|
| | 102ND GENERAL ASSEMBLY
State of Illinois
2021 and 2022 HB3890 Introduced 2/22/2021, by Rep. Rita Mayfield SYNOPSIS AS INTRODUCED: | | 820 ILCS 55/10 | from Ch. 48, par. 2860 |
|
Amends the Right to Privacy in the Workplace Act. Makes a technical change
in
a Section concerning prohibited inquiries.
|
| |
| | A BILL FOR |
|
|
| | HB3890 | | LRB102 17076 JLS 22505 b |
|
|
1 | | AN ACT concerning employment.
|
2 | | Be it enacted by the People of the State of Illinois, |
3 | | represented in the General Assembly:
|
4 | | Section 5. The Right to Privacy in the Workplace Act is |
5 | | amended by changing Section 10 as follows:
|
6 | | (820 ILCS 55/10) (from Ch. 48, par. 2860)
|
7 | | Sec. 10. Prohibited inquiries; online activities. |
8 | | (a) It shall be unlawful for any employer
to inquire, in a |
9 | | written application or in any other manner, of any
prospective |
10 | | employee or of the
the prospective employee's previous |
11 | | employers,
whether that prospective employee has ever filed a |
12 | | claim for benefits under
the Workers' Compensation Act or |
13 | | Workers' Occupational Diseases Act or
received benefits under |
14 | | these Acts. |
15 | | (b)(1) Except as provided in this subsection, it shall be |
16 | | unlawful for any employer or prospective employer to: |
17 | | (A) request, require, or coerce any employee or |
18 | | prospective employee to provide a user name and password |
19 | | or any password or other related account information in |
20 | | order to gain access to the employee's or prospective |
21 | | employee's personal online account or to demand access in |
22 | | any manner to an employee's or prospective employee's |
23 | | personal online account; |
|
| | HB3890 | - 2 - | LRB102 17076 JLS 22505 b |
|
|
1 | | (B) request, require, or coerce an employee or |
2 | | applicant to authenticate or access a personal online |
3 | | account in the presence of the employer; |
4 | | (C) require or coerce an employee or applicant to |
5 | | invite the employer to join a group affiliated with any |
6 | | personal online account of the employee or applicant; |
7 | | (D) require or coerce an employee or applicant to join |
8 | | an online account established by the employer or add the |
9 | | employer or an employment agency to the employee's or |
10 | | applicant's list of contacts that enable the contacts to |
11 | | access the employee or applicant's personal online |
12 | | account; |
13 | | (E) discharge, discipline, discriminate against, |
14 | | retaliate against, or otherwise penalize an employee for |
15 | | (i) refusing or declining to provide the employer with a |
16 | | user name and password, password, or any other |
17 | | authentication means for accessing his or her personal |
18 | | online account, (ii) refusing or declining to authenticate |
19 | | or access a personal online account in the presence of the |
20 | | employer, (iii) refusing to invite the employer to join a |
21 | | group affiliated with any personal online account of the |
22 | | employee, (iv) refusing to join an online account |
23 | | established by the employer, or (v) filing or causing to |
24 | | be filed any complaint, whether orally or in writing, with |
25 | | a public or private body or court concerning the |
26 | | employer's violation of this subsection; or |
|
| | HB3890 | - 3 - | LRB102 17076 JLS 22505 b |
|
|
1 | | (F) fail or refuse to hire an applicant as a result of |
2 | | his or her refusal to (i) provide the employer with a user |
3 | | name and password, password, or any other authentication |
4 | | means for accessing a personal online account, (ii) |
5 | | authenticate or access a personal online account in the |
6 | | presence of the employer, or (iii) invite the employer to |
7 | | join a group affiliated with a personal online account of |
8 | | the applicant. |
9 | | (2) Nothing in this subsection shall limit an employer's |
10 | | right to: |
11 | | (A) promulgate and maintain lawful workplace policies |
12 | | governing the use of the employer's electronic equipment, |
13 | | including policies regarding Internet use, social |
14 | | networking site use, and electronic mail use; or |
15 | | (B) monitor usage of the employer's electronic |
16 | | equipment and the employer's electronic mail without |
17 | | requesting or using any employee or prospective employee |
18 | | to provide any password or other related account |
19 | | information in order to gain access to the employee's or |
20 | | prospective employee's personal online account. |
21 | | (3) Nothing in this subsection shall prohibit an employer |
22 | | from: |
23 | | (A) obtaining about a prospective employee or an |
24 | | employee information that is in the public domain or that |
