On April 23, 2013, the House of Representatives rejected a last-minute attempt to amend the Cyber Intelligence Sharing and Protection Act (CISPA) to include a provision that would ban private employers and the federal government from asking for employees’ social media passwords. Since the advent of social media, employers have used data uploaded on sites such as Facebook, Myspace, etc. to mine for information on employees and prospective applicants for employment. As savvy users of social media sites began to erect password-protection walls, employers have countered by demanding that workers turn over their passwords as a condition of employment so that the company can gain access to their password-protected information.
In recent years, the NLRB has been particularly aggressive in rebuffing employer social media policies that require employees to turn over passwords. Several states (specifically, California, Delaware, Illinois, Maryland, Michigan and New Jersey) likewise have adopted legislation to expressly prohibit employers from requesting this information. Given this background, employers should be careful not to read too much into the rejection of amending CISPA to include a social media provision. CISPA is designed to facilitate the sharing of internet information between the government and companies in the manufacturing and technology sectors; and the bill’s sponsors explained their decision to vote against the social media amendment on the grounds that it had nothing to do with CISPA itself and should be the subject of a separate piece of legislation. Last year, the Password Protection Act was designed to do just that, but it failed to make it out of Congress. Nevertheless, given the recent trend (including today’s amendment), it stands to reason that efforts will continue on Capitol Hill to push for a federal ban on employers demanding that workers turn over their social media passwords.