Social Media Law’s latest installment is part three of my interview with Ryan Garcia, Dell’s in-house attorney for social media. This segment focuses on recently-passed laws regulating requests for social media information by employers and educational institutions (aka Password Protection acts). A dozen states have enacted such laws and New York state legislators have introduced bills on the issue. His opinions are his own. The prior installments can be found in the Dec. 10 edition (discussing how social media affects attorneys, judges and corporations) and Dec. 17 edition (describing what attorneys should know about social media) of The Daily Record.
This interview has been edited by the author for clarity, readability and print length. This is part 3 of 4. The final installment will be published on Jan. 14.
About a dozen states have passed laws to prevent schools, educational institutions, or employers from seeking social media posts or log in credentials from potential or current employees and students. These laws are colloquially called “Password Protection” laws. You’ve highlighted some of the problems with these laws. Can you summarize a couple of those problems that might be relevant to the debate about password protection?
There [are] two big ones and they do kind of play together. The first one is access to social media profiles is not what we’re concerned about. I know that’s the scary thing that has triggered a lot of these laws but that’s not actually what we’re scared about.
What we’re scared [about] is that employers, when viewing the social media profiles, find information that they shouldn’t be using when they’re making a hiring decision [such as] finding out the person’s sexual orientation, race or ethnicity, or their religion. It is finding out all of this personal information that has no relevance to their job and yet it is obvious when you go on to someone’s social media profile.
But the good news is we already have laws that cover those things. The laws that exist right now that say that you cannot base a hiring decision on someone’s ethnicity don’t say that that’s only true if you found out in an interview, they say it doesn’t matter how you found it out. To me, if there’s an extra class of information that’s on social media that we’re concerned about, we should talk about that, we should address that at the legal level, but not that there’s this new channel for getting that information because everything we were concerned about protecting we’ve already protected.
And, most sophisticated employers wouldn’t want to look at your profile because it has all that information so readily available. They’ve already got a well-established process to make sure that they’re only asking questions about relevant, job-related experience and finding out if you can handle the job. They don’t need to go to your social media profile and then suddenly expose themselves to this information they don’t want.
That plays into the second one. As we enter this social media age, social media skills are important for a lot of different jobs. Almost certainly every marketing position. But, then there [are] a number of other jobs where social media isn’t just a plus, it’s a core requirement: your community managers, some of your tech support outreach team, some of your sales department. They may absolutely need social media experience.
In some of the states that have passed laws saying not only can you not ask for passwords, you can’t even look at someone’s profile or ask for their username, it actually makes it impossible for a candidate to share with the potential employer: “Here’s what I’ve done on social media to show that I’m qualified.” To me, that’s a danger. Getting access to that social meeting media is a minefield, but if a company is going to be sophisticated enough and learn how to handle it, they should be free to walk in that minefield.
Are these kinds of laws beneficial for employees who work for employers who have not thought about the risks of accessing private social media posts, let’s call them Mrs. Kravitz from “Bewitched” employers, who want to see what their employees or potentials are doing on social?
Yes. There’s no denying they are. But then the question has to come down: “Who is the law being made for?” Certainly there could be some unsophisticated companies that are doing those kinds of things, but in my opinion, if a company is so unsophisticated that during a hiring decision they are asking for a social media password because they don’t even know that there’s information they shouldn’t be learning during the interview process, I’m not sure how this law helps. Why is that employer suddenly going to know about this law, but they didn’t know about all those other laws and regulations that impact hiring decisions.
Do these laws raise different issues when we consider how they apply to educational situations?
Schools are a really interesting one. As much as we’ve had a little bit of debate about the workplace social media password laws, there’s no debate on the university ones. We haven’t faced too many conflicts with them. But even some of the more broadly protected states, like California, they called out when they passed the law that the law only covers higher education. It does not cover anyone in high school and younger — and that is really interesting.
Why is it, suddenly, at the university level, there is a degree of protection that isn’t there at the lower level? The obvious thing is that age — 18. But if we’re concerned about privacy, if we’re concerned about students not having their information go over to administrators or to schools, I’m not sure exactly why that’s true at the university level and not younger.
Considering that social media is such an integral part of students’ lives now and that students are encouraged to get out there and to face big issues, doesn’t it seem that social media should be an area where they get a bit of a pass, so they can make mistakes and it shouldn’t hurt them in college admissions?
Absolutely. And I think that the tension that exists right now, and the reason why this is an issue, is purely a generational one. The nice way of putting it is the “more experienced” people, who are at the universities looking at the next generation coming up and thinking to themselves, “My God, if I had YouTube back when I was a kid, think of all the things that would be up there.”
They are trying to apply this world where this content did not exist to this new generation. The new generation, by the time that they are admitting people into colleges, they [will] all have that content on there. It will be easier for them to dismiss someone having an embarrassing photo or movie because everyone will have an embarrassing photo or movie online.
What is the largest legal challenge that social media will present to business in the next few years?
What I think it will be, versus what I think it should be, are different. I think what it will be is largely incremental things: tweaking to make sure that our advertisements are clearly labeled, that Astroturf campaigns are cracked down on, that typical regulations that exist right now are remolded so that they apply in the social media sphere. That’s good. It is definitely something that needs to be done and is helpful to everyone. But, I think that’s going to be the most likely places where we continue to see the evolution.
Where we should be having the conversation is all about privacy. I think that we’re long overdue for an actual discussion about privacy. When you’ve got Europe that has privacy as a fundamental human right, whereas [the U.S. has] a very different approach. Good or bad, the U.S. is driving the conversation because all the big platforms are here. It’s tricky when we’re pushing the conversation and we really haven’t had it ourselves.
Do you think that many of these state efforts at Password Protection are genuine conversations trying to kick start the issue because it can be so hard to create federal regulations or federal legislation, or are they more of a sop in response to frustration over privacy issues?
It is entirely the latter. I’m not saying that it’s not a legitimate concern and not something that maybe needed to be addressed. But, I’m still only aware of one documented case of an employee ever being asked for their social media password. That was the individual at the Maryland Department of Corrections who triggered this whole firestorm.
What [is] interesting [is] so many of the laws that have passed have also exempted state agencies from that requirement. So the one individual we were actually concerned about can still be asked for his social media password even after all these laws have been passed. I’m not exactly sure what problem we’ve solved, but we feel a lot better for it.
Scott Malouf is an attorney who helps other attorneys use social media, text and Web-based evidence. You can learn more about him at his website (www.scottmalouf.com) and follow him on Twitter at @ScottMalouf. Although he is a good cook, he has been accused of “over herbing.”