Tennessee Code Annotated

Title 50: Employer And Employee

Chapter 1: Employer And Employee

Part 10: Employee Online Privacy Act of 2014

TCA 50-1-1003: Prohibited actions by employers -- Permissible actions. [Effective on January 1, 2015.]

(a) An employer shall not:

(1) Request or require an employee or an applicant to disclose a password that allows access to the employee's or applicant's personal Internet account;

(2) Compel an employee or an applicant to add the employer or an employment agency to the employee's or applicant's list of contacts associated with a personal Internet account;

(3) Compel an employee or an applicant to access a personal Internet account in the presence of the employer in a manner that enables the employer to observe the contents of the employee's or applicant's personal Internet account; or

(4) Take adverse action, fail to hire, or otherwise penalize an employee or applicant because of a failure to disclose information or take an action specified in subdivisions (a)(1)-(3).

(b) Unless otherwise provided by law, an employer is not prohibited from:

(1) Requesting or requiring an employee to disclose a username or password required only to gain access to:

(A) An electronic communications device supplied by or paid for wholly or in part by the employer; or

(B) An account or service provided by the employer that is obtained by virtue of the employee's employment relationship with the employer, or used for the employer's business purposes;

(2) Disciplining or discharging an employee for transferring the employer's proprietary or confidential information or financial data to an employee's personal Internet account without the employer's authorization;

(3) Conducting an investigation or requiring an employee to cooperate in an investigation if:

(A) There is specific information on the employee's personal Internet account regarding compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct; or

(B) The employer has specific information about an unauthorized transfer of the employer's proprietary information, confidential information, or financial data to an employee's personal Internet account;

(4) Restricting or prohibiting an employee's access to certain web sites while using an electronic communications device supplied by or paid for wholly or in part by the employer or while using an employer's network or resources, in accordance with state and federal law;

(5) Monitoring, reviewing, accessing, or blocking electronic data stored on an electronic communications device supplied by or paid for wholly or in part by the employer, or stored on an employer's network, in accordance with state and federal law;

(6) Complying with a duty to screen employees or applicants before hiring or to monitor or retain employee communications:

(A) That is established under federal law or by a "self-regulatory organization", as defined in the Securities and Exchange Act of 1934, 15 U.S.C. § 78c(a);

(B) For purposes of law enforcement employment; or

(C) For purposes of an investigation into law enforcement officer conduct performed by a law enforcement agency; or

(7) Viewing, accessing, or using information about an employee or applicant that can be obtained without violating subsection (a) or information that is available in the public domain.

(c) Conducting an investigation or requiring an employee to cooperate in an investigation as specified in subdivision (b)(3) includes requiring the employee to share the reported content or information in order to make a factual determination.

(d) (1) This part does not create a duty for an employer to search or monitor the activity of a personal Internet account.

(2) An employer is not liable under this part for a failure to request or require that an employee or applicant grant access to, allow observation of, or disclose information that allows access to or observation of the employee's or applicant's personal Internet account.

History: Acts 2014, ch. 826, § 2.