Employers Requesting Facebook Passwords
Table of Contents
- Start with this video of a discussion of employers requesting Facebook passwords.
- The issue of employers requesting Facebook passwords raises several questions.
- How common is the practice of employers requesting Facebook passwords?
- Is it legal for employers to ask for Facebook passwords?
- Is asking for Facebook passwords wise for employers?
- If requesting Facebook passwords is legal, will the law change?
- If confronted with a request to provide a Facebook password, how should one respond?
- Still haven’t had enough? Watch this video!
Over the last month or so, there’s been a lot of buzz about employers requesting Facebook passwords so they can view social media information an applicant or employee has designated as private, for example, as “friends only.”
This follows several years in which the drumbeat of advice to wary applicants and employees has been to be careful what they post to social networking sites and to be methodical in reviewing and carefully setting the privacy controls.
Of course, it is hard to know just what might jeopardize an employment situation, and too much caution destroys much of the personal benefit gained from participation in online social networking. So for most Facebook users the easier answer has likely been to rely on privacy settings and not engage in too much self-censorship.
Now people are concerned their privacy efforts may come to naught because of nosy employers requesting Facebook passwords. And the concerns extend to all the friends of such a person, as their wall posts, etc., could also be disclosed through such a password disclosure.
Start with this video of a discussion of employers requesting Facebook passwords.
The issue of employers requesting Facebook passwords raises several questions.
- How common is this practice?
- Is it legal?
- Is it wise for employers?
- If legal, will the law change?
- If confronted with such a request, how should one respond?
How common is the practice of employers requesting Facebook passwords?
When I first heard that some employers were asking their employees and job candidates to turn over their Facebook passwords I thought that someone was making it up or at least exaggerating the extent to which this was happening. It sounded like such a huge invasion of privacy that I naively wondered how many employers would actually want to do it. Unfortunately I soon found out this was happening fairly often.
She does not cite sources, and “fairly often” is vague, but I imagine she has heard quite a bit of anecdotal evidence of employers requesting Facebook passwords.
A March 20, 2012 AP story cites some specific examples of employers seeking Facebook passwords or otherwise gaining access to private Facebook information:
- Justin Bassett “had just finished answering a few character questions when the interviewer turned to her computer to search for his Facebook page. But she couldn’t see his private profile. She turned back and asked him to hand over his login information.”
- “Robert Collins was returning to his job as a security guard at the Maryland Department of Public Safety and Correctional Services after taking a leave following his mother’s death. During a reinstatement interview, he was asked for his login and password, purportedly so the agency could check for any gang affiliations.”
- “Until last year, the city of Bozeman, Mont., had a long-standing policy of asking job applicants for passwords to their email addresses, social-networking websites and other online accounts.”
- “[S]ince 2006, the McLean County, Ill., sheriff’s office has been one of several Illinois sheriff’s departments that ask applicants to sign into social media sites to be screened.”
- “In Spotsylvania County, Va., the sheriff’s department asks applicants to friend background investigators for jobs at the 911 dispatch center and for law enforcement positions.”
A sneaky way for an employer to obtain access may be through a Facebook app (you know the “fine print” on apps saying what info will be disclosed?). According to the AP story, “Sears is one of the companies using apps. An applicant has the option of logging into the Sears job site through Facebook by allowing a third-party application to draw information from the profile, such as friend lists.”
If you believe all of this coverage, you would think that this practice is rampant. In reality, I would be surprise if one-percent of one-percent of all employers have even considered asking a job applicant for access to his or her Facebook account, let alone carried through on the thought by making it a hiring requirement.
I imagine that statement may be about on target–for now. But the publicity could be giving many more employers the idea, especially if legal experts can’t state definitively that it’s illegal.
Eric B. Meyer heaps on the skepticism, in a post entitled, “Relax! Businesses don’t want employee Facebook passwords.”
What I can tell you is that when I presented “Social Media for HR: Practical Guidance from a Generation Y Attorney” a few weeks ago to a packed house of HR professionals at the SHRM 2012 Employment Law and Legislative Conference in Washington, DC, no one in the room — not a single person — admitted to requiring job applicants to turn over private social media information, including logins and passwords. Most rolled their eyes or laughed at this “practice”. (Maybe 10% acknowledged accessing publicly available social media content, which is legal, to conduct background checks on potential hires).
