Maryland Passes Bill Ensuring Social Media Password Privacy for Employees

Date: Apr 13, 2012

Maryland will become the first state to prohibit employers from requesting or requiring employees or applicants to disclose log-in information for social networking sites and other personal accounts online. The bill passed both houses of the Maryland General Assembly on April 1, 2012 (S.B. 433 and H.B. 964), and is awaiting signature by the Governor.

The bill prohibits employers from:

  • requesting or requiring an employee or applicant to disclose any user name, password, or other means for accessing a personal account;
  • taking, or threatening to take, disciplinary actions for an employee's refusal to provide such information; and
  • failing to hire an applicant for refusing to provide such information.

The bill does not prohibit employers from requiring employees to disclose the necessary information for accessing a non-personal account or service that provides access to the employer's internal computer or information systems. In addition, employers can conduct investigations based on the receipt of information about (1) an employee's use of a website or web-based account, if the purpose of the investigation is to ensure compliance with securities or financial laws or regulatory requirements, or (2) an employee's unauthorized downloading of an employer's proprietary information or financial data to a website or web-based account

The Maryland bill was prompted by concerns that some employers are requiring applicants and employees to disclose social networking passwords or requiring them to "friend" HR-department employees with no privacy settings. Some school officials, teachers, and coaches are also requesting the same of their students and student-athletes.

The Maryland bill reflects a similar trend in other states as well. Bills have been proposed in Illinois (HB 3782), California (SB 1349), Minnesota (HF 2963/SF 2565), Michigan (HB 5523), and Massachusetts that would prohibit employers from requesting or requiring applicants and employees to provide log-ins for their private social networking accounts. The Illinois bill has already passed in the state House, and state legislators are planning to introduce similar legislation in New Jersey and Colorado. The bills introduced in California and Michigan would also prohibit educators from accessing students' private social networking accounts.

These legislative actions have several implications for employee privacy. For example, the actions could generate an interest in or need for balancing privacy with safety considerations for certain types of jobs, such as those that involve special responsibilities to children or other vulnerable individuals, like day care workers, teachers, school bus drivers, hospital workers and others. These state laws are developing as company social media policies are being scrutinized and sometimes challenged for being too restrictive of employees' rights. In that regard, the proposed Illinois bill makes it clear that employers would not be prohibited from implementing Internet, social media, and e-mail use policies. This landscape highlights the need for companies to regularly evaluate their internal policies and procedures, including social media policies, and ensure that they adequately protect the company and its proprietary information without overly restricting employees' rights to privacy.

For more information, please contact:

Sheila Millar (+1 202.434.4143, millar@khlaw.com),
Tracy Marshall (+1 202.434.4234, marshall@khlaw.com),
Manesh Rath (+1 202.434.4182, rath@khlaw.com)