Oregon has a new workplace social media law. Is a federal law next?

Last week, before the Memorial Day weekend, Oregon Governor John Kitzhaber signed into law this bill, which prohibits employers from requiring or requesting that employees or applicants for employment:

Provide access to personal social media accounts,

Add employers to social media contact lists, or

Allow employers to view an employee’s or applicant’s personal social media account.

Meanwhile, a few days before Oregon became the tenth state to enact a social media workplace privacy law, Rep. Ed Perlmutter [D-CO7] introduced the Password Protection Act of 2013 in the U.S. House of Representatives. According to this press release, Rep. Perlmutter is concerned that “employers essentially can act as imposters and assume the identity of an employee and continually access, monitor and even manipulate an employee’s personal social activities and opinions.”

[Editor’s note: Take a guess how many employers have contacted me to request my legal opinion on whether they “essentially can act as imposters and assume the identity of an employee and continually access, monitor and even manipulate an employee’s personal social activities and opinions.”]

The bill itself would actually address more than the concerns Rep. Perlmutter raised. It would amend the Computer Fraud and Abuse Act and make it unlawful for employers to require that employees authorize access to a computer that the employer does not own or operate. Further, the law provides no carve-out for employers to obtain password-protected social media content that reasonably relates to a workplace investigation into claims of alleged harassment.

Both the House and Senate previously introduced the Password Protection Act of 2012. (More on the Senate bill here). Each bill died. And I don’t foresee the 2013 version gaining much more traction.