§3–712.

    (a)    (1)    In this section the following words have the meanings indicated.

        (2)    “Applicant” means an applicant for employment.

        (3)    (i)    “Electronic communications device” means any device that uses electronic signals to create, transmit, and receive information.

            (ii)    “Electronic communications device” includes computers, telephones, personal digital assistants, and other similar devices.

        (4)    (i)    “Employer” means:

                1.    a person engaged in a business, an industry, a profession, a trade, or other enterprise in the State; or

                2.    a unit of State or local government.

            (ii)    “Employer” includes an agent, a representative, and a designee of the employer.

    (b)    (1)    Subject to paragraph (2) of this subsection, an employer may not request or require that an employee or applicant disclose any user name, password, or other means for accessing a personal account or service through an electronic communications device.

        (2)    An employer may require an employee to disclose any user name, password, or other means for accessing nonpersonal accounts or services that provide access to the employer’s internal computer or information systems.

    (c)    An employer may not:

        (1)    discharge, discipline, or otherwise penalize or threaten to discharge, discipline, or otherwise penalize an employee for an employee’s refusal to disclose any information specified in subsection (b)(1) of this section; or

        (2)    fail or refuse to hire any applicant as a result of the applicant’s refusal to disclose any information specified in subsection (b)(1) of this section.

    (d)    An employee may not download unauthorized employer proprietary information or financial data to an employee’s personal Web site, an Internet Web site, a Web–based account, or a similar account.

    (e)    This section does not prevent an employer:

        (1)    based on the receipt of information about the use of a personal Web site, Internet Web site, Web–based account, or similar account by an employee for business purposes, from conducting an investigation for the purpose of ensuring compliance with applicable securities or financial law, or regulatory requirements; or

        (2)    based on the receipt of information about the unauthorized downloading of an employer’s proprietary information or financial data to a personal Web site, Internet Web site, Web–based account, or similar account by an employee, from investigating an employee’s actions under subsection (d) of this section.

    (f)    (1)    Whenever the Commissioner determines that this section has been violated, the Commissioner shall:

            (i)    try to resolve any issue involved in the violation informally by mediation; or

            (ii)    ask the Attorney General to bring an action on behalf of the applicant or employee.

        (2)    The Attorney General may bring an action under this subsection in the county where the violation allegedly occurred for injunctive relief, damages, or other relief.