Starting October 1, Maryland employers will be prohibited from requesting or requiring employees or job applicants to provide access to personal social media accounts, including Facebook accounts.

Background Information

Employment attorneys have been warning employers for years about the risks associated with searching online for information about job applicants. That’s because, when they do so, employers might learn that an individual is in a protected category and might expose themselves to discrimination lawsuits if, for example, an individual is not selected for an interview or a job.

In response, some state and federal lawmakers have proposed legislation to ban those practices. When Maryland Gov. Martin O’Malley signed the User Name and Password Privacy Protection and Exclusions law on May 2, Maryland became the first state to enact such a ban, according to published reports. Following are highlights of the law.

Password Disclosure

The new law prohibits employers from asking or requiring an employee or prospective employee to disclose any user name, password, or other means for accessing a personal account or service through certain electronic communications devices, including computers, telephones, personal digital assistants, and similar devices.

However, employers may require that an employee provide such information for accessing nonpersonal accounts or services that provide access to the employer’s internal computer or information systems.

Disciplinary Action

Under the law, employers are prohibited from taking certain disciplinary actions based on an employee’s refusal to disclose certain password and related information—or threatening to do so. Specifically, employers may not discharge, discipline, or penalize an employee in any way—or threaten to take such action—for refusing to disclose that information.

In addition, employers may not fail or refuse to hire a job applicant because of the applicant’s refusal to disclose a user name, password, or related information.

Employer Protections

The law does give employers the right to protect certain electronically stored information and to conduct investigations regarding the use of certain websites or web–based accounts.

Under the law, employees are not permitted to download unauthorized employer proprietary information or financial data to an employee’s individual website, an internet website, or a web-based or similar account.

In addition, the new law allows an employer to conduct an investigation to ensure compliance with securities or financial law or regulatory requirements, when such an investigation is based on the receipt of information about the use of a personal website, internet website, web-based account, or similar account by an employee for business purposes.

Similarly, an employer may conduct an investigation when it has received information about the unauthorized downloading of an employer’s proprietary information or financial data to a personal website, internet website, web-based account, or similar account.

Federal Legislation

As mentioned above, discussion of such legislative measures is not unique to Maryland. Lawmakers in other states, as well as federal lawmakers have proposed similar bills. In fact, at the federal level, both the Senate and the House of Representatives proposed such legislation within weeks of the Maryland bill being enacted.

On April 27, Rep. Eliot Engel (D-NY) introduced the Social Networking Online Protection Act (SNOPA), which provides protection to users of social networking sites from having to disclose personal information to employers, schools, and universities.

On May 9, the Password Protection Act of 2012 was introduced in both houses of Congress. The bill is aimed at “enhancing current law to ensure that compelling or coercing employees into providing access to data stored in private accounts is prohibited,” sponsors wrote in a joint statement.

Point to remember: Employers should update their policies as needed to make sure they comply with Maryland’s new law before it goes into effect on October 1. They also should stay updated on proposed federal legislation.