You can view the bill in its entirety here. But let's do a breakdown:
The heart of the legislation is an express prohibition:
An employer may not request or require that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device.Note that it includes current employees as well as applicants. Employers are also prohibited from discharging, disciplining, penalizing, threatening, or refusing to hire anyone for refusing to provide such information.
Of course, there are always exceptions to the rule. Here, the law does not apply to "nonpersonal accounts or services that provide access to the employer's internal computer or information systems." Employers may also conduct certain investigations (regulatory and legislative compliance, to protect proprietary information, etc.).
The law includes definitions of 'employer' and 'applicant' that are unremarkable. The definition for 'electronic communications device' is extraordinarily broad to include:
[A]ny device that uses electronic signals to create, transmit, and receive information [including] computers, telephones, personal digital assistants, and other similar devices.Strangely, the law does not define "a personal account or service," which is what the law supposedly protects.
Huh? No enforcement provision? I'm guessing (at this point I will note that I do not practice in Maryland) that Maryland recognizes a common law tort, like "wrongful termination," where an individual incurs an adverse employment action in violation of public policy. And, what better statement of public policy can you get than a law directly on point? I invite any Maryland lawyers to chime in with a comment on this issue.
Image: Facebook logo used in commentary on Facebook issues. Not official use.