Author: Beth P. Zoller, XpertHR Legal Editor

As social media usage is on the rise, there is a recent trend among federal and state legislatures across the country (i.e., New York, New Jersey, California, South Carolina, Washington, Ohio, Minnesota, Michigan, Missouri, Massachusetts, etc.) to pass legislation dealing with social media privacy and password protection. In fact, Maryland's Governor has already signed one such bill into law and it takes effect on October 1, 2012. See Employee Management > Employee Privacy: Maryland.

The purpose of this new legislation is to prohibit employers from requesting or requiring that employees or applicants provide user names, passwords and other ways of accessing personal information on online websites such as Twitter and Facebook as a condition of their employment. Its aim is to prevent employers from using potential job applicant's private social media activity during the hiring process and from monitoring the off-duty, private social media activity of already-hired employees.

This trend makes evident lawmakers' conclusions that there is an individual right to privacy in the personal information available on social media websites and that allowing an employer access to these types of accounts would provide it with the ability to gain valuable and possibly damaging information regarding an employee's religion, sexual orientation, marital status, off-duty activities and associations which could lead to potential discrimination in the workplace.

However, there is a growing debate that some states are being too restrictive by not carving out an exception granting employers the right to access these sources of information when investigating misconduct such as workplace violence, unlawful harassment, misappropriation of trade secrets or improper usage of an employer's computer network and/or employer-provided equipment.

On the federal level, two bills are currently pending in the US Congress. The Social Networking Online Protection Act (SNOPA), introduced in the House in April 2012 and the Password Protection Act of 2012 (PPA), introduced both in the House and Senate in May 2012.

SNOPA would prohibit employers from requiring or requesting that an employee or applicant for employment provide the employer with a user name, password or any other means for accessing a private email or social networking account of the employee or applicant. The proposed law also prohibits an employer from discharging, disciplining or otherwise retaliating against an employee or applicant who refuses to provide this information. The proposed law includes civil penalties for employers and permits the Secretary of Labor to bring a claim for injunctive relief. +2012 H.R. 5050; +2012 Bill Tracking H.R. 5050.

The PPA prohibits employers from requiring or requesting log-in credentials from employees and applicants for employment and also prohibits employers from compelling or coercing employees and applicants to provide access to - and subsequently retrieving information from - the online servers on which private user information is stored if that information is secured against general public access by the user. The proposed law also prohibits employers from discriminating, disciplining, discharging or otherwise retaliating against any job applicant or employee who refuses to provide access to such social media information. On the other hand, the PPA would not prevent an employer from accessing its own computer systems to recover evidence of an employee's social media and internet activities that occurred on the employer's own computers. Notwithstanding this, the PPA does not permit employers to access private employee data under any circumstances even if the employer uses its own computers to access that data. The PPA also would not apply to students, employees who work with children under age 13 or designated government employees. +2012 S. 3074; +2012 Bill Tracking S. 3074.

In light of this trend, employers should keep abreast of any changes to federal and state law and update their workplace policies and practices to promote compliance. Employers should be certain of the parameters of those laws, i.e., what is and what is not permitted and any applicable exceptions. Employers should also be cautious about engaging in online research regarding potential employees. If an employer comes across information that is potentially damaging particularly where an employee is in a protected class and then uses this information to take adverse employment action (i.e., failure to hire, discrimination, termination) this may lead to a potential discrimination or retaliation claim. Thus, employers should instruct all hiring managers and those conducting interviews of job applicants of any legislative changes and make sure that they comply with all relevant laws. Further, all supervisors and those with decisionmaking authority should be kept apprised of any federal or state legislation that prohibits them from requesting social media passwords and information and the consequences of using this information as the basis for an adverse employment decision.

For more information on this topic, refer to the following XpertHR Resources:

Employee Management > Employee Privacy > Future Developments

Employee Management > Employee Privacy: Maryland

Employee Management > Employee Privacy: Illinois

Employee Management > Employee Privacy: Delaware

Employee Management > Employee Privacy: New York

Employee Management > Employee Privacy: California

Employee Management > Employee Privacy: Michigan

Employee Management > Employee Privacy: Minnesota

Employee Management > Employee Privacy: Missouri

Employee Management > Employee Privacy: Massachusetts