Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Labor: Legislation seeks to ban employer use of employee social media passwords

Companies could face privacy or discrimination suits for requesting personal log-in information

There is a nascent legislative trend seeking to prohibit employers from asking applicants and employees for usernames and passwords to their social media networking sites. This is a reaction to stories of employers seeking access to personal social media sites to gather information that they then use to make employment decisions. In a process sometimes referred to as “cyber-screening,” employers have sought access to applicant passwords in order to vet potential candidates and obtain telling information about them. Employers also desire to know how employees are portraying the employer or its products or services, or what they may be communicating while on employer-owned computer systems.     

Congress is currently considering two related bills. In April, Reps. Eliot Engel and Jan Schakowsky introduced the Social Networking Online Protection Act, which would prohibit employers from requiring or asking an employee or applicant to provide a username, password or any other means of accessing a private email account or personal social media account, or from discharging, discriminating or threatening any employee or applicant who refuses to provide such information. The legislation also prohibits retaliation for exercising rights under the act. Moreover, the legislation applies to educational institutions and students. It provides for civil penalties, Department of Labor injunctive relief and a private right of action in the federal courts for damages and equitable relief.

In May, Sen. Richard Blumenthal and Rep. Martin Heinrich introduced the Password Protection Act of 2012 in the Senate and the House. The legislation similarly prohibits employers from requiring the disclosure of passwords from applicants and employees, although there are certain exceptions for government employees and employees working with children under 13 years of age. The bill has no chance of passing at this time, but has received support from the American Civil Liberties Union (ACLU) and other privacy advocates.

Similar legislation has been introduced in California, Illinois, Maryland, Michigan, Minnesota, Missouri, New York, South Carolina and Washington. However, it has taken effect only in Maryland and Illinois. In May, Maryland Governor Martin O’Malley signed the legislation into law, making it the first state to prohibit employers from requiring applicants and employees to disclose their passwords. The law takes effect on Oct. 1.

On Aug. 1, Illinois Governor Pat Quinn signed into law amendments to the Right to Privacy in the Workplace Act, which prohibit employers from discriminating against applicants and employees for off-duty use of lawful products. The newly enacted amendments make it unlawful for employers to ask applicants and employees to provide passwords and log-in information to personal social networking sites, although the employer can obtain information that is publically available on the Internet. The law takes effect on Jan. 1, 2013.

In conclusion, there is a nascent trend to prohibit employers from requiring applicants and employees to turn over passwords to private accounts. However, they currently only affect employers in two states.  Nevertheless, employers must carefully consider whether to require the disclosure of passwords even in unregulated states. First, the employer may face a privacy lawsuit, such as one that the ACLU brought against the Maryland Department of Corrections. Second, the employer must consider the risk of obtaining knowledge of a protected characteristic or medical condition that could lead to allegations of discrimination under federal, state or local laws. Employers would be well-advised to seek professional advice before blindly embracing this vetting tactic. Moreover, inside counsel should develop a policy with appropriate legal safeguards, train management in the policy and ensure compliance throughout the organization.          

Contributing Author

author image

Mark Spognardi

Mark Spognardi is a partner at Arnstein & Lehr. He focuses on representing management in traditional and non-traditional labor and employment law matters, including counseling,...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.