On August 29, 2013, New Jersey Governor Chris Christie signed into law a new measure prohibiting employers from requiring employees or job applicants to provide login information or allow employer access to their accounts on social media sites such as Facebook, Twitter, and YouTube. While, under the law, employers may still view any publicly available information, they may not compel employees to disclose account passwords or “friend” company personnel.

The new law also prohibits employers from retaliating or discriminating against employees or applicants for refusing to provide their social media credentials or reporting alleged violations of the law. However, notwithstanding its broad prohibitions, the law does not provide aggrieved employees with a private right of action. Rather, alleged violations of the law will be investigated by the New Jersey Department of Labor and Workforce Development and will be subject to civil penalties of up to $1,000 for the first violation and $2,500 for each additional violation.

In May 2013, Governor Christie vetoed an earlier version of the bill, which he called “well-intentioned but too broad.” That version would have allowed employees to bring suit for alleged violations of the law and would have prohibited employers from requiring employees to disclose whether they have a personal social media account. Those measures were struck from the final bill. The law also contains certain employer protections, such as permission to investigate employee compliance with applicable laws, regulations, and “prohibitions against work-related misconduct” when the employer receives specific information concerning an employee’s social media account.

The new law goes into effect December 1, 2013, and will make New Jersey the twelfth state to grant employees social media privacy rights, along with Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Mexico, Oregon, Utah, and Washington.