Monday, March 26, 2012

Can we all agree that requiring Facebook passwords is a bad idea, and move on?


A lot of ink has been recently spilled in both the popular media and the blawgosphere over the apparent trend of employers requiring job applicants to turn over their Facebook passwords as part of the hiring process. The coverage has been so thick and the outrage so great that United States Senators are calling for action to outlaw this supposed practice, and Facebook officially weighed in, via a post on its blog by its Chief Privacy Officer:

If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends…. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password. We don’t think employers should be asking prospective employees to provide their passwords….

If you believe all of this coverage, you would think that this practice is rampant. In reality, I would be surprise if one-percent of one-percent of all employers have even considered asking a job applicant for access to his or her Facebook account, let alone carried through on the thought by making it a hiring requirement. Simply, this is not a problem that needs fixing.

Moreover, this supposed problem isn’t even new. I covered it almost three years ago, when the city of Bozeman, Montana, made headlines by implementing, and quickly rescinding, just such a requirement. It was bad HR policy then, and it’s bad HR policy now. And, the risks of such a policy are well-documented:

    1. EEO Risks: Mining Facebook and other social sites for information on job applicants can reveal a wealth of protected EEO information (age, religion, protected medical information, genetic information). The risk is great enough when the information is publicly available; it is exponentially heightened when you gain unfettered access to information shielded by a password. For some thoughts on best practices on conducting Internet searches on applicants or employees, click here. I’ve also expansively covered this topic in my book, Think Before You Click….

    2. Stored Communications Act Risks: At least one court has concluded that an employer who requires employees to disclose passwords to social media sites violates the federal Stored Communications Act, which extends liability to parties that exceed authorization to access electronic communications. While this area of the law might be unsettled, testing it could prove a costly mistake.

      Legal issues aside, this story raises another, more fundamental, question—what type of employer do you want to be? Do you want to be viewed as Big Brother? Do you want a paranoid workforce? Do you want your employees to feel invaded and victimized as soon as they walk in the door, with no sense of personal space or privacy? Or, do you value transparency? Do you want HR practices that engender honesty, and openness, and that recognize that employees are entitled to a life outside of work?

      Social media provides a lot of benefits to employers. It opens channels of communication between employees in and out of the workplace. And, when used smartly, it enables employers to learn more about potential employees than ever before. You can learn if an employee has good communication skills, is a good cultural fit, or trashed a former employer. But, this tool has to be used smartly to avoid legal risks. Requiring passwords is not smart.

      Social media is still new, and the rules and regulations that govern it are still evolving. The government is looking for opportunities to regulate social media. If a small minority of business continues pursuing this poor HR practice, Congress will continue pursuing legislative and solutions and calling for regulatory action. Do not provide the government the opportunity. Can we all just agree that requiring Facebook passwords is a bad idea, and move on?