On August 1, 2012, Illinois Governor Pat Quinn signed a bill into law (HB 3782) that prohibits employers from requesting or requiring employees or prospective employees to provide their Facebook or other social networking website passwords. With the new law, effective on January 1, 2013, Illinois becomes the second state (Maryland was the first) to bar employers from seeking social network passwords. Employers are still free to access employees’ social network sites (and the information, photos, videos and other content) that are publicly available.
While dubbed the “Facebook password law” in many news reports, the law covers all “social networking websites.” The term “social networking website” includes Internet-based services that allow individuals to: construct a public or semi-public profile within a system, created by the service; create a list of other users with whom they share a connection within the system; and view and navigate their list of connections and those made by others within the system. An employer’s asking for passwords to a prospective or current employee’s Facebook, Linkedin, Twitter, and other similar services would be covered by the new law.
The Illinois legislature passed the law in response to complaints from graduating college students and others that they had been denied employment based upon their refusal to provide passwords, or they felt the need to deactivate their accounts during the job search process. One study found that 75 percent of employers require their human resources departments to review online profiles before offering an applicant a job (with one-third of employers turning down applicants based on those searches). Sponsors of the bill also contend that access to social profiles can lead to unlawful discrimination, as information such as age, race, sexual orientation, political affiliations, and even disabilities can be gleaned from social network profile pages.
The new legislation specifically affirms that employers may obtain information that is in the “public domain” (such as any information on Facebook that is open to viewers rather than restricted) and general Google or other similar searches on an employee. Further, employers may continue to maintain workplace policies addressing workplace Internet use, social networking site use, and use of email. The law specifically does not cover an employer’s monitoring of electronic mail (as long as the employer does not request or demand an employee’s password for a social networking site).
Several other states and Congress are considering similar legislation. Facebook declares that employers asking for passwords violates its “Statement of Rights and Responsibilities,” along with sharing a password. Employers should review their social media policies, employment forms, interview processes and ongoing human resources operations if they operate in Illinois or Maryland and should not request password or other account information (including whether an individual even participates in social networking) in those states.
With other states and perhaps the U.S. Congress following suit, these restrictions are likely to become the law of the land sooner rather than later.
Of course, as the law states, if an employer wishes to Google an employee, troll for public Facebook, Twitter, or other public social networking information, it may do so. So, college graduates and others, you may want to double check your Facebook privacy settings so Mr. Human Resources doesn’t see your Spring Break photo adventures.