Ill. bans firms from asking workers, job seekers for social media info
It's the third state to outlaw the practice; others are considering similar bills
Computerworld - Illinois has become the third state in the country to pass a law prohibiting companies from asking employees and job candidates for usernames and passwords to their social media accounts.
Illinois Gov. Patrick Quinn signed the bill amending the state's existing 'Right to Privacy in the Workplace Act,' into law last week.
The amendment goes into effect Jan. 1 and makes it unlawful to "request or require any employee or prospective employee to provide any password or other related account information" to any social media networks to which they might belong.
The bill does not limit employers from lawfully monitoring employee computers and emails. Nor does it limit them from seeking or reviewing publicly available information about a person from social media sites. The ban on access to worker's social media profiles applies even in situations where a job might require comprehensive background screening.
Illinois follows Maryland and Delaware in passing such a law. Several other states, including California, Massachusetts, Michigan, New York and Washington are considering similar legislation.
The laws are being prompted by what some see as a disturbing trend among employers and educational institutions to ask current and future workers for access to their social media profiles as a condition of employment.
Maryland's bill signed into law by Gov. Martin O'Malley in May, for instance, was prompted by an incident involving a state Division of Corrections worker who was asked to provide his Facebook login credentials during a recertification interview.
The incident drew considerable criticism from the local chapter of the American Civil Liberties Union (ACLU), which called it a violation of the worker's First Amendment rights to free speech
In a report earlier this year, the Council of State Governments (CSG) recounted another incident in which an elementary school teacher's aide in Michigan was suspended, and then fired, for refusing to provide access to her Facebook account. That request came after a parent reported seeing an inappropriate photo of hers on Facebook.
The teacher has sued the school district for wrongful termination.
"People have been asked to delete their social media accounts, 'friend' a human resources director or coach, or even hand over the username and password of a personal account," the CSG report said. "The latter could mean the employer or school administrator could view very personal information about the individual in question, including, for example, his or her history of Facebook messages."
According to the CSG, employers and educational institutions have begun taking "extra steps to access information hidden behind the privacy walls that users erect," on social media sites.
The trend has attracted the attention of federal lawmakers as well. In March, Sens. Richard Blumenthal (D-Conn.) and Charles E. Schumer (D-N.Y.) called on the U.S. Department of Justice to investigate whether the practice violates the Stored Communication Act or the Computer Fraud and Abuse Act.
In an open letter to U.S. Attorney General Eric Holder, the two lawmakers noted that requiring employers and job applicants to provide login credentials to private social media accounts "may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA."
Facebook itself has expressed concern over the issue. In a blog post earlier this year, Erin Egan, Facebook's chief privacy officer noted a "distressing increase" in reports about employers and others seeking access to social media accounts. "The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords," Egan noted.
Such requests are not only wrong, but also a violation of Facebook's privacy rules, Egan noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts