Social Networking Online Protection Act -Information & Commentary

Government Bill HR 537 Will Protect the Privacy of Job Applicants, Employees, Applicants to Educational Institutions and Those Enrolled 

By: Michael Hennis

 Author Note: This assignment is prepared for CMN 6035 Legal, Policy & Ethical Issues in the Digital Age. Correspondence concerning this essay should be communicated by email to Michael Hennis.  Contact: hennis.m@husky.neu.edu  

The U.S. House of Representatives’ Eliot Engel, Representative (D-NY16), created bill  HR 537 for the proposed Social Networking Online Protection Act, which will protect the privacy of job applicants and employees by preventing employers from requesting and obtaining social media passwords and userIDs from applicants and employees. The proposed act will also protect applicants to educational institutions and those already enrolled. The present status as of March, 2013 is that

“Congressman Eliot Engel (D-NY-16), Congresswoman Jan Schakowsky (D-IL-9), and Congressman Michael Grimm (R-NY-11) have re-introduced legislation to protect the users of social networking sites from having to divulge their personal information to employers, schools and universities.  SNOPA, the Social Networking Online Protection Act, protects people already employed or enrolled, and those seeking employment or admittance, or those facing disciplinary action, from being required to give passwords or other information used to access their online accounts (Rosenberg, 2013).”

Please see the full text of HR 537 (Civic Impulse, 2013), in Appendix B on page 10 of this paper.

The stakeholders of HR 537 are: Primarily all employees, applicants for employment, all students of and applicants to educational institutions, the U.S. government and the state governments of all 50 United States and U.S. territories, and specifically their judiciaries. Also all employers and educational institutions are stakeholders, and secondarily all the family members of employees, job applicants, students and school applicants are stakeholders.

Employees want to maintain their own privacy and the practical separation of their private life from their public and work life. So do job applicants, in order to have the fairest opportunity to obtain the gainful employment they seek. Current students also want to maintain the practical separation of their own private life from their public academic work life. Applicants to educational institutions desire to have the fairest opportunity to obtain the education they seek. The federal and state governments seek to protect the privacy of citizens and ensure provision of equal opportunities for employment and education to them, and seek to preserve their rights to free speech.

Some employers and educational institutions find it of interest to themselves to access information about applicants, employees or students, and their decisions may be affected by that information which is not public that they learn about employees, applicants or students. Their related decisions may affect the likelihood of hiring applicants, continuing employment and promotion of current workers, or of admitting students, or maintaining engagement and financial support of current students. Employers and educational institutions demanding access to the email or social network userIDs or passwords of employees, applicants or students, would have an unavoidable influence on private communications of employees, applicants or students, impeding their free speech. These are unethical activities, influences and outcomes unfairly affecting our citizenry.

‘Back in 2010, Robert Collins was returning to his job as a security guard at the Maryland Department of Public Safety and Correctional Services after taking a leave following his mother’s death. During a reinstatement interview, he was asked for his login and password, purportedly so the agency could check for any gang affiliations. He was stunned by the request but complied. “I needed my job to feed my family. I had to,” he recalled. After the ACLU complained about the practice, the agency amended its policy, asking instead for job applicants to log in during interviews. “To me, that’s still invasive. I can appreciate the desire to learn more about the applicant, but it’s still a violation of people’s personal privacy,” said Collins, whose case inspired Maryland’s legislation (Valdes & McFarland, 2012).’ ‘Maryland enacted the first law passed, which became active in 2012: It prohibits an employer from requesting or requiring that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through specified electronic communications devices; bars an employer from taking, or threatening to take, specified disciplinary actions for an employee’s refusal to disclose specified password and related information; and bans an employee from downloading specified information or data; etc. (Ballman, 2013).’

Citizens of 36 states have suffered a loss of privacy in their own social media accounts or email accounts from requirements of prospective or current employers, and current or prospective educational institutions – and those citizens have filed successful lawsuits against the employers or educational institutions. While the lawsuits against employers and educational institutions (who have required applicants, employees and students to provide their userIDs and/or passwords to their email or social media accounts) are too numerous to detail here, 36 states have responded to the deluge of legal actions of citizens, by drafting legislation to prohibit employers and educational institutions from requesting and obtaining social media passwords and userIDs from employees, applicants and students.

