Employer Requests for Social Media Passwords Under Scrutiny

Posted on
Email

Following a growing trend among states, Ohio recently introduced legislation to bar employers from requiring current or prospective employees to provide access to their private social media accounts, such as Facebook and Twitter.  Although to date Maryland is the only state with a law on the books prohibiting employers from requiring or requesting access to a current or prospective employee’s private social media accounts (Maryland’s law does not go into effect until October 1, 2012), approximately a dozen other states are considering similar legislation, including California, Delaware, Illinois and New York.  Click here for a list of the state bills.

The federal government has also taken action on this issue.  In March 2012, U.S. Senators Richard Blumenthal (D-CT) and Charles E. Schumer (D-NY) requested that the U.S. Equal Employment Opportunity Commission (“EEOC”) and the U.S. Department of Justice (“DOJ”) launch an investigation to determine whether requesting and using prospective employees’ social network passwords violates current federal law, in particular the Stored Communication Act (“SCA”), 18 U.S.C. § 2701 et seq., or the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030 et seq.   Neither EEOC nor DOJ has issued a legal opinion on the issue yet.

On April 27, 2012, U.S. Representative Eliot L. Engel (D-NY) introduced the Social Networking Online Protection Act (the “SNOPA”), which has been referred to the House Committee on Education and the Workforce.  H.R. 5050, 112th Cong. (2012).  Click here to read the text of the SNOPA.

As currently drafted, the SNOPA would make it unlawful for an employer “to require or request that an employee or applicant for employment provide the employer with a user name, password, or any other means for accessing a private email account . . . or the personal account of the employee or applicant on any social networking website[.]”  Violation of the SNOPA would subject an employer to a civil penalty of up to $10,000.

On May 9, 2012, Senator Blumenthal introduced the Password Protection Act of 2012 (the “PPA”), a companion bill to the SNOPA that has been referred to the Senate Committee on Health, Education, Labor and Pensions, S. 3074, 112th Cong. (2012).  Click here for the text of the PPA.

As introduced, the PPA would amend the CFAA to prohibit employers “for the purposes of employing, promoting, or terminating employment” from “compel[ing] or coerc[ing] any person to authorize access, such as by providing a password or similar information,” to an online server to obtain information therefrom.  Employers that violate or attempt to violate the PPA would be fined.