102ND GENERAL ASSEMBLY
State of Illinois
2021 and 2022
HB3890

 

Introduced 2/22/2021, by Rep. Rita Mayfield

 

SYNOPSIS AS INTRODUCED:
 
820 ILCS 55/10  from Ch. 48, par. 2860

    Amends the Right to Privacy in the Workplace Act. Makes a technical change in a Section concerning prohibited inquiries.


LRB102 17076 JLS 22505 b

 

 

A BILL FOR

 

HB3890LRB102 17076 JLS 22505 b

1    AN ACT concerning employment.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Right to Privacy in the Workplace Act is
5amended by changing Section 10 as follows:
 
6    (820 ILCS 55/10)  (from Ch. 48, par. 2860)
7    Sec. 10. Prohibited inquiries; online activities.
8    (a) It shall be unlawful for any employer to inquire, in a
9written application or in any other manner, of any prospective
10employee or of the the prospective employee's previous
11employers, whether that prospective employee has ever filed a
12claim for benefits under the Workers' Compensation Act or
13Workers' Occupational Diseases Act or received benefits under
14these Acts.
15    (b)(1) Except as provided in this subsection, it shall be
16unlawful for any employer or prospective employer to:
17        (A) request, require, or coerce any employee or
18    prospective employee to provide a user name and password
19    or any password or other related account information in
20    order to gain access to the employee's or prospective
21    employee's personal online account or to demand access in
22    any manner to an employee's or prospective employee's
23    personal online account;

 

 

HB3890- 2 -LRB102 17076 JLS 22505 b

1        (B) request, require, or coerce an employee or
2    applicant to authenticate or access a personal online
3    account in the presence of the employer;
4        (C) require or coerce an employee or applicant to
5    invite the employer to join a group affiliated with any
6    personal online account of the employee or applicant;
7        (D) require or coerce an employee or applicant to join
8    an online account established by the employer or add the
9    employer or an employment agency to the employee's or
10    applicant's list of contacts that enable the contacts to
11    access the employee or applicant's personal online
12    account;
13        (E) discharge, discipline, discriminate against,
14    retaliate against, or otherwise penalize an employee for
15    (i) refusing or declining to provide the employer with a
16    user name and password, password, or any other
17    authentication means for accessing his or her personal
18    online account, (ii) refusing or declining to authenticate
19    or access a personal online account in the presence of the
20    employer, (iii) refusing to invite the employer to join a
21    group affiliated with any personal online account of the
22    employee, (iv) refusing to join an online account
23    established by the employer, or (v) filing or causing to
24    be filed any complaint, whether orally or in writing, with
25    a public or private body or court concerning the
26    employer's violation of this subsection; or

 

 

HB3890- 3 -LRB102 17076 JLS 22505 b

1        (F) fail or refuse to hire an applicant as a result of
2    his or her refusal to (i) provide the employer with a user
3    name and password, password, or any other authentication
4    means for accessing a personal online account, (ii)
5    authenticate or access a personal online account in the
6    presence of the employer, or (iii) invite the employer to
7    join a group affiliated with a personal online account of
8    the applicant.
9    (2) Nothing in this subsection shall limit an employer's
10right to:
11        (A) promulgate and maintain lawful workplace policies
12    governing the use of the employer's electronic equipment,
13    including policies regarding Internet use, social
14    networking site use, and electronic mail use; or
15        (B) monitor usage of the employer's electronic
16    equipment and the employer's electronic mail without
17    requesting or using any employee or prospective employee
18    to provide any password or other related account
19    information in order to gain access to the employee's or
20    prospective employee's personal online account.
21    (3) Nothing in this subsection shall prohibit an employer
22from:
23        (A) obtaining about a prospective employee or an
24    employee information that is in the public domain or that
25    is otherwise obtained in compliance with this amendatory
26    Act of the 97th General Assembly;

 

 

HB3890- 4 -LRB102 17076 JLS 22505 b

1        (B) complying with State and federal laws, rules, and
2    regulations and the rules of self-regulatory organizations
3    created pursuant to federal or State law when applicable;
4        (C) requesting or requiring an employee or applicant
5    to share specific content that has been reported to the
6    employer, without requesting or requiring an employee or
7    applicant to provide a user name and password, password,
8    or other means of authentication that provides access to
9    an employee's or applicant's personal online account, for
10    the purpose of:
11            (i) ensuring compliance with applicable laws or
12        regulatory requirements;
13            (ii) investigating an allegation, based on receipt
14        of specific information, of the unauthorized transfer
15        of an employer's proprietary or confidential
16        information or financial data to an employee or
17        applicant's personal account;
18            (iii) investigating an allegation, based on
19        receipt of specific information, of a violation of
20        applicable laws, regulatory requirements, or
21        prohibitions against work-related employee misconduct;
22            (iv) prohibiting an employee from using a personal
23        online account for business purposes; or
24            (v) prohibiting an employee or applicant from
25        accessing or operating a personal online account
26        during business hours, while on business property,

 

 

HB3890- 5 -LRB102 17076 JLS 22505 b

1        while using an electronic communication device
2        supplied by, or paid for by, the employer, or while
3        using the employer's network or resources, to the
4        extent permissible under applicable laws.
5    (4) If an employer inadvertently receives the username,
6password, or any other information that would enable the
7employer to gain access to the employee's or potential
8employee's personal online account through the use of an
9otherwise lawful technology that monitors the employer's
10network or employer-provided devices for network security or
11data confidentiality purposes, then the employer is not liable
12for having that information, unless the employer:
13        (A) uses that information, or enables a third party to
14    use that information, to access the employee or potential
15    employee's personal online account; or
16        (B) after the employer becomes aware that such
17    information was received, does not delete the information
18    as soon as is reasonably practicable, unless that
19    information is being retained by the employer in
20    connection with an ongoing investigation of an actual or
21    suspected breach of computer, network, or data security.
22    Where an employer knows or, through reasonable efforts,
23    should be aware that its network monitoring technology is
24    likely to inadvertently to receive such information, the
25    employer shall make reasonable efforts to secure that
26    information.

 

 

HB3890- 6 -LRB102 17076 JLS 22505 b

1    (5) Nothing in this subsection shall prohibit or restrict
2an employer from complying with a duty to screen employees or
3applicants prior to hiring or to monitor or retain employee
4communications as required under Illinois insurance laws or
5federal law or by a self-regulatory organization as defined in
6Section 3(A)(26) of the Securities Exchange Act of 1934, 15
7U.S.C. 78(A)(26) provided that the password, account
8information, or access sought by the employer only relates to
9an online account that:
10        (A) an employer supplies or pays; or
11        (B) an employee creates or maintains on behalf of or
12    under direction of an employer in connection with that
13    employee's employment.
14    (6) For the purposes of this subsection:
15        (A) "Social networking website" means an
16    Internet-based service that allows individuals to:
17            (i) construct a public or semi-public profile
18        within a bounded system, created by the service;
19            (ii) create a list of other users with whom they
20        share a connection within the system; and
21            (iii) view and navigate their list of connections
22        and those made by others within the system.
23        "Social networking website" does not include
24    electronic mail.
25        (B) "Personal online account" means an online account,
26    that is used by a person primarily for personal purposes.

 

 

HB3890- 7 -LRB102 17076 JLS 22505 b

1    "Personal online account" does not include an account
2    created, maintained, used, or accessed by a person for a
3    business purpose of the person's employer or prospective
4    employer.
5(Source: P.A. 98-501, eff. 1-1-14; 99-610, eff. 1-1-17.)