New Maryland Law Bars Employers from Requesting Login Information for Personal Accounts | Practical Law

New Maryland Law Bars Employers from Requesting Login Information for Personal Accounts | Practical Law

On May 2, 2012, Maryland became the first state to bar employers from seeking login information from employees or applicants for personal electronic accounts, including social media accounts, when Governor Martin O'Malley signed the User Name and Password Privacy Protection and Exclusions law. The law also prohibits employees from downloading an employer's proprietary information. The law is scheduled to take effect on October 1, 2012.

New Maryland Law Bars Employers from Requesting Login Information for Personal Accounts

by PLC Labor & Employment
Published on 03 May 2012Maryland
On May 2, 2012, Maryland became the first state to bar employers from seeking login information from employees or applicants for personal electronic accounts, including social media accounts, when Governor Martin O'Malley signed the User Name and Password Privacy Protection and Exclusions law. The law also prohibits employees from downloading an employer's proprietary information. The law is scheduled to take effect on October 1, 2012.
On May 2, 2012, Maryland became the first state to bar employers from seeking login information from employees or applicants for personal electronic accounts, including social media accounts, when Governor Martin O'Malley signed the User Name and Password Privacy Protection and Exclusions law. The law is scheduled to take effect on October 1, 2012.
Under the new law, employers engaged in business in Maryland may not:
  • Request or require that an employee or applicant disclose user names, passwords or other means for accessing personal accounts or services through an electronic communications device.
  • Discharge, discipline or otherwise penalize an employee, or threaten to do so, for the employee's refusal to disclose protected login information.
  • Fail or refuse to hire an applicant as a result of the applicant's refusal to disclose protected login information.
However, the law expressly permits an employer to require employees to turn over login information for non-personal accounts and services that provide access to the employer's own computer or information systems.
Additionally, the law does not prevent employers from investigating employees based on the receipt of information about:
  • The use of an internet site or web-based account by an employee for business purposes, if the investigation is for the purpose of ensuring compliance with securities or financial law, or regulatory requirements.
  • The unauthorized downloading of an employer's proprietary information or financial data to an internet site or web-based account.
The law also prohibits employees from downloading employer proprietary information or financial data to personal accounts or websites without authorization.
Several other states are currently considering similar laws, including New York, New Jersey, Massachusetts, California, Illinois, Minnesota and Washington. Congress began consideration of similar legislation in April.

Practical Implications

Maryland employers and those employers that do business in Maryland should review their employment and hiring policies to ensure that employees and applicants are not asked for or required to provide prohibited login information. Although the law does not specifically provide that employees and applicants may sue employers who violate the law, employees aggrieved by a violation may be able to bring a claim for wrongful discharge.
With similar laws under consideration elsewhere, all employers should keep informed of legislative developments at the state and national levels.