HR News & Trends, Legal Issues

Pennsylvania Bill Tries to Protect Privacy of Employee Passwords

The Declaration of Independence was signed at Independence Hall in Philadelphia. (Photo by

By Eric B. Meyer

On June 18, 2012, the Pennsylvania House of Representatives introduced the Social Media Privacy Protection Act, which would protect the privacy of employee online user names and passwords.

Which employers does this bill cover?

All of them. More specifically, “a person engaged in a business, an industry, a profession, a trade or other enterprise in this Commonwealth or a unit of State or local government. The term includes an agent, a representative or a designee of the employer.”

What is protected?

Anything online with a username and password. In legal speak, this, “[i]ncludes, but is not limited to, social networking Internet websites and any other forms of media that involve any means of creating, sharing and viewing user generated information through an account, service or Internet website.”

What privacy protections are afforded?

No requests for employee user names or passwords. The bill provides that an “employer may not request or require that an employee or prospective employee disclose any user name, password or other means for accessing a private or personal social media account, service or Internet website.”

No discipline or retaliation either. An employer may:

  • (a) “not discharge, discipline or otherwise penalize or threaten to discharge, discipline or otherwise penalize an employee for an employee’s refusal to disclose any [covered information]“; or,
  • (b) “[f]ail or refuse to hire any prospective employee as a result of the prospective employee’s refusal to disclose any [covered information].”

Are there any exceptions?

There are three:

  1. “The employer’s right to promulgate and maintain workplace policies governing the use of an employer’s electronic communication devices. This includes policies regarding the employee’s use of the Internet, social media accounts, services or Internet websites and e-mail use pertaining to the employer.”
  2. “The employer’s right to monitor the usage of the employer’s electronic communication devices so long as the employer is in compliance with [the privacy protections described above].”
  3. “The employer’s right to obtain or view any information concerning an employee or prospective employee that exists within the public domain.”

Notably, there are no exceptions for employers to request user names or passwords in connection with a workplace investigation based on a reasonable belief that an employee has violated a workplace policy (e.g., confidentiality, anti-harassment). Although, presumably, if Employee A and Employee B are Facebook friends and Employee A is accused of sexually harassing Employee B on Facebook, Employee B could voluntarily provide her employer with access to her Facebook account so as to permit the employer to see what Employee A has posted about her.

What are penalties for breaking these rules?

A civil penalty of up to $5,000 in addition to reimbursement for reasonable attorney fees.

What are the chances of this bill passing?

Not anytime soon. The Pennsylvania House is on recess until September. Moreover, the bill has 29 sponsors (26 Democrats, 3 Republicans), which indicates to me a lack of bipartisan support. Pennsylvania’s House is Republican controlled and Pennsylvania’s Governor, Tom Corbett, is also a Republican. Do the math…

This was originally published on Eric B. Meyer’s blog, The Employer Handbook.

Eric B. Meyer is a partner in the Labor and Employment Group of the Philadelphia-based law firm of Dilworth Paxson LLP . He dedicates his practice to litigating and assisting employers on labor and employment issues affecting the workplace, including collective bargaining, discrimination, employee handbook policies, enforcement of restrictive covenants, and trade secret protection. Eric also serves as a volunteer mediator for the United States Equal Employment Opportunity Commission. Contact him at .