A New Kind of Password Protection: Maryland Does It First

On April 1, 2012, Maryland’s House of Representatives and Senate passed a bill (User Name and Password Privacy Protection and Exclusions) banning employers from requiring employees and job applicants from disclosing their user names and passwords for social media accounts.


Obtaining this information had become a standard practice for some public employers, such as the Maryland Department of Public Safety and Correctional Services (DPSCS). The issue received attention after an incident in which a former employee was asked to provide his Facebook username and password as a pre-requisite to being rehired by DPSCS after taking a voluntary leave. After the Maryland ACLU became involved, the DPSCS temporarily suspended the practice, allowing applicants to voluntarily participate in a review of their social media accounts.

If Governor O’Malley signs this bill into law, an employer will be prohibited from requesting or requiring an employee or job applicant to disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device (i.e. computer, laptop, smart phone or any other device that can access the internet) unless the employee uses a service that can access the employer’s computer or information systems. Additionally, it prohibits an employer from threatening to fire, firing or penalizing an employee for refusing to disclose such information.

Proponents of the legislation have likened these disclosure procedures to an invasion of privacy akin to phone-tapping or reading an employee’s personal diary. They are hopeful that the law will set a strong precedent in favor of privacy.

On the national level, U.S. senators have called for a federal investigation of this employment practice. Facebook’s Chief Privacy Officer, Erin Egan, released a statement in March saying that the company would take legal action if it felt privacy of its users’ accounts were infringed upon. In response to the recent hype, Facebook has revised its Statement of Rights and Responsibilities, making it a violation to share or solicit a Facebook password. Other states have proposed similar legislation to ban the practice.