Maryland has become the first state to enact password protection legislation designed to prohibit employers from requiring applicants and employees to disclose their personal passwords to social media sites such as Facebook, Twitter, and MySpace.
The legislation was passed April 9 and is expected to be signed by Governor Martin O’Malley. If signed, it will take effect October 1.
In short, the legislation states that employers may not discharge, discipline, or otherwise penalize employees based on their refusal to disclose a password. Further, employers may not refuse to hire any applicants as a result of their refusal to disclose such information. The new legislation applies to all Maryland employers regardless of size as well as state and local government.
The legislation also contains a provision that permits employers to conduct an investigation for the purpose of ensuring compliance with applicable securities or financial laws or regulatory requirements based on the receipt of information about the use of websites, Web-based accounts, or other similar accounts.
An employer also may investigate an employee’s actions based on the receipt of information about the unauthorized downloading of its proprietary information or financial data, personal website, Internet website, Web-based account, or similar account by the employee.
Once the bill is signed into law, employers can expect regulations to be issued that will provide further details on how this new legislation will be applied in the workplace. In the meantime, those few Maryland employers that have required applicants and/or employees to disclose their passwords to various social media websites may want to reconsider their policies now so they’re prepared for the October 1 deadline.
Keep up with the latest developments in employment law and regulations in Maryland with the Maryland Employment Law Letter. Kevin McCormick is editor of Maryland Employment Law Letter and a partner with Whiteford, Taylor & Preston, L.L.P., in Baltimore.