25 | | is otherwise obtained in compliance with this amendatory |
26 | | Act of the 97th General Assembly; |
|
| | HB3890 | - 4 - | LRB102 17076 JLS 22505 b |
|
|
1 | | (B) complying with State and federal laws, rules, and |
2 | | regulations and the rules of self-regulatory organizations |
3 | | created pursuant to federal or State law when applicable; |
4 | | (C) requesting or requiring an employee or applicant |
5 | | to share specific content that has been reported to the |
6 | | employer, without requesting or requiring an employee or |
7 | | applicant to provide a user name and password, password, |
8 | | or other means of authentication that provides access to |
9 | | an employee's or applicant's personal online account, for |
10 | | the purpose of: |
11 | | (i) ensuring compliance with applicable laws or |
12 | | regulatory requirements; |
13 | | (ii) investigating an allegation, based on receipt |
14 | | of specific information, of the unauthorized transfer |
15 | | of an employer's proprietary or confidential |
16 | | information or financial data to an employee or |
17 | | applicant's personal account; |
18 | | (iii) investigating an allegation, based on |
19 | | receipt of specific information, of a violation of |
20 | | applicable laws, regulatory requirements, or |
21 | | prohibitions against work-related employee misconduct; |
22 | | (iv) prohibiting an employee from using a personal |
23 | | online account for business purposes; or |
24 | | (v) prohibiting an employee or applicant from |
25 | | accessing or operating a personal online account |
26 | | during business hours, while on business property, |
|
| | HB3890 | - 5 - | LRB102 17076 JLS 22505 b |
|
|
1 | | while using an electronic communication device |
2 | | supplied by, or paid for by, the employer, or while |
3 | | using the employer's network or resources, to the |
4 | | extent permissible under applicable laws. |
5 | | (4) If an employer inadvertently receives the username, |
6 | | password, or any other information that would enable the |
7 | | employer to gain access to the employee's or potential |
8 | | employee's personal online account through the use of an |
9 | | otherwise lawful technology that monitors the employer's |
10 | | network or employer-provided devices for network security or |
11 | | data confidentiality purposes, then the employer is not liable |
12 | | for having that information, unless the employer: |
13 | | (A) uses that information, or enables a third party to |
14 | | use that information, to access the employee or potential |
15 | | employee's personal online account; or |
16 | | (B) after the employer becomes aware that such |
17 | | information was received, does not delete the information |
18 | | as soon as is reasonably practicable, unless that |
19 | | information is being retained by the employer in |
20 | | connection with an ongoing investigation of an actual or |
21 | | suspected breach of computer, network, or data security. |
22 | | Where an employer knows or, through reasonable efforts, |
23 | | should be aware that its network monitoring technology is |
24 | | likely to inadvertently to receive such information, the |
25 | | employer shall make reasonable efforts to secure that |
26 | | information. |
|
| | HB3890 | - 6 - | LRB102 17076 JLS 22505 b |
|
|
1 | | (5) Nothing in this subsection shall prohibit or restrict |
2 | | an employer from complying with a duty to screen employees or |
3 | | applicants prior to hiring or to monitor or retain employee |
4 | | communications as required under Illinois insurance laws or |
5 | | federal law or by a self-regulatory organization as defined in |
6 | | Section 3(A)(26) of the Securities Exchange Act of 1934, 15 |
7 | | U.S.C. 78(A)(26) provided that the password, account |
8 | | information, or access sought by the employer only relates to |
9 | | an online account that: |
10 | | (A) an employer supplies or pays; or |
11 | | (B) an employee creates or maintains on behalf of or |
12 | | under direction of an employer in connection with that |
13 | | employee's employment. |
14 | | (6) For the purposes of this subsection: |
15 | | (A) "Social networking website" means an |
16 | | Internet-based service that allows individuals to: |
17 | | (i) construct a public or semi-public profile |
18 | | within a bounded system, created by the service; |
19 | | (ii) create a list of other users with whom they |
20 | | share a connection within the system; and |
21 | | (iii) view and navigate their list of connections |
22 | | and those made by others within the system. |
23 | | "Social networking website" does not include |
24 | | electronic mail. |
25 | | (B) "Personal online account" means an online account, |
26 | | that is used by a person primarily for personal purposes. |