According to FINRA, it is seeking the exemptions solely to ensure that when stockbrokers talk about stocks on sites such as Facebook, LinkedIn and Twitter, they are complying with their company's policies regarding such disclosure.
The laws limit a company's ability to investigate the activities of prospective or current employees on social media sites, said Scott Sweeney, an attorney at Wilson Elser Moskowitz Edelman & Dicker LLP in Denver. But at the same time, they also codify a company's rights to obtain some forms of personal login information, he said.
Under Utah's new law for instance, a company can ask an employee for personal log in information if the company provides the account or service. Similarly, an employee is obligated to provide login credentials if the social media account is used for the employer's business, or was obtained by virtue of the employment relationship, he said.
Some of the laws, like the one in Utah, also give employers the right to ask for login information when the company has specific information that an employer is using a private social media account to store or distribute company data, Sweeney said.
Such distinctions are important. In 2011, an employee working for PhoneDog, a company that serves up news on mobile technologies, refused to relinquish control of a Twitter account with 17,000 followers upon leaving the company, said Paul Paray, a partner at InformationLawGroup in New York.
In a lawsuit, PhoneDog alleged that the employee had used the Twitter account for official purposes during his employment at the company and charged him with misappropriation of trade secrets.
The new laws could have an impact on areas such as this, Paray said. For instance, they would give a company the right to ask for access credentials in situations where it hires someone to create a Twitter or other social media account that then gains thousands of followers. "If your job is to manage a social media account then employers should obviously have access to the password," he said.
Importantly, companies may actually be better off not having access to a prospective or current employee's personal social media account, Paray said.
Often such accounts may contain information on the individual's religious affiliation, ethnicity, race and other factors that cannot be used in making a hiring decision, he said. If the company later declines a hiring offer, or terminates an employee, they would be opening the door to numerous state and federal anti-discrimination claims, he said.
"You could almost argue that this is a positive thing for employers because now it cannot be imputed on you that you violated these statutes," he said.
The main takeaway for enterprises is that they should pay attention to their social media policies, Sweeney added. "From my perspective what they should be taking away from all this is that they should be reviewing their social media policies continuously," he said. "These laws are changing on a frequent basis so reviewing them with counsel or HR personnel is a wise thing to do."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about privacy in Computerworld's Privacy Topic Center.