Over a year ago, tales of employers asking job applicants for Facebook usernames and passwords went viral. For the most part, they were met with a combination of incredulity and scorn. In what world could employers legitimately ask for this highly sensitive information, and what job-seeker would be open to working for someone with a penchant for such behavior? As the stories picked up steam, legislators moved to stop the practice before it began in force. While the laws grew in number, they remained vague pieces of legislation, criticized by lawyers and employers alike.

Until recently, these bills passed without a hitch; voters overwhelmingly support the idea of protecting social media accounts and legislators lined up to throw their weight behind the movement. Just last week however,  Governor Chris Christie issued a conditional veto of the New Jersey version of a social media password protection law. Gov. Christie, noting that the bill was designed for a good purpose, recommended several amendments in his veto. As the New Jersey House and Senate go over these amendments, members of the LexBlog Network continue to wonder if these bills are helping or hurting, and what role social media should play in the hiring process.

Like so many of these acts, New Jersey’s Assembly Bill No. 2878 set out to respond to the recent hiring horror stories. Unlike its predecessors however, A2878 went above and beyond limiting employers from requesting passwords to social media accounts. As Jessica Mendelson wrote on Seyfarth Shaw’s Trading Secrets, this new bill stops employers from even asking if potential employees have personal social media accounts, which has far-reaching implications beyond the interview process:

“A2878 would be the first social media law to prohibit employers from even inquiring whether employees or job applicants have personal social media accounts. Any employer who violates this prohibition could be subject to a private lawsuit by the applicant or employee. Additionally, employers may face other civil penalties of up to $1000 for the first instance and up to $2500 for each additional violation. Under the terms of the proposed law, neither of these penalties can be waived.

The passage of the law could create significant challenges for employers trying to act within its bounds. Experts worry that employers could violate the law inadvertently, since many employees use social media to do their jobs. Furthermore, the prohibition could prove problematic with social media networks like LinkedIn, which employers commonly use. “

Facing little-to-no opposition in New Jersey’s Senate (passed with a vote of 38-0) or House (75-2), the bill landed on Gov. Christie’s desk last Monday. Recognizing the potential friction points, Gov. Christie issued what is known as a conditional veto. This allows the Governor to object to specific provisions within a bill and provide remedies that would make it more acceptable. Lindsay Jarusiewicz has more on the Governor’s recommendations on Gibbons’ Employment Law Alert:

“Accordingly, Governor Christie recommended several amendments to the bill. First, the conditional veto deleted the entire section of the bill prohibiting employers from requiring or requesting that an employee or prospective employee disclose whether he or she has a social networking account. The conditional veto also struck the section of the bill providing a private right of action to aggrieved employees and prospective candidates against employers. In an apparent effort to offer more protections to employers, the conditional veto added language granting employers the right to conduct investigations to ensure compliance with applicable laws, regulations or “prohibitions against work-related misconduct” based on specific information on an employee’s personal account and also the right to investigate employee’s actions regarding the transfer of certain proprietary information to an employee’s personal account. Finally, the conditional veto granted employers the right to view, access or utilize information about current or prospective employees that can be obtained in the public domain.”

Although Gov. Christie’s political capital and stature will undoubtedly impact how seriously New Jersey legislators take these recommendations, it should be noted that the Senate and the House are under no obligation to consider any amendments. Like most vetoes, a two-thirds majority in the legislature will override any disagreements.

The final wording of A2878 will, in many ways, set the tone for future attempts at social media password protection laws in other states, but, as the lawyers in Littler Mendelson’s Privacy and Data Protection Practice Group wrote on the firm’s blog Workplace Privacy Counsel, this law will only add to the growing “patchwork” of social media password laws across the United States:

“First, what social media sites can employers lawfully access to obtain information about applicants and employees? Second, to what extent can employers lawfully rely on information obtained through social media to make employment decisions? The second question raises the types of anti-discrimination concerns that employers have been confronting in the off-line world for decades. However, the first question exposes employers to a completely new legal landscape, one which just began to evolve in April 2012, when Maryland enacted the Nation’s first “social media password protection law” and has expanded in the past year to include six additional states—California, Illinois, Michigan, New Jersey, New Mexico, and Utah. With password-protection legislation pending in over twenty state legislatures, this legal landscape undoubtedly will become more complex, especially for multi-state employers, over the next one to two years.”

And there are doubts that these laws are even necessary. As Daniel Schwartz said in a post on his Connecticut Employment Law Blog about a proposed bill in Connecticut’s Senate, this is a “solution in search of a non-existent problem“:

The Connecticut General Assembly’s Labor & Public Employee Committee today is considering drafting a proposed bill “to prevent current or potential employers from requesting or requiring that employees or potential employees provide passwords to their personal accounts as a condition of their employment.”

I won’t mince words. Proposed Senate Bill 159 is a bad idea.

It’s a solution in search of a non-exisitent problem and ultimately it would have serious ramifications for employers in Connecticut.”

Adding to the controversy, reports are now swirling that password protection laws could conflict with securities regulations. Jessica Goldenberg provides the details on how the Financial Industry Regulatory Authority and other securities regulators have joined forces in opposing similar legislation on Proskauer Rose’s Privacy Law Blog:

“FINRA, the Financial Industry Regulatory Authority, fears that the new employee privacy laws may directly conflict with securities rules and threaten investor protection.

…….

FINRA has sent letters to lawmakers in approximately ten states seeking carve-outs to social media employee privacy laws for the financial services industry. Many of the laws already include narrow exemptions, which allow for employers to require disclosure if an employee’s alleged misconduct has risen to a certain level. FINRA does not appear satisfied with these exemptions, which may be too limited for broker-dealers to be in full compliance with monitoring, recording and supervision requirements. California has rejected FINRA’s request for an exception for the financial services industry, but it remains to be seen how the states will react in general.”

With only a few handfuls of states joining this trend so far, it stands to reason that lawyers and employers are just beginning to understand the interplay between states, the federal government, and independent regulatory bodies. Not to mention the potential lawsuits by employees and job-seekers. Like with most cases involving social media and the law, we’ve only just begun to scratch the surface.

To read more from LXBN members on social media password protection laws, be sure to check out the dedicated section on the topic, where you’ll find over 100 posts analyzing legislation and providing commentary.