On March 19, I wrote about employers asking for your Facebook and other social media login information.
On May 9, Senator Richard Blumenthal (D-CT), Representative Martin Heinrich (D-NM), and several others filed the Password Protection Act of 2012 (PPA) in the Senate and House. The bill is meant to prevent employers from demanding employees and job applicants into sharing information from their personal social networking accounts.
The Password Protection states:
The Password Protection Act would make it illegal for an employer to compel or coerce access to any online information stored anywhere on the Internet if that information is secured against general public access by the user.
This is accomplished by prohibiting employers from compelling or coercing access to, and subsequently retrieving information from, the online servers where private user information is stored. (These servers are referred to as “protected computers” in the legislation.). This broad approach mirrors the approach of the existing federal anti-hacking statutes and has several key benefits:
1. Builds on Existing Law. The Password Protection Act’s focus on where information is stored, rather than how it is accessed, reflects the approach of the Computer Fraud and Abuse Act, the federal government’s primary anti-hacking tool. This tool has been used for years by federal prosecutors and private individuals and companies to protect the integrity of internet systems against hackers, including protecting online email accounts and Facebook accounts against the stealing of passwords.
2. Technology-Neutral. By focusing on the servers where information is ultimately stored, the Password Protection Act avoids the tricky business of identifying and defining particular types of internet services (e.g., social networking websites, email accounts, networked gaming services, cloud computing services, online storage lockers, etc.).
3. Designed to Adapt to New Internet Innovations. The Internet is constantly changing and evolving, challenging our ability to create privacy protections that can grow alongside the Internet itself. Fortunately, every innovative website, social networking, storage, or communication technology is still ultimately supported by physical computer servers. By focusing on where a person’s private information is stored, instead of how it is accessed, the Password Protection Act ensures that personal, private online information will be protected the eyes of prying employers even as new online technologies emerge.
4. Protects Employer Systems, NOT Employer Actions. The Password Protection Act preserves the rights of employers to control access to their own hardware, as well as any internet software operated on behalf of the employer for work purposes (e.g., third-party sales data software or websites that facilitate collaborative work online). However, the Password Protection Act does not allow employers to access private employee data under any circumstances, even if the employer uses its own computers to access that data.
The Password Protection Act is broad in scope. It doesn’t just apply to Facebook or social networks, but rather to any situation when an employer coerces an employee into providing access to information held on any computer that isn’t owned or controlled by the employer. Even if the employee is looking at a social network on his work computer, the employer still can’t force that employee to disclose a password or grant access, because that would allow the employer to access another computer (that of the social network). This protection extends to email accounts, photo sharing sites, and any location where an employee stores data privately and it is limited to public access.
If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start. You can always find our cloud and hosted services in the right column of this page or by simply going to our website at Raven Cloud Computing