PasswordIn spring of last year, reports began surfacing that some employers were demanding that current and sometimes prospective employees hand over the log-in credentials or otherwise provide access to their various social media accounts. People were outraged. Such invasions of what many perceive as their personal, albeit, online privacy prompted much debating and the writing of a never-ending slew opinion pieces.

Then something very strange appeared to happen: lawmakers seemed to take note of public opinion and act accordingly. A number of state legislatures began drafting bills that would make it illegal for employers to demand access to the social profiles of their employees and job applicants. Now that the year is 2013, those laws are either taking effect or will do so in the coming months.

A national bill, the Social Networking Online Protection Act (SNOPA), was drafted and introduced by Representative Eliot Engle. According to, Engle’s H.R. 5050 has been referred to committee where lawmakers will either kill it, amend it, or pass it through unchanged. It’s hard to say what the chances are that SNOPA will ever become law, but Govtrack gives it a 12 percent chance of making it out of committee and a three percent chance of passage, based on the percent of overall bills to make it out of committee and pass into law, respectively.

If it ever comes out of committee, SNOPA would “…prohibit employers and certain other entities from requiring or requesting that employees and certain other individuals provide a user name, password, or other means for accessing a personal account on any social networking website.”

State laws banning the practice went into effect Jan. 1 in California and Illinois, according to the National Conference of State Legislatures’ annual list of state laws going into effect on Jan. 1. California’s law officially bans “employers from requiring applicants or employees to disclose social media passwords” while Illinois’s makes it “illegal for an employer to request social networking passwords or account information from an employee or applicant.”

Maryland was the first to pass their own version of the law, but they didn’t get a mention in the NCSL report because theirs went into effect upon passage. Maryland’s quickness to act was unsurprising because it was in that state that the controversial practice came to light in the first place.

Shortly after that, Maryland’s neighbor Delaware passed a bill that prohibited public and private schools not only from mandating that students or applicants provide log-in credentials to social media accounts but also banning these institutions from requiring that students and applicants log-in to their accounts to provide them with direct access to the accounts.

In early December New Jersey’s Governor Chris Christie signed a bill that “Prohibits requirement to disclose user name, password, or other means for accessing account or service through electronic communications devises by institutions of higher education.”

Later in December, Michigan Governor Rick Snyder signed a bill into law that protected “the online privacy of Michiganders by prohibiting employers and educational institutions from asking applicants, employees and students for passwords and other account information used to access private internet and email accounts, including social networks like Facebook and Twitter.”

Categories: Privacy

Comments (4)

  1. Anonymous

    Do these laws also prohibit access to personal accounts of individuals by institutions that obtained credentials by non-consensual means? Such as an employer or a college that captures credentials a person used when on their system or network.

Comments are closed.