Recently, two more states – Arkansas and Colorado – enacted some form of social media privacy law for the workplace, and both new laws have very similar restrictions.  First, the Arkansas social media law prohibits an employer from requiring, requesting, suggesting, or causing a current or prospective employee do any of the following:

1. Disclose his or her username and password for a social media account;
2. Add an employee, supervisor, or administrator to the list of contacts associated with his or her social media account (i.e. “friending”); or
3. Change the privacy settings associated with his or her social media account.

Second, the Colorado social media law provides that an employer may not suggest, request, require, or cause an employee or applicant to do any of the following:

1. Disclose any username, password, or other means for accessing the employee’s or applicant’s personal account or service through the employee’s or applicant’s personal electronic communications device;
2. Add anyone, including the employer to the employee’s or applicant’s list of contacts associated with the social media account; or
3. Change privacy settings associated with a social networking account.

You can view the Arkansas law here and the Colorado law here.

Conversely, in New Jersey, the legislature passed a social media law of its own, but the New Jersey Governor  conditionally vetoed the measure and sent it back to the legislature with recommended revisions.  You can review his veto message here.

Altogether, with two (out of these 3 states) passing social media workplace laws, we now have seven total states with such laws.

As I’ve stated before, these laws appear to address a problem that doesn’t even exist.  In other words, “if it ain’t broke, don’t try to fix it”…

Fortunately, during the 2013 legislative session, the Hawaii state legislature was wise enough to realize that this type of law is unnecessary, and the bills dealing with social media privacy in the workplace died.  (In all likelihood, however, we will see similar measures introduced and heard at the Hawaii legislature in the upcoming sessions.)

Last Thursday, the U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (“CISPA.”)  Proponents of CISPA say it is a bill that increases the government’s ability to respond to cyber threats and cyber attacks by sharing private customer information between itself and companies.  Opponents of the bill argue that it is a serious violation of their right to privacy, and does not actually serve to combat cyber attacks.  Rather, they claim, the bill would allow the government to “spy” on American citizens.

A last minute amendment to CISPA was attempted by U.S. Representative Ed Perlmutter, that would have banned employers from requiring employees to share the login information for their social media accounts.  The House members rejected the proposed amendment by a vote of 224-189, and passed the bill without Rep. Perlmutter’s amendments.  The bill now has to be heard by the Senate.

On a related note, another bill that is pending before the U.S. House of Representatives is the Social Networking Online Protection Act (“SNOPA”), which also proposes to prohibit employers and certain other entities from requiring or requesting that employees and certain other individuals provide a user name, password, or other means for accessing a personal account on any social networking website.  This same exact bill was introduced in 2012, but was not given much attention.  For this year, govtrack.us is giving this bill a 1% chance of making it out of committee, and a 0% chance of being enacted into law.

As noted in a prior blog post, seven states have already enacted such a law.  Hawaii heard similar bills during the current legislative session, including HB 713 HD2 SD1, but all of those bills are dead.

While we’re on the subject, some humor:

On May 2, 2012, the Maryland Governor approved a measure that makes it illegal for Maryland employers from requiring or asking an employee or job applicant to disclose any user names, passwords, or any other means of accessing personal internet sites (such as Facebook) as a condition of employment.  In addition, this new law also prohibits Maryland employers from disciplining an employee or refusing to hire a job applicant who declines to disclose such information.  Maryland is now the first state to pass such a law.  This law is known as the “User Name and Password Privacy and Exclusions” law, and takes effect on October 1, 2012.  You can read a copy of the bill here.

Several other states – including New Jersey, California, Illinois, and Washington – are also considering similar legislation.

Congress is also getting in on the action:  the U.S. House of Representatives has introduced the Social Networking Online Protection Act (“SNOPA”) and the U.S. Senate has introduced the Password Protection Act of 2012, both of which prohibit employers from requiring employees or job applicants to disclose their social media user names and passwords.  In addition, some U.S. Senators have also asked the U.S. Department of Justice and the Equal Employment Opportunity Commission to investigate employers’ practices of asking job applicants for social media passwords during job interviews.

For further discussion on this topic, please see my prior blog post here.