Well, that didn't take long.
Late last month, I reported on a bill that had been introduced in the U.S. House of Representatives, known as the Social Networking Online Protection Act (SNOPA), that would prohibit employers, schools, and universities from requiring someone to provide a username, password or other access to online content.
Now, it's the U.S. Senate's turn to get in on the act with its own password bill. Plus, after the jump, I'll have an update on similar legislation winding its way to Governor Christie in New Jersey...
U.S. Senate introduces the Password Protection Act of 2012.
Concerned with what they believe is "the growing practice of employers requiring prospective or current employees to provide access to password-protected accounts as a condition for employment," Senators Richard Blumenthal (D-CT), Chuck Schumer (D-NY), Ron Wyden (D-OR), Jeanne Shaheen (D-NH), and Amy Klobuchar (D-MN) introduced the Password Protection Act of 2012.
A press release from Senator Blumenthal stresses that the PPA, which would amend the Computer Fraud and Abuse Act, prohibits an employer from "forcing prospective or current employees to provide access to their own private account as a condition of employment and...from discriminating or retaliating against a prospective or current employee because that employee refuses to provide access to a password-protected account."
The PPA will not interfere with an employer's domain to set policies for employer-operated computer systems or hold employees accountable for stealing data from their employers. However, the PPA does not allow employers to access private employee data under any circumstances, even if the employer uses its own computers to access that data.
NJ is close to passing its own similar law.
Meanwhile, across the river (from me) in New Jersey, an Assembly committee has approved this measure that would prohibit an employer from requiring a current or prospective employee to provide or disclose any user name or password, or in any way provide the employer access to, a personal account or service. However, unlike other legislation previously discussed on this blog, the NJ legislation would make it unlawful for an employer to even inquire if a current or prospective employee has an account or profile on a social networking website. Aggrieved plaintiffs may sue for damages, injunctive relief, and reasonable attorneys' fees and court costs.
Making a mountain out of molehill?
Y'all know where I stand on this. I hate the idea of employers demanding that employees and candidates turn over online passwords. However, I think that this "practice" is hardly a practice at all. The sponsor of similar legislation in California acknowledges that the practice of asking for such passwords is not widespread and that her bill is more of a preventive measure. Is this what we need? More preventative measures? While we're at it, let's pass a tax on puffy directing pants.
For more on the status of similar legislation pending in states across the country, check out this post from the Delaware Employment Law Blog.