Logo Placeholder

“Don’t Ask, Don’t Tell:” New Virginia Law Limits Access to Employee’s Social Media Accounts

On Behalf of | Sep 15, 2015 | Employment & Labor Law


The use of social media has become pervasive in today’s workplace. As a result, employers have a strong interest in making sure employees are following company policies and preserving the confidentiality of company information while online, and in maintaining a positive public image on social media−while being careful not to interfere with employees’ rights under Section 7 of the National Labor Relations Act. In addition, employers have a responsibility to investigate social media behavior if they become aware of alleged misconduct and to exercise due diligence to protect other employees. In a press release last year, the EEOC noted that employers’ oversight responsibilities to monitor and remedy workplace harassment could extend to social media. For example, if an employee uses a company laptop to post harassing or discriminatory comments about a co-worker, the employer may not escape liability under Title VII merely because the harassment happened online.Concerned with their employees’ potentially detrimental social media activities and also in order to screen potential job candidates, many employers require access to their applicants’ and employees’ social media accounts. However, Virginia is now the nineteenth state to impose limits on employer access to such accounts. The new law, Va. Code 40.1-28.7:5, which took effect July 1, 2015, prohibits employers in Virginia from requiring current or prospective employees to disclose the usernames and passwords for their social media accounts. The law also prevents employers from requiring employees and applicants to permit managers and supervisors to “follow” them on social media. The law’s definition of “social media account” is broad and includes any personal account where users can create, share or view: videos, photographs, blogs, podcasts, messages, emails or website profiles or locations.

However, the law does carve out employer activities associated with compliance with federal, state, or local laws and employer investigations of certain misconduct. Therefore, an employer’s right to request username and password information is not affected where such information “is reasonably believed to be relevant to a formal investigation or related proceeding by the employer of allegations of an employee’s violation of federal, state, or local laws or regulations or of the employer’s written policies.” Yet, if an employer exercises its rights under this investigatory exception, the employer is prohibited from using the employee’s information for any other purpose.

If an employer inadvertently receives an employee’s username and password to the employee’s social media account through the use of an electronic device provided to the employee by the employer, the employer will not be liable for having the information.  However, the employer is required to refrain from using the information to gain access to an employee’s social media account.

Employers should review their social media policies and hiring procedures to confirm they are in compliance with this new law. Employers should not ask for, or seek access to, employee and/or applicant social media accounts unless there is a solid business justification that fits squarely within the exceptions provided. Employers should also remember that just because an action may not violate this new law, it does not insulate the employer from liability under the NLRA or other employment laws.  Facebook, Twitter, and other social media comments can be protected concerted activity or union activity under the NLRA.

Sara Dajani is an associate attorney with the business law firm, Berenzweig Leonard, LLP. Sara can be reached at [email protected]