Pennsylvania and the city of Philadelphia are poised to join a growing list of states and municipalities that are enacting so-called “Facebook laws,” which prohibit employers from requiring prospective or current employees to disclose their social-media usernames and passwords. In less than two years, social media in the employment context has garnered so much national attention that it sparked the passage of Facebook laws in five states in 2012 and in six states in 2013. Thirty-six other states have proposed similar legislation. To complicate matters, these laws vary from jurisdiction to jurisdiction, which creates a tangle of inconsistent protections. For example, Pennsylvania prohibits retaliation against employees when they make “good faith” reports of alleged violations, whereas Philadelphia does not expressly contain this protection. Further, these laws can potentially do more harm than good. For example, the proposed Facebook laws in Pennsylvania and the city of Philadelphia may interfere with an employer’s legal obligations to conduct thorough workplace investigations.

Under Pennsylvania’s proposed legislation, dubbed the Social Media Privacy Protection Act, an employer would be prohibited from “shoulder surfing,” or requiring an employee to access a password-protected social-media site in the employer’s presence. The law would also prohibit an employer from asking an employee to divulge information contained on a private site. These restrictions can make it difficult for an employer to investigate improper conduct between employees that occur on social-media sites and carry over into the workplace. For instance, if an employer receives a complaint from an employee that he or she is being harassed by another employee through a social-media site, the employer could not request or require access to the site in order to further investigate the complaint. The employer would also be prohibited from asking the employee to provide evidence, such as private wall postings or emails, to substantiate his or her claim of online misconduct. The city of Philadelphia is also considering a proposed ordinance, which is very similar to the Pennsylvania legislation.

Proponents of Facebook laws focus on protecting job applicants and employees from having to give an employer access to their private Internet lives. The sponsors of the Pennsylvania legislation wrote to their colleagues that “employers, in general, have no compelling justifiable reasons for [accessing private social media]. There are existing, time-tested and effective screening methods available to companies to secure quality employees.” The sponsors of the proposed bill further argue that if an employer is allowed to request social-media usernames and passwords on an employment application or during a job interview, “a potential employee placed in this uncomfortable situation may feel compelled to comply with the request. In a tight job market, failure to do so could put them at a disadvantage causing them to lose the job opportunity.”

These arguments are facially compelling because they appeal to common sense. Theoretically, employers should not be allowed to snoop around in employees’ private social-media accounts or closed chat rooms. These laws are written to permit employers to review publicly available content on the Internet. Employers are also able to continue to maintain workplace policies governing use of employer-issued electronic devices, email and Internet accounts, as long as the policies do not require an employee to disclose personal social-media passwords.

Unfortunately, the narrow focus on the hiring process has distracted proponents of these laws from considering how these laws impact the management of existing employees and the workplace. There is no reason to fast-track this type of legislation in Pennsylvania without a more careful examination of potential consequences. In actuality, most employers do not currently request employees to provide employers with access to employee social-media accounts. Most employers also state that they are not contemplating requesting access to employee social-media passwords any time in the near future.

Pennsylvania and the city of Philadelphia should take heed of other jurisdictions that are beginning to re-examine their laws and pending legislation. Of note, New Jersey’s proposed social-media password law, Assembly Bill No. 2878, is likely to be enacted later this year after revisions were made by Governor Chris Christie. Bill 2878 was originally passed by both Houses of the New Jersey Legislature in March. In May, Christie conditionally vetoed Bill 2878 and returned it to the Assembly with recommendations for further revisions. The governor’s recommendations have been approved by the Assembly and are currently awaiting approval by the Senate.

In an effort to balance the privacy concerns of employees against the employers’ need to manage personnel, Christie suggested adding an exception to Bill 2878 to allow employers to conduct investigations for the purpose of ensuring compliance with the law and “prohibitions against work-related employee misconduct based on the receipt of specific information about activity on a personal account by an employee.” Neither the proposed Pennsylvania law nor the Philadelphia ordinance contains such an exception.

Without an exception, such as the one suggested for Bill 2878, employers in Pennsylvania that receive complaints about workplace misconduct involving online communications may be hindered in their investigations and, correspondingly, may have problems appropriately remediating misconduct. In the event that these Facebook laws are passed without modification, Pennsylvania and/or Philadelphia employers would need to consider instituting the following measures, which are currently recommended in other jurisdictions with similar laws:

• Instruct human resources personnel not to request access to or content from social-media websites during internal investigations.

• Ask employees to sign an acknowledgement prior to conducting internal investigations, in which employees acknowledge that all social-media-related information disclosed during the investigation is provided to the employer voluntarily without it being requested or required by the employer.

• Most importantly, to seek counsel if workplace investigations are hindered by the inability to review online information that is not publicly available.

In the event that workplace investigations are hindered by Facebook laws, a conflict may arise between these laws and discrimination laws such as Title VII of the Civil Rights Act of 1964, which require thorough workplace investigations. Thus, if either the Pennsylvania or the Philadelphia legislation is adopted, the above-stated best practices would help Pennsylvania employers comply with these proposed laws and identify situations in which they need to consult with legal counsel to reconcile how these laws may conflict with their obligations under other federal and state laws.

Alexander Nemiroff is a shareholder, and Laura Martin Scales is an associate, with the Philadelphia office of Ogletree, Deakins, Nash, Smoak & Stewart. Nemiroff and Scales regularly advise clients and litigate in the areas of employment discrimination, workplace technology law, social media, noncompetition and other related matters. You can reach Nemiroff at alexander.nemiroff@ogletreedeakins.com and Scales at laura.scales@ogletreedeakins.com.