Hepler Broom, LLC

Expanding Prohibitions on Accessing Applicants’ and Employees’ Personal Online Accounts: An Amendment to Illinois’ Right to Privacy in the Workplace Act

April 19, 2017

Does your company monitor its network or devices for network security or data confidentiality? Does your company have any policies or practices that seek access to any employees’ personal online accounts? If so, a recent amendment to Illinois’ Right to Privacy in the Workplace Act (“Act”) may require your company to adopt or revise its policies or practices to comply with the law.

Expands the scope of protected content. The amendment has shifted the focus from social networking accounts or profiles to personal online accounts (POAs). A POA is “an online account, that is used by a person primarily for personal purposes.”[1] Thus, the amendment provides much broader coverage and will likely enable the Act to encompass the emergence of any new online accounts.

Increases the list of prohibited inquiries or activities. The amendment provides a new list of prohibited inquiries and activities, accounting for additional ways of accessing online accounts. For example, employers may not “require or coerce an employee or applicant to invite the employer to join a group affiliated with” the employee’s/applicant’s POA, “to join an online account established by the employer,” or to add the employer to a list of contacts that enables access to the employee’s/applicant’s POA.[2] Section 10 now also contains anti-retaliation provisions.[3]

Expounds upon what activities are not prohibited. The Act now specifies that employers may request or require employees or prospective employees to share specific content under certain circumstances. For example, specific content may be requested to investigate an allegation of an unauthorized transfer of “proprietary or confidential information or financial data” or to prohibit operation of a [POA] “during business hours, while on business property, while using an electronic communication device supplied by, or paid for by, the employer, or while using the employer’s network or resources.”[4] Additionally, the amendment specifies that an employer will not be liable for inadvertently receiving means to access a POA as a result of monitoring its network or devices for network security or data confidentiality unless it accesses (or enables a third party to access) the employee’s or prospective employee’s POA or fails to delete that information as soon as reasonably practicable. If network monitoring technology is likely to inadvertently receive such information, “the employer shall make reasonable efforts to secure that information.”[5]

If you would like additional information on how this law might affect you or your business, please contact Julieta A. Kosiba at (217) 993-7145 or  Julieta.Kosiba@heplerbroom.com .

[1] Right to Privacy in the Workplace Act, 820 Ill. Comp. Stat. 55/10(b)(6)(B) (2016).

[2] Id. § 55/10(b)(1)(C)-(D).

[3] Id. § 55/10(b)(1)(E)-(F).

[4] Id. § 55/10(b)(3)(C).

[5] Id. § 55/10(b)(4).

COVID-19 Updates

HeplerBroom LLC COVID-19 Response

HeplerBroom has been diligently working on its response and continuity plan to the COVID-19 pandemic in order to keep the health and safety of our employees, their families, and our clients as our top priority.

To help ensure everyone’s continued health and well-being, effective Tuesday, March 17, 2020, all attorneys and staff will be working remotely until March 31. This is an unprecedented and dynamic situation, and HeplerBroom is committed to observing governmental suggestions and requirements concerning public health while continuing to provide legal service second to none.

To ensure this, the firm has identified essential personnel in each office who will make certain that critical firm functions that cannot be done remotely continue to be handled. We have put in place protocol for those essential personnel to make sure they are keeping healthy per the CDC cleaning and sanitizing recommendations. All teams have back-up personnel and procedures that we will follow to make sure all deadlines are met and clients receive the same great service and work product that we have always been proud to provide.

HeplerBroom’s IT department has been working hard to make sure all remote employees are set up with equipment and access from home to limit disruption to our clients. Maintaining security and confidentiality has remained, and will continue to remain, at the forefront of all processes and procedures, at all levels throughout the firm.

The firm has created emergency communication measures to communicate any changes to this plan to employees and are communicating on a regular basis with any and all new resources and helpful information during this uncertain time.

During these fluid and unpredictable times, HeplerBroom will continue its commitment to great service and results for our clients, all while keeping safe and healthy.

Wishing you and your families good health.