Maryland has become the first state to enact a law prohibiting employers from requesting or requiring that an applicant or employee disclose a user name or password to personal social media sites. Gov. Martin O’Malley (D) signed the bill into law in May, and it will become effective October 1.
The “Labor and Employment—Username and Password Privacy Protection and Exclusions” bill (Maryland House Bill 964) also prevents employers from taking action against applicants or employees who refuse to disclose such information. The federal government and several states, including Michigan, are considering similar legislation.
“Requiring job applicants or employees to give up passwords or let employers onto their personal sites in any other way not only violates the privacy of that individual but of their friends and family members that they are communicating with on these sites,” wrote Maryland ACLU blogger Melissa Coretz Goemann. “It has been compared to giving someone the keys to your home to go have a look around or tapping your phone line to eavesdrop on your personal communications.”
Checking for Gang Affiliations
As reported in the June InfoTech & Telecom News, the legislation was prompted when Robert Collins, a 30-year-old college student, applied for a job with the state of Maryland in 2010 and was asked for his Facebook password during an interview. He felt wronged, and the ACLU of Maryland took up his case.
In February, Collins testified before the Maryland legislature that he gave the interviewer his password because he needed the job. He said the interviewer immediately accessed Collins’ Facebook page and began checking messages and photos in search of gang affiliations.
Maryland State Delegate Shawn Tarrant (D-Baltimore) was one of the bill’s lead sponsors in the House. “Robert Collins is a constituent of mine, and he first called me about this in 2011,” said Tarrant. “This is the perfect story of how citizens can be involved in the legislation to effect change.”
Model for Future Laws
Maryland’s new law does allow employer investigations regarding securities or financial law and regulations and unauthorized downloading of the employer’s proprietary information or financial data.
Goemann, who is legislative director for the ACLU of Maryland, says the incident shows privacy laws still have a long way to go to catch up with changing technology.
“We’re very excited that Maryland is the first state in the United States to pass this kind of legislation. We’re hoping we can be a model for future privacy laws,” says Goemann.
Advantages for Employers, Too
“We think it’s a win for employees because it protects their privacy, and we also think it’s a win because it protects employers from lawsuits,” said Bradley Shear, a Bethesda social media attorney who worked with Sen. Ronald N. Young (D-Frederick) on the drafting of the bill.
Shear says employers accessing employees’ social media Web sites were setting themselves up for a host of liabilities because of that knowledge.
“For instance, they might find out that an employee was unstable and a danger to the other workers based on things they viewed on that employee’s Web site. With access comes responsibility, so now they have a responsibility to take action and/or monitor their employee’s activities,” said Shear.
“Thankfully, this law relieves employers of that obligation, and it heads off untold amounts of litigation and compliance costs,” he says.
Federal Law Proposed
Lee Tien, senior staff attorney at the Electronic Frontier Foundation in San Francisco, says as soon as Collins’ story started gaining traction several months ago, people in other states began talking about it. Now a federal law is being proposed.
“I think it’s safe to say that the people and legislators worked very hard to bring the law in Maryland about because the practice of asking for employees’ passwords goes beyond the pale. To coerce someone for the passwords for their social media websites is a gross violation of their security and privacy,” Tien said.
“The next step will be to write legislation protecting student athletes in college and public schools, where this practice is a thousand times worse,” said Tien.
End to Growing Practice
Bartlett D. Cleland, policy counsel for the Institute for Policy Innovation, a public policy institute based in Lewisville, Texas, praises states such as Maryland and several members of Congress for stepping up to end the growing practice.
“Appropriately, the proposals typically do not limit the ability of a potential employer from viewing data that is viewable by the public regardless of where it is posted online, but do prohibit requests for login credentials,” Cleland said.
“The issue of privacy, and the ability to have a private life separate from an employer, is critical. When veritable strangers can demand and be expected to receive the keys to a person’s online identity, then none of us will ever be secure,” he added.
Kenneth Artz ([email protected]) writes from Dallas, Texas.
“Maryland House Bill 964: ‘Labor and Employment—User Name and Password Privacy Protection and Exclusions,'” May 2, 2012: http://mlis.state.md.us/2012rs/billfile/hb0964.htm
“Employer Requests for Passwords on the Rise,” Tom Gantert and Kenneth Artz, InfoTech & Telecom News, June 2012: http://news.heartland.org/newspaper-article/2012/05/11/employer-requests-passwords-rise
“Maryland Passes Nation’s First Social Media Privacy Protection Bill,” Melissa Coretz Goemann, ACLU Blog of Rights, May 4, 2012: http://www.aclu.org/blog/technology-and-liberty/maryland-passes-nations-first-social-media-privacy-protection-bill