Delaware has joined several other States in proposing a Facebook privacy law, which would prohibit Delaware employers from requesting access to a candidate's Facebook or other social-networking site.
In some ways, the bill is similar to the Maryland law, which was the first of its kind to be passed into law, and the federal version currently pending in Congress (SNOPA). For example, the Delaware bill would prohibit employers from "requiring or requesting" that any "employee or applicant" disclose his or her social-networking-site password.
The bill goes further, though. Here are some of the more troublesome provisions of the proposed law:
1. The law prohibits employers from requiring or requesting that the user disclose "any other related account information."
This would seem to prohibit an employer from even asking whether the candidate has a Facebook account. There does not seem to be a legitimate reason for such a broad-sweeping prohibition. Moreoever, employers may have good reason to want to know whether an applicant has a Facebook or LinkedIn account. Additionally, isn't this information public in any event, even if access to the account's contents may be restricted?
2. The law also prohibits employers from requiring or requesting that a user log into a social-networking account in the empoyer's presence "so as to provide the employer access" to the user's account or profile.
This, in my opinion goes too far. Although I am not an advocate of this approach, it is not and should not be unlawful. There are certain industries and professions (i.e., the financial sector and law enforcement), that, in some cases, have a legitimate interest in a candidate's online activities. The employer should have the right to gain limited and temporary access the candidate's profile, provided the employer does so in a legitimate and responsible manner.
3. The law also prohibits employers from "accessing" a user's social-networking profile or account "indirectly" through the user's online friend or connection.
Again, this goes too far. And, in my opinion, has deeply troubling (and, likely, unintended), potential consequences. The worst-case scenario would go as follows: Employee reports to Employer that Coworker Posted on Coworker's Facebook profile that Coworker intends to cause harm to his supervisor. The employer has not just a right but a legal duty to prevent workplace violence and would be legally obligated to take stepst to prevent Coworker from carrying out this threat.
But the employer cannot simply fire Coworker based only on Employee's unverified report. It would need to first investigate the Coworker's claim. Most commonly, an employer will do this by asking the reporting Employee to pull up his own Facebook account for the purpose of showing Employer the allegedly threatening post of Coworker. But this provision of the proposed law would prohibit the employer from doing this.
Alternatively, Employer could call in Coworker and ask him whether he posted the threat as reported by Employee. But if Coworker denies making the post, Employer has no recourse and is forced to take him at his word because Employer would be prohibited from "requiring or requesting" that Employee log into the account to clear up the allegation. This, also, is an unsatisfactory result.
The scenarios go on and on. Consider, for example, a report of employee theft. Or an employee who is posting HIPPA-protected personal health information. Or an employee who is posting the employer's trade secrets? The employer would be without recourse in each scenario.
And, making it worse yet, the law would prohibit employers from "discharging, disciplining, or otherwise penalizing, or threatening to discharging, disciplining, or otherwise penalizing" an employee for his or her refusal to provide access.
Although I am not opposed to laws that prohibit employers and educational institutions from demanding an individual's password or log-on information, this bill, as currently drafted, goes far, far beyond what its sponsors likely intended.
I'll be sure to keep readers posted as developments occur.
In the meantime, you can read about what is happening around the country with regard to the issue of "Facebook-privacy laws" here:
Maryland Law Makes It Unlawful to Request Facebook Passwords
Employers Who Demand Facebook Passwords from Employees. Oy Vey.
California Law Moves Closer to Prohibiting Employers From Requesting Facebook Passwords From Applicants
More States Consider Facebook-Privacy LawsShould Cyberscreening by Employers Be Legislated?
Lawfulness of Employers' Demands for Employees' Facebook Passwords
Federal Legislation, SNOPA, Would Prohibit Employers from Facebook Snooping