Legislation Roundup: Maryland "Facebook Law" Raises New Obstacles for Employers and Other Significant Maryland Developments

by Littler

[authors: Philip Gordon, Steven Kaplan, and Ashley Sims]

Maryland has become the first state to pass a bill, the User Name and Password Privacy Protection Act (SB 433/HB 964) (the "Act"), that bans employers from asking employees and applicants for social media passwords and login information. Specifically, the bill would prohibit an employer from taking or threatening any form of adverse action based on an employee’s or applicant’s refusal to provide a user name or password to a personal account accessed through a communications device. Governor Martin O’Malley likely will sign the bill into law in May 2012. 

The impetus for the bill appears to have been a media frenzy, and a lawsuit filed by the American Civil Liberties Union, after public revelations that the Maryland Department of Corrections had asked an applicant, as part of the hiring process, to provide his username and password to his Facebook page. The Department made the request to check whether the applicant had any gang connections. Although the applicant acquiesced in the request, he claimed to have been "mortified" that his potential employer could violate his privacy rights without recourse. He later enlisted the ACLU, and other groups, who pressured the Maryland General Assembly to pass this bill. 

Under the Act, which will take effect on October 1, 2012 if signed, Maryland businesses will be prohibited from requiring, or even asking, that applicants or employees disclose their user names or passwords for "any personal account or service" accessed through "computers, telephones, personal digital assistants, and other similar devices." In other words, the prohibition extends far beyond Facebook and other social media sites to include personal e-mail accounts, personal online banking accounts, and any other online communications or service account. 

The business community opposed this bill principally because it potentially limits an employer’s sources of information when investigating inappropriate employee behavior such as discrimination, harassment, defamation, and/or general negative comments about the employer, the employee’s coworkers, or the employer’s customers. The bill also prevents employers from using online social networking sites to verify an employee’s or applicant’s work or education history to the extent such information is available only on restricted access social media sites.   

Significantly, the bill does not authorize applicants or employees to sue an employer that violates the Act. Nonetheless, it is possible that an employee terminated in violation of the law could have a claim for wrongful discharge in violation of public policy. 

While the law seems overly broad at first blush, it is critical for employers to understand the types of conduct that the law does not prohibit. Some of these exceptions are expressed in the statute itself; others are implicit.

  1. Access to Employer’s Internal Systems: The Act expressly permits employers to require that employees disclose log-in credentials "for accessing nonpersonal accounts or services that provide access to the employer’s internal computer or information systems." In other words, employees cannot rely on the law to prevent employers from gaining access to information stored on the employer’s own information systems.
  2. Violations of  Securities or Financial Laws, or Regulatory Requirements: If an employer receives information that an employee is using a personal online account for business purposes, the law "does not prevent" an employer from conducting an investigation to ensure that the employee is complying with "securities or financial law, or regulatory requirements." This exception appears intended to apply in a situation where an employee of a financial services company uses a personal online account to trade securities or engage in other financial transactions on the employer’s behalf using a personal online account. The exception, however, does not appear to permit employers to require that an employee disclose log-in credentials for investigations into other forms of suspected misconduct, such as harassment or discrimination.
  3. Protection of Trade Secrets: If an employer receives information that an employee has downloaded the employer’s proprietary information, without authorization, to a personal online account, the law "does not prevent" an employer from conducting an investigation into such suspected misconduct.
  4. Passwords to Devices: While the Maryland law bars employers from requesting log-in credentials for "accessing a personal account or service," the law does not prohibit employers from requesting or requiring log-in credentials to access an employee’s personal device, such as a smartphone or tablet. This distinction is critical as employers increasingly are implementing "Bring-Your-Own-Device" policies that permit an employee to use a personal device to conduct the employer’s business.
  5. Nonpersonal Accounts: The Act protects log-in credentials only for "personal" accounts. Maryland employers should clearly define which accounts are personal and which are nonpersonal. For example, if an employee uses a corporate e-mail address to establish a LinkedIn profile or Twitter account, the employer should ensure that employees know from the outset that such an account is “nonpersonal” for purposes of the Maryland law.
  6. "Shoulder Surfing"/Printing: The Act’s restrictions apply only to disclosure of log-in credentials. The law, on its face, does not bar an employer from asking an employee or applicant to log into a personal account without disclosing the log-in credentials to the employer so the employer can observe the content of the personal account. The law, on its face, also does not bar employers from asking an employee or applicant to print, or otherwise reproduce, the content in a personal account. The employer obviously would need to weigh the risks of bad press and potential employee relations issues resulting from these types of requests. The point remains, however, that such conduct would not violate the Maryland law.
  7. Information Received from Cooperating Employees. Employers may commonly receive employees’ social media content from coworkers who have access to the employee’s restricted social media site (as a Facebook "friend," for example) and who are offended by the post. The Act does not prevent an employer from accepting voluntary offers of such information. The Act also apparently would not prohibit an employer from asking a coworker with access to an employee’s restricted site to provide information posted on the site. However, an employer should consult counsel before doing so because of possible risks under other laws.

Maryland is the first jurisdiction to enact this legislation, but is not likely to be the last. Indeed, bills proposing similar restrictions currently are pending in California, Illinois, Minnesota, New Jersey, New York, and Washington. In addition, U.S. Senator Richard Blumenthal (D–CT) has stated his plan to introduce similar legislation "in the very near future."

