Beginning October 1, 2012, employees and job applicants’ personal e-mail accounts, Facebook pages, Twitter accounts, Pinterest pages, and similar accounts will gain more protection from Maryland employers.

Under the new law, employers in Maryland will be prohibited from asking or requiring employees or job applicants to disclose user names, passwords, or other means of accessing personal e-mail or social media accounts. Employers also will be prohibited from retaliating against employees or applicants who refuse to provide their personal account information, and from refusing to hire applicants simply because they refuse to disclose their personal user names and passwords. 

Maryland became the first state to enact such a protection for employees in April 2012, but other states are quickly following in its footsteps. A similar law will take effect in Illinois next year. Legislation at the federal level has also been discussed.

The new Maryland law does give employers the following protections:

  • Employers may require an employee to disclose user names and passwords for nonpersonal accounts that provide access to the employer’s computer systems.
  • Employees may not download an employer’s proprietary or financial information to personal websites or other Internet sites or accounts.
  • Employers that receive information that an employee has used a personal website or Internet account for business purposes may investigate the matter to ensure compliance with applicable securities and financial laws.
  • Employers that receive information that an employee has downloaded an employer’s proprietary or financial information to a personal account without authorization may investigate the employee’s actions.   

Employers with employees working in Maryland should review their hiring procedures and other employment policies and practices to ensure compliance with the new law. Employers elsewhere should weigh carefully the benefits and risks associated with seeking this type of information during the hiring process, and should exercise caution and identify a legitimate business purpose before accessing the accounts of current employees.