Bill would ban employers from seeking Facebook passwords from workers, job-seekers

Computerworld - The Maryland General Assembly on Monday passed legislation that bars employers in that state from asking workers and job-seekers for access to their personal social media accounts as a condition of employment.

The bill now has to be signed into law by Gov. Martin O'Malley, whose plans are unclear, according to a report in the Baltimore Sun.

The law would give workers and job-seekers the right to refuse employer requests for the usernames and passwords needed to access personal pages on Facebook and other social media sites.

It would also prohibit employers from either refusing to hire or taking disciplinary action against job applicants or employees who refuse to provide access to personal social media accounts.

The legislation was introduced in Maryland's house (House Bill 964) and senate (Senate Bill 433) in February and sailed through both chambers.

If signed by the governor, the bill would be become the first social media privacy protection law in the U.S. Its passage by the general assembly comes amid growing concerns about employers seeking access to the social media pages of employees and job-seekers.

Two federal lawmakers -- Sens. Richard Blumenthal (D-Conn.) and Charles Schumer (D-N.Y.) -- recently called on the U.S. Department of Justice and the U.S. Equal Employment Opportunity Commission to investigate what they called a "new disturbing trend" of employers seeking access to social network pages of job applicants.

In an open letter to U.S. Attorney General Eric Holder last month, the two senators sought an ruling on whether the practice violates the Stored Communication Act or the Computer Fraud and Abuse Act.

"Requiring applicants to provide log-in credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA," the two lawmakers noted.

Meanwhile, Facebook itself expressed concern about employers seeking access to the pages of its users.

In a blog post late last month, Facebook said it has seen a "distressing increase" in reports of employers seeking such access to the social media accounts of job applicants.

The company called on its users to resist employer requests for usernames or passwords, and noted that providing such access is a violation of Facebook rules.

The move by Maryland lawmakers to approve the bill was prompted by reports that a state Division of Corrections (DOC) worker was required to provide his Facebook log-in credentials during a recertification interview.

According to a description of the incident by the Maryland chapter of the American Civil Liberties Union, DOC officer Robert Collins was employed with the Maryland Department of Public Safety when he took a voluntary leave of absence to deal with a personal situation.

When he returned from leave, his position had been filled so he applied for a comparable position.

During a required recertification review, Collins was asked by the interviewer to provide the password to his Facebook account. Anxious to get the job, Collins provided the information and watched as the interviewer rifled through his wall posts, photos and messages, according to the ACLU.

Melissa Goemann, legislative director of ACLU of Maryland, today lauded lawmakers for passing the bill.

"We think it promises to ensure that job applicants will not have to give up their First Amendment rights" to get a job, Goemann said. "We think [the Maryland statute] would be a good model for other states to follow."

Currently, Illinois, California and Michigan are considering similar bills, she added.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about Web Apps in Computerworld's Web Apps Topic Center.