John F. Buckley IV
The proposed federal Password Protection Act of 2015 (H.R. 2277), introduced on May 12, 2015, would bar employers from requiring or requesting employees or job applicants to provide password information for their social media and email accounts as a condition of employment. The Act was introduced in order to curb this growing practice, and it was drafted in consultation with major technology companies and legal experts, its proponents stated. A similar measure (H.R. 2077/S. 1426) was introduced but failed in the 113th Congress, which concluded on December 31, 2014.
A similar bill, the Social Networking Online Protection Act (SNOPA) (H.R. 5107), has been introduced this year. SNOPA would prohibit employers from requiring or requesting a username, password, or other access to online content, and it would extend this prohibition to colleges, universities, and K-12 schools. In addition, the bill would prohibit employers from demanding such access in order to discipline, discriminate, or deny employment to individuals, and from punishing individuals for refusing to volunteer such information. This measure was originally introduced in the 113th Congress as H.R. 537, but, like the proposed Password Protection Act, it died in committee.
Additionally, the NLRB has ruled that statements posted to an employee's Facebook page can constitute protected Section 7 concerted activity when employees are discussing or trying to improve their terms or conditions of employment. [Karl Knauz Motors, Inc., N.L.R.B. Case No. 13-CA-046452 (Sept. 28, 2012)]
At the state level, in 2012 Maryland became the first state in the nation to pass a law prohibiting employers from requesting or requiring the social media passwords or accessing the social media accounts of current and prospective employees. Disciplining an employee or refusing to hire a job applicant for declining to disclose any such information is also prohibited. However, employees may be required to disclose any user name, password, or other means for accessing nonpersonal accounts or services that provide access to the employer’s internal computer or information systems. [Md. Ann. Code, Lab. & Empl. § 3-712 (eff. 10/1/12)]
Similar laws have since been enacted in many states, including Arkansas, California, Colorado, Connecticut, Delaware, Illinois, Louisiana, Maine, Michigan, Montana, Nevada, New Hampshire, New Jersey, New Mexico, Oklahoma, Oregon, Rhode Island, Tennessee, Utah, Virginia, Washington, and Wisconsin. Virginia’s statute is the most recent, having been signed by the governor on April 1, 2016. [Va. Code Ann. § 40.1-28.7:5 (eff. 7/1/16)] According to the National Conference of State Legislatures, similar legislation has been introduced in 2016—or remains pending from 2015—in 10 other states. [Visit www.ncsl.org/research/telecommunications-and-information-technology/employer-access-to-social-media-passwords-2013.aspx]
If you would like a chart detailing each state’s laws in this area, please enter “state social media laws” in the message box of the form on the following page: http://www.nlrg.com/our-services/human-resources-research-and-consulting-group