Password Protection Act: Ban bosses asking for Facebook passwords

Password Protection Act: Ban bosses asking for Facebook passwords

Summary: The Password Protection Act, which looks to protect employees from employers asking for access to their social networking accounts, has been introduced in both the House and Senate.


A group of Democrats today introduced legislation in both the House and Senate to prevent employers from forcing employees and job applicants into sharing information from their personal social networking accounts. In other words, Maryland may soon not be the only state that has banned employers demanding access to Facebook accounts. The Password Protection Act of 2012 (PPA) would also prevent employers from accessing information on any computer that isn't owned or controlled by an employer, including private e-mail accounts, photo sharing sites, and smartphones.

PPA is meant to enhance current law to prohibit employers from compelling or coercing employees into providing access to their private accounts. It includes the following points:

  • Prohibits an employer from forcing prospective or current employees to provide access to their own private account as a condition of employment.
  • Prohibits employers from discriminating or retaliating against a prospective or current employee because that employee refuses to provide access to a password-protected account.
  • The Password Protection Act only prohibits adverse employment related actions as a consequence of an employee's failure to provide access to their own private accounts. It preserves the rights of employers to:
    • Permit social networking within the office on a voluntary basis.
    • Set policies for employer-operated computer systems.
    • Hold employees accountable for stealing data from their employers.

  • Employers that violate the Password Protection Act may face financial penalties.

The PPA bill, drafted in consultation with major technology companies and legal experts, was introduced in the Senate by Connecticut Senator Richard Blumenthal, as well as several co-sponsors (Chuck Schumer, Ron Wyden, Jeanne Shaheen, and Amy Klobuchar). Colorado Democrat Representative Ed Perlmutter and Congressmen Martin Heinrich are introducing an identical companion bill in the House.

Blumenthal was one of the senators who called for an investigation to determine whether employers are violating federal law with this practice. He also supported a petition fighting it, which by the way still hasn't reached its goal of 60,000 signatures.

You may remember I quoted Perlmutter during the floor debate in the House less than two months ago. He tried to explain the problem, but ultimate the House voted down an amendment that would have banned employers demanding access to Facebook. Now the politicians have returned with their own bill.

"Employers seeking access to passwords or confidential information on social networks, email accounts, or other protected Internet services is an unreasonable and intolerable invasion of privacy," Blumenthal said in a statement. "With few exceptions, employers do not have the need or the right to demand access to applicants' private, password-protected information. This legislation, which I am proud to introduce, ensures that employees and job seekers are free from these invasive and intrusive practices."

"People have an expectation of privacy when using social media like Facebook and Twitter," Perlmutter said in a statement. "They have an expectation that their right to free speech and religion will be respected when they use social media outlets. No American should have to provide their confidential personal passwords as a condition of employment. Both users of social media and those who correspond share the expectation of privacy in their personal communications. Employers essentially can act as imposters and assume the identity of an employee and continually access, monitor and even manipulate an employee's personal social activities and opinions. That's simply a step too far."

The American Civil Liberties Union (ACLU), one of the few organizations fighting employers who demand Facebook passwords, points out that this legislation's protections do not extend to students who are also frequent targets of this practice. Additionally, it allows states and the federal government to exempt some classes of employees (such as those who have access to secret national security information).

"This bill creates a necessary framework for guarding privacy in the 21st century," Christopher Calabrese, ACLU legislative counsel, said in a statement. "While the legislation contains some problematic exceptions, it does establish clear, bright boundaries when it comes to what online information our bosses can access. Employers have no business snooping on their employees' Facebook pages, private email accounts and smart phones. Passing the Password Protection Act would be a major step toward ensuring they can't. We'll work with the sponsors to extend these protections to students and eliminate some problematic exceptions."

See also:

Topic: Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Government: Were the only ones that can spy unfettered on citizens privacy.

    • Learn to spell!

      Did you mean to write "We are" or the contraction "We're"? What you actually wrote does not seem to SAY WHAT YOU MEAN! Really! This is something you
      should have learned by third or fourth grade!
      draco vulgaris
      • ahum

        I dare you to spell this sentence in my native language (dutch), which I learned before third or fourth grade. Maybe you should realize that English speaking people do not own the internet.
        And it seems that you understood what he/she meant, so what's the problem Mr. Perfect?
      • English

        While this may be an English speaking person who made a mistake/typographical error (it happens, you know) please think about the following :

        English is not everyones first language.

        Punctuation is not the same in other languages (eg. in Spanish written questions start with an "upside down" question mark)

        And as belli_bettens pointed out, how do you think you'd do writing in a different language ?

        Do you know all the punctuation used in French ? Japanese ? Russian ?

        Really, learn to be more understanding, or if you feel you MUST point out mistakes, do it in an educational way, not in a condescending way like this.

        People like you are just straight up annoying.
      • Speaking of spelling...

        That is not a spelling error, but a grammatical or typographical error. Who needs the education?
  • I support this

  • What a waste of Congressional time ...

