Maryland became the first state to enact legislation prohibiting employers from requesting or requiring an employee or applicant to disclose any user name, password, or other means for accessing Facebook or any other similar service. The legislation was prompted by a state agency’s policy of demanding prospective employees disclose their user names and passwords to social media websites as part of its background investigation process. The agency had discontinued the practice after an employee claimed that the practice was a violation of his personal privacy.

Employers are prohibited from requesting or requiring an employee or applicant to disclose a user name, password, or any other means of accessing Facebook or similar on-line accounts or other service through an “electronic communications device” (defined as “computers, telephones, personal digital assistants, and other similar devices”). Employers cannot refuse to hire an applicant or discharge, discipline or otherwise penalize an employee who refuses to disclose any user names and passwords relating to a personal account or service.

Under this law, employers may require an employee to disclose any user names, passwords or other means for accessing an employee’s “non-personal” accounts related to the employer’s computer or information systems. Further, employers are not prohibited from acting upon and investigating information it may receive regarding an employee’s unauthorized downloading of proprietary or financial data or conducting an investigation for the purposes of ensuring compliance with applicable securities or financial law or regulatory requirements.

All private and public employers are covered.   The law becomes effective October 1, 2012.