Tuesday, September 4, 2012 by Laura Arredondo-Santisteban
Earlier this year, Senators Richard Blumenthal (D-CT) and Chuck Schumer (D-NY) introduced into the House of Representatives and Senate a bill amending the Computer Fraud and Abuse Act called the Password Protection Act of 2012. The bill would make it a federal crime for employers to “knowingly and intentionally” coerce any person to authorize access, such as provide their password, to a computer that is not the employer’s computer for the purposes of hiring, promoting, or firing.
“In an age where more and more of our personal information—and our private social interactions—are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from would-be employers,” Senator Schumer said in an Associate Press statement.
The American Civil Liberties Union hails the bill as a ‘Good Start Against Employer Snooping,’ but states that the bill still contains many weaknesses, such as a lack of protection for students. The ACLU notes that the bill would not cover student-athletes, for whom it is now common for coaches to monitor and access their social media networks. In the wake of the 2011 NCAA investigation of UNC’s football team, many other university sports programs began banning or actively monitoring their student-athletes’ social media sites.
Apart from not offering protection to students, the bill also leaves room for employers to compel employees or job applicants to grant access to their personal sites through employer’s computer that does constitute a “protected computer.” This is significant in cases involving ‘over the shoulder browsing,’ in which employers compel potential employees to log into their personal online accounts on an employer’s computer for the purpose of reviewing the content together.
In an age where more and more of our personal information—and our private social interactions—are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from would-be employers,” Senator Schumer
While criticized as weak in the extent of its coverage, one of the Act’s strengths is that the protections offered are not limited to solely social media sites, but also includes private email accounts and photo-sharing sites. The ACLU praises the Act as being largely technology-neutral, allowing it to remain applicable despite the constant evolution of technology.
Separately, states have begun enacting their own privacy measures in an effort to protect workers’ and their online social networking accounts. This past May, Maryland became the first state to sign into law a bill, which prohibits employers from requiring employers or job applicants to provide their usernames, passwords, or any other access to personal sites as a condition for employment. The bill was drafted in response to stories, like those of Robert Collins, who was required to turn over this Facebook password to his employer upon reapplication for his job.
Maryland is not the only state to have enacted legislation protecting workers online privacy. In August 2012, Illinois enacted House Bill 3782, which makes it unlawful for employers to request social network account information, like a password or username, from potential or current employees. Around the same time, California’s state senate unanimously voted in support of a bill similar to Maryland and Illinois, banning employers from requiring access to employees’ and job applicants’ social media accounts, as well as to barring employer retaliation if requests to grant access are denied.
In an age where more and more people are choosing to share personal information with a selected group of viewers online, such legislation at the federal and state level is an important step at reestablishing boundaries between a person’s private and work life. However, the legislation is not without its flaws and should be recognized for what it is: a good step.