While HR 537 is processing in the United States House of Representatives:

“As of October 23, 2013, legislation has been introduced or is pending in at least 36 states. Ten states–Arkansas, Colorado, Illinois, Nevada, New Jersey, New Mexico, Oregon, Utah, Vermont and Washington–have enacted legislation so far in 2013 (Vermont’s legislation provides for a study only). Florida S.B. 198 and H.B. 5001 have been pre-filed for the 2014 legislative session (National Council of State Legislatures [NCSL], 2013).”

Please see the existing legislation details by state in Appendix A on page 7. This indicates that it appears inevitable that HR 537 or a virtually identical act will be passed into law soon, and will trump all similar state laws already in effect.

Conclusions

         The majority of states are seeing citizens succeed in winning lawsuits against employers and educational institutions who have required them to divulge their userIDs or passwords to their own social network accounts or email accounts. Those states have themselves drafted legislation prohibiting these practices, and ten states now have such laws successfully passed into effect, making these practices illegal. The U.S. Government has responded in parallel by the House of Representatives drafting HR 537 likewise, to declare in SNOPA these practices to be illegal in all 50 United States and U.S. Territories, in order to protect the privacy of citizens and to also ensure their equal opportunities for employment and access to education. It is likely that HR 537 or virtually identical U.S. legislation will pass in 2013 or shortly thereafter.

 Editorial Opinion

         I feel strongly that it is quite inappropriate for employers to ask applicants or employees for their social media usernames, and I feel and it is even more inappropriate for employers to ask applicants, employees or students for their social media passwords. The same are my views regarding asking applicants, employees or students for their private email account IDs or private email account passwords. For information similarly private to an individual, there are already federal laws prohibiting prospective or current employers from asking applicants or employees about several kinds of it. Since prospective or current employers are already legally prohibited from asking applicants or employees about some private items of information, an employee or applicant should not be asked to provide private information such as any of their own private usernames, and certainly should not be asked to provide any of their own private passwords. This is in the realm of simple common sense. Why should anyone give out their own private secrets (e.g. passwords, or private username) when it is widely held by internet security professionals that the first rule and advice for private passwords is: Never give your password to anyone else, and most certainly do not ever give your password to a stranger! Internet professionals in commerce and in security also openly advise that it is wise for individuals when creating personas on social media, to not use their own legally given name. Why: To protect their privacy, and to protect themselves from potential unfair actions, crimes, or torts against themselves. There are courses on social media networking, that advise in the first steps of establishing your persona, for you to turn on medium to high security, and that tell you “do not give others your password access into your profile”. This is because if you were to give them your username and your password, then they could change items in your profile. When you give your username and your password away, you aren’t in control of your “internet self” anymore. Someone else can do the driving, as well as the nosy snooping. This is not in any private person’s best interest. I am 100% for federal protection of the privacy of all applicants, employees and students, because I believe this protection to be fundamental: I would not leave this basic legislative need to the states to haggle over.

Unfortunately sometimes users, their siblings, friends, or others, have, and will continue to alter or place questionable material on private individuals’ social pages. It’s also true that young (and some not so young) social media users will make mistakes posting material on their pages. Those lapses in judgment need to remain more private than public.

Michael Hennis works in process automation as a manager of manufacturing test engineering, where electronic and mechanical manufacturing processes are developed, and assists the product development engineering practice. He is a graduate student in the communications program at Northeastern University, College of Professional Studies.

 Appendices

Appendix A

The following legislation details by state are listed courtesy of the National Council of State Legislatures:

Arkansas
H.B. 1901
Status: April 22, 2013; Signed by Governor. Act 1480
Prohibits an employer from requiring or requesting a current or prospective employee from disclosing his or her username or password for a social media account.

H.B. 1902
Status: April 8, 2013;  Signed by Governor. Act 998 
Prohibits an institution of higher education from requiring or requesting a current or prospective employee or student from disclosing his or her username or password for a social media account.

Colorado
H.B. 1046
Status: May 11, 2013; Signed by Governor. Chapter 195
Concerns employer access to personal information through electronic communication devices.

Illinois
H.B. 64
Status: Aug. 2, 2013; Signed by Governor. Public Act No. 129
Creates the Privacy in the School Setting Act. Defines “school” as an institution of higher learning as defined in the Higher Education Student Assistance Act, a public elementary or secondary school or school district, or a nonpublic school recognized by the State Board of Education. Provides that it is unlawful for a school to request or require a student or prospective student or his or her parent or guardian to provide a password or other related account information in order to gain access to the student’s or prospective student’s account or profile on a social networking website or to demand access in any manner to a student’s or prospective student’s account or profile on a social networking website.

