Wednesday, April 11, 2012

Maryland becomes 1st state to ban requiring employees’ social media passwords


750px-Flag_of_Maryland.svg The public outcry against employers requiring the job applicants turn over their Facebook passwords has resulted in legislation. Maryland has become the first state to prohibit employers from requiring or seeking user names, passwords, or any other means to access Internet sites such as Facebook as a condition of employment. Demonstrating the outrage over this issue, the measure passed both house of Maryland’s General Assembly with 96% support.

The law—entitled, “User Name and Password Privacy Protection and Exclusions” (full text here [pdf])—prohibits Maryland employers:

  • from requesting or requiring that an employee or applicant disclose any user name, password, or other means to access a personal Internet account;
  • from taking, or threatening to take, disciplinary actions for an employee’s refusal to disclose certain password and related information; and
  • from failing or refusing to hire an applicant as a result of the applicant’s refusal to disclose certain password and related information.

The law exempts employers that are conducting investigations into compliance with securities or financial laws or regulations, and investigations into the unauthorized downloading of the employer’s proprietary information or financial data to an employee’s personal website.

Eric Meyer, at The Employer Handbook blog, nicely summarizes the main critiques of this bill:

[T]he Maryland Chamber of Commerce opposed the prohibition because the bills did not acknowledge there could be legitimate issues for some employers to want to review applicants' or workers' social media messages.

What concerns me is that there are no carve-outs for public agencies that protect and serve the public. I can understand why a police department may need to fully vet its candidates by making sure that applicants and officers don’t have hate speech towards a particular protected class, for example, on their Facebook page. As I imagine that this information could be used to overturn arrests and indictments.

While I agree with Eric’s take, my critique is more about the small percentage of employers who engage in this practice:

Legal issues aside, this story raises another, more fundamental, question—what type of employer do you want to be? Do you want to be viewed as Big Brother? Do you want a paranoid workforce? Do you want your employees to feel invaded and victimized as soon as they walk in the door, with no sense of personal space or privacy? Or, do you value transparency? Do you want HR practices that engender honesty, and openness, and that recognize that employees are entitled to a life outside of work? … Requiring passwords is not smart.

This law affects you only if: 1) you engage in business in Maryland; and 2) you are among what I believe is the small minority of business that are requiring applicants and employees to turn over social media logins and passwords. Nevertheless, I would expect other states to follow suit, and use the Maryland legislation as a model.

Even if few public sector employers, and fewer private sector employers, are engaging in this practice, this issue bears monitoring.

[Hat tip: The Hill]