The California Legislature made headlines yesterday by passing legislation that prohibits employers from demanding the social media usernames or passwords of current employees and applicants.  The bill also prevents employers from requiring employees or candidates to log in to social media in the presence of the employer (i.e., the employee’s supervisor, or the interviewer, or a human resources manager – you get the point).Governor Jerry Brown celebrated in a Facebook post: “California pioneered the social media revolution.  These laws protect Californians from unwarranted invasions of their social media accounts.”  At the time HRLawMatters looked at the Governor’s Facebook posting, it had garnered 135,318 likes (you’ll no doubt see more now), and a “Thank you Jerry Brown!!!!!” or two.

Well, there you have it.  California is not the first state to enact such legislation – Delaware, Illinois, and Maryland have paved the way.  A federal bill with the same aims, the Password Protection Act of 2012, was introduced in the House (but is unlikely to go anywhere in the remaining “lame duck” Congressional session after the November elections).

While it seems unlikely that a thoughtful employer in today’s climate, with increasing legal attention and extra NLRB scrutiny, would actually request such social media information, it appears states like California are riding the wave of disapproval raised by news coverage of a few notable situations like a Maryland Corrections department applicant who had his password demanded, and a Michigan teacher’s aide who was suspended after she refused to provide access to her Facebook account.  In addition, Facebook made news by posting that it has experienced an increase in reports of employers seeking to gain “inappropriate access” to individual Facebook profiles or private information.

Even if states in which your company does business haven’t enacted such a law, it is important to recognize that while employers can set guidelines for what employees may say as agents or representatives of the company, that may realistically be the limit on the employer’s ability to monitor the individual’s speech.  What employees communicate outside that capacity, on their personal time, behind closed doors – real or cyber – is best to treat as private, barring extenuating circumstances (like online harassment of employees, where an employer will likely need to become involved).

Dealing with employee social media questions and problems is a difficult arena to navigate, and the rules are changing constantly.  Smart companies – and their brilliant HR professionals – know to seek advice from experts and legal counsel before taking any action they might come to regret.