§ 10. Prohibited inquiries; online activities.
(a) It shall be unlawful for any employer to inquire, in a written application or in any other manner, of any prospective employee or of the prospective employee's previous employers, whether that prospective employee has ever filed a claim for benefits under the Workers' Compensation Act 1 or Workers' Occupational Diseases Act 2 or received benefits under these Acts.
(b)(1) Except as provided in this subsection, it shall be unlawful for any employer or prospective employer to:
(A) request, require, or coerce any employee or prospective employee to provide a user name and password or any password or other related account information in order to gain access to the employee's or prospective employee's personal online account or to demand access in any manner to an employee's or prospective employee's personal online account;
(B) request, require, or coerce an employee or applicant to authenticate or access a personal online account in the presence of the employer;
(C) require or coerce an employee or applicant to invite the employer to join a group affiliated with any personal online account of the employee or applicant;
(D) require or coerce an employee or applicant to join an online account established by the employer or add the employer or an employment agency to the employee's or applicant's list of contacts that enable the contacts to access the employee or applicant's personal online account;
(E) discharge, discipline, discriminate against, retaliate against, or otherwise penalize an employee for (i) refusing or declining to provide the employer with a user name and password, password, or any other authentication means for accessing his or her personal online account, (ii) refusing or declining to authenticate or access a personal online account in the presence of the employer, (iii) refusing to invite the employer to join a group affiliated with any personal online account of the employee, (iv) refusing to join an online account established by the employer, or (v) filing or causing to be filed any complaint, whether orally or in writing, with a public or private body or court concerning the employer's violation of this subsection; or
(F) fail or refuse to hire an applicant as a result of his or her refusal to (i) provide the employer with a user name and password, password, or any other authentication means for accessing a personal online account, (ii) authenticate or access a personal online account in the presence of the employer, or (iii) invite the employer to join a group affiliated with a personal online account of the applicant.
(2) Nothing in this subsection shall limit an employer's right to:
(A) promulgate and maintain lawful workplace policies governing the use of the employer's electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use; or
(B) monitor usage of the employer's electronic equipment and the employer's electronic mail without requesting or using any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's personal online account.
(3) Nothing in this subsection shall prohibit an employer from:
(A) obtaining about a prospective employee or an employee information that is in the public domain or that is otherwise obtained in compliance with this amendatory Act of the 97th General Assembly;
(B) complying with State and federal laws, rules, and regulations and the rules of self-regulatory organizations created pursuant to federal or State law when applicable;
(C) requesting or requiring an employee or applicant to share specific content that has been reported to the employer, without requesting or requiring an employee or applicant to provide a user name and password, password, or other means of authentication that provides access to an employee's or applicant's personal online account, for the purpose of:
(i) ensuring compliance with applicable laws or regulatory requirements;
(ii) investigating an allegation, based on receipt of specific information, of the unauthorized transfer of an employer's proprietary or confidential information or financial data to an employee or applicant's personal account;
(iii) investigating an allegation, based on receipt of specific information, of a violation of applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct;
(iv) prohibiting an employee from using a personal online account for business purposes; or
(v) prohibiting an employee or applicant from accessing or operating a personal online account during business hours, while on business property, while using an electronic communication device supplied by, or paid for by, the employer, or while using the employer's network or resources, to the extent permissible under applicable laws.
(4) If an employer inadvertently receives the username, password, or any other information that would enable the employer to gain access to the employee's or potential employee's personal online account through the use of an otherwise lawful technology that monitors the employer's network or employer-provided devices for network security or data confidentiality purposes, then the employer is not liable for having that information, unless the employer:
(A) uses that information, or enables a third party to use that information, to access the employee or potential employee's personal online account; or
(B) after the employer becomes aware that such information was received, does not delete the information as soon as is reasonably practicable, unless that information is being retained by the employer in connection with an ongoing investigation of an actual or suspected breach of computer, network, or data security. Where an employer knows or, through reasonable efforts, should be aware that its network monitoring technology is likely to inadvertently to receive such information, the employer shall make reasonable efforts to secure that information.
(5) Nothing in this subsection shall prohibit or restrict an employer from complying with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization as defined in Section 3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C. 78(A)(26) provided that the password, account information, or access sought by the employer only relates to an online account that:
(A) an employer supplies or pays; or
(B) an employee creates or maintains on behalf of or under direction of an employer in connection with that employee's employment.
(6) For the purposes of this subsection:
(A) “Social networking website” means an Internet-based service that allows individuals to:
(i) construct a public or semi-public profile within a bounded system, created by the service;
(ii) create a list of other users with whom they share a connection within the system; and
(iii) view and navigate their list of connections and those made by others within the system.
“Social networking website” does not include electronic mail.
(B) “Personal online account” means an online account, that is used by a person primarily for personal purposes. “Personal online account” does not include an account created, maintained, used, or accessed by a person for a business purpose of the person's employer or prospective employer.
FindLaw Codes are provided courtesy of Thomson Reuters Westlaw, the industry-leading online legal research system. For more detailed codes research information, including annotations and citations, please visit Westlaw.
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.