Other Legislative Changes in this Session of the General Assembly

The Jury Service Act

On April 11, 2012, Governor O’Malley signed into law a bill (SB 16/HB 353) that prohibits employers from discharging, coercing, intimidating, or threatening to discharge an employee that loses work time because he or she responded to a jury service summons. In particular, the Act protects employees that serve four or more hours of jury duty in any given day, including travel time, by expressly forbidding employers from requiring such employees to work that day.

This means that employers cannot require employees serving a half-day or more of jury duty to report to work when their service ends. However, the Act does not prevent employees from returning to work or picking up a shift on a day they serve jury duty if the employee wishes to do so. The Act also provides a penalty for employers that violate the statute (a fine of up to $1,000).

Employers in Maryland should review their handbooks and jury leave policies to ensure that they are compliant with this new law. Although an employee can voluntarily choose to return to work, employers should be careful about allowing employees to work on such days because the language of the Act also includes "coercing" employees to work.  

Revisions to the Workplace Fraud Act

The Maryland General Assembly enacted the Workplace Fraud Act of 2009 to penalize employers that misclassify employees as independent contractors. Specifically, the law targeted the construction and landscaping industries where employers routinely kept employees "off their books" by classifying them as independent contractors. This common maneuver allowed employers in these industries to avoid payroll taxes and contributions to the state’s unemployment and workers’ compensation insurance funds. In essence, the Act created a statutory presumption that an employer/employee relationship exists anytime payment is made to an individual for work performed. 

Based on concerns brought forth by the business community, the General Assembly created an exception to the statutory presumption that an employee/employer relationship existed.  In particular, the presumption will not apply when:

  • the employer and business entity have a written contract that:
    • describes the nature of the work to be performed;
    • describes the remuneration to be paid; and
    • includes an acknowledgement by the independent contractor that it will properly withhold, remit, and report payroll taxes, pay unemployment insurance, and maintain workers’ compensation insurance for all of its employees;
  • the business entity signs an affidavit indicating that it is an independent contractor who is available to work for other business entities;
  • the business entity has a State Department of Assessment and Taxation certificate of good standing;
  • the business entity holds all occupational licenses required by State and local authorities for the work performed; and
  • the employer provided notice of the Act to each independent contractor it employs.

Employers in these affected industries should review their independent contractor agreements in order to take advantage of these amendments.

Maryland Creates a Union-Employee Privilege Under Limited Circumstances

Under Maryland law (SB 797), certain communications between an employee and a union agent will now be privileged. In other words, the new law will extend certain facets of the attorney-client privilege to the union-employee relationship. 

Protected Communications

Any communication or information imparted in confidence by an employee to a labor union and/or its agent while the labor union or agent was acting in a representative capacity concerning an employee grievance is protected under the statute. However, the communication or information must be relevant to the employee’s grievance proceeding.    

Unprotected Communications

Despite the rather broad protections offered to employees, there are several important exceptions of which employers should be aware: 

  • Communications germane to a criminal proceeding are not protected.
  • The union or agent may be compelled to disclose the facts underlying a communication, but not the communication itself.
  • The union or agent must disclose the communication if disclosure is reasonably necessary to prevent death or bodily harm.
  • The union or agent may disclose the communication if it reasonably believes:
    • the disclosure is necessary to prevent the employee from committing a crime, fraud, or violation of the collective bargaining agreement between the employer and the union. However, the union or agent may only disclose if the employee’s expected action is reasonably certain to cause injury to the property (tangible and/or financial) of any person or entity;
    • disclosure is necessary to prevent, remedy, or mitigate injury to an entity’s property (tangible and/or financial) resulting from a criminal act completed or intended by employee;
    • disclosure is necessary to secure legal advice regarding compliance with a court order or the CBA;
    • disclosure is necessary to establish a claim or defense in a legal action or dispute between the employee and the union;
    • disclosure is necessary to comply with a court order or the CBA;
    • the communication is an admission that the employee committed a crime;
    • disclosure is necessary in any court, arbitration, and/or agency proceeding against the union or the union’s agent;
    • the union obtained written or oral consent from the employee to disclose the communication; or
    • the employee waived the communication’s confidentiality.

In addition, the law includes a "savings clause," which means that, if a union is required to disclose the communication under the National Labor Relations Act or another federal statute, federal law controls.

What The New Law Means for Maryland Employers

Employers should educate themselves, or speak with their employment counsel, regarding what communications and information unions are required under federal and state law to disclose to employers in the context of a grievance proceeding. Until courts have had the opportunity to interpret the savings clause, it is likely that unions and agents will err on the side of claiming most employee communications as privileged.

Governor O’Malley is expected to sign  the social media, workplace fraud, and protected communications bills into law in May 2012 and they will become effective on October 1, 2012.

Philip Gordon, Chair of Littler Mendelson's Privacy and Data Protection Practice Group, is a Shareholder in the Denver office; Steven Kaplan and Ashley Sims are Associates in the Washington, D.C. office. If you would like further information, please contact your Littler attorney at 1.888.Littler or info@littler.com, Mr. Gordon at pgordon@littler.com, Mr. Kaplan at skaplan@littler.com, or Ms. Sims at easims@littler.com.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Littler | Attorney Advertising

Written by:


Littler on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.