Category Archives: Utah

July 29, 2013

The Battle Over Background Checks Continues — State AGs Accuse EEOC of “Gross Federal Overreach”

By Mark Wiletsky 

Is it discriminatory if an employer does not hire anyone with a particular criminal conviction, regardless of that person’s race, gender, religion, or other protected characteristic?  According to the EEOC’s April 2012 Enforcement Guidance, it might be.  But in a July 24, 2013 letter sent to EEOC Commissioner Jacqueline Berrien and the four EEOC Board Members, nine state Attorneys’ General (AGs) disagree.  The AGs chastise the EEOC for filing recent lawsuits against BMW Manufacturing Co., LLC and Dolgencorp (Dollar General), in which the EEOC alleges that these employers violated Title VII’s disparate impact prohibition by using a bright-line screening policy that rejected all individuals with past convictions in certain categories of crimes, such as murder, assault, reckless driving and possession of drug paraphernalia.   

The letter then criticizes the EEOC’s April 2012 Enforcement Guidance on Arrest and Conviction Records, stating that the EEOC’s policy guidance incorrectly applies the law and constitutes an unlawful expansion of Title VII.  The AGs argue that if Congress wishes to protect former criminals from employment discrimination, it can amend the law, but it is not the EEOC’s role to expand the protections of Title VII under the guise of preventing racial discrimination. 

The Republican state AGs from Colorado, Montana, Utah, Kansas, Nebraska, West Virginia, Alabama, South Carolina and Georgia joined in this missive to say “enough is enough” on the EEOC’s background check lawsuits.  Citing the burden on businesses to undertake more individualized assessments of an applicant’s criminal history, the AGs urge the EEOC to rescind its April 2012 Enforcement Guidance and dismiss the lawsuits against Dollar General and BMW.  Not likely, but it may get the attention of federal lawmakers who may try to rein in the EEOC’s position on this issue.


Disclaimer:This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.


Print Friendly and PDF

July 22, 2013

Myriad of Social Media Privacy Laws Create Havoc for Multi-State Employers

By Elizabeth Dunning 

ComputerDoes your company request that your employees and applicants provide user names and passwords to their personal social media accounts?  Do you require applicants to log onto their online accounts in your presence so that you can view their content?  Perhaps you ask employees to “friend” their supervisors.  If you haven’t followed new developments in state employment laws, you may not realize that such activities are unlawful in some states.  In just two years, eleven states have passed social media privacy laws that prevent employers from accessing employees’ and applicants’ personal online accounts.  Each state law differs in certain respects, making it difficult for multi-state employers to adopt a uniform and consistent social media policy.  To help sort things out, we highlight here the primary differences in the state social media privacy laws. 

States with Workplace Social Media or Internet Privacy Laws 

The eleven states that have enacted social media or internet privacy laws affecting employers to-date are:  Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah and Washington.  All but one of these states protect the access information for both current and prospective employees, with New Mexico only protecting the log-in information of applicants. 

Differences in State Social Media Laws 

Generally, all of these states prohibit an employer from requesting or requiring an employee or applicant to disclose his or her user name, password or other means of accessing his or her personal social media accounts. Many of these states also make it unlawful to discipline, discharge, discriminate against or penalize an employee, or fail to hire an applicant who refuses to disclose his or her access information to personal social media accounts.  However, that’s where the uniformity in the laws generally ends.  The following chart highlights numerous key differences between the state laws. 

Legal Provision

States Recognizing Provision

Prohibits employers from requesting that employee add employer representative or another employee to his or her list of contacts (e.g., “friend”)

Arkansas, Colorado, Oregon and Washington

Prohibits employers from requesting employee to access his or her personal social media account in the presence of the employer (“shoulder surfing”)

California, Michigan, Oregon and Washington

Prohibits employers from requesting employee to change the privacy settings on his or her personal social media accounts

Arkansas, Colorado and Washington

Specifically permits employers to view and access social media accounts that are publicly available

Arkansas, Illinois, Michigan, New Mexico, Oregon and Utah

Exception when access required to comply with laws or regulations of self-regulatory organizations

Arkansas, Nevada, Oregon and Washington

Exception for investigations of employee violation of law or employee misconduct

Arkansas, California, Michigan, Oregon, Utah and Washington (Colorado and Maryland limit this exception to investigation of securities or financial law compliance)

Exception for investigation of unauthorized downloading of employer’s proprietary, confidential or financial data

Colorado, Maryland, Michigan, Utah and Washington

Inadvertent acquisition of personal log-in information while monitoring employer systems not a violation but employer not permitted to use the log-in information to access personal social media accounts

Arkansas, Oregon and Washington

As you can see, the differences in the laws exceed the similarities, making it difficult for an employer operating in more than one covered state to comply with all applicable provisions.  Even the definition of covered social media accounts varies by state, creating even more inconsistencies. 

Would a Federal Law Help? 

With eleven laws in place and almost 20 additional states considering social media privacy bills, the issue seems ripe for a federal bill that would bring some uniformity to the protections offered to employees and applicants.  In February 2013, the Social Networking Online Protection Act, which offers such workplace protections, was introduced into the U.S. House of Representatives.  Unfortunately, it has languished in committee and is not expected to pass.  In addition, a federal law on the issue will likely only simplify the web of state laws if it specifically preempts state law.  Without federal preemption, we might face two sources of law on the issue, federal and state, which might muddy the waters even more.  In any event, it does not appear that a federal law will be enacted before additional states enact their own laws, leaving employers to struggle with the variances in state law. 

