Under Attack: Employer Access to Social Media Accounts of Employees and Applicants
These public sector employers had the public safety and welfare in mind when they sought access to an applicant’s social media accounts; the hiring of a dangerous or untruthful individual in a public safety position can have dire consequences. There are also valid, business-related reasons for private-sector employers to seek access to an applicant’s online accounts, particularly social networking sites: verification of information, safeguarding or taking action against defamatory statements, and preventing conflicts of interest.
These practices, however, have recently ignited a firestorm of criticism, particularly in the wake of a March 29 Associated Press story characterizing the practices as “common.” Facebook’s Chief Privacy Officer criticized such practices as violations of personal privacy, and also cautioned that they carry with them legal risk — including accessing information considered protected under federal and state equal employment opportunity laws.
The issue has drawn attention in Washington, D.C., where two United States Senators have asked the Equal Employment Opportunity Commission to investigate the legality of employers’ requests for access to social media sites, as well as in state legislatures across the country.
Last month Maryland became the first state to pass legislation prohibiting employers from asking current or prospective employees for their user names or passwords to social media sites. Md. Labor & Employment Code §3-712. Maryland legislators became aware of this issue as a result of publicity given to an incident involving an employee of the state’s Department of Corrections, who was asked for his Facebook password in connection with a job recertification process. The interviewer wanted to establish that the employee did not have gang contacts that might compromise his ability to perform his job. Although reluctant to provide the information, the employee felt he had no choice. He watched while the interviewer logged on to his Facebook account and reviewed his messages, wall posts and photos. Immediately after the interview, he contacted the ACLU.
The Maryland legislation, which passed with overwhelming support, provides that an employer “may not request or require that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device.” Neither may an employer discharge, discipline or penalize an employee (or threaten to do so), or decline to hire an applicant, as a result of the employee’s or applicant’s refusal to provide such information. The bill has gone to the governor, who is expected to sign it.
Maryland legislators tempered this prohibition with limited protections for employers. The legislation prohibits employees from downloading unauthorized employer proprietary information or financial data to a personal website or web-based account. It also permits an employer to conduct investigations for the purpose of ensuring compliance with applicable securities laws or regulatory requirements, if it learns that a personal web site or web-based account is being used by the employee in a way that would violate such laws or regulations. The legislation is silent as to the permissible means of obtaining such information.