In the last few weeks, there has been increasing focus on the practice by some employers of requiring job applicants to hand over their passwords or allow access to their private accounts on social-networking sites such as Facebook or MySpace in order to gather personal data when the social-networking profiles are closed to the public.
Illinois is among the states considering legislation to protect job applicants from these demands. Sen. Richard Blumenthal (D-Conn.) is writing federal legislation to restrict companies from requiring applicants to reveal their social-networking passwords. Such requirements, which also have been made of students in schools across the country, raise privacy and civil liberty questions.
This week, Maryland became the first state to ban employers from requiring access to the social media accounts of their employees and job applicants when its General Assembly passed a law concerning the practice. House Bill 964 (Md. info page; pdf of third reading of bill) is:
FOR the purpose of prohibiting an employer from requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through certain electronic communications devices; prohibiting an employer from taking, or threatening to take, certain disciplinary actions for an employee’s refusal to disclose certain password and related information; prohibiting an employer from failing or refusing to hire an applicant as a result of the applicant’s refusal to disclose certain password and related information; prohibiting an employee from downloading certain unauthorized information or data to certain Web sites or ￼￼Web–based accounts; providing that an employer, based on the receipt of certain ￼information regarding the use of certain Web sites or certain Web–based accounts, is not prevented from conducting certain investigations for certain ￼purposes; defining certain terms; and generally relating to employment and privacy protection.
The bill passed unanimously in the Maryland Senate but had several votes against in the House. The bill also noted that it did not prevent employers from investigating Web sites or “Web-based accounts” for violations of securities or financial laws or regulatory requirements; nor does the bill prevent businesses from investigating employee misconduct in downloading proprietary data.
The Hill gives background on the legislation:
The bill has its genesis in a controversy that began when Maryland Corrections Officer Robert Collins returned to work following a leave of absence taken after the death of his mother. While completing a re-certification process needed to return to duty, Collins was asked for his personal Facebook password, ostensibly to check for known gang activity. He refused, and obtained the assistance of the Maryland chapter of the American Civil Liberties Union, which quickly filed a lawsuit, bringing the case onto the national stage.
The ACLU applauds the Maryland legislature’s passage of the bill, but notes “this issue is far from resolved. In states across the country, employers are demanding applicants’ and employers’ social networking passwords or requiring them to friend, say, an HR manager with no privacy settings, and school officials, teachers, and coaches are demanding the same of their students and student-athletes.” The ACLU is leading a national campaign so that “no matter where you live, you can urge Congress to pass similar legislation.” The ACLU urges individuals to “demand your dotRights (you can keep up with the campaign on Twitter and Facebook!). After all, your online privacy should be up to you, not the state you live in or your employer or school’s whims.”