S.B. 2306
Status: Aug. 16, 2013; Signed by Governor. Public Act No. 501 
Amends the Right to Privacy in the Workplace Act; provides that the restriction on an employer’s request for information concerning an employee’s social networking profile or website applies to only the employee’s personal account; defines terms; provides that employers are not prohibited from complying with the rules of self-regulatory organizations.

Nevada
A.B. 181
Status: June 13, 2013; Signed by Governor. Chapter 548. 
Makes various changes to provisions governing employment practices.

New Jersey
A.B. 2878
Status: Aug. 28, 2013; Signed by Governor. Chapter No. 2013-155

Prohibits requirement to disclose user name, password, or other means for accessing account or service through electronic communications device by employers.

New Mexico
S.B. 371
Status: April 5, 2013; Signed by Governor. Chapter 222
Relates to employment; prohibits prospective employers from requesting or requiring a prospective employee to provide a password or access to the prospective employee’s social networking account.

S.B. 422
Status: April 5, 2013; Signed by Governor. Chapter 223
Relates to education; prohibits public and private institutions of post-secondary education from requesting or requiring a student, applicant or potential applicant for admission to provide a password or access to the social networking account of the student or applicant for admission.

Oregon
H.B. 2654
Status: May 22, 2013;  Signed by Governor. Chapter 204
Prohibits an employer from compelling employee or applicant for employment to provide access to personal social media account or to add employer to social media contact list; prohibits retaliation by employer against employee or applicant for refusal to provide access to accounts or to add employer to contact list; prohibits certain educational institutions from compelling student or prospective student to provide access to personal social media account.

S.B. 344
Status: June 13, 2013; Signed Governor. Chapter 408.
Provides that a public or private educational institution may not require, request or otherwise compel a student or prospective student to disclose or to provide access to a personal social media account.

Utah
H.B. 100
Status: March 26, 2013; Signed by Governor. Chapter 94.
Modifies provisions addressing labor in general and higher education to enact protections for personal Internet accounts; enacts the Internet Employment Privacy Act, including defining terms, permitting or prohibiting certain actions by an employer; provides that the chapter does not create certain duties; provides private right of action; enacts the Internet Postsecondary Education Privacy Act.

Vermont
S.B. 7
Status: June 3, 2013.; Signed by Governor. Act 47. 
Relates to social networking privacy protection.

Washington
S.B. 5211
Status: May 21, 2013; Signed by Governor.  Chapter 330. 
Relates to employment practice; requires an employer cannot require any employee or prospective employee to submit any password or other related account information in order to gain access to the individual’s personal social networking website account or profile.

Appendix B

HR 537 Defined: Here is the full text of the U.S. Social Networking Online Protection Act.

113th CONGRESS

1st Session

H. R. 537

IN THE HOUSE OF REPRESENTATIVES

February 6, 2013

Mr. Engel (for himself, Ms. Schakowsky, Mr. Grimm, Mr. Tonko, Mr. Ellison, and Ms. Pingree of Maine) introduced the following bill; which was referred to the Committee on Education and the Workforce

A BILL

To prohibit employers and certain other entities from requiring or requesting that employees and certain other individuals provide a user name, password, or other means for accessing a personal account on any social networking website.

1. Short title

This Act may be cited as the Social Networking Online Protection Act.

2. Employer Access to Personal Accounts on Social Networking Websites

(a) Conduct prohibited

It shall be unlawful for any employer—

(1) to require or request that an employee or applicant for employment provide the employer with a user name, password, or any other means for accessing a private email account of the employee or applicant or the personal account of the employee or applicant on any social networking website; or

(2) to discharge, discipline, discriminate against in any manner, or deny employment or promotion to, or threaten to take any such action against, any employee or applicant for employment because—

(A) the employee or applicant for employment refuses or declines to provide a user name, password, or other means for accessing a private email account of the employee or applicant or the personal account of the employee or applicant on any social networking website; or

(B) such employee or applicant for employment has filed any complaint or instituted or caused to be instituted any proceeding under or related to this Act or has testified or is about to testify in any such proceeding.

(b) Enforcement 

(1) Civil Penalties

(A) In general

Subject to paragraph (2), any employer who violates any provision of this Act may be assessed a civil penalty of not more than $10,000.

(B) Determination of amount

In determining the amount of any penalty under paragraph (1), the Secretary of Labor shall take into account the previous record of the person in terms of compliance with this Act and the gravity of the violation.

(C) Collection

Any civil penalty assessed under this subsection shall be collected in the same manner as is required by subsections (b) through (e) of section 503 of the Migrant and Seasonal Agricultural Worker Protection Act (29 U.S.C. 1853) with respect to civil penalties assessed under subsection (a) of such section.

