Maryland recently became the first state to expressly prohibit
an employer from requesting or requiring that an employee or job
applicant disclose personal social media account log-in
information. The law was enacted after media reports revealed that
the Maryland Department of Corrections asked job applicants to hand
over their Facebook usernames and passwords. Several other states
have introduced similar legislation, and representatives from New
York and Illinois introduced federal legislation to prohibit
potential employers and schools from requiring access to
individuals' private social media accounts.
Maryland's User Name and Password Privacy and Exclusion Law
The User Name and Password Privacy and Exclusion bill passed both the Maryland House and Senate by wide margins and was signed into law on May 2. It will take effect on October 1. The law prohibits employers who do business in the state of Maryland from requesting a user name, password or any other means of accessing a personal account or service through an electronic communications device, including social media accounts. It also prohibits employers from penalizing or threatening an employee or job applicant if the employee refuses to disclose this information.
The law also appears to prohibit employer monitoring of password-protected online accounts by requiring an employee to log in to the account so that the employer may see the content, asking for printouts of account content or requiring that the employee "friend" another employee or allow the employer to "follow" the employee.
To protect employers, the law prohibits employees from downloading financial or proprietary information of the employer to a personal account without authorization and allows an employer to investigate reports that an employee is using a personal account for these or other business purposes. The law does not, however, provide guidance on how such an investigation may be carried out. Furthermore, an employer may require an employee to disclose the means to access a nonpersonal account or service that provides access to the employer's internal computer or information systems
Other State Laws
Although Maryland is the first state to pass a law explicitly banning employers from collecting log-in information for employees' password-protected accounts, similar measures are pending in California, Delaware, Illinois, Massachusetts, Michigan, Minnesota, South Carolina and Washington. Illinois is closest to enacting legislation with its Right to Privacy in the Workplace Act which prohibits an employer from demanding, in any way, access to an employee or prospective employee's social networking account or profile. The bill passed the Illinois Legislature overwhelmingly and requires only the governor's signature to become law.
Social Networking Online Protection Act and Other Federal Developments
Although it is not clear how many employers have been seeking personal online account credentials, concerns over the practice have garnered national attention as well. On April 27, Representatives Eliot Engel (D-NY) and Jan Schakowsky (D-IL) introduced the Social Networking Online Protection Act ("SNOPA") which calls for federal legislation to prevent employers and schools from requiring access to online content on any social networking website. If passed, the legislation would make it unlawful for any employer:
- to require or request an employee or job applicant to provide the employer with a user name, password or any other means for accessing a private email account of the employee or applicant or the personal account of the employee or applicant on any social networking website; or
- to discharge, discipline or deny employment or promotion to, any employee or job applicant if he or she refuses to provide such information or files a complaint under SNOPA or testifies in a proceeding regarding SNOPA.
These constraints would also apply to schools from kindergarten
through university level and the bill allows for civil remedies of
up to $10,000.
The federal bill follows requests in late March by U.S. Senators Chuck Schumer (D-NY) and Richard Blumenthal (D-CT) for the Justice Department and the Equal Opportunity Commission to investigate whether requesting social media log-in credentials during job interviews violates federal law, specifically the Stored Communications Act ("SCA") or the Computer Fraud and Abuse Act. The SCA prohibits access to electronic communication without user authorization and recent case law suggests that an employer may violate the SCA by requesting and receiving password information from an employee who feels coerced into providing that information.
Implications for Employers
Goodwin Procter LLP is one of the nation's leading law firms, with a team of 700 attorneys and offices in Boston, Los Angeles, New York, San Diego, San Francisco and Washington, D.C. The firm combines in-depth legal knowledge with practical business experience to deliver innovative solutions to complex legal problems. We provide litigation, corporate law and real estate services to clients ranging from start-up companies to Fortune 500 multinationals, with a focus on matters involving private equity, technology companies, real estate capital markets, financial services, intellectual property and products liability.
This article, which may be considered advertising under the ethical rules of certain jurisdictions, is provided with the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin Procter LLP or its attorneys. © 2012 Goodwin Procter LLP. All rights reserved.