Amid an upsurge in reports that employers are increasingly asking job applicants to hand over passwords to their Facebook and other social media accounts as part of the hiring process, word comes down from Facebook: don’t do it.
Facebook has two lines of reasoning. For users, surrendering a password not only compromises a user’s privacy, but the privacy of all their Facebook friends as well. Not to mention, sharing a password violates Facebook’s terms of service and could be grounds for account termination.
For employers, the consequences might be even more expensive: employers could be setting themselves up for lawsuits if they fail to treat information gleaned from prospective employees’ Facebook accounts as confidential. Furthermore, employers could expose themselves to job discrimination claims if they fail to hire (or even fire) employees based on details like age, sexual orientation, ethnic identity, medical information, or other details gleaned from an account.
“We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges,” wrote Facebook’s chief privacy officer Erin Egan. “While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right.”
Employers and other groups have occasionally been asking prospective employees and members for their social media passwords for years. Last year, Canada’s NDP party required that candidates for public office turn over their social media passwords as part of their vetting process — one candidate, British Columbia NDP MLA Micholas Simons — refused, and B.C.’s privacy commissioner backed him up, saying that the party’s demand violated the privacy of other people in Simons’ social network by collecting information about them without their consent. (Simons eventually turned over considerable information to the NDP without divulging his passwords).
Employers increasingly look at examining social media accounts as part of a normal background check, and often justify requesting access to social media accounts as a way to prove prospective employees have “nothing to hide” — potentially leading to instances where candidates are coerced into handing over passwords if they need a job. Employers are often most concerned about identifying candidates with potential gang affiliations or who engage in illegal activity, although depending on the position employers might just be concerned about what how a candidate might reflect on themselves: if an potential employee is rude and crude on social networks, they might turn into a publicity liability for the company.
Privacy laws and regulations vary from country to country and place to place. United States federal law allows employers to use publicly-available material on social media sites as part of a background check, so long as the employer doesn’t obtain the information through duplicity or use it in as a basis for hiring discrimination. Although turning over an account password violates Facebook’s terms of service, those terms have never been tested in court and, as such, are essentially only backed by contract law, rather than criminal law. Entering a social networking site in violation of terms of service is a federal crime; however, the Justice Department recently indicated in Congressional testimony it has no intention of pursuing violations.