Maryland Is First State to Restrict Employer Demands for Employee, Applicant Passwords

Stay informed and ready to meet both everyday challenges and long-term planning and policy-making goals, with focused news, practical information, and strategic insights on all HR-related developments.

 

By Kathy Lundy Springuel  

 

ANNAPOLIS, Md.--Maryland Gov. Martin O'Malley (D) May 2 signed the nation's first law regulating employers' ability to demand that employees or prospective employees disclose their “user name, password, or other means for accessing a personal account or service through an electronic communications device.”

The statute was adopted in identical, companion bills--S.B. 433 and H.B. 964--that passed April 6 and April 7 in the Maryland Senate and House, respectively (30 HRR 401, 4/16/12).

The new law takes effect Oct. 1 and applies to employers engaged in “a business, an industry, a profession, a trade, or other enterprise in the state,” as well as state and local governments.

Similar measures are pending in a number of states, including California, Illinois, Minnesota, and New York.

New Employee, Employer Rights.

Under the statute, employers may not discharge, discipline, or otherwise penalize an employee for refusing to disclose password information covered by the legislation; nor may they refuse to hire an applicant for such refusal.

The law distinguishes between an employee's personal accounts and any “nonpersonal accounts or services that provide access to the employer's internal computer or information systems.” For the latter, an employer may require an employee to disclose user names and passwords.

The new law bars employees from downloading “unauthorized employer proprietary information or financial data to an employee's personal website, an internet website, a web-based account, or a similar account.”

The statute reserves an employer's right to conduct an investigation--based on the receipt of information about an employee's use of various types of websites for business purposes--to ensure “compliance with applicable securities or financial law, or regulatory requirements.”

Employers also retain the right to investigate an employee's actions with regard to the downloading of unauthorized employer proprietary information or financial data.

By Kathy Lundy Springuel  


Text of S.B. 433 is available at http://op.bna.com/dlrcases.nsf/r?Open=mcan-8twvjt. H.B. 964 is available at http://op.bna.com/dlrcases.nsf/r?Open=mcan-8twvm4.