Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process.
Recent laws may not yet be included in the ILCS database, but they are found on this site as Public
soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the
Because the statute database is maintained primarily for legislative drafting purposes,
statutory changes are sometimes included in the statute database before they take effect.
If the source note at the end of a Section of the statutes includes a Public Act that has
not yet taken effect, the version of the law that is currently in effect may have already
been removed from the database and you should refer to that Public Act to see the changes
made to the current law.
(820 ILCS 55/10)
(from Ch. 48, par. 2860)
Prohibited inquiries; online activities.
(a) It shall be unlawful for any employer
to inquire, in a written application or in any other manner, of any
prospective employee or of the prospective employee's previous employers,
whether that prospective employee has ever filed a claim for benefits under
the Workers' Compensation Act or Workers' Occupational Diseases Act or
received benefits under these Acts.
(b)(1) Except as provided in this subsection, it shall be unlawful for any employer or prospective employer to:
(A) request, require, or coerce any employee or
prospective employee to provide a user name and password or any password or other related account information in order to gain access to the employee's or prospective employee's personal online account or to demand access in any manner to an employee's or prospective employee's personal online account;
(B) request, require, or coerce an employee or
applicant to authenticate or access a personal online account in the presence of the employer;
(C) require or coerce an employee or applicant to
invite the employer to join a group affiliated with any personal online account of the employee or applicant;
(D) require or coerce an employee or applicant to
join an online account established by the employer or add the employer or an employment agency to the employee's or applicant's list of contacts that enable the contacts to access the employee or applicant's personal online account;
(E) discharge, discipline, discriminate against,
retaliate against, or otherwise penalize an employee for (i) refusing or declining to provide the employer with a user name and password, password, or any other authentication means for accessing his or her personal online account, (ii) refusing or declining to authenticate or access a personal online account in the presence of the employer, (iii) refusing to invite the employer to join a group affiliated with any personal online account of the employee, (iv) refusing to join an online account established by the employer, or (v) filing or causing to be filed any complaint, whether orally or in writing, with a public or private body or court concerning the employer's violation of this subsection; or
(F) fail or refuse to hire an applicant as a result
of his or her refusal to (i) provide the employer with a user name and password, password, or any other authentication means for accessing a personal online account, (ii) authenticate or access a personal online account in the presence of the employer, or (iii) invite the employer to join a group affiliated with a personal online account of the applicant.
(2) Nothing in this subsection shall limit an employer's right to:
(A) promulgate and maintain lawful workplace policies
governing the use of the employer's electronic equipment, including policies regarding Internet use, social networking site use, and electronic mail use; or
(B) monitor usage of the employer's electronic
equipment and the employer's electronic mail without requesting or using any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's personal online account.
(3) Nothing in this subsection shall prohibit an employer from:
(A) obtaining about a prospective employee or an
employee information that is in the public domain or that is otherwise obtained in compliance with this amendatory Act of the 97th General Assembly;
(B) complying with State and federal laws, rules, and
regulations and the rules of self-regulatory organizations created pursuant to federal or State law when applicable;
(C) requesting or requiring an employee or applicant
to share specific content that has been reported to the employer, without requesting or requiring an employee or applicant to provide a user name and password, password, or other means of authentication that provides access to an employee's or applicant's personal online account, for the purpose of:
(i) ensuring compliance with applicable laws or
(ii) investigating an allegation, based on
receipt of specific information, of the unauthorized transfer of an employer's proprietary or confidential information or financial data to an employee or applicant's personal account;
(iii) investigating an allegation, based on
receipt of specific information, of a violation of applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct;
(iv) prohibiting an employee from using a
personal online account for business purposes; or
(v) prohibiting an employee or applicant from
accessing or operating a personal online account during business hours, while on business property, while using an electronic communication device supplied by, or paid for by, the employer, or while using the employer's network or resources, to the extent permissible under applicable laws.
(4) If an employer inadvertently receives the username, password, or any other information that would enable the employer to gain access to the employee's or potential employee's personal online account through the use of an otherwise lawful technology that monitors the employer's network or employer-provided devices for network security or data confidentiality purposes, then the employer is not liable for having that information, unless the employer:
(A) uses that information, or enables a third party
to use that information, to access the employee or potential employee's personal online account; or
(B) after the employer becomes aware that such
information was received, does not delete the information as soon as is reasonably practicable, unless that information is being retained by the employer in connection with an ongoing investigation of an actual or suspected breach of computer, network, or data security. Where an employer knows or, through reasonable efforts, should be aware that its network monitoring technology is likely to inadvertently to receive such information, the employer shall make reasonable efforts to secure that information.
(5) Nothing in this subsection shall prohibit or restrict an employer from complying with a duty to screen employees or applicants prior to hiring or to monitor or retain employee communications as required under Illinois insurance laws or federal law or by a self-regulatory organization as defined in Section 3(A)(26) of the Securities Exchange Act of 1934, 15 U.S.C. 78(A)(26) provided that the password, account information, or access sought by the employer only relates to an online account that:
(A) an employer supplies or pays; or
(B) an employee creates or maintains on behalf of or
under direction of an employer in connection with that employee's employment.
(6) For the purposes of this subsection:
(A) "Social networking website" means an
Internet-based service that allows individuals to:
(i) construct a public or semi-public profile
within a bounded system, created by the service;
(ii) create a list of other users with whom they
share a connection within the system; and
(iii) view and navigate their list of connections
and those made by others within the system.
"Social networking website" does not include
(B) "Personal online account" means an online
account, that is used by a person primarily for personal purposes. "Personal online account" does not include an account created, maintained, used, or accessed by a person for a business purpose of the person's employer or prospective employer.
(Source: P.A. 98-501, eff. 1-1-14; 99-610, eff. 1-1-17