California bars employers from demanding employees' social media log-in info
It's officially illegal for employers and universities in California to request social media log-in information—that is, user names and passwords for Facebook, Twitter, or e-mail—from employees and students.
On Thursday, California Governor Jerry Brown signed into law two privacy bills, Assembly Bill 1844 and Senate Bill 1349. These laws prohibit employers, universities employees, and university representatives from requiring or requesting the social media log-in information of their respective employees, prospective employees, students, prospective students, or student groups.
"California pioneered the social media revolustion," Governor Brown wrote on his Facebook Timeline. "These laws protect Californians from unwarranted invasions of their social media accounts.
AB 1844 was introduced in February and authored by San Jose Democrat Nora Campos. This bill specifically prohibits employers from requesting social media log-in information of both potential and current employees. SB 1349 was introduced by San Francisco Democrat Leland Yee, and refers to both public and private universities. SB 1349 prohibits university employees and representatives from requiring or requesting social media log-in information from students, potential students, and student groups. However, SB 1349 does not prohibit universities from investigating student misconduct on social networking sites.
Snooping on employees is nothing new
Social networks, such as Facebook and Twitter, have long been used by employers and universities to screen job applicants and potential students , as well as to monitor current employee and student conduct . For example, there have been multiple cases of employees being embarrassed or fired because of social media misconduct. To a certain extent, this makes sense—employers, understandably, want their employees to maintain a certain amount of public online decorum .
However, the real privacy question came up earlier this year when reports suggested that employers (and universities) were taking it a step further. Instead of simply screening employees' and students' public social networks, they were requiring employees and students give up their log-in credentials. While it might be acceptable for an employer or university to be concerned about what someone posts on their public page, it gets sketchy when they want to monitor their private communications as well.
In March, reports of such unsavory activity surfaced. Facebook condemned this practice, pointing to its Statement of Rights and Responsibilities, which specifically forbids users from sharing their passwords with anyone else. In a company blog post in March, Facebook's Chief Privacy Officer Erin Egan noted that Facebook had seen "a distressing increase in reports of employers or others seeking to gain inappropriate access to people's Facebook profiles or private information."
Though it's difficult to find hard data on just how many employers are asking for people's log-in information, Assemblymember Campos' office says that 129 cases relating to employer social media policies are currently before the National Labor Relations Board.
Some cases have also gone public, such as the story of a teacher's aide in Michigan who was fired after refusing to give up her Facebook password. The aide, Kimberly Hester, jokingly posted a photo she received from a co-worker. The photo was only viewable to Hester's Facebook friends. However, a parent of one of the students (who was a family friend of Hester) saw the photo and complained to the district. When Hester refused to give up her password, the school "assumed the worst" and put her on administrative leave .
Other states take the lead
California isn't the first state to ban snooping employers and universities.
On May 2, 2012, Maryland became the first state to explicitly prohibit employers from asking for Facebook, Twitter, and other social media log-ins. On August 1, 2012, Illinois followed suit, barring employers from asking current and potential employees for social network log-in information. Similar laws are pending in Michigan and Minnesota.
An attempt to give the Federal Communications Commission the power to prohibit employers from asking for log-in information was rejected in March. The amendment, which was proposed by Colorado Rep. Ed Perlmutter to amend the Federal Communications Commission Process Reform Act of 2012, was deemed unnecessary by House Republicans, and was voted down 236 to 184.
To be fair, the proposal seemed to be a delaying tactic, not an actual bid for American's privacy. The House Republicans argued that while the proposed legislation wouldn't help the current situation, they were willing to work on new privacy legislation in the future.