Is it legal for employers to ask for Facebook passwords?
In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.
But according to an AP story, “Job seekers getting asked for Facebook passwords,” legal concerns may be overblown :
Giving out Facebook login information violates the social network’s terms of service. But those terms have no real legal weight, and experts say the legality of asking for such information remains murky.
The Department of Justice regards it as a federal crime to enter a social networking site in violation of the terms of service, but during recent congressional testimony, the agency said such violations would not be prosecuted.
[E]mployers must be cognizant of legal and regulatory issues when taking the social media interview to the next level, such as requesting log-in information: Appropriate consents, notices and authorizations should be given to and obtained from the applicant, and employers must not gain access to accounts surreptitiously or by coercion. Both may violate the law.
Further, labor and employment questions arise when using social media to evaluate a prospective employee…. [E]mployers must be careful about obtaining information which may be unlawful to consider in employment decisions such as: lawful off-duty conduct (e.g., alcohol consumption); information on protected classes (race, gender, etc.); arrests and certain convictions, and more, because it will be difficult to prove that this information was not considered in the hiring process.
The Proactive Lawsuit Prevention blog accurately and vividly describes the legal risks of exploring applicant social network information, whether publicly available or through acquisition of a password:
From a single profile photograph, a recruiter can guess a candidate’s gender, national origin, age, race, color and ancestry, among other things. From a user profile, a recruiter can guess about marital status and sexual orientation. From Facebook Wall postings or other blog postings, a recruiter can guess religion, medical condition or disability, or even genetic information. In doing so, a recruiter is open to allegations that hiring decisions are based on “protected categories” that federal and some state laws … prohibit as categories that can be considered in making a hiring decision.
At least one court has concluded that an employer who requires employees to disclose passwords to social media sites violates the federal Stored Communications Act, which extends liability to parties that exceed authorization to access electronic communications. While this area of the law might be unsettled, testing it could prove a costly mistake.
Philip K. Miles, III, spells out exactly how the Stored Communications Act could apply to employers requesting Facebook passwords:
In Pietrylo v. Hillstone Restaurant Group, the District Court of New Jersey applied it to an employer who accessed a forum using an employee’s MySpace login:
[The Employee] testified that she felt she had to give her password to [her supervisor] because she worked at [the employer] and for [the supervisor]. She further testified that she would not have given [her supervisor] her password if he had not been a manager, and that she would not have given her information to other co-workers. Furthermore, when asked whether she felt that something would happen to her if she did not give [her supervisor] her password, she answered “I felt that I probably would have gotten in trouble.” The jury could reasonably infer from such testimony that [the employee's] purported “authorization” was coerced or provided under pressure. As a result, this testimony provided a basis for the jury to infer that [the employer's] accessing of the [MySpace forum] was not, in fact, authorized.
Got that? An employer may be liable under the Stored Communications Act, where a supervisor pressures an employee in to handing over her password (and then using the password to access the service).
It’s pretty easy to see how this might extend to the job application process – if the applicant hands over her password was it “coerced” or “under pressure” so as to make subsequent use of the password “unauthorized?”
Eric B. Meyer notes that Facebook has relied upon the Computer Fraud and Abuse Act, which might be applicable to this practice. I’m not so sure, but it is at least a way for someone to plead their way into federal court, rather than state court, should they so desire.
Here’s a great video discussion of legal issues involved in employers’ Facebook password requests, putting the issue in the larger perspective of a general loss of privacy since 9/11:
Is asking for Facebook passwords wise for employers?
Peter Xenakis of Fuoco Technology stated that he often checks out promising candidates on LinkedIn and Facebook, using the latter “to validate an applicant’s resumé.”
But as to asking for an applicant’s username and password, he said that’s going too far and he doesn’t want to intrude on private information. Xenakis said it “would set a bad expectation for potential hires to think we are Big Brother.”
