Please enjoy this guest post from Travis Crabtree, my colleague in Houston whose practice focuses on internet law. Visit Travis’ blog at www.emedialaw.com
Democratic Texas State Representative Helen Giddings filed a bill prohibiting employers in Texas from asking for social media passwords from applicants and current employees. Texas joins a long list of states that have either passed or proposed similar legislation.
On December 21, 2012, HB 318 was pre-filed. Democratic State Senator Chuy Hinojosa filed the exact bill with the Senate as SB 118. The bills read:
(b) An employer commits an unlawful employment practice if the employer requires or requests that an employee or applicant for employment disclose a user name, password, or other means for accessing a personal account of the employee or applicant, including a personal e-mail account or a social networking website account or profile, through an electronic communication device.
(c) This section does not prohibit an employer from:
(1) maintaining lawful workplace policies governing:
(A) employee usage of employer-provided electronic communication devices, including employee access to personal accounts on those devices; or
(B) employee usage of personal electronic communication devices during working hours;
(2) monitoring employee usage of employer-provided electronic communication devices or employer-provided e-mail accounts; or
(3) obtaining information about an employee or applicant for employment that is in the public domain or that is otherwise lawfully obtained.
Six states already have similar laws and many others are considering similar legislation. The National Conference of State Legislatures has a good resource that tracks what all of the states are doing in this area.
Here are a couple of issues I see with the Texas version.
1. There is no exemption for employers to investigate wrongdoing.
For example, Michigan lays out some exceptions that exclude “Disciplining or discharging an employee for transferring the employer’s proprietary or confidential information or financial data to an employee’s personal internet account without the employer’s authorization”; and “conducting an investigation or requiring an employee to cooperate in an investigation . . .”
2. There is no exemption for highly-regulated industries like securities.
The Michigan law exempts employers “if there is specific information about activity on the employee’s personal internet account, for the purpose of ensuring compliance with applicable laws, regulatory requirements, or prohibitions against work-related employee misconduct.”
3. What about shoulder-surfing?
The statute forbids employers from using “other means for accessing a personal account” but there is a qualifier at the end that seems to limit the employer’s access to the account ”through an electronic communication device.” So, can an employer tell an applicant or employee to log-in to Facebook while I look over your shoulder? It is certainly not clear. Other states take a more direct approach. The California law expressly forbids requiring an employee to “access personal social media in the presence of the employer” which would prevent shoulder surfing.
4. Immunity for employers who can no longer access social media accounts.
I normally advise companies not to use social media to screen applicants unless you have and follow a specific plan. I could foresee, however, that a mishap could happen at work and a creative plaintiff’s lawyer could argue negligent hiring because a social media search would have revealed the employee was racist, sexist, violent, etc. It would make sense then that if employers are prohibited from doing thorough social media research, they should not be held liable for failing to do so if something went wrong. Michigan has addressed this in its version by stating:
Sec. 7. (1) This act does not create a duty for an employer or educational institution to search or monitor the activity of a personal internet account.
(2) An employer or educational institution is not liable under this act for failure to request or require that an employee, a student, an applicant for employment, or a prospective student grant access to, allow observation of, or disclose information that allows access to or observation of the employee’s, student’s, applicant for employment’s, or prospective student’s personal internet account.
5. What about students?
Many of the bills apply the same rules to secondary school, colleges and universities. If we care about privacy, shouldn’t we apply it to them as well. These are just a few issues and I still question whether this a fix in search of a problem. Yes, there have been one or two publicized incidents of employers demanding access to social media accounts. But, I’m not the only one that questions whether laws forbidding requests for social media accounts are necessary. As the economy recovers, I would think this is something the market will handle. Besides, I see certain positions where such requests would be encouraged such as youth camp counselors or mental health providers, security personnel and employees for religious institutions.
This is the second part of our Texas Leg Watch 2013. The Texas Legislature meets every odd year, so we will monitor any bills of interest to the online media, marketing and start-up community. Our first post looked at a proposal that would allow civil lawsuits to be brought against internet online advertisements that resulted in human trafficking perhaps usurping the federal Communications Decency Act protections.