(2) Injunctive Actions by the Secretary of Labor

The Secretary of Labor may bring an action under this section to restrain violations of this Act. In any action brought under this section, the district courts of the United States shall have jurisdiction, for cause shown, to issue temporary or permanent restraining orders and injunctions to require compliance with this Act, including such legal or equitable relief incident thereto as may be appropriate, including, employment, reinstatement, promotion, and the payment of lost wages and benefits.

3. Institution of higher education access to personal accounts on social networking websites

Section 487(a) of the Higher Education Act of 1965 (20 U.S.C. 1095(a)) is amended by adding at the end the following:

(30)      (A)

The institution will not—

(i) require or request that a student or potential student provide the institution with a user name, password, or any other means for accessing a private email account of the student or potential student or the personal account of the student or potential student on any social networking website; or

(ii) discharge, discipline, discriminate against in any manner, or deny admission to, suspend, or expel, or threaten to take any such action against, any student or potential student because—

(I) the student or potential student refuses or declines to provide a user name, password, or other means for accessing a private email account of the student or potential student or the personal account of the student or potential student on any social networking website; or

(II) such student or potential student has filed any complaint or instituted or caused to be instituted any proceeding under or related to this paragraph or has testified or is about to testify in any such proceeding.

(B) For purposes of this paragraph, the term social networking website has the meaning given such term in section 5(2) of the Social Networking Online Protection Act .

4. Local educational agency access to personal accounts on social networking websites

(a) In general

Subpart 2 of part E of title IX of the Elementary and Secondary Education Act of 1965 (20 U.S.C. 1094 et seq.) is amended by adding at the end the following new section:

9537.

Prohibition on access to personal accounts of students

(a) In general

No local educational agency receiving funds under this Act may—

(1) require or request that a student or potential student provide the agency or a school served by the agency with a user name, password, or any other means for accessing a private email account of the student or potential student or the personal account of the student or potential student on any social networking website; or

(2) discharge, discipline, discriminate against in any manner, or deny admission to, suspend, or expel, or threaten to take any such action against, any student or potential student because—

(A) the student or potential student refuses or declines to provide a user name, password, or other means for accessing a private email account of the student or potential student or the personal account of the student or potential student on any social networking website; or

(B) such student or potential student has filed any complaint or instituted or caused to be instituted any proceeding under or related to this paragraph or has testified or is about to testify in any such proceeding.

(b) Definition

For purposes of this subsection, the term social networking website has the meaning given such term in section 5(2) of the Social Networking Online Protection Act.

(b) Clerical amendment

The table of contents for the Elementary and Secondary Education Act of 1965 (20 U.S.C. 6301 et seq.) is amended by inserting after the item relating to section 9536, the following new item:

Sec. 9537. Prohibition on access to personal accounts of students.

5. Definitions

As used in this Act—

(1) the term employer means any person acting directly or indirectly in the interest of an employer in relation to an employee or an applicant for employment; and

(2) the term social networking website means any Internet service, platform, or website that provides a user with a distinct account—

(A) whereby the user can access such account by way of a distinct user name, password, or other means distinct for that user; and

(B) that is primarily intended for the user to upload, store, and manage user-generated personal content on the service, platform, or website.

—————————————————————————————-

Works Cited

Ballman, D. (2013). Can Your Employer Demand Your Social Media Passwords? Jobs.aol.com. Posted Jan 30th 2013 @ 9:50AM. Retrieved from http://jobs.aol.com/articles/2013/01/30/employer-social-media-passwords/

Civic Impulse, LLC. (2013). 113th Congress Bills, HR537. Govtrack.Us. Retrieved from  https://www.govtrack.us/congress/bills/113/hr537/text

NCSL (2013). Employer Access to Social Media Passwords. National Council of State Legislatures. Retrieved from http://www.ncsl.org/research/telecommunications-and-information-technology/employer-access-to-social-media-passwords-2013.aspx

Rosenberg, E. (2013). HR 537. Advanced Reporting: Professional Background Screening Services.   Retrieved from http://advrep.com/2013/03/29/hr537/

Valdes, M., & McFarland, S. (2012). Job Seekers Getting Asked For Facebook Passwords. The Associated Press/Jobs.aol.com. Posted Mar 20th 2012 @ 8:42AM. Retrieved from http://jobs.aol.com/articles/2012/03/20/job-seekers-getting-asked-for-facebook-passwords/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s