All information on this website is for informational purposes only and is not legal advice. Ninomiya Law, PLLC and Kent Ninomiya only provide legal advice to clients when there is a valid engagement agreement signed by both attorney and clients. The principal office of Ninomiya Law, PLLC is located in Round Rock, Texas. Ninomiya Law, PLLC is responsible for the content of this website.

social media privacy laws

keeping you and your family safe

The law prohibits disclosure of certain information on social media. This includes personal information such as medical and financial data. It also includes insider information on publicly traded companies that could influence stock prices and other information in regulated industries. Many states have specific privacy laws that, for example, outlaw certain social media interactions, discussing cases when you are a juror, and requiring prospective and current employees to reveal their social media passwords. 

  • The Privacy Act of 1974: Protects records identifying people by name, social security number, or other identifying number or symbol. Applies to federal agencies and covers only records in their possession and control.
  • HIPAA Privacy Rule: (Health Insurance Portability and Accountability Act) Protects individuals’ medical records and other personal health information from disclosure. Applies to health plans, health care clearinghouses, and health care providers conducting health care transactions electronically. Protects “all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral.” 45 C.F.R. 160.103. This can include social media posting of cell phone pictures of patients, tweets identifying patients, acknowledgement of a patient's condition, or even a response to something a patient posts on social media.​
  • Food and Drug Administration (FDA): Social media claims involving the pharmaceutical industry cannot overstate the benefits of a product. Promotional claims can only be about approved indications and cannot overstate the benefits or understate the risks. Manufacturers are responsible for user-generated and third-party content that appears on their company-created website. 
  • ​Federal Financial Institutions Examination Council (FFIEC): Proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau and state regulators.
  • Sarbanes-Oxley Act (SOX):  Public companies cannot mislead investors on social media. Posted financial information must be updated to reflect material changes in financial condition and operations. Financial information released on social media should be published in a press release first
  • FINRA (Financial Industry Regulatory Authority): ​Financial firms using social media, or allowing its associates to use social media on their behalf, must: 
    • Retain records of the social media communications.
    • A registered principal of the firm must approve all static content on a page of a social networking site established by the firm or a registered representative before it is posted.
    • Supervise interactive electronic communications in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.
    • Adopt policies and procedures reasonably designed to ensure that their associated persons who participate in social media sites for business purposes are appropriately supervised, have the necessary training and background to engage in such activities, and do not present undue risks to investors. 
    • Have a general policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision.


​Other regulatory agencies that require licensing: Practicing any occupation on social media that requires a license can expose you to liability and sanctions.​​

​In addition, individual states have their own social media privacy laws. Some examples include:

  • State of Missouri Senate Bill 54:  No teacher shall establish, maintain, or use a non work-related internet site which allows exclusive access with a current or former student.
  • California 2011 Cal. Laws chap. 181 Juries Prohibited from Electronic Communication
  • Jurors are prohibited from using any form of communication or research about the case, including all forms of electronic or wireless communication or research.

State Laws Protecting Social Media Passwords:

  • At last count, 23 states passed laws protecting employee social media usernames and passwords from employers. Each state law is different, but most protect both current and prospective employees from demands or even requests for the information. Many other states are considering legislation.
  • 14 states also have social media password protection laws applying specifically to educational institutions.  ​​


For more options, see the Your Options page of this website.