The New Hampshire Legislature passed HB 1407 which will prohibit employers from obtaining an employee’s personal social media account user name and password. The bill passed both the House and the Senate. The governor is expected to sign it into law.

This bill applies to both employees and prospective employees for employment. Employers found to be in violation will be subject to the penalties under RSA 273:11-a, including a fine of up to $2,500 per violation.

HB 1407 does not prevent an employer from monitoring company equipment and email, adopting workplace policies on the use of employer property (including Internet use, social networking site use or electronic mail use), or requesting disclosure of login information where the social media account is paid for by the employer or provided to employee as part of employment relationship.

Also, nothing in the bill prohibits an employer from: (a) Obtaining information about an employee or prospective employee that is in the public domain; or (b) Conducting an investigation: (1) To ensure compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct based on information about activity on an employee’s personal account or service received from an employee or other source; (2) Of an employee’s actions based on the receipt of specific information about the unauthorized transfer of an employer’s proprietary information, confidential information, or financial data to a personal online account or service by an employee or other source.

Once signed into law, NH will join over a dozen other states with laws limiting an employer from requiring or obtaining passwords to personal social media accounts of employees.