Maryland was the first state to enact a statute in the employment context prohibiting employers from requiring or requesting that applicants or employees provide their employer with their passwords to their private social media sites. Illinois has become the second.
More specifically, last month, on August 1, 2012, Illinois Governor Pat Quinn signed an amendment to the Illinois Right to Privacy in the Workplace Act (P.A. 097-0875), which prohibits employers from requesting or requiring that employees or job applicants provide their employer with access to the employee's or applicant's social media accounts. The amendment, which goes into effect on January 1, 2013, subjects employers who willfully violate the prohibitions to fines of up to $200 per violation and also allows employees or applicants who allege violations to pursue civil court actions to recover actual damages, attorneys' fees and costs.
Under the new law, Illinois employers are prohibited from asking or requiring that an employee or applicant provide his or her password or other account information for—and from otherwise demanding or obtaining access to the private portions of—an employee's or applicant's social networking account or profile. The Illinois Right to Privacy in the Workplace Act also prohibits discrimination based on an employee or applicant's use of lawful products off-duty.
California, Michigan and New Jersey appear likely to follow with their own versions. Pennsylvania may not be far behind. Altogether, at least 15 states have introduced similar password privacy legislation. The U.S. House of Representatives Committee on Education and the Workforce also is currently considering the Social Networking Online Protection Act (H.R. 5050), which includes a similar prohibition.
Does that mean that you are free to ask for private passwords, at least for now, if you are in the other 48 states? No!
Please keep in mind that, even in the absence of a state law specifically prohibiting an employer from asking an applicant or employee for his or her social media password, there are a number of laws and or legal theories that make such a practice very risky, at best, in every state. In particular, and by way of example only, if an employer asks an applicant or employee for his or her private password to his or her social media site, the applicant or employee may be able to argue:
- Intrusion upon Seclusion. This a form of the common law invasion of privacy tort recognized in most states.
- Violation of the Stored Communications Act. Consent may be a defense, but an employee could argue that the consent was coerced. Think about what we say about workplace dating (next month’s blog): it’s all about power.
In deciding whether to hire an applicant or when investigating an employee, would you ask for the keys to their bedroom? Please tell me you thought, “of course not.” Well, you may find out just as much personal information by asking for the password to their private Facebook page.
Bottom line: Even though Maryland and Illinois are the only two states, so far, to enact legislation specific to this issue, asking applicants or employees for their passwords to their private social media sites is highly risky in every state, whether as part of the hiring or investigatory process. It’s simple: don’t do it!
This blog should not be construed as legal advice, as pertaining to specific factual situations or as establishing an attorney-client relationship.