We worked with Representative Margaret Doherty (D-Tigard) to draft and introduce HB 2654, a priority bill of ours to update digital privacy protections for public and private employees in Oregon. A growing number of employers nationwide are demanding that job applicants and employees hand over the passwords to their private social networking accounts such as Facebook. Such demands constitute a clear invasion of privacy.
Private activities that would never be intruded upon offline should not receive less privacy protection simply because they take place online. Of course an employer would not be permitted to read an applicant’s diary or postal mail, listen in on the chatter at private gatherings with friends, or look at that person’s private videos and photo albums. They should not expect the right to do the electronic equivalent.
Once a person shares his or her social media or other electronic account passwords, that person can be subject to screening not just at that time but also on an ongoing basis. Some companies even sell software that performs such continual screening automatically, alerting employers to any behavior or speech they might find objectionable. Further, when a person is forced to share the password to a private account, not only that person’s privacy has been violated, but also the privacy of friends, family, clients, and anyone else with whom he or she may have communicated or shared files. Finally, sharing a social network password may also expose a lot of information about a job applicant – such as age, religion, ethnicity, pregnancy – about which an employer is forbidden to ask. That information could expose an applicant to unlawful discrimination.
The purpose behind HB 2654 was to help preserve for employees a distinction between what information of theirs is public and what information is private from their employer.
HB 2654 prohibits employers from:
- Requiring or requesting disclosure of log-in information to any password-protected accounts, including email and social media,
- Requiring access to private material through indirect routes such as requiring employees to add them to their private social networks (e.g., by “friending” them) or looking through the account in the presence of the applicant (aka, “shoulder surfing”) as a condition of employment benefits or privileges,
- And discharging or otherwise penalizing any employee who refuses to provide access to private materials, or to threaten to do so, or refusing to hire anyone for that reason.
The bill enjoyed strong support from labor groups and the Oregon Bureau of Labor and Industries (BOLI). Representing the business interests of large technology employers, TechAmerica requested a series of amendments to clarify that nothing in the bill would prevent employers from protecting the security of their business-related information or from conducting investigations of employee misconduct. We negotiated the wording of these amendments with TechAmerica to the point where all parties could move forward without objection.
Additional amendments were requested by the Oregon State Sheriffs’ Association (OSSA) that would have created an exception to the new law for law enforcement agencies. OSSA recognized that it did not have the votes it needed to get an exception to all parts of the bill, so the group was asking for authority to require job applicants to log in to their social media accounts during a job interview to let supervisors look through private postings, messages, photos, etc. We opposed the request from OSSA to allow for law enforcement to shoulder surf. The objective of HB 2654 was to maintain a distinction between public and private activities of employees and to import those principles into the modern world of online communication. We believe there is no reason why law enforcement officers should not enjoy the same privacy protection they always have. The Senate Committee on General Government, Consumer and Small Business Protection agreed with us and refused to adopt the OSSA amendment.
Vote: 56-3-1 House