The rise of social media has created a growing trend of employers either asking employees to surrender their social media login information or asking prospective employees to “friend” a human resources supervisor. This practice has been discouraged by employment lawyers fearful that employers may be exposing themselves to liability under state and federal discrimination, labor and privacy laws. In light of recent developments nationwide, employers may soon find themselves violating the law when they engage in this practice.
In April 2012, Congressman Eliot Engel (NY) and Rep. Jan Schakowsky (IL) introduced the Social Networking Online Protection Act (SNOPA) in Congress to protect users of social networking sites from disclosing their personal information to employers, universities and schools. SNOPA prohibits potential or current employers from gaining usernames, passwords or other access to employees’ or potential employees’ online content. It also prohibits employers from using such information to discipline, discriminate or deny employment to individuals who refuse to divulge such information. The legislation would also apply a similar restriction on K-12 schools, colleges and universities. However, the federal legislation is lagging behind state developments.
On April 9, Maryland became the first state to ban employers from demanding applicants or workers to surrender their social media site login information. The User Name and Password Privacy Protection and Exclusions Act stemmed from a review of Maryland’s Department of Public Safety and Correctional Services hiring and recertification procedures, which revealed that pursuant to a policy requiring candidates to surrender their social media logins, several Maryland corrections officers were denied employment or recertification between 2010 and 2011, in part because they either refused to surrender their information or because of information found on their social media profiles.
New Jersey employers need to be mindful that a human resources representative requesting social media login information or “friending” a prospective or current employee may not only be against the law, but can expose both the employer and the individual to legal liability. On June 25, New Jersey Assembly Bills 2878 and 2879 were passed. Bill 2878 prohibits an employer from requiring a current or prospective employee to provide or disclose social media login information, requires a prospective employee to waive or limit any protection granted under the bill as a condition of applying for or receiving an offer of employment, and prohibits retaliation or discrimination against an individual who complains about or participates in any investigation about violations of the law. Companies that violate this bill will be fined $1,000 for a first offense, and $2,500 for each subsequent offense. Likewise, Bill 2879 prohibits higher learning institutions from asking current or prospective students for their access information.
Similar legislation is being considered in other states. In New York, State Senator Liz Krueger introduced Senate Bill 6938, which would prohibit employers and their representatives from requiring job applicants or employees from disclosing their social media login information. In California, State Senate Representative Leland Yee introduced Senate Bill 1349 — The Social Media Privacy Act — which would prohibit employers from asking current employees or job applicants for their social media user names or passwords. The act would also bar employers from requiring access to employees’ and applicants’ social media content, to prevent employers from requiring logins or printouts of that content for their review. Likewise, in Massachusetts, State Representative Cheryl Coakly-Rivera filed the Act Relative to Social Networking and Employment, which bans employers’ access to an applicant’s or employee’s social media network and personal email and bars employers from “friending” a job applicant to view protected Facebook profiles or using similar methods for other protected social media websites. State legislation also has been proposed in Illinois (HB 3782), which was recently approved by the senate, Minnesota (HF 2963) and Michigan (HB 5323). Employers nationwide must be mindful that demanding prospective or current employees’ social media access information may expose them to state and federal liability.
Pursuant to Title VII of the Civil Rights Act, 42 USC §§ 2000(e) et seq., employers have been prohibited from discriminating against current or prospective employees based on a protected class including race, color, gender, sex or national origin. Pursuant to the New Jersey Law Against Discrimination, N.J.S.A. §§ 10:5-1 et seq., discrimination in employment can extend to areas of sexual orientation, military status, disability and even if an applicant is a smoker. Discriminating against an employee — whether intentional or not — is illegal. Unwittingly, employers may discriminate against an employee based on information learned in the review of the individual’s account.
Online profiles often reveal??information about a person’s protected class — information to which employers may not otherwise have access. Social networking profiles often include information such as a user’s religious beliefs, age, race, gender, sexual orientation, disability or military status. Protected information may appear??in the form of photos or videos or in global positioning coordinates, which may reveal trips to a mosque, the hospital, a predominantly gay/lesbian establishment or other locations suggesting a protected characteristic or activity. Although access to social media accounts may provide an employer with legitimate and nondiscriminatory reasons to reject an applicant or terminate an employee, an employer may not be able to filter??out the additional protected information. Accordingly, by requesting login access to a prospective or current employee’s social media site, employers are exposing themselves to claims under New Jersey and federal anti-discrimination regulations where the employer may find itself having to prove it did not rely on anything improper when making an adverse employment decision.
Depending on the circumstances, requesting access to and reviewing social media profiles could lead to an invasion of??privacy claim under various federal or state laws. For example, employers potentially are exposing themselves to liability under the Stored Communications Act, 18 U.S.C. §§ 2701 etseq. (SCA), and the Computer Fraud and Abuse Act, 18 U.S.C. § 2701. In particular, section 2707 of the SCA provides individuals with a cause of action against anyone who gains access to electronic information without authorization or intentionally exceeds authorization. This concept has already been explored by the federal courts in the realm of social media in two prominent cases.
In Pietrylo v. Hillstone Restaurant Group d/b/a Houston’s, the plaintiff created a private group on his MySpace account for him and his fellow employees to complain about work. 2009 WL 3128420 (D.N.J. Sept. 25, 2009). The plaintiff alleged that the employer threatened a member of the private group in order to gain access to the login information. The court found that the employer violated the SCA as well as state privacy statutes after it terminated the plaintiff for content observed after accessing the MySpace group.
In Konop v. Hawaiian Airlines, the plaintiff created a blog/website critical of Hawaiian’s president and union. 302 F.3d 868 (9th Cir. 2002). Access to the website required a username and password. The vice president of Hawaiian Airlines, without Konop’s authorization, accessed the website using the name and password of another pilot who was coerced into surrendering his login credentials. The court found that the employer violated the SCA as well as the Federal Wiretap Act after suspending the employee due to the contents of the site.
In March 2012, U.S. Senators Richard Blumenthal (CT) and Charles Schumer (NY) specifically petitioned the U.S. Department of Justice to ascertain its position as to whether employers were federally liable for demanding prospective or current employees to surrender their social media login information. Accordingly, there is both precedent and federal focus on finding liability for breach of privacy against any employer who demands a prospective or current employee’s social media access information.
While many employers have instituted policies requesting social media login information to wean out potential bad candidates or monitor current employees, they may have unwittingly stumbled into another trap — interfering with employees’ rights under Section 7 of the National Labor Relations Act, 29 U.S.C.A. §157 (NLRA).
Section 7 of the NLRA, in relevant part, provides:
Employees shall have the right to self-organization, to form, join or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all of such activities ….
Section 7 protects the rights of employees to discuss working conditions where they are not represented by a union, do not have a collective bargaining agreement, and even if they have no intention of forming a union. Additionally, under Section 8(a)(1) of the NLRA, an employer commits an unfair practice where it interferes with, restrains or coerces employees in the exercise of the rights guaranteed in Section 7. 29 U.S.C.A. §158(a)(1). Accordingly, a cause of action could arise where the request for a prospective or current employee’s social media login information might be construed as interfering with union activity.
In what appears to be a mounting movement of Congress and state legislatures to ban an employer’s right to demand access to prospective or current employees’ social media login information, employers that have previously engaged in this practice should consult with counsel before continuing that practice to avoid potential liability. n