Along with the New Year comes new legislation. The prominent role of social media in our society has prompted some employers to require that employees and applicants provide user information and passwords to their social media accounts. However, the ability to make such demands will likely be limited in the future as states have begun drafting new legislation prohibiting the practice. California and Illinois have enacted laws that will go into effect on January 1, 2013 while Maryland has passed a similar law that was implemented on October 1, 2012. These “password protection” laws prohibit employers from requesting or requiring the submission of social media passwords by employees or applicants.
Maryland was the first state to enact legislation limiting an employer’s ability to access the social media accounts of current and perspective employees. The User Name and Password Privacy Protection and Exclusions Act, was passed after the state’s corrections department made headlines for asking an employee to provide his facebook password on a recertification interview.  The Maryland law does provide two exceptions related to investigations of securities fraud and the misappropriation of trade secrets.
Illinois amended the states Right to Privacy in the Workplace Act in order to prevent employers from requesting access to the social media content of an employee or job applicant.  Specifically the law provides:
It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.
The law is the broadest thus far and provides that an employer is even prohibited from accessing an employees’ account when conducting legitimate internal investigations of misconduct or harassment. However, the law does not prevent employers from establishing workplace policies regulating the use of electronic equipment or the employer’s ability to monitor the use of such equipment.
California is the latest state to pass similar legislation. Under the California law employees and applicants cannot be required to disclose social media account information. However, employers maintain their rights to require divulgence of such information if it is within the context of an internal investigation into employee misconduct or unlawful activity. In this sense the California law provides a more evenhanded approach in comparison to Illinois and Maryland. Nevertheless, the request must be reasonably tailored to obtain the material sought and not simply used as a vehicle for obtaining personal information that is beyond the scope of the inquiry.
Analogous legislation has been introduced in other states including New York, New Jersey, Delaware, Michigan, Minnesota, Massachusetts, Missouri, Ohio, Pennsylvania, South Carolina and Washington.  New Jersey has proposed an extraordinarily robust law which if enacted would be the harshest among the laws implemented thus far. For instance, employers will be precluded from even inquiring as to the existence of a social media account.  Furthermore, civil penalties can be imposed for violations with an initial payment of $1,000 rising to $2,500 for each subsequent violation. Additionally, the Social Networking Online Protection Act has been introduced at the federal level which would also prohibit employers from asking employees or applications for social media account information. 
A special thanks to Cynthia Thomas, a law clerk at Cullen and Dykman LLP, for helping with this post.