To access our COVID-19 related information, click here

New Jersey Considers Prohibition on Requiring Disclosure Of Personal Account Passwords

The proposed bill prohibits an employer from requiring a current or prospective employee to provide access to a personal account or even asking if they have an account or profile on a social networking website.

By Alice Cheng

Last month, a New Jersey Assembly committee approved a measure that would prohibit an employer from requiring a current or prospective employee to disclose user name or passwords to allow access to personal accounts. The employer is prohibited from asking a current or prospective employee whether she has an account or profile on a social networking website. Additionally, an employer may not retaliate or discriminate against an individual who accordingly exercises her rights under the bill.

This bill came in light of the multitude of stories of employers and schools requesting such information, or performing “shoulder surfing,” during interviews and at school/work. Although this may be only an urban legend at best, the ACLU and Facebook itself have demanded that the privacy-violating practice come to an end, and legislators across the nation have nevertheless responded promptly. For example, Maryland, California, and even the U.S. Senate have all proposed similar legislation banning such password requests to protect employee privacy.

Not only are password requests problematic for employees, but it also may land employers in legal hot water. Social media profiles may contain information that employers legally cannot ask (such as race or religion), and may potentially open employers up to discrimination suits.

Under the New Jersey bill, civil penalties are available in an amount not to exceed $1,000 for the first violation, or $2,500 for each subsequent violation.

Recently, in Ehling v. Monmouth Ocean Hospital Service Cop., 11-cv-3305 (WJM) (D.N.J.; May 30, 2012), a New Jersey court found that accessing an employee’s Facebook posts by “shoulder surfing” a coworker’s page states a privacy claim. See Venkat Balasubramani’s excellent writeup at the Technology & Marketing Law Blog.