The Act is short and to the point. The primary prohibition is:
An employer may not request or require that an employee or prospective employee disclose any user name, password or other means for accessing a private or personal social media account, service or Internet website.And thou shall not discharge, discipline, or penalize an employee (or threaten to do one of those things), or refuse to hire an applicant, for refusing to disclose the info.
Employers can still "promulgate and maintain workplace policies governing the use of an employer's electronic communication devices" and "monitor the usage of the employer's electronic communication devices." Also, employers are still free to check out info available "within the public domain." The penalty for a violation? Civil penalty up to $5,000.
Maryland has already passed similar legislation, which I covered here. There seems to be a consensus that demanding passwords is a bad idea, and there's a strong concern that requesting passwords may violate the Stored Communications Act. The Pennsylvania Act is in committee - no idea whether it will pass or not.
HT: PBA Labor and Employment section listserv (membership has its privileges!).
Image: Facebook logo used in commentary on Facebook.