The Illinois Right to Privacy in the Workplace Act (IRPWA) is an important piece of legislation designed to protect employees’ personal rights while balancing employers’ needs.
This guide covers the major aspects of the IRPWA, including social media privacy, lifestyle discrimination protections, and compliance with federal E-Verify requirements. Here’s what employers need to know about the act and how you can use Mosey to manage state compliance.
What Is the Illinois Right to Privacy in the Workplace Act?
The IRPWA aims to safeguard employees from unfair employment practices that infringe on their privacy rights. The Act applies to all employers in Illinois and covers current employees and job applicants.
The Act ensures employees’ private lives remain protected by restricting employers from accessing personal online accounts and regulating off-duty conduct. Simply put, the IRPWA enforces a boundary between work and life.
What Are Social Media Privacy Protections?
The IRPWA prohibits employers from requesting or requiring employees or job applicants to disclose usernames, passwords, or other account information related to private social networking sites. This does not include internal or social media accounts used for company communications, such as a company email address.
Employers cannot coerce an employee to accept a friend or follow request. They also can’t ask to see posts that an employee makes to a private account. That said, this protection does not prevent employers from looking at public posts.
Additionally, employment decisions cannot be based on private social media activity unless publicly available content violates workplace policies. For example, if an employee makes a public post revealing sensitive company information, their actions would not be protected.
Need your Illinois required policies updated?
Automatically generate multi-state handbooks in a few clicks with lawyer-approved policies in every state you have employees in.
Best Practices
Develop a clear social media policy distinguishing professional and personal online conduct. Many employers advise employees to keep their personal social media accounts private simply because it’s safer.
While you can offer a suggestion, you cannot require employees to privatize their online presence.
If an employee uses a professional social media account to represent your organization or their role within your organization, it is not the same as having a personal account just for friends and family. Their conduct on this account is likely allowed to be monitored.
Exceptions
Employers may monitor public online activity or use social media information that employees voluntarily share. Once again, public posts that anyone can view aren’t protected, and employers can enforce workplace policies related to professional accounts created for business purposes.
What Are Lifestyle Discrimination Protections?
The IRPWA protects employees’ rights to engage in lawful activities outside of work, including using alcohol or tobacco products during non-working hours.
Employers cannot refuse to hire, terminate, or discipline employees for legal off-duty conduct or implement policies that penalize employees for using alcohol or tobacco outside the workplace. Employees are free to engage in any legal activity when they’re off the clock.
Best Practices
Employers can enforce drug-free workplace policies and alcohol restrictions during working hours. If employee health is a concern, you can offer wellness programs or assistance.
For example, it’s okay to post signs in the breakroom with resources that employees may find helpful, like recovery programs. While promoting wellness is encouraged, participation must be voluntary.
Exceptions
There may be instances where legal behavior outside the workplace trickles in. For example, if an employee drinks too much alcohol outside of work but reports for duty noticeably intoxicated, this behavior can jeopardize the safety of others. At this point, an employer can take disciplinary action.
What Is Federal E-Verify Compliance?
Employers using the federal E-Verify system must adhere to specific requirements outlined in the IRPWA.
All staff responsible for E-Verify must complete training on its use and privacy policies. Employers must display notices informing employees of E-Verify participation, and personal employee information entered into the system must be protected against unauthorized access and misuse.
Best Practices
Conduct regular internal audits to ensure E-Verify processes align with legal standards. Utilize compliance training sessions and maintain detailed records of employee verification procedures.
It’s never a bad idea to touch base with your IT team to verify that your organization’s internet connection and data storage systems are as secure as possible. New security threats emerge every day, and it’s crucial to use the latest safeguards to prevent vulnerabilities.
How To Implement a Compliance Strategy
The IRPWA has highly specific rules for employers to follow. Developing and implementing a compliance strategy can protect your organization from penalties for non-compliance while creating a workplace that values employees.
Develop a Policy
Create and distribute an employee privacy policy outlining protected rights and employer expectations. The goal is to define what qualifies as a private activity and what qualifies as a business activity.
Clear definitions can help avoid confusion with social media — it may not always be clear when an employee is using an account as a private individual or as a representative of your company.
Additionally, create policies related to alcohol and tobacco use and explain what would happen if employees were to engage in those activities while on the job. While you can’t prevent employees from using these substances in their free time, you can prevent them from reporting for duty intoxicated or using tobacco in the bathroom.
Employee Training
Conduct regular training sessions on privacy rights, social media policies, and workplace conduct. Many organizations find it helpful to periodically touch base with their employees about social media use and proper social media conduct.
Keeping personal social media profiles private is generally considered the safest option for everyone. Reminding employees to be mindful of what they share online can protect their safety while also protecting your company. It’s also completely in line with the IRPWA.
Legal Review
Periodically consult with legal experts to ensure compliance with evolving regulations. The IRPWA has been modified over the years, and it may be modified again in the future. If there are impending changes to the Act, it helps to speak with an expert about necessary modifications to your policies.
Monitoring and Auditing
Establish an internal monitoring system to track compliance efforts and respond to violations promptly. Before attempting disciplinary intervention, make sure that an employee’s actions aren’t protected under the IRPWA. Remember, you cannot confront employees about private, legal actions that they take in their personal lives.
What Are the Consequences of Non-Compliance?
Violating the IRPWA can lead to serious legal and financial consequences. These include:
Lawsuits and Fines
Employees can file lawsuits for privacy violations, potentially resulting in costly settlements and fines. The state of Illinois imposes fines and consequences on employers depending on the type of IRPWA violation they’re found to have committed. These fines can be costly, especially when multiple violations are involved.
Reputational Damage
Publicized violations can harm a company’s reputation. Many people would be hesitant to work for or shop with a brand known for violating boundaries with their employees or making unreasonable requests that cause undue stress in their private lives.
Prioritize Compliance With Mosey
The Illinois Right to Privacy in the Workplace Act underscores the importance of respecting employees’ personal lives. Employers must balance business interests with employee rights by implementing clear policies, conducting training, and ensuring compliance.
Compliance is a full-time task, and with compliance requirements differing by state, keeping track of your organization’s status can be taxing. Mosey’s compliance management platform is designed to help employers automate state-specific compliance requirements, tracking deadlines, and updating policies with just a few clicks.
Automate your compliance and spend more time growing your business. Schedule a demo with Mosey to learn how we can simplify your efforts.
Read more from Mosey:
- NY Paid Prenatal Leave: An Employer’s Guide for Compliance 2025
- EEOC Updates Hostile Work Environment and Harassment Guidelines
- California Extends Sick Leave to Victims of Crime and Violence (2025)
- HR Cost Optimization: 8 Actionable Ways To Reduce Company Costs
- Job Abandonment: What Can You Do With No-Call No-Shows?
- Nonprofit Compliance Guide to State & Federal Requirements