    No matter what the legislation says, if an interviewer asks for the information, the person being interviewed will have to protect themselves and still risks not getting the job.

    More likely than not, the company will look up the publicly available Facebook info anyway and a candidate's indiscretions will be there for all to see.

    THE LESSON? You are accountable for your own actions. Behave yourself and, for heaven's sake, don't put anything online (in any form) that you wouldn't want your mother to see. If you can avoid that, then none of this matters.
    M Wagner
    • Was already a legal measure in place as well.

      ie: Contractual law would dictate based on FB terms that said user could be liable in court anyway if they gave up access of their account to a third party. As a result putting themselves in legal harm by demand of the employer.

      And besides seems that way too many people have no idea how privacy controls work on FB (when they actually work).
      • How sad

        Both in the fact that such a law is even considered neccesary, or that some would deem there to be a choice between handing over access to private accounts or not getting that all important job.

        I agree that what we post on-line should be able to be used as a character assessment where it is readily available and open to general view. HOWEVER.... we often use social media more selectively (or at least we SHOULD use social media selectively), posting some comments for the eyes of friends and/or family alone. If an employer cannot view said comments without having unresticted access to my account, then they have no right to even ask for my passwords.

        Moreover, if an employer thinks they have the right to ask for the passwords of a potential employee's social media and email accounts then:
        a) how much more demanding are they likely to be once one actually GETS the job and
        b) is this the type of company you even want to work for?
      • Interesting point

        I seriously doubt there'd be any legal action by FB in such cases. The most they'd do is suspend or delete the account. Can you point to the specific example in which the terms of service says that revealing one's password to another would or could result in a damage claim by FB against the account holder?
    • As far as online accountability

      I agree with you that we all should be accountable for what we post online and as far as I'm concerned what is found in a Google search and background check is fair game however what I post on my FB page with the privacy setting I have (typically friends of friends unless its something controversial the it's friends only) is my business not a current or potential employer's business.

      There are those who think that it's no problem with a company being able to ask for a person's FB password or having them log into their FB account while with the interviewer - THOSE are the people that this legislation is targeted towards.
    • So ALL of our laws are ineffective against employers?

      "No matter what the legislation says, if an interviewer asks for the information, the person being interviewed will have to protect themselves and still risks not getting the job."

      So ALL of our laws are ineffective against employers during an interview? Really? You honestly think the government will have no way to enforce this? I'm willing to bet I could in fact go to court and ask them to slap a hefty fine onto them to stop this practice.

      If an employer were to even ASK the question, yeah I'll haul them off to court. I hope they have fun explaining to a court why they're even asking the question.
      • And no, I don't want to work for you, so no I don't care.

        And if you're asking me these kinds of questions then no, I don't want to work for you, so no I don't care if you don't hire me. You've proven to me you're a crook, and I don't want to work for criminals.

        I have a long list of other employers are willing to hire me without asking an illegal question, as long as I'm the best candidate for the job.
      • Word

        Good luck with that, because it will be the employers word against yours...
    • Very true, but employers should not ask for any personal passwords.

      Not even the president of the U.S. should have the power to force any person to devoulge a personal password for any site. Bosses are threatening ending employment for passwords. It should be wrongful termination and the employee then can ask for compensation.

      Though I do beleive that people should be aware of what they put into social media sites as these may get into the hands of someone not attended to. If people have pictures of wild partys they had when they called out sick. It can and should be used against the persons and cost them their jobs.
      • Very funny

        "Not even the president of the U.S. should have the power to force any person to devoulge a personal password"

        I agree. But he *should* have the power to order American citizens killed, bypassing all Constitutional protections. Mmm hmm.
    • Waste of time......

      Yep - only in America.............
      The Central Scrutinizer
      • LOL - yeah

        I guess that explains why so many want in, because it must be FABULOUS outside the US where you have so many begging for hand-outs and then can't understand why their Gov't is broke. Oh wait, we are heading the same way.
    • Not quite the case...

      This legislation is aimed at employers who go beyond the type of behaviour you are referring to. By demanding passwords and access to private discussions, they are not simply accessing comments posted "in public" where everyone can see it (why would you need passwords for what you could already easily see?). If one shares their thoughts via chat with a friend, should that also be accessible, because that is the level of access being protected here...
    • Personal vs. Business

      There is a difference between personal time and professional time.

      There once was a time in the United States (not too long ago) when employers understood that employees had a life away from work and, by and large, respected that.

      Now that the boundaries between the personal and professional time are blurring, due to the employer's assuming that he has the right to control his employees 24/7, we are quickly approaching the point where the employee is little more than a wage slave. (If the employer thinks that he buys you for the price of your salary or wage, it seems to me that the word "slave" is a good fit here.)

      I believe in freedom, and I hate government intrusion. But if employers cannot be trusted to deal with their employees in good faith and treat them with dignity and respect, they are providing an opening for government to step right into. And that is exactly what is happening here.
      sissy sue