June 12, 2012
Recent news reports have detailed an increase in the number of employers requiring job applicants to provide usernames and passwords for social media websites such as Facebook and Twitter. Some employers have asked job applicants during interviews to log into their accounts and allow the employer-interviewer to browse the applicant’s profile, acquaintances, and other information. This practice has generated a significant amount of controversy and is now the subject of both enacted and proposed legislation.
On May 2, 2012, Maryland became the first state in the nation to pass a law prohibiting employers from requesting or requiring the social media passwords or from accessing the social media accounts of prospective and current employees. S. 433, 2012 Md. Laws 233 (to be codified at Md. Code Ann., Lab. & Empl. § 3-712) (effective Oct. 1, 2012). According to the synopsis, the legislation prohibits "an employer from requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through specified electronic communications devices." Id. The Maryland legislation grew out of the publicity over a challenge by the American Civil Liberties Union to a demand by the Maryland Division of Corrections that an employee provide his Facebook login credentials during a recertification interview.
Although Maryland is currently the only state with such a prohibition, similar legislation is pending in a number of other states, including California, Illinois, Michigan, and Minnesota. In addition, legislation introduced in the U.S. Senate, the Password Protection Act of 2012, S. 3074, 112th Cong., 2d Sess. (May 9, 2012), would bar employers across the country from requiring or requesting employees or job applicants to provide password information for their social media and email accounts as a condition of employment.
According to proponents of the federal Act, the measure would strengthen existing laws to bar employers from compelling or coercing employees or applicants into giving access to their private accounts. Employers could not condition employment on gaining access to an employee’s or applicant’s private account, and they would be barred from either discriminating or retaliating against any employee or applicant who refused to provide such information. Employers could, however, still establish policies relating to employer-owned computer systems, hold employees liable for theft of data, and allow social networking within their offices.
A similar bill, the Social Networking Online Protection Act ("SNOPA"), H.R. 5050, 112th Cong., 2d Sess. (Apr. 27, 2012), was introduced in the House of Representatives earlier in the year. This Act would prohibit current or potential employers from requiring a username, password, or other access to online content, and would extend that prohibition to colleges, universities, and K-12 schools. In addition, the bill would prohibit employers from demanding such access in order to discipline, discriminate against, or deny employment to individuals, and from punishing individuals for refusing to volunteer such information.
Employment laws are constantly changing, not only as they relate to background checks and social media but also in relation to many other areas as well. Therefore, it is imperative that employers maintain current, written policies and that these policies be periodically reviewed and revised to ensure compliance with applicable laws.