Davidson Drantch suggested if an employer is to view Facebook or other social network information, it would be best to have do so initially using a nondecision-maker who filters out all unlawful or irrelevant information; to use a standardized, objective approach; and to consider limiting social media checks to LinkedIn “because that is a professional site, less likely to display information inappropriate to consider when hiring.”
This is sound advice. In addition to legal risks, there is a risk of alienating the most qualified applicants, those who will find it easiest to “just say no” and find a job elsewhere. Those who comply with an employer’s request for a Facebook password and are hired may enter the workforce with a sense of distrust. At a minimum, the employer should be very clear as to what it is looking for as a “red flag” (e.g., drug abuse, violent or racially hostile tendencies, inconsistencies with resume, etc.) and explain it has a system for ensuring other information does not enter into consideration.
Although requiring employees or prospective employees to provide social media log-in information may be problematic, there are circumstances in which it may be important to do so. For example, an employer may determine that it needs the information to properly investigate a complaint that co-workers, supervisors, or vendors are using social media to harass an employee or to engage in some other work-related misconduct.
In light of the likelihood of new legislation and the internal and public backlash against employers that request or require social media log-in information, the best practice is simply not to ask unless the employer has a strong and legitimate business reason for doing so. Even then, the employer should carefully weigh the risks and implement measures to mitigate those risks.
Littler has an extensive discussion and suggestions here.
If requesting Facebook passwords is legal, will the law change?
The state’s General Assembly passed legislation that would prohibit employers from requiring or seeking user names, passwords or any other means of accessing personal Internet sites such as Facebook as a condition of employment.
Read the text of the Maryland bill here. There was a quid pro quo for employers, a section providing:
An employee may not download unauthorized employer proprietary information or financial data to an employee’s personal web site, an internet web site, a web–based account, or a similar account.
Regarding the Maryland law, Eric B. Meyer says:
What concerns me is that there are no carve-outs for public agencies that protect and serve the public. I can understand why a police department may need to fully vet its candidates by making sure that applicants and officers don’t have hate speech towards a particular protected class, for example, on their Facebook page. As I imagine that this information could be used to overturn arrests and indictments.
No doubt, a wide variety of other scenarios that might arguably justify an exception could be imagined.
Some enforcement or legislative action concerning employers requesting Facebook passwords may occur at the federal level (but given how precious little Congress is able to agree on these days, I wouldn’t hold my breath waiting for federal legislation):
In letters to the DOJ and the EEOC, Senators Richard Blumenthal (D-Conn) and Charles E. Schumer (D-NY) have called for a federal investigation into “a new disturbing trend” that has seen employers require job applicants supply their user names and passwords for social networking and email websites.
The press release on Sen. Schumer’s website says:
“I am alarmed and outraged by rapidly and widely spreading employer practices seeking access to Facebook passwords or confidential information on other social networks,” said Blumenthal. “A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy. An investigation by the Department of Justice and Equal Employment Opportunity Commission will help remedy ongoing intrusions and coercive practices, while we draft new statutory protections to clarify and strengthen the law. With few exceptions, employers do not have the need or the right to demand access to applicants’ private, password-protected information.”
“Employers have no right to ask job applicants for their house keys or to read their diaries – why should they be able to ask them for their Facebook passwords and gain unwarranted access to a trove of private information about what we like, what messages we send to people, or who we are friends with?” said Schumer. “In an age where more and more of our personal information – and our private social interactions – are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence. Before this disturbing practice becomes widespread, we must have an immediate investigation into whether the practice violates federal law – I’m confident the investigation will show it does. Facebook agrees, and I’m sure most Americans agree, that employers have no business asking for your Facebook password.”
If confronted with a request to provide a Facebook password, how should one respond?
Unfortunately, many people feel they have no other choice but to comply with their boss’s or a prospective employer’s request. They can’t afford to lose their job or take themselves out of the running for a job offer.
But JibberJobber has simple advice: it’s just not worth it. It’s a very bad sign about the employer:
[I]f that’s how the relationship is going to start, it’s going to be abusive…. If someone asks me for something like that, I’d question their personal ethics, and wonder what kind of work environment they are in that would even allow such a question…. [Y]ou deserve better than to be in a hostile or abusive situation. RUN.