News reports tell of some large companies demanding employees and job applicants hand over their user names and passwords for private social-media websites.
These companies want the ability to learn what applicants have been posting before they make a hiring decision and to continually monitor the activities of employees on password-protected private Web pages.
If you are considering such a practice for your dealership, contact a lawyer and seriously investigate the legality and wisdom of the practice.
Legislative steps have been taken to prevent employer access to employee and job applicant personal accounts. Additional legal deterrents are likely.
Maryland became the first state to enact a law that prohibits employers from requesting and requiring user names, passwords or other private information in order to access employees’ computer accounts.
Effective Oct.1, the law goes beyond just social-media sites such as Twitter, Facebook and LinkedIn to include personal online accounts related to email, shopping, banking and others.
Dealers outside of Maryland should not disregard this statute just because their state has not yet followed suit. Other states as well as the federal government are considering similar prohibitions.
Let’s look at a couple issues involved:
Privacy Statutes. The problem with coerced access to private web pages is that juries and judges may view it as unsavory, even repugnant. A judge or a jury may then expand the reach of an existing statute to find the practice is illegal.
For example, the U.S. Stored Communications Act makes it illegal to intentionally access without authorization a facility through which an electronic communication is provided.
The law is aimed at hackers. But a New Jersey jury found that an employer knowingly and purposely accessed the personal account of an employee in violation of the federal act when the worker was required to reveal a password for a social-media account.
The Stored Communications Act calls for no liability if the conduct was authorized. However, the court found that the employee was essentially coerced into providing the password. Because the authorization was not freely given, the court saw no valid permission that would allow the employer to rely on the statute’s authorization exception.
A court or a jury that finds the practice of requiring private log-in credentials distasteful easily can stretch a federal or state privacy statute to find an employer liable on the same theory used by the New Jersey jury.
Consent at the risk of not getting a job or being disciplined at work is not permission to access private information voluntarily.
Discrimination. Dealers should be concerned with potential discrimination lawsuits when asking or requiring employees and applicants to provide log-in credentials for personal accounts where there may be information that an employer may not otherwise require.
For example, if an applicant is asked in a job interview about marital status, religion or other private matters that are considered off limits, it could be grounds for a lawsuit charging violation of federal anti-discrimination laws because it seeks information that might improperly affect the employer’s hiring decision.
Likewise, an applicant could claim he or she was coerced into providing access to websites that contain personal information the employer was not allowed to consider. The applicant could file a discrimination lawsuit.
Seek legal counsel if your dealership is considering requiring employees or job applicants to provide user names and passwords to private social-media sites.
The practice is clearly illegal in Maryland. It soon may be banned elsewhere. It might lead to a jury considering liability under existing privacy laws. It is not worth all that.
Michael Charapp is a lawyer who represents auto dealers. Based in McLean, VA, he is at (703) 564-0220 or firstname.lastname@example.org.