Should Your Employer Have Access to Your Facebook Account?

Posted on February 21st 2011

Yesterday, I read a report in the American magazine The Atlantic which asked the question Should Employers Be Allowed to Ask for Your Facebook Login?

It’s the story of a man in the US state of Maryland who applied for a job at the state’s Department of Corrections (prison service) and who was obliged to disclose his Facebook log-in credentials during the job interview. As The Atlantic tells it:

[...] According to an ACLU letter sent to the Maryland Department of Corrections [PDF file], the organization requires that new applicants and those applying for recertifications give the government “their social media account usernames and personal passwords for use in employee background checks.”

Let’s get this straight: this particular organization is saying that if you want a job with them, you have to give them access to your Facebook account (and of your other social presences online) which means they can log into that account with your credentials, ie, as you. All for the stated purpose of conducting “employee background checks.”

In an initial exchange of tweets about this story with Sue Llewellyn, one of my Twitter community, I said:

[...] I think there’s an ‘it depends’ answer in there somewhere re employer right to ask for login info.

What did I mean by that? Would an employer have any right to do what the Maryland Department of Corrections (DOC) is doing?

I clarify my comment by citing this statement from the ACLU’s letter:

[...] we believe the DOC policy constitutes a frightening and illegal invasion of privacy for DOC applicants and employees – as well those who communicate with them electronically via social media.

Neither Officer Collins nor his Facebook “friends” deserve to have the government snooping about their private electronic communications. Login information gives the DOC access to communications that are intended to be private, such as personal email messages and wall postings viewable only by those selected individuals who have been granted access. For social media users who maintain private accounts, the  DOC demand for login information is equivalent to demands that they produce all of their private correspondence and photographs for review, or permit the government to listen in on their personal telephone calls, as a condition of employment. Such demands would be unconscionable, and  there is no basis for treating electronic communications differently. While employers may permissibly incorporate some limited review of public internet postings into their background investigation procedures, review of password-protected materials overrides the privacy protections users have erected and thus violates their reasonable expectations of privacy in these communications.

That’s a well-stated position and argument supporting the reasonable rights of the individual to privacy, sentiments that I believe are equally viable here in the UK and in other countries in addition to the USA. Even (or perhaps especially) when employees ignore common sense and disclose far too much personal information in their online social networking profiles. And let’s not forget that access to someone’s account also means access to information about the friends that person is connected to.

The employer has reasonable rights, too, let’s not forget that either, as well as responsibilities to ensure the integrity, security and safety of the workplace, among many other things, for other employees as well as other people (children, for instance, in a school setting). Yet the only circumstances I can imagine where an employer is given access to an employee’s Facebook or any other online social presence account are either with the employee’s freely- and willingly-given permission, or under an order from a court of law. No matter what job someone is applying for, you don’t need the potential or actual employee’s social network log in details in order to do background checks that would satisfy such investigation. I can see no right for any organization to require login access to someone’s Facebook account a prerequisite for employment.

Incidentally, take a look at the comments to the story in The Atlantic – over 80 as I write this post, many with compelling arguments to support views highly critical of the DOC.

Do you agree that carte-blanche employer access to Facebook and other places online as described in this example must be off limits? Watch the video of Officer Robert Collins explaining the circumstances as he sees them.

What does it all say about the DOC’s understanding of what Facebook is and what people do with it?

What’s your take on this story?


© 2011 - visit NevilleHobson.com for more great content, or connect with him on Twitter: @jangles.


neville

Neville Hobson

Neville Hobson, ABC, is a communicator, blogger and podcaster, one of the leading European early adopters and influencers in social media communication for business. He is an accredited communication practitioner with over 25 years
See Full Profile >

Comments

MattMooreWrites
Posted on February 21st 2011 at 2:38PM

First, they aren’t asking to see his Facebook profile, but his credentials, which he may use on other sites. This request could put the applicant at risk since all it takes is one disgruntled or corrupt employee to wreak havoc. As well, the DOC could delete, update or pose as the applicant using those credentials as a way to entrap the applicant’s friends into saying something or “clean up” the applicant’s profile.

Second, even if they did just want to see his profile, the purpose that it is for a background check is false on its face (no pun intended). With a name, date of birth and other information, a background check can be run of public records. With a little more effort, a search of Facebook and other social media tools can be run. For example, the DOC could ask for usernames of the applicant in publicly available forums, e.g., Twitter, news sites, blogs, etc., which I think is reasonable considering the responsibilities of the position. But to demand access to personal, private conversations (assuming the privacy settings are in place) when there is no reason to believe the applicant poses a threat or has done something wrong is a 4th and 5th Amendment violation.

