Maryland and California recently passed laws that bar firms from requiring employees to hand over their private social media credentials. This was largely a response to companies that required potential employees to disclose their usernames and passwords to their social media accounts. Some have cheered this recent development in social media privacy law, but the ramifications of the law are not lost on the financial industry’s firms regulated by the SEC and FINRA.
The regulations persist
FINRA and the SEC have been explicit about the need for social media monitoring as well as robust recordkeeping. These new laws do not change this, for two reasons. First, the Maryland and California laws cannot and will not alter the spirit of FINRA and SEC regulations that aim to ensure transparent and fair practices by those in the financial industry. Prohibiting employers from asking for social media credentials does not mean that those in the financial industry are suddenly freed from the burdens of social media policy guidance. Financial firms must still comply with FINRA and SEC records management and monitoring guidelines that are much stricter than other, less highly-regulated industries because transparent actions in the financial industry remain a top priority for the protection of individuals financially.
Second, there may be exceptions written into the laws to reflect FINRA and SEC regulations. The idea is that these new laws cannot negate the years of precedent and guidance from FINRA and the SEC concerning social media. For one, California’s law is currently the focus of a proposed amendment that would give exception to financial firms from the new law. Additionally, Maryland’s law provides that the law does not apply in the event that a financially-regulated firm has reason to believe compliance has been violated.
Changes to a compliant strategy
On the other hand, this legislation in Maryland and California may force change in the financial industry. This mainly involves financial industry employees adopting a strategy that was already gaining clout: the split of “professional” social media accounts from “personal” ones. The professional social media accounts would likely link directly to a company’s corporate social media websites, ensuring that there is a clear distinction between the employee’s personal and professional social media presence that would be made explicit in a company’s social media policy. So, although this recent legislation stipulates that the credentials of a social media account cannot be requested by a firm, the recordkeeping and monitoring requirements of FINRA and the SEC will continue to apply and be addressed. And instead of the common belief that these new laws will make compliance more difficult for financial firms, these laws actually are stimulating a shift in corporate social media policy that was already gaining steam: separating one’s personal life from one’s professional life.