H. B. 2966
(By Delegates Skinner, Lawrence, Barrett, Young, Sponaugle,
Lynch, Tomblin, Eldridge, Poore, Marcum and Caputo)
(Originating in the Committee on the Judiciary)
[January 24, 2014]
A BILL to amend the Code of West Virginia, 1931, as amended, by adding thereto a new article, designated §21-5G-1, §21-5G-2, §21-5G-3 and §21-5G-4, all relating to employment and privacy protection; prohibiting an employer from requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through certain electronic communications devices; prohibiting an employer from taking or threatening to take, certain disciplinary actions for an employee’s refusal to disclose certain password and related information; prohibiting an employer from failing or refusing to hire an applicant as a result of the applicant’s refusal to disclose certain password and related information; prohibiting an employee from downloading certain unauthorized information or data to certain Web sites or Web-based accounts; providing that an employer is not prevented from conducting certain investigations for certain purposes, including gathering information needed for compliance with mandatory state or federal regulations; and duties not created under this article.
Be it enacted by the Legislature of West Virginia:
That the Code of West Virginia, 1931, as amended, be amended by adding thereto a new article, designated §21-5G-1, §21-5G-2, §21-5G-3 and §21-5G-3, all to read as follows:
ARTICLE 5G. INTERNET PRIVACY PROTECTION ACT.
§21-5G-1. Short Title.
This article shall be known and may be cited as the “Internet Privacy Protection Act”.
As used in this article:
(a) “Applicant” means an applicant for employment.
(b) “Electronic Communications Device” means any device that uses electronic signals to create, transmit and receive information, and includes computers, telephones, personal digital assistants, and other similar devices.
(c) “Employer” means a person engaged in a business, industry, profession, trade or other enterprise in the state, or a unit of state or local government. “Employer” includes an agent, representative or designee of the employer.
§21-5G-3. Certain acts prohibited; not prohibited.
(a) An employer may not request or require that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device.
(b) (1) An employer may not discharge, discipline, or otherwise penalize or threaten to discharge, discipline, or otherwise penalize an employee for the employee’s refusal to disclose any information specified in subsection (a) of this section.
(2) An employer may not fail or refuse to hire any applicant as a result of the applicant’s refusal to disclose any information specified in subsection (a) of this section.
(c) An employee may not download any information not authorized by the employer, including but not limited to proprietary information, trade secrets, or finacial data to an employee’s personal Web site, an Internet Web site, a Web-based account or a similar account, or to any other electronic or digital storage device or medium.
(d) (1)This section does not prevent an employer, based on the receipt of information about the use of a personal Web site, Internet Web site, Web-based account, or similar account by an employee for business purposes, from conducting an investigation for the purpose of ensuring compliance with applicable securities or financial law, or regulatory requirements.
(2) This section does not prohibit an employer from doing any of the following:
(a) requesting or requiring an employee to disclose a username or password to gain access to:
(i) an electronic communications device supplied by or paid for, in whole or in part, by the employer; or
(ii) an account or service provided by the employer, obtained by virtue of the employee’s employment relationship with the employer, and used for the employer’s business purposes
(b) disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal internet account without the employer’s authorization;
(c) conducting an investigation or requiring an employee to cooperate in an investigation in any of the following:
(i) if there is specific information about activity, relating to the employment of the individual or the business of the employer, on the employee’s personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements or written employee codes of conduct found within previously known and agreed to written employee contracts; or
(ii) if the employer has specific information about an unauthorized transfer of the employer’s proprietary information, confidential information or financial data to an employee’s personal internet account;
(d) restricting or prohibiting an employee’s access to certain websites while using an electronic communications device supplied by or paid for, in whole or in part, by the employer or while using an employer’s network or resources, in accordance with state or federal law; or
(e) monitoring, reviewing, accessing or blocking electronic data stored on an electronic communications device supplied by or paid for, in whole or in part, by the employer or stored on an employer’s network, in accordance with state and federal law.
(f) conducting an investigation or requiring an employee to cooperate in an investigation as specified in subsection (2)(c), including requiring the employee to share the content that has been reported in order to make a factual determination.
(3) This section does not prohibit or restrict an employer from complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications that is established under federal law, by a self-regulatory organization under the Securities and Exchange Act of 1934, 15 U.S.C. Sec. 78c(a)(26), or in the course of a law enforcement employment application or law enforcement officer investigation performed by a law enforcement agency.
(4) This section does not prohibit or restrict an employer from viewing, accessing or using information about an employee or applicant that can be obtained without the information described in §21-5G-3(a) or information available in the public domain.
§21-5G-4 Duties Not Created.
(1) This article does not create a duty for an employer to search or monitor the activity of a personal internet account.
(2) An employer is not liable under this article for failure to request or require that an employee or applicant for employment grant access to, allow observation of or disclose information that allows access to or observation of the applicant or employee’s personal internet account.