Best Practices for Complying with Social Media Privacy Laws 

With the vast amount of information available on social media and the increased use of social networking platforms for business purposes, it is likely that most employers will at some point need to access or review content on an employee’s or applicant’s social media account.  Perhaps it will be for an investigation of an employee who downloaded proprietary information or perhaps it will be to confirm derogatory statements about the company made by an employee.  Whatever the reason, the first step is to recognize that these laws exist and you will need to review which, if any, apply to your company and/or the employee involved.  Remember that you are generally free to access publicly available social media content.  However, if one of these state laws applies, consult with legal counsel before accessing (or requesting access to) any personal social media accounts to determine what restrictions and exceptions are applicable to your particular circumstances. 

Establish a social media policy specifying that employees are not permitted to disclose or post proprietary or confidential company information on their personal social media accounts.  Make a clear delineation between company/business-related social media accounts where you control who speaks on behalf of your organization, and personal accounts where employees do not represent the views of the company. Be careful that your social media policy does not run afoul of the National Labor Relations Act by interfering with employees’ right to discuss their wages and working conditions in a concerted manner.  Communicate your policy to your employees through normal channels, such as your employee handbook, online policy/intranet, etc. 

Train your supervisors, managers and human resources staff on these laws.  Sometimes supervisors or HR folks think it is acceptable to ask an employee to “friend” them online, or to ask for their log-in information to view pictures or other benign posts.  Despite good intentions, company representatives could get you into legal trouble so advise them of these laws and your restrictions on requesting access to personal social media accounts.


Disclaimer: This article is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal advice and are not intended to create an attorney-client relationship between you and Holland & Hart LLP. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.


Print Friendly and PDF

April 25, 2013

Tips for Complying with Utah’s Internet Employment Privacy Act

By Elizabeth Dunning

Effective May 14, 2013, Utah employers may not request employees or applicants to disclose information related to their personal Internet accounts.  The Internet Employment Privacy Act(IEPA), recently signed into law by Utah Governor Gary R. Herbert, prohibits employers from asking an employee or applicant to reveal a username or password that allows access to the individual’s personal Internet account.  In addition, employers may not penalize or discriminate against an employee or applicant for failing to disclose a username or password.  A similar restriction applies to higher educational institutions through passage of the Internet Postsecondary Institution Privacy Act. 

With enactment of the IEPA, Utah becomes the fifth state to pass legislation that limits an employer’s access to social media accounts, joining California, Illinois, Maryland and Michigan.  New Mexico passed a similar law shortly after Utah and New Jersey’s law passed the legislature and is awaiting the governor’s signature.  A bill introduced in February in the U.S. House of Representatives called the Social Networking Online Protection Act (H.R. 537) is stuck in committee. 

Public Online Accounts Are Fair Game under the IEPA 

The IEPA does not restrict or prohibit employers from viewing or using online information about employees and applicants that the employer can obtain without the employee’s username or password.  Any online information that is available to the public may be accessed and viewed by employers without violating the IEPA.  Consequently, individuals who set privacy settings on their online accounts to allow “public” access effectively opt themselves out of any protections offered by this new law. 

Utah Restriction Applies to Accounts Used Exclusively for Personal Communication 

In prohibiting employers from requiring disclosure of online usernames and passwords, the IEPA draws a distinction between personal Internet accounts and those used for business related communications.  The law only restricts employer access to personal online accounts that are used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer.  It does not, however, restrict access to accounts created, maintained, used or accessed by an employee or applicant for business related communications or for a business purpose of the employer.  

In practice, the line between personal and business related accounts may be blurred as many employees use their personal online presence to network and communicate for business reasons.  Consider the sales person who uses his or her LinkedIn account to communicate with potential buyers within a particular industry, or the CPA who posts tax reminders on his or her Facebook page.  Are those accounts accessible under the IEPA since they are not used “exclusively” for personal communications?  A plain reading of the law suggests that may be the case, thereby watering down the potential protections offered by the IEPA to applicants and employees.   

Steps for Complying with the IEPA 

Utah employers should review their HR forms, policies and practices to ensure that they do not ask applicants and/or employees to provide a username or password to their personal Internet accounts.   Train supervisors and managers not to ask for this information as well.  In fact, take the opportunity to remind supervisors and managers not to “friend” subordinates on personal online platforms, such as Facebook.  In addition, reinforce that employees and applicants may not be penalized or treated adversely for failing to provide a username or password for personal online accounts.   

Remember, too, that even though the IEPA does not prohibit accessing an employee’s or applicant’s public social media accounts, viewing such information creates other risks.  Employers may view information regarding the individual’s religion, race, national origin, disability, age, or other protected group status that could give rise to a discrimination claim.  Furthermore, online information is unreliable and ever-changing, meaning that employers should not rely on what they see online when making employment decisions.  To stay out of trouble, consult with legal counsel before viewing or using social media in the employment context.

For more information about permissible actions and potential damages under the Utah Internet Employment Privacy Act, please see our Client Alert.