With nearly 850 million Facebook users worldwide, it is safe to say that you and just about everyone you know probably has an account. Yet somehow, we've paradoxically become more private about our personal information. Sure, we're willing to share many of the details of our lives with a wider group of people than ever before, but we're also fiercely protective of who gets this kind of access. It's not only a question of setting ourselves up for identity theft by exposing sensitive information to cybercriminals, it's also a question of not letting just anyone peruse our vacation photos, discover who we're friends with and know what we did last weekend. Social media has gotten most of us in the habit of practicing a kind of private openness with our communication. Our profiles are like a big party, but with a really selective bouncer at the door who we hope is keeping the undesirables at bay.
And as with all good parties, the boss is not at the top of the guest list. Nothing against him or her, mind you, it's just better for the whole work/life balance thing. So when news reports began suggesting that more and more employers were demanding that job applicants provide their Facebook passwords so that they could look at their accounts as part of the vetting process, it was easy to see why people would get upset. The prospect of having a corporate Big Brother peering into your life is too much of a violation of privacy for most people to handle. Of course, with unemployment being what is, some applicants might be willing to put up with a whole host of indignities to finally get that elusive job. It doesn't make it right though.
Ethics aside, employers also face a glaring legal issue by using social media profiles to influence hiring decisions. They may say they have legitimate reasons-for instance, the Maryland Department of Corrections said that the request was intended to ensure that prison guard candidates didn't have gang affiliations-but the typical Facebook profile contains a slew of protected personal information that would violate discrimination laws if it were used to make hiring decisions.
Questions about age, race, religion, sexual orientation, marital status and so on cannot be asked in an interview, and a Facebook profile could inadvertently reveal such information. Employers might say they disqualified a candidate because they were holding a beer in too many old college photos, but a case could easily be made that the candidate was disqualified not because of their drinking habits but because of their sexual preference or political affiliation.
In response, Facebook released a statement decrying the practice, saying that the sharing of passwords was a violation of its user policy. They also indicated that they would consider taking more extreme measures, including legal action, to protect their users and the friends of users whose privacy would also be violated by an overzealous employer.
Meanwhile, lawmakers have started to take action on both the national and state level. Senators Charles Schumer (D-NY) and Richard Blumethal (D-CT) asked the Justice Department and the U.S. Equal Employment Opportunity Commission to investigate the legality of social media password requests, while bills barring the practice have been introduced in Maryland, Illinois, New Jersey and California. The California bill even seeks to stop employers that try to get around the password problem by asking prospective employees to log in to their social media accounts themselves so the content can then be reviewed.
While it may be common practice for employers to conduct background checks on potential employees, the fact that they might want the information contained in a Facebook profile doesn't mean they have a right to get it any more than it would be legal for them to search someone's medicine cabinet at home. Obviously, employers want to protect themselves, but they need to demonstrate a level of trust as well. If a company doesn't trust its employees to behave responsibly and keep private things private, how can they expect employees to trust them in return?
Besides, who really wants to look at a bunch of Facebook profiles anyway? They're generally not very exciting. In fact, most are downright tedious. And from a security standpoint, if an applicant is so willing to fork over a Facebook password on request, wouldn't they be just as likely to do the same with the company's network credentials?Risk Management Magazine and Risk Management Monitor. Copyright 2013 Risk and Insurance Management Society, Inc. All rights reserved.