Are employee passwords sacrosanct?
Er, maybe not.
A Look at Employer Access to Employee Passwords
Employee passwords have become a new battleground. Because this issue has begun to crop up, and it will only continue to do so.
So does your employer have a right to your social media passwords?
So before you reflexively say no, hold the phone. Because the truth is, unless the law expressly forbids it, companies can. They can take advantage of a less than stellar economy and less than powerful employees.
As a result, they can demand access into social media accounts and employee passwords. Hence a variety of bills have been introduced around the United States in an effort to address this matter.
Let’s look at Massachusetts.
First of all, here in the Bay State, legislation is pending. This includes H.B 448, which relates to student data privacy. It also includes, which relates to social media consumer privacy protection. And it includes S.B 1055, which relates to social media privacy protection.
Arkansas and Employee Passwords
Arkansas Ark. Code Ann. § 11-2-124; Code Ark. R. 010.14.1-500 says:
“Employers may not ask or require employees or applicants to disclose their user names or passwords to a personal online account; change the privacy settlings on their accounts…”
California and Employee Passwords
Much like Arkansas, employers can’t get into employees’ social media accounts. But an exception exists for investigations into misconduct, per Cal. Lab. Code § 980.
Colorado’s law is Colo. Rev. Stat. Ann. § 8-2-127, which says:
“Employers can be fined up to $1,000 for the first violation and up to $5,000 for each subsequent violation.”
In Connecticut, the law is Conn. Gen. Stat. Ann. § 31-40x, which says:
“Employers can be fined up to $500 for the first violation and between $500 and $1,000 for each subsequent violation. Employees can be awarded relief, including job reinstatement, payment of back wages, reestablishment of employee benefits, and reasonable attorneys’ fees and costs.”
And in Delaware, the law is Del. Code Ann. tit. 19, § 709A. It’s pretty similar to the law in Arkansas.
So in Illinois, the law is 820 Ill. Comp. Stat. Ann. § 55/10; Ill. Admin. Code tit. 56, §§ 360.110, 360.120.
“If an employer violates the law, an employees and applicants may file a complaint with the Illinois Department of Labor.”
In addition, La. Stat. Ann. §§ 51:1951 to 51:1953, 51:1955 says:
“Employers may not request or require employees or applicants to disclose user names and passwords or other login information for their personal accounts.”
But in Louisiana, it’s okay for employers to push for a look into employee personal online accounts in one instance. This is if there are allegations of misconduct. So stop downloading porn at work!
And this is according to Nolo.
So in Maine, the law is Me. Rev. Stat. tit. 26, §§ 615 to 619.
“An employer that violates the law is subject to a fine from the Department of Labor of at least $100 for the first violation, $250 for the second violation, and $500 for subsequent violations.”
So in Maryland, the law is Md. Code Ann., Lab. & Empl. § 3-712. The provisions are pretty close to those in Arkansas.
And then in Michigan, the law is Mich. Comp. Laws Ann. §§ 37.271 to 37.278.
“Employers that violate the law can be convicted of a misdemeanor and fined up to $1,000. Employees and applicants may also file a civil claim and recover up to $1,000 in damages plus attorney fees’ and court costs.”
And then in Montana, the law is Mont. Code Ann. § 39-2-307.
“An employee or applicant may bring an action against an employer in small claims court for violations. If successful, an employee or applicant can receive $500 or actual damages up to $7,000, as well as legal costs.”
Then in Nebraska, the law is Neb. Rev. Stat. Ann. §§ 48-3501 to 48-3511. This is another law like the one in Arkansas.
But in Nevada, the law is Nev. Rev. Stat. Ann. § 613.135. This one is very short but it specifically includes blogs.
Employee Passwords in New Hampshire
“Employers may not require employees or applicants to change the privacy settings on their email or social media accounts or add anyone to their email or social media contact lists.”
But just like in Louisiana, Granite Staters will have to provide a look-see if there are any misconduct accusations flying around.
Then in New Jersey, the law is N.J. Stat. Ann. §§ 34:6B-5 to 34:6B-10. So it says:
“Employers that violate the law are subject to a fine of up to $1,000 for the first violation and up to $2,500 for each subsequent violation from the New Jersey Labor Commissioner.”
So in New Mexico, the law is N.M. Stat. Ann. § 50-4-34. This one specifically extends to friend lists.
Oklahoma on Employee Passwords
In addition, when it comes to employee passwords, Oklahoma’s Okla. Stat. Ann. tit. 40, § 173.2 says,
“Employers may not require employees or applicants to disclose passwords or other information that provide access to personal online social media accounts or require employees to access personal social media in the presence of the employer. A social media account is an online account used exclusively for personal communications and to generate or store content, including videos, photographs, blogs, instant messages, audio recordings, or email.”
So this is according to the National Conference of State Legislatures.
Then in Oregon, the law is Or. Rev. Stat. Ann. § 659A.330. This is another law like the one in Arkansas.
Furthermore, per R.I. Gen. Laws §§ 28-56-1 to 28-56-6:
“Employees and applicants may file a civil lawsuit for violations. The court can award declaratory relief, damages, reasonable attorneys’ fees and costs, and injunctive relief against the employer.”
So this is beyond the standard where an employer can’t just take a peek whenever they feel like it.
Tennessee on Employee Passwords
And per Tenn. Code Ann. §§ 50-1-1001 to 50-1-1004:
“Employers may not ask or require employees or applicants to disclose passwords to personal online accounts.”
So in Utah, the law is Utah Code Ann. §§ 34-48-101 to 34-48-301. So it says:
“Employees and applicants may file a civil lawsuit against the employer for violations, with a maximum award of $500.”
Virginia and Employee Passwords
So in Virginia, the law is Va. Code Ann. § 40.1-28.7:5. It’s not too far off from Arkansas, but an employer can get employee passwords under the guise of an investigation.
Washington (State) on Employee Passwords
So in Washington State, the law is Wash. Rev. Code Ann. §§ 49.44.200 and 49.44.205. So it says:
“Employees and applicants may file a civil lawsuit against the employer for violations and obtain injunctive relief, actual damages, a penalty of $500, and reasonable attorneys’ fees and costs.”
West Virginia and Employee Passwords
So in West Virginia, the law is W. Va. Code Ann. § 21-5H-1, another Arkansas clone, more or less.
Wisconsin on Employee Passwords
And then in Wisconsin, per Wis. Stat. Ann. § 995.55:
“Employees and applicants may file a complaint with the Wisconsin Department of Workforce Development for violations and receive appropriate relief.”
Other States on Employee Passwords
In addition, Maryland became apparently the first state to consider the matter, per the Boston Globe, in 2012. Furthermore, according to the National Conference of State Legislatures, several bills have been proposed around the country.
However, aside from the ones listed above, only the following states seem to have these laws. Then according to the National Conference of State Legislatures, there are also such laws in Guam and the District of Columbia.
So these bills come up repeatedly.
Finally, the country still has a long way to go in terms of guaranteeing employees privacy in social media accounts. Hence we all need to look out more. In addition, it might end up a good idea to just out and out refuse when asked for passwords.