ANNAPOLIS - Gov. Martin O'Malley signed legislation Wednesday that makes Maryland the first state to ban employers from asking job applicants or workers to hand over log-in information for Facebook and other social media sites.
Sen. Ronald Young, D-Frederick and Washington, said he introduced the bill after hearing stories of job applicants who feared they wouldn't get a position unless they handed over their user names and passwords.
"My immediate reaction was that it's unconstitutional and it's wrong," Young said. "It's like asking to go into your house and read your mail and listen to your phone calls."
Internet privacy advocates say the law is crucial to protecting employees from punishment if they refuse to turn over their private social web presence.
"On the one hand, and this is what jumps out to most people, it just seems like an egregious violation of privacy. People do all sorts of things on social media networks like Facebook," said David Jacobs, consumer protection fellow at the Electronic Privacy Information Center in Washington. "Allowing an employer to not just see what you've posted on Facebook to everyone else, but also comb through your information, is just problematic."
Congress and California lawmakers have followed suit since the General Assembly passed the measure -- the Social Networking Online Privacy Act was recently introduced in the House, and a similar bill was introduced before the California state legislature. Virginia and D.C. lawmakers have not taken up the issue.
The bill signing comes just over a year after the Maryland Department of Public Safety and Correctional Services suspended its own practice of asking officers to provide login information for Facebook or other social media websites they may have used.
Former corrections officer Robert Collins enlisted the ACLU's help last year when he was asked for his Facebook password during a re-certification process with the Department of Corrections.
State officials said the tactic was used to prevent the hiring of corrections officers with possible gang ties, an effort to quell violence in Maryland's prisons system.
Of 2,689 applications to the corrections department in 2011, seven candidates were rejected based partially on information found on social media websites, the Associated Press reported at the time.
The department suspended the practice temporarily after the story broke.
"We are proud of Maryland for standing up for the online privacy of employees and the friends and family members they stay in touch with," Melissa Goemann, legislative director of ACLU of Maryland, said Wednesday. "Our state has trail-blazed a new frontier in protecting freedom of expression in the digital age, and has created a model for other states to follow."
Facebook strongly opposes the practice, warning of the pitfalls for both the employee and employer.
Erin Egan, the company's chief privacy officer, noted that some employers may not have the proper policies in place to review private data and could be held liable if they find information that could expose them to lawsuits.
"If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends," Egan said in March.
Privacy advocates also pointed out the liability issues for companies.
"For employers, I'm not sure that even the gain in information that they would learn by doing this offsets the risk of legal liability," Jacobs said.
Employers still have the right to investigate employees for potential security issues involving an employee's use of social media for business purposes, according to a policy analysis.
Though signed by the governor, the legislation won't take effect until Oct. 1.