What’s Your Password?
Social networking and social media have certainly been in the HR headlines recently. The NLRB’s aggressive approach to these issues has given private employers headaches in trying to figure out what they can require of their employees when it comes to social media. Now some states are getting involved. And this may be the start of a trend. We all need to be ready to deal with new state laws that may be heading our way.
State Laws Now on the Books
In May of this year, Maryland became the first state to enact a law that prohibited employers from requiring employees and applicants to disclose their social media account usernames and passwords. The Ch_233_sb0433T, effective on October 1, stemmed from an incident where a former corrections officer was asked by his supervisor for his username and password consistent with the employer’s policy on regular background checks to check for gang affiliations. The employee was subsequently fired. The American Civil Liberties Union filed suit on the corrections officer’s behalf claiming it was a violation of his privacy.
Illinois followed suit, passing a password protection law in August, amending their Right to Privacy in the Workplace ActRight to Privacy in the Workplace Act. This law, however, only protects passwords and not other information such as usernames that are part of the public domain. First-time offenders will face a fine of anywhere between $100 and $300.
And California took password privacy one step further in September by prohibiting employers and universities from asking for usernames and passwords of students/employees or applicants.
State Laws on the Horizon
In addition to the three already enacted laws, Delaware passed a law extending password protection to students and is currently considering extending that protection to employees and applicants. Legislation has also been introduced in New Jersey, Washington, Michigan, Minnesota, Missouri, New York, South Carolina, Pennsylvania, Ohio and Texas. And just last week (October 25) the New Jersey Senate approved an Assembly bill that offers such protection, though the New Jersey Assembly will need to reapprove it as the Senate amended it to exempt law enforcement agencies. The bill prohibits employers from asking for usernames and passwords or other information to gain access to social networking sites and imposes a fine of up to $1,000 for a first offense and up to $2,500 for subsequent violations. Employees and applicants would also have the right to sue for money lost due to termination or refusal to hire.
Federal legislation has also been introduced, including the Password Protection Act of 2012 and the Social Networking Online Protection Act, which have been referred to the House Committee on the Judiciary and the House Committee on Education and the Workforce, respectively.
Practical Takeaways for Employers
For employers in states that have already passed password protection laws or those in states that will pass similar laws in the near future, it is important to understand what is covered. For example, does it apply to only social networking sites or does it have a broader scope? The Maryland law covers “any personal account or service” accessed through “computers, telephones, personal digital assistants, and other similar devices” and potentially includes other accounts such as email or online banking. The Illinois statute has a more narrow definition that potentially only covers what are generally thought of as “social networking” sites. Further, employers should determine if the law only covers employee and applicant personal accounts, therefore permitting them to continue requiring access to business accounts. Employers will want to consider the potential enforcement risks they face by violating the laws. For example, while the Illinois law allows for an employee to bring a civil claim for damages, the Maryland and California laws do not have enforcement provisions.
If you have questions about this topic or would like further information, please contact Robin Sheridan at (414) 721-0469 or rsheridan@wp.hallrender.com, Stephane Fabus at (414) 721-0904 or sfabus@wp.hallrender.com or your regular Hall Render attorney.
