Illinois Becomes Third State to Pass Privacy Law Conflicting with SEC Social Media Compliance Regulations for Investment Advisers

August 01, 2012

Today Illinois Governor Pat Quinn signed a new law that makes it unlawful for employers to request passwords to social media accounts or from demanding access to social media accounts from potential and current employees. Illinois became the third state to pass such legislation after Maryland and Delaware recently adopted similar laws in May and July. After signing the law Governor Quinn said, “Members of the workforce should not be punished for information their employers don’t legally have the right to have. As use of social media continues to expand, this new law will protect workers and their right to personal privacy.”

The purpose of the laws is to protect the privacy rights of potential and current employees from invasion by employers. Rep. La Shawn Ford (D-Chicago), co-sponsor of the law said “Social networking accounts are places where we document the personal and private aspects of our lives, and employers have realized they can get answers to questions they are already prohibited from asking by gaining unfettered access to our accounts.” The laws raise questions for investment advisers in Illinois and Maryland that allow investment adviser representatives to use personal social media accounts to interact with clients.

The Financial Industry Regulatory Authority (“FINRA”) and the U.S. Securities and Exchange Commission (“SEC”) have provided guidance on social media use by investment advisers and broker/dealers. FINRA has issued Regulatory Notice 10-06 and Regulatory Notice 11-39 on the topic and the SEC has issued a Risk Alert.  Essentially both FINRA and the SEC require investment advisers and broker/dealers to monitor and archive any business communications their employees have with clients. These new laws make requesting access to social media accounts illegal. Without access to personal social media accounts, investment advisers and broker/dealers would be unable to properly collect and retain client communications.

The SEC recommended in its Risk Alert that “firms should create usage guidelines on appropriate and inappropriate use of social media and should consider adopting policies and procedures to address conducting firm business on personal social media sites.” Furthermore, FINRA stated in Regulatory Notice 10-06 that “firms must have a general policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision.”

Similar legislation has been proposed in the federal government as well as several other states including California, Massachusetts, Minnesota, and New York. RIA Compliance Consultants will keep you up to date on any possible future social media legislation.

Posted by Bryan Hill
Labels: FINRA, Privacy, Record Keeping, SEC, Social Media, Uncategorized