CHAPTER 305

HB 1407 – FINAL VERSION

05/15/14 1745s

4Jun2014… 1916CofC

4Jun2014… 2014EBA

2014 SESSION

14-2039

06/01

HOUSE BILL 1407

AN ACT relative to privacy in the workplace.

SPONSORS: Rep. K. Rogers, Merr 28; Rep. P. Sullivan, Hills 10; Sen. Soucy, Dist 18

COMMITTEE: Labor, Industrial and Rehabilitative Services

ANALYSIS

This bill prohibits an employer from requiring an employee or prospective employee to disclose his or her social media or electronic mail passwords.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Explanation: Matter added to current law appears in bold italics.

Matter removed from current law appears [in brackets and struckthrough.]

Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.

05/15/14 1745s

4Jun2014… 1916CofC

4Jun2014… 2014EBA

14-2039

06/01

STATE OF NEW HAMPSHIRE

In the Year of Our Lord Two Thousand Fourteen

AN ACT relative to privacy in the workplace.

Be it Enacted by the Senate and House of Representatives in General Court convened:

305:1 New Subdivision; Use of Social Media and Electronic Mail. Amend RSA 275 by inserting after section 70 the following new subdivision:

Use of Social Media and Electronic Mail

275:71 Definition. In this subdivision, “personal account” means an account, service, or profile on a social networking website that is used by a current or prospective employee primarily for personal communications unrelated to any business purposes of the employer. This definition shall not apply to any account, service, or profile created, maintained, used, or accessed by a current or prospective employee for business purposes of the employer or to engage in business-related communications.

275:72 Use of Social Media and Electronic Mail.

I. No employer shall request or require that an employee or prospective employee disclose login information for accessing any personal account or service through an electronic communication device.

II. No employer shall compel an employee or applicant to add anyone, including the employer or the employer’s agent, to a list of contacts associated with an electronic mail account or personal account or require an employee or applicant to reduce the privacy settings associated with any electronic mail or personal account that would affect a third party’s ability to view the contents of the account.

III. No employer shall take or threaten to take disciplinary action against any employee for such employee’s refusal to comply with a request or demand by the employer that violates this subdivision.

IV. Nothing in this subdivision shall limit an employer’s right to:

(a) Adopt and enforce lawful workplace policies governing the use of the employer’s electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use.

(b) Monitor usage of the employer’s electronic equipment and electronic mail.

(c) Request or require an employee to disclose login information for access to:

(1) An account or service provided by virtue of the employee’s employment relationship with the employer; or

(2) An electronic communications device or online account paid for or supplied by the employer.

V. If, through the use of an electronic device or program that monitors an employer’s network or the use of employer provided devices, an employer inadvertently receives an employee’s password, or other authentication information, the employer is not liable for having this information, but shall not use this information to access an employee’s personal accounts.

VI. Nothing in this section shall prohibit an employer from:

(a) Obtaining information about an employee or prospective employee that is in the public domain;

(b) Conducting an investigation:

(1) To ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct based on information about activity on an employee’s personal account or service received from an employee or other source.

(2) Of an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to a personal online account or service by an employee or other source.

VII. In any investigation conducted under paragraph VI, the employer may require the employee’s cooperation to share only the content that has been received by the employer, in order to make a factual determination.

VIII. Nothing in this section shall be construed to prevent an employer from complying with the requirements of state or federal statutes, rules or regulations, case law, or rules of self-regulatory organizations.

275:73 Penalty. Any employer violating RSA 275:72 shall be subject to a civil penalty, to be imposed by the labor commissioner in accordance with the procedures established in RSA 273:11-a. An employer aggrieved by the commissioner’s assessment of such penalty may appeal in accordance with RSA 273:11-c.

305:2 Contingent Renumbering. If SB 390 of the 2014 regular legislative session becomes law, RSA 275:71 through RSA 275:73, as inserted by section 1 of this act, shall be renumbered as RSA 275:73 through RSA 275:75, respectively, and the reference to RSA 275:72 in RSA 275:73 as inserted by section 1 of this act shall be renumbered as RSA 275:74.

305:3 Effective Date. This act shall take effect 60 days after its passage.

Approved: August 1, 2014

Effective Date: September 30, 2014