On Monday, March 26, Senators Richard Blumenthal (CT) and Chuck Schumer (NY) asked the Equal Employment Opportunity Commission (EEOC) and the Department of Justice (DOJ) to weigh in on the increasingly widespread practice among employers to demand access to job applicants' social media and personal email accounts. In their letters, the senators raise several legal issues that give the prudent employer reason to think twice before asking a job applicant (or an employee) to hand over user names and passwords.

  • Stored Communications Act (SCA) and the Computer Fraud and Abuse Act (CFAA). The senators urge the DOJ to issue a legal opinion as to whether it is a violation of the SCA and/or the CFAA for an employer to request and then later use a prospective employee's social networking credentials to access otherwise private information. In simplest terms, the SCA prohibits unauthorized access to electronic information and access that intentionally exceeds authorization; the CFAA prohibits unauthorized access to a computer for the purposes of obtaining information. In their letter to the DOJ, the senators point out two cases in which supervisors were subject to civil liability for violating the SCA by obtaining employees' login credentials and then using those credentials to gain access to the employees' personal information. While the cases involved current employees rather than applicants for employment, the senators suggest that there is no reason to distinguish between the two and urge the DOJ to issue a formal legal opinion on this issue.
  • Anti-Discrimination Statutes. In their letter to the EEOC, the senators express concern about employers using a prospective employee's social networking and email credentials to obtain information the employer is prohibited from asking for and/or using in hiring decisions under federal (and state and local) anti-discrimination statutes. This concern echoes those of employment lawyers who have long cautioned employers about the hazards of obtaining "too much information" about prospective employees—including information about membership in a protected group, medical conditions and disabilities, genetics, or political and religious viewpoints—because it eliminates one of the possible defenses an employer can make in a failure-to-hire claim (i.e., lack of knowledge of protected status). Though not mentioned in the senators' letters, an employer's unintentional discovery of an applicant's union activities or affiliations creates similar risks under the National Labor Relations Act.

The senators' letters were issued on the heels of Senator Blumenthal's announcement last week that he is drafting legislation to restrict employers from requiring applicants to disclose user names and passwords. While similar legislation has been proposed or considered in several states, none has yet been enacted into law.