Maryland Is First State to Restrict Employer Demands for Employee, Applicant Passwords

Bloomberg Law for HR Professionals is a complete, one-stop resource, continuously updated, providing HR professionals with fast answers to a wide range of domestic and international human resources...

By Kathy Lundy Springuel  


ANNAPOLIS, Md.--Maryland Gov. Martin O'Malley (D) May 2 signed the nation's first law regulating employers' ability to demand that employees or prospective employees disclose their “user name, password, or other means for accessing a personal account or service through an electronic communications device.”

The statute was adopted in identical, companion bills--S.B. 433 and H.B. 964--that passed April 6 and April 7 in the Maryland Senate and House, respectively (30 HRR 401, 4/16/12).

The new law takes effect Oct. 1 and applies to employers engaged in “a business, an industry, a profession, a trade, or other enterprise in the state,” as well as state and local governments.

Similar measures are pending in a number of states, including California, Illinois, Minnesota, and New York.

New Employee, Employer Rights.

Under the statute, employers may not discharge, discipline, or otherwise penalize an employee for refusing to disclose password information covered by the legislation; nor may they refuse to hire an applicant for such refusal.

The law distinguishes between an employee's personal accounts and any “nonpersonal accounts or services that provide access to the employer's internal computer or information systems.” For the latter, an employer may require an employee to disclose user names and passwords.

The new law bars employees from downloading “unauthorized employer proprietary information or financial data to an employee's personal website, an internet website, a web-based account, or a similar account.”

The statute reserves an employer's right to conduct an investigation--based on the receipt of information about an employee's use of various types of websites for business purposes--to ensure “compliance with applicable securities or financial law, or regulatory requirements.”

Employers also retain the right to investigate an employee's actions with regard to the downloading of unauthorized employer proprietary information or financial data.

By Kathy Lundy Springuel  

Text of S.B. 433 is available at H.B. 964 is available at

Request Bloomberg Law for HR Professionals