Workplace Policy Institute: Social Media Password Protection and Privacy — The Patchwork of State Laws and How It Affects Employers

UPDATE:  Shortly after this Littler Report was initially published, the legislatures of Arkansas, Colorado, Oregon and Washington passed social media password protection bills.  In addition, New Jersey’s Governor conditionally vetoed the bill passed by that state’s legislature.  The revised Littler Report addresses these new developments.  We also have revised our proposed model legislation in light of these developments.

Social media websites such as Facebook, Twitter, LinkedIn and others have become a part of daily life in the United States and abroad. The unavoidable reach of social media into our personal lives has extended into our professional lives. Facebook claims to have more than 1 billion users. As of December 31, 2012, LinkedIn boasted more than 200 million registered users in over 200 countries and territories and that LinkedIn members performed "over 5.7 billion professionally-oriented searches on the platform in 2012." It is reasonable to infer that those 5.7 billion searches were not limited to individuals seeking jobs, professional connections or merely long lost friends, but also included employer representatives searching for qualified candidates.

In the last decade, most employers, at some point, have reviewed an employee's or applicant's emails, blogs or online social media postings, either in the capacity of "employer" or perhaps as a "friend." Social media monitoring service Reppler recently surveyed over 300 hiring professionals to determine when and how job recruiters are screening job candidates on different social networks. The study found that more than 90 percent of recruiters and hiring managers have visited a potential candidate's profile on a social network as part of the screening process. Moreover, 69 percent of recruiters have rejected a candidate based on content found on his or her social networking profiles—an almost equal proportion of recruiters (68%), though, have hired a candidate based on his or her presence on those networks.

Employers' access to applicants' and employees' social media activity raises two separate but related questions. First, what social media sites can employers lawfully access to obtain information about applicants and employees? Second, to what extent can employers lawfully rely on information obtained through social media to make employment decisions? The second question raises the types of anti-discrimination concerns that employers have been confronting in the off-line world for decades. However, the first question exposes employers to a completely new legal landscape, one which just began to evolve in April 2012, when Maryland enacted the Nation's first "social media password protection law" and has expanded in the past year to include six additional states—California, Illinois, Michigan, New Jersey, New Mexico, and Utah. With password-protection legislation pending in over twenty state legislatures, this legal landscape undoubtedly will become more complex, especially for multi-state employers, over the next one to two years.

This paper explores the history and background of social media password protection legislation, the differences between the state laws, and how those differences create challenges for employer compliance. The paper concludes by describing the terms a model statute at the federal level should include to eliminate the existing and expanding patchwork of state laws.

To read the Littler Report, please click here.

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.