Social Media Privacy Legislation Update

Posted on by Stephen Wu

Back in March, I wrote about new legislation at the state level that would prohibit employers from asking job applicants for their social media user names and passwords.  Legislatures in eleven states have introduced social media privacy bills, and in one state, Maryland, one of the bills has become law.

The idea behind these laws is that when employers demand that a job applicant disclose his or her social media login information, it is an invasion of the applicant's privacy.  The bills also protect people that have already been hired as employees. 

Employers should now review their hiring and employment policies to make sure they do not run afoul of these laws.  Employers' training practices should also include a disussion of this legislation.  As I said in March, I am telling my clients not to ask for Facebook or other social media login information. 

The table below summarizes the federal and state legislation currently pending.

Some bills also protect students in post-secondary educational institutions.  Under these bills, educational institutions may not ask students for social media website login information. 

Some bills have certain carve-outs, which are noted below.

Finally, all of the state bills prohibit employers from asking for passwords either broadly cover passwords to Internet applications or cover “social media websites” and define “websites” to include Internet applications.  The bill in the U.S. House of Representatives, however, does not contain such a broad definition.  Therefore the House bill leaves open the possibility that an employer could ask for a user name/password combination for a Facebook application on a cell phone or tablet.  Applications are not technically “websites.”  Therefore, under a narrow reading of the House bill’s language, login information for iOS and other mobile device applications is not covered. 






Passed Legislation

MD SB 433

Codified at Md. Lab. & Empl. Code § 3-712.


Carve-outs for regulatory investigations and investigations of unauthorized access to employer information.

Federal Bills

3074, Password Protection Act of 2012

Referred to Committee on Health, Education, and Labor on 5/9/12


Grafts protection onto the Computer Fraud and Abuse Act, 18 U.S.C. § 1030.  Carve-outs for discharges for good cause, states that opt out of the federal law, and classified information.

H.R. 5050, Social Networking Online Privacy Act

Referred to House Committee on Education and the Workforce on 4/27/12


Does not define “social networking website” implying that passwords for mobile device apps are not covered.

State Bills

CA AB 1844

Passed Assembly.  Introduced in Senate on 5/10/12



CA SB 1349

Set for hearing in Senate Appropriations Committee.

Employers and education


DE HB 308

Reported out of Telecommunication, Internet & Technology Committee on 5/18/12


Carve-out for financial institutions investigation.

IL HB 3782

Passed the House.  Passed out of Senate Labor Committee.  Ready for third reading in IL Senate.


Carve-outs for employer workplace policies, monitoring employer’s equipment and email, and public domain information.

MA HB 4323

Introduced 3/23/12


Carve-out for employer workplace policies.

MD HB 364

Apparently abandoned in favor of SB 433



MI HB 5523

Referred to Committee on Energy and Technology on 3/29/12

Employers and education

Violation is a misdemeanor with up to $1000 fine.

MN SF 2565/HF2963

Referred to Senate Jobs and Economic Growth Committee on 3/27/12 and House Commerce and Regulatory Reform Committee on 3/26


Carve-out for employer workplace policies.

NJ A2878

Reported out of Assembly Consumer Affairs Committee



NJ A2879

Reported out of Assembly Consumer Affairs Committee



NY A 9654

Reported out of Labor Committee 5/8/12



NY S 6831

Referred to Labor Committee 3/27/12



SC H. 5105

Referred to Judiciary Committee 3/29/12



WA SB 6637

Reintroduced 4/11


Civil actions can seek $500 penalty plus damages. Carve-out for public domain information.

 Stephen Wu

Partner, Cooke Kobrick & Wu LLP

Stephen Wu

Shareholder, Silicon Valley Law Group


risk management law privacy

More Related To This

Share With Your Community