New England Biz Law Update
Social media clearly has changed the way we interact with each other. We offer up-to-date commentary about the details of our lives with BlackBerries, iPhones, smart phones and other devices. And we can say what we want without fear of reprisal in the workplace because we limit access to that information to a select group of “friends,” “connections” and “followers,” right?
Wrong.
The recent publicized story of Justin Bassett, the New York City statistician who withdrew his application for employment rather than turn over his Facebook user name and password to his prospective employer, sparked numerous reports nationwide of similar demands by prospective employers.
Not only are applicants upset by the practice, but so are the “friends,” “connections” and “followers” of applicants, because revealing the applicants’ private information or communications may reveal their private information or communications as well.
The practice has legislators and social media users alike asking: “Is this legal?”
Sens. Charles Schumer, D-N.Y., and Richard Blumenthal, D-Conn., have called on the U.S. Department of Justice and the Equal Employment Opportunity Commission to investigate the legality of employers requesting that job applicants provide social media user names and passwords for unrestricted access to their accounts during interviews.
In a joint letter to Attorney General Eric Holder, Schumer and Blumenthal questioned whether those practices violate the Stored Communication Act or the Computer Fraud and Abuse Act.
The SCA prohibits intentional access to electronic information without authorization, or intentionally exceeding authorization to access electronic information.
The CFAA prohibits intentional access to a computer without authorization to obtain information.
In their letter, Schumer and Blumenthal opined that “[r]equiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both SCA and the CFAA.”
In addition to potentially violating those acts, the practice of asking applicants for access to their private social media accounts may violate Title I of the Americans with Disabilities Act and Title II of the Genetic Information Nondiscrimination Act of 2008.
Title I of the ADA prohibits employers from asking questions that are likely to reveal the existence of a disability before making a job offer. It is very possible that information in an applicant’s private social media account could reveal the existence of a disability. Seeking access to that account is therefore arguably akin to asking questions that are prohibited by law.
Title II of GINA prohibits employers from requesting, requiring or purchasing an applicant’s or an employee’s genetic information, even if that information is never used. The EEOC’s regulations implementing Title II of GINA provide that a “request” for genetic information may include actions such as conducting an Internet search on an individual in a way that is likely to result in the employer or prospective employer obtaining genetic information.
In addition to statutory violations, the practice of exploring applicants’ or employees’ private social media accounts may give rise to a common law claim for invasion of privacy.
It may also constitute unlawful interference with contractual relations because it is a violation of Facebook’s Statement of Rights and Responsibilities for users to share their Facebook passwords.
Additionally, requests for access to employees’ private social media accounts by public employers may violate the First, Fourth and Fifth amendments to the U.S. Constitution.
On March 27, Rep. Ed Perlmutter, D-Colo., proposed an amendment to the GOP-backed Federal Communications Commission Process Reform Act of 2012 to address the issue. Perlmutter asserted that the amendment would prevent employers from asking prospective employees for access to private information in social media accounts.
During the floor debate, Rep. Greg Walden, R-Ore., opposed the amendment, not because he disagreed that employers should not be allowed to demand passwords and “go snooping around,” but because he believed, as drafted, the amendment would not offer much protection to social media users.
The amendment was rejected 236-184, with only one House Republican voting in favor of the proposed amendment.
In the technology blog Hillicon Valley, Brendan Sasso recently reported that Perlmutter and Rep. Patrick McHenry, R-N.C., are also working with Blumenthal’s office on legislation that would prohibit employers from requesting access to private social media accounts.
On April 27, Rep. Eliot Engel, D-N.Y., introduced the Social Networking Online Protection Act, which would restrict current or potential employers “from requiring a username, password or other access to online content.”
SNOPA would also prohibit universities and schools from requiring students to provide user names and passwords for private social media accounts. Rep. Jan Schakowsky, D-Ill., is co-sponsoring SNOPA with Engel.
Maryland recently became the first state to ban employers from asking current employees and job applicants for their user names and passwords for their social media sites. Lawmakers in other states, including Massachusetts, California, Illinois, Louisiana and New Jersey, also have either introduced or plan to introduce legislation limiting employer access to private social media accounts.
It will be interesting to see, however, exactly what type of behavior the proposed legislation attempts to restrict. Savvy employers use various means of gaining access to private accounts, including requesting applicants and employees to “friend” interviewers and human resources personnel.
Thus, legislation limiting the ability of employers to request login and password information will not necessarily limit employers’ access to the private information of applicants and employees.
Employers should carefully weigh the benefits they hope to receive by requesting access to private social media accounts against the risk that such requests are, or may soon become, illegal.
In addition to the legal risks, employers should also consider the fact that by asking for access, they risk alienating a large pool of candidates.
Meanwhile, users of social media should be mindful that employers have various ways to can gain access to their “private” information and that of their “friends” and should be smarter about the use of this powerful tool.
Cheryl B. Pinarchick is a shareholder at Murphy & King in Boston. Her practice focuses on business litigation and employment law. She can be contacted at [email protected].
