Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Illinois on Wednesday joined a number of US states that are fighting to keep prying employers from asking for workers' passwords on social networking sites such as Facebook.
The law, which protects both current employees and prospective hires, decrees that Illinois employers who ask for login data can be fined $200 and up as of January 1.
The new law (here's the text, and here's the Right to Privacy in the Workplace Act that it amends) is known as the Facebook bill.
The bill makes it illegal for employers to ask for login information "or to demand access to it in any manner."
This will only protect private posts, mind you.
There's nothing barring employers from asking for workers' social networking user names, thus leaving them free to check out employees' public postings, get into a snit, and fire their unprofessional and/or debauched butts.
A recent case in point was when Robert J. Sumien, an emergency medical technician, was fired for posting a comment on Facebook about giving a "boot to the head" to unruly patients.
(Sumien sued, claiming that he misunderstood Facebook's settings, and thereby didn't know his employer could read his postings. The court did not sympathize.)
Bear in mind that employers' interests in workers' social networking selves is climbing ever skyward.
According to Gartner's predictions, by 2015, 60 percent of employers are likely to be eavesdropping on our social media selves to make sure our e-blabbing isn't poking security holes into their outfits.
This growth in employer surveillance has seen a corresponding indignation on the part of workers, has interested the media, and has motivated some lawmakers to push legislation similar to that of Illinois.
To wit: Maryland has a similar law, while Connecticut, New York, California, Washington, Delaware and New Jersey are all considering bans.
Meanwhile, two U.S. senators - Richard Blumenthal of Connecticut and Charles Schumer of New York - have asked the US Department of Justice and the Equal Employment Opportunity Commission to look into whether US law already prohibits employers from demanding Facebook passwords from job applicants.
The senators' letters of inquiry have been posted online.
The upshot: you can still be as law-spurning, drunken and/or unprofessional as you want on Facebook and other sites, but at least for now, you have a chance to keep that behavior out of employers' sight - if you work in Illinois or Maryland, that is.
Of course, if you're one of the estimated 13 million US Facebook users who don't use and/or are oblivious to the site's privacy controls, the new law means zilch.
Sophos readers tend to not need any of the following advice, but we all have acquaintances, friends and/or family who do.
So for them:
Here's Facebook's privacy page.
And here's what to tell the privacy-settings challenged:
If you've set Facebook privacy to only show your posts to friends, bear in mind that when you comment on other people's posts, your words are subject to those friends' privacy settings.
They're also viewable to their friends.
Be careful!
If you want to stay on top of privacy and security threats on Facebook and other cyber spots, click like on Sophos's Facebook page.
Follow @LisaVaas