet account.” Utah Code Ann. § 34-48-201(1). The IEPA expressly prohibits employers from taking adverse action, i.e., failing to hire, terminating, discriminating, disciplining or in any way penalizing, against applicants or employees for refusing to disclose personal Internet account passwords or access. Utah Code Ann. § 34-48-201(2). The Act defines “personal Internet account” as an “online account that is used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer.” Utah Code Ann. § 34-48-102(4)(a). The Act further clarifies that a personal Internet account “does not include an account created, maintained, used, or accessed by an employee or applicant for business related communications or for a business purpose of the employer.” Utah Code Ann. § 34-48-102(4)(b). The plain language of the IEPA (and that is all we have at this point since there is not a single judicial decision interpreting or discussing the intent of the statute) only prohibits employers from accessing applicant’s or employee’s personal Internet accounts, i.e., email, voicemail, text messages, and social media accounts, that are used exclusively for personal communications and that do not concern the business of the company.