Just weeks after Colorado became the tenth state to enact password protection legislation, Reps. Ed Perlmutter (D-CO) and Peter Welch (D-VT) have introduced a similar bill at the federal level. The Password Protection Act of 2013 (H.R. 2077) would prevent employers from requiring job applicants and current employees from disclosing their passwords to their social media sites as a condition of employment. Specifically, the bill would amend Section 1030 of Title 18 of the U.S. Code – Fraud and related activity in connection with computers – to make it unlawful if an employer:
for the purposes of employing, promoting, or terminating employment, compels or coerces any person to authorize access, such as by providing a password or similar information through which a computer may be accessed, to a protected computer that is not the employer's protected computer, and thereby obtains information from such protected computer.
The measure would also prevent an employer from discharging, disciplining, discriminating against, or threatening to take adverse action against applicants or employees who refuses to disclose their passwords or who have filed a complaint or otherwise assisted in an action under this bill.
The legislation contains exceptions for, among other things, the protection of an employer’s intellectual property, trade secrets, or confidential business information.
Violations of this law could result in a fine, imprisonment for up to one year, or both.
In a press release, Rep. Welch said:
Employees have a legitimate expectation of privacy when using Facebook or Twitter. This legislation will prevent fishing expeditions into employees’ private lives. While an employer may have a valid concern about the business impact of an employee’s online activity, demanding passwords and unfettered access to private accounts is an over-the-top solution.