11 Jun Growing social media privacy protection irks employment lawyers in U.S.
A wave of new legislation limits employers fromasking employees and job applicants for their Facebook and other social mediapasswords. But lawyers caution that the laws, which vary by state, may havepitfalls and unintended consequences.
Seven states — Arkansas, Colorado, New Mexico, Oregon, Utah,Vermont and Washington — have passed legislation this year aimed at protectingemployee passwords, according to the National Conference of State Legislatures.Six states passed laws in 2012, and legislation is pending in 36 other states.
State legislatures took up the issue after news reportsfocused on specific incidents in which employers asked job applicants forsocial media passwords. One that became a cause celebre in 2011 occurred inMaryland, where the state’s corrections department reportedly wanted to peruseapplicants’ Facebook accounts to ensure they were clean of any gangaffiliations.
After the American Civil Liberties Union decried thepractice, the state dropped it and in April 2012, Maryland became the firststate to enact a law prohibiting employers from asking applicants and employeesfor passwords.
But employment lawyers questioned whether the laws wereaddressing a real issue, and said they block employers from asking for passwordsfor legitimate reasons.
There is little empirical evidence that employers ask forpasswords, and Facebook and other social media sites already have useragreements that bar employers from using employee passwords.
“I think this is legislation searching for a problem tosolve,” said Philip Gordon, chair of the privacy and data protectionpractice at Littler Mendelson, an employer-side law firm. “I think it’s alegislative overreaction.”
Gordon has tracked the legislation across the states andsaid he is not aware of any legislatures that conducted hearings on the issuebefore considering a bill.
Laws vary by state
In rare instances when employers ask for passwords,employees would have other avenues to sue, such as federal anti-discriminationlaws, if they felt harmed, Gordon said.
Paul Stephens, director of policy and advocacy for thePrivacy Rights Clearinghouse, a privacy group that supports the laws, agreedthat anecdotal evidence suggests the practice is not widespread. Still, hesaid, he is pleased to see these new laws on the books.
“I think this is a situation in which statelegislatures have been proactive in cutting it off before it becomes aprevailing practice,” said Stephens. “In most areas, legislation lagsfar behind technology.”
But corporate defence lawyers said many of the statelaws are overly broad.
“In many cases, the laws are very unequivocal and allowfor very few exceptions. They would prevent employers, even in cases wherethere are legitimate grounds, from requesting passwords,” said BehnamDayanim of Paul Hastings. Employers would not be able to co-operate with law enforcement or investigate national security concerns in some cases, he said.
The specifics of the new laws vary by state. For example,the law in New Mexico prohibits employer password requests only to jobapplicants, and not employees. Other states apply the prohibition to both.
States such as Michigan and Oregon have enumeratedexceptions to the prohibition, like allowing employers to request passwords ifthey are conducting an internal investigation or co-operating with lawenforcement. States such as Maryland are more open-ended. Different statesspecify different penalties for violations — and some don’t identify anypenalties at all.
“I think its very difficult for employers to navigatethe different intricacies of the laws,” said Adam Forman, an attorney atMiller Canfield who has tracked the legislation.
There have been no publicized challenges to the legislationso far, and defence-side lawyers agree the legislation suggests a growinginterest in individual privacy.
“One may conclude that the privacy pendulum is startingto swing in favor of protecting privacy rights of employees,” Forman said.