An Illinois bill, H.B.3782, would amend the Illinois “Right to Privacy in the Workplace Act”, by providing that:
“it shall be unlawful for any employer to ask any prospective employee to provide any username, password, or other related account information in order to gain access to a social networking website where that prospective employee maintains an account or profile.”
A similar bill, S.B.971, which was proposed last year in Maryland, would have prohibited employers from requiring a prospective employee, or an employee,to disclose user names or passwords for Internet sites. The Maryland bill did not become law.
It remains to be seen if the same fate will occur to H.B. 3782, but one can regret that the Illinois legislator only refers to a ‘prospective employee,’ especially considering a recent Illinois case. In Maremont v. Susan Fredman Design Group, Ltd., et al. (N.D. Ill.; Dec. 7, 2011), Plaintiff, the employee of a design company, had stored the passwords to her personal Twitter and Facebook accounts on her employer’s server, using a computer owned by the employer, but had not given this information to anyone. Defendant, the employer, allegedly accessed these two personal social media accounts while plaintiff was on medical leave, in order to post information promoting the design company. Plaintiff argued that this violated the Stored Communication Act (SCA), which forbids the unauthorized access to a wire or electronic communication while in electronic storage, 18 U.S.C. § 2701(a).The Court held that Plaintiff had not yet proven actual damages, a prerequisite to recover statutory damages under the SCA, as the discovery was not yet completed, and that is was thus premature for the Court to address the issue. It will be interesting to follow further developments in this case.
Hat tip to Venkat Balasubramani for posting the Maremont case online.
The Secure Times 