July 10, 2012
John F. Buckley IV, Senior Attorney, National Legal Research Group
Recent news reports have detailed an increase in the number of employers requiring job applicants and employees to provide usernames and passwords for social media websites such as Facebook and Twitter. Some employers have asked job applicants during interviews to log into their accounts and allow the employer-interviewer to browse the applicant’s profile, acquaintances, and other information. This practice has generated a significant amount of controversy and is now the subject of both enacted and proposed legislation.
On May 2, 2012, Maryland became the first state in the nation to pass a law prohibiting employers from requesting or requiring the social media passwords or from accessing the social media accounts of prospective and current employees. S. 433, 2012 Md. Laws 233 (to be codified at Md. Code Ann., Lab. & Empl. § 3-712) (effective Oct. 1, 2012). According to the synopsis, the legislation prohibits "an employer from requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through specified electronic communications devices." Id. The Maryland legislation grew out of the publicity over a challenge by the American Civil Liberties Union to a demand by the Maryland Division of Corrections that an employee provide his Facebook login credentials during a recertification interview.
Although Maryland is currently the only state with such a prohibition, similar legislation is pending in a number of other states, including California, Illinois, Michigan, and Minnesota. In addition, legislation introduced in the U.S. Senate, the Password Protection Act of 2012, S. 3074, 112th Cong., 2d Sess. (May 9, 2012), would bar employers across the country from requiring or requesting employees or job applicants to provide password information for their social media and email accounts as a condition of employment.
According to proponents of the federal Act, the measure would strengthen existing laws to bar employers from compelling or coercing employees or applicants into giving access to their private accounts. Employers could not condition employment on gaining access to an employee’s or applicant’s private account, and they would be barred from either discriminating or retaliating against any employee or applicant who refused to provide such information. Employers could, however, still establish policies relating to employer-owned computer systems, hold employees liable for theft of data, and allow social networking within their offices.
A similar bill, the Social Networking Online Protection Act ("SNOPA"), H.R. 5050, 112th Cong., 2d Sess. (Apr. 27, 2012), was introduced in the House of Representatives earlier in the year. This Act would prohibit current or potential employers from requiring a username, password, or other access to online content, and would extend that prohibition to colleges, universities, and K-12 schools. In addition, the bill would prohibit employers from demanding such access in order to discipline, discriminate against, or deny employment to individuals, and from punishing individuals for refusing to volunteer such information.
In addition to direct requests for passwords, some supervisors use a more subtle approach by asking an employee to include the supervisor as a "friend" or contact on the employee's social media sites. Whether or not such requests or more direct requests for passwords violate current law, they are arguably not sound or productive HR practices. Employees may perceive such requests as innapropriate intrusions into their private lives, and the result may be to turn an otherwise productive employee into a disgruntled one. Such practices may be justified if an employee is the object of a a legitimate investigation into specific misconduct, but the cost likely outweighs the benefit for the average employee or applicant. Furthermore, in anticipation of these requests some applicants and employees now maintain duplicate social media sites with the purpose of using a "sanitized" site to show an employer.
Employment laws are constantly changing, not only as they relate to background checks and social media but also in relation to many other areas as well. Therefore, it is imperative that employers maintain current, written policies and that these policies be periodically reviewed and revised to ensure compliance with applicable laws. If you or your clients need assistance promulgating or reviewing employment policies, feel free to contact me at jbuckley@nlrg.com or 800-727-6574 for a complimentary initial consultation.