In the last few weeks, there has been increasing focusÂ on the practice by some employers ofÂ requiring job applicants to hand over their passwords or allow access to their private accounts on social-networking sites such as Facebook or MySpace in order to gather personal data when the social-networking profiles are closed to the public.
Illinois is among the statesÂ considering legislationÂ to protect job applicants from these demands.Â Sen.Â Richard Blumenthal (D-Conn.)Â is writing federal legislationÂ to restrict companies from requiring applicants to reveal their social-networking passwords. Such requirements, which also have been made of students in schools across the country,Â raise privacy and civil liberty questions.
This week, Maryland became the first state to ban employers from requiring access to the social media accounts of their employees and job applicants when its General Assembly passed a law concerning the practice. House Bill 964 (Md. info page; pdf of third reading of bill) is:
FOR the purpose of prohibiting an employer from requesting or requiring that anÂ employee or applicant disclose any user name, password, or other means for accessing a personal account or service through certain electronic communications devices; prohibiting an employer from taking, or threatening to take, certain disciplinary actions for an employeeâ€™s refusal to disclose certain password and related information; prohibiting an employer from failing orÂ refusing to hire an applicant as a result of the applicantâ€™s refusal to disclose certain password and related information; prohibiting an employee from downloading certain unauthorized information or data to certain Web sites orÂ ï¿¼ï¿¼Webâ€“based accounts; providing that an employer, based on the receipt of certainÂ ï¿¼information regarding the use of certain Web sites or certain Webâ€“basedÂ accounts, is not prevented from conducting certain investigations for certainÂ ï¿¼purposes; defining certain terms; and generally relating to employment andÂ privacy protection.
The bill passed unanimously in the Maryland Senate but had several votes against in the House. The bill also noted that it did not prevent employers from investigating Web sites or “Web-based accounts” for violations of securities or financial laws or regulatory requirements; nor does the bill prevent businesses from investigating employee misconduct in downloading proprietary data.
The Hill gives background on the legislation:
The bill has its genesis in a controversy that began when Maryland Corrections Officer Robert Collins returned to work following a leave of absence taken after the death of his mother. While completing a re-certification process needed to return to duty, Collins was asked for his personal Facebook password, ostensibly to check for known gang activity. He refused, and obtained the assistance of the Maryland chapter of the American Civil Liberties Union, which quickly filed a lawsuit, bringing the case onto the national stage.
The ACLU applauds the Maryland legislature’s passage of the bill, but notes “this issue is far from resolved.Â In states across the country, employers are demanding applicants’ and employers’ social networking passwords or requiring them to friend, say, an HR manager with no privacy settings, and school officials, teachers, and coaches are demanding the same of their students and student-athletes.” The ACLU is leading a national campaign so that “no matter where you live, you canÂ urge Congress to pass similar legislation.” The ACLU urges individuals to “demand yourÂ dotRightsÂ (you can keep up with the campaign onÂ TwitterÂ andÂ Facebook!). After all, your online privacy should beÂ up to you, not the state you live in or your employer or school’s whims.”