Since the advent of social media, employers have used social media as a tool for vetting job applicants by reviewing applicants’ and employees’ public internet profiles and postings on websites such as Facebook, MySpace, and Twitter. When this information is publicly available, an employer’s review of social media sites entirely legal, so long as the employment decision is not made on a discriminatory basis. Earlier this year, however, the Associated Press identified an increasing trend where employers are not just reviewing publicly accessible social media profiles, but also asking applicants to disclose their usernames and passwords for social media websites that are restricted to the public or otherwise designated as “private.” For example, when a security guard at the Maryland Department of Public Safety and Correctional Services desired to return to his job after a leave of absence, he was asked for his Facebook login and password prior to reinstatement. A New York statistician, after answering several character questions, was next asked for his Facebook login and password when the interviewer could not access his private profile. Similarly, since 2006, an Illinois sheriff’s office has asked applicants to sign into social media sites for screening. And, up until last year, the City of Bozeman, Montana asked job applicants not only for passwords to social networking websites, but also for email and other online account passwords. Proponents of the practice suggest that review of private websites ensures the safety and integrity of the employer. Furthermore, supporters also argue that information posted on the internet should never be considered “private” on such a public and global forum.

In reaction to the rise of employer inquiries into social media and email passwords, two United States Senators issued public letters to the U.S. Equal Employment Commission and the U.S. Department of Justice, requesting an investigation into whether the practice violates federal law. The senators argued that the practices are “unreasonable and unacceptable invasions of privacy” and that since “[e]mployers have no right to ask job applicants for their house keys or to read their diaries” they should not be able to access private social media websites. The senators argued that allowing an employer access to private social media websites will grant the employer access to private, protected information that is otherwise impermissible to consider when making hiring decisions, such as information about religion, age, marital status, and pregnancy status. Such information could be used to unlawfully discriminate against otherwise qualified applicants. 

Shortly after the Senators’ demands for a federal investigation, Maryland, in May of this year, and Illinois, in August, passed legislation making it unlawful for employers to compel employees or applicants from disclosing social networking user names and passwords. Similar bills have also been introduced this year in California, Michigan, New Jersey, Washington, New York, and Minnesota. See, e.g., H.R. 2963, 2011-2012 Leg., 87th Sess. (Minn. 2012). Also in May 2012, the Social Networking Online Protection Act (“SNOPA”) was introduced in the United States Senate that would ban companies from asking current or future employees for passwords to social networking sites. See Social Networking Online Protection Act, H.R. 5050, 112th Cong. (2012). Delaware has also passed a law making it unlawful for a public or nonpublic academic institution to require a student to disclose password or account information for social networking websites.

So what does all this mean for employers? At this time, only employers in Maryland and Illinois are restricted from requesting access to an applicant’s or employee’s social media login information. However, given the rapid rise in proposed federal and state legislation, employers and academic institutions should expect that these practices will not be permissible for long. Even in the absence of social media privacy laws, employers should be increasingly wary of reviewing the private social media websites of its applicants and employees, as it may subject itself to unneeded discrimination, invasion of privacy, and unreasonable search and seizure claims. If an employer gains access to an employee’s or applicant’s protected information through a private social media website, including information related to religion, age, or marital status, the employer may find itself crossing an additional hurdle if an adverse employment action is challenged by the employee.