U.S. Senators Richard Blumenthal (D-CT) and Charles E. Schumer (D-NY) have called upon the U.S. Equal Employment Opportunity Commission and the U.S. Department of Justice to launch an investigation into the legality of actions by employers that have asked job applicants for their social media passwords so that they can gain access to personal and private information.  

The senators argue that this request is a grave intrusion into personal privacy and should become grounds for a discrimination claim against the employers. The thrust of an investigation would be to determine whether this practice is a violation of federal law.  

In a March 25, 2012, press release, Senator Blumenthal stated: “A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy. An investigation by the Department of Justice and Equal Employment Opportunity Commission will help remedy ongoing intrusions and coercive practices, while we draft new statutory protections to clarify and strengthen the law. With few exceptions, employers do not have the need or the right to demand access to applicants’ private, password-protected information.”  

Facebook agreed with the senators’ position against the practice of requesting passwords. In a post on the social media website on March 23, 2012, Facebook issued a statement that the sharing of passwords is a violation of Facebook’s Statement of Rights and Responsibilities.  

Currently there are two reported decisions finding that an employer may have civil liability for requesting this type of information and in fact using the information for access to the various sites.  

In Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009), the U.S. District Court for the District of New Jersey upheld a jury verdict finding an employer liable for accessing employees’ social media websites and viewing various posts that were critical of management. In Pietrylo, liability was found against an employer under the federal Stored Communications Act following a jury trial concluding that the employer had knowingly or intentionally accessed an invitation-only chat group and members’ accounts and passwords on MySpace.com without authorization. However, the jury found that the defendant had not invaded the plaintiffs’ common law right of privacy.

In Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (2002), the U.S. Court of Appeals for the Ninth Circuit held that an employee had a cognizable legal action when his employer accessed his secure website that contained criticisms of management. In Konop, the employee’s claims were allowed to proceed under, inter alia, the Stored Communications Act.  

Both cases deal with current employees, not potential employees. There are no reported cases dealing with the practice of asking job applicants for passwords, and the limited authority focuses on factually specific situations raising potential claims under traditional labor statutes, common law privacy causes of action or various electronic communications statutes.  

Current laws prohibiting discrimination based on protected classes would not generally seem applicable to this practice, as the requests by employers seem to have the greatest application to younger applicants as a whole. Potential claims could be credible if access is requested as retaliation for making a protected compliant (for example, as a response to an EEOC charge). Employers in states where there are limits on the ability of an employer to make employment decisions based on off-duty personal conduct would face a greater risk of claims for engaging in such actions. Further, if an employer learns information as to protected classifications it did not otherwise know of following the viewing of personal social networking information (such as a disability or sexual preference) its liability risk will increase. State common law privacy claims would not generally seem to be applicable to requesting and viewing the information, as such claims require that the plaintiff have a “reasonable expectation” of privacy in the information, which seems unlikely for a Facebook user who may have literally thousands of “friends.”  

The senators’ investigation is on a federal level. A potential bill would make the act of requesting this information and then using it to gain access a discrimination violation under federal law. Individual states are also passing legislation prohibiting employers from requesting social media passwords and account information. For example, the Maryland General Assembly has passed legislation prohibiting employers in the state from asking current and prospective employees for their user names and passwords to websites such as Facebook and Twitter. Similar legislation is being considered in Illinois and California.  

Employers who wish to avoid being drawn into the legal debate risking potential lawsuits – lawsuits designed to expand the law to provide liability for reviewing social networking information that is private or password protected – should limit their review of social networking information of applicants and employees to information that is publicly available.