Courtney Hunt
Posted on February 21st 2011 at 8:13PM

The City of Bozeman, Montana tried to implement a similar policy in the summer of 2009. The policy lasted less than 24 hours because of the national backlash they received. Here's a link to one of the stories about it, on Mashable. com: http://mashable.com/2009/09/03/bozeman-montana/.

Last fall I wrote a white paper on the subject of "social screening," which relates to this post. It's called, "Social Screening: Candidates - and Employers - Beware." It can be accessed via http://tiny.cc/SocialScreeningPaper. I wrote a follow-up blog post entitled, "Social Screening: The Expanded Discussion," which can be accessed via http://tiny.cc/SocialScreeningFU.

Finding the right approach to social media policies is critically important, and many organizations are guilty of overreaching. A couple of weeks ago, for example, the NLRB settled its "Facebook case" with an employer (AMR), and one of key terms of the settlement was that the employer agreed to revise its "overbroad" policy. I wrote about this case both when the complaint was filed and after it was settled. Here are links to each piece: http://tiny.cc/SMinOrgsNLRBpost and http://tiny.cc/SMinOrgsNLRBsett.

This week I'll be publishing a post on social media policies that addresses the issue in a more holistic way. This is an important issue that requires a thoughtful, balanced approach.

Courtney Hunt - Founder, Social Media in Organizations (SMinOrgs) Community

 

socialreport
Posted on February 21st 2011 at 7:12PM

Definitely agree that tracking social accounts for employees, albeit public once, is a grave invasion of privacy. How is it different from any other personal aspects of life - regular mail, email, phone conversations, etc, etc.

But what do you think of requiring inmates released on parole to face this requirement. Especially sex offenders!?

That's actually one of the features of Social Report (http://www.socialreport.com) - ability to track patterns within social network accounts. If a sex offender starts befrending kids on Facebook - that's not a very good sign!

Social Report Team

Posted on February 21st 2011 at 7:23PM

Personally this would be a sign that this is not an environment that I want to work in if a potential employer is essentially telling you that they want and require the right to invade your privacy at any time.  With that said I do think that people need to be more aware of the things that they post on social media sites and how it can affect their professional reputations.

I advise companies to create a social media policy and make it clear what is or is not acceptable behavior if you choose to identify yourself with a company.  Though there should be a line between personal time and work time, that line has become blurred and though you may not be embassed by your pictures, it may not be the image the company wants to project.

I think it's fair to discuss the social media policy during an interview process, and I also think it's fair for a company to find out what a prospect puts out to the public.  However, I do think asking for a log on crosses the line.

Posted on February 21st 2011 at 10:14PM

 Good heavens, does this mean that every corrections officer ever hired before social media was a security risk? We need some sanity. This is just a poor hiring practice, never mind the rights issue. If you can't tell if someone will be a good employee without looking at their Facebook page, it's time for new leadersip in HR.  The courts have already determined that an employee cannot be fired for being critical of an employer on social media on their own time. Social media policies are for "after the fact" of hiring. I agree w/Nicole...not a place I want to work.

Posted on February 22nd 2011 at 3:01PM

If a company wants to do a background check, they have many resources already available. They can easily do so with a person's social security number. It's definitely an infringement of privacy to ask for a username and password to a social networking site. Going even further, I think it's silly. Do the background check and you'll find out all you need to know. You don't need to know about my personal life, like what I ate for breakfast and what I wore last weekend at the bar.

Courtney Hunt
Posted on February 22nd 2011 at 10:56PM

This story has generated a mini media firestorm in the past week. I have been sharing my thoughts on various articles and blog posts, and I finally decided to write my own reflection as well. Here’s a link to it: http://tiny.cc/4hkbu. One underreported “fact” I learned in doing a little additional research is that a representative from Maryland’s DPSCS says they do not have a policy that requires job candidates to provide login information, so the case may not be as clear-cut as it seems. It will be interesting to see how this case finally gets resolved…

Thanks so much for bringing it to my attention, Neville!

Courtney Hunt - Founder, Social Media in Organizations (SMinOrgs) Community

Posted on February 25th 2011 at 9:51PM

This is not a privacy issue, it is a contract issue.  By using facebook, you agree to their terms of use which includes:

"You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account."

So, if any one is asking you for your password, they are asking you to break your agreement with Facebook.

angieB
Posted on September 15th 2011 at 4:52AM

Your facebook account is private so your employer has no right to have an access to your facebook account unless, he or she is you boyfriend or girlfriend. Your employer can be your friend on your facebook account but he must no know your password.

Posted on September 30th 2011 at 12:04PM
Not unless you allow your employee to access it. Facebook was first created with a whole different meaning and everyone should have the right to privacy. If your employee really wants to know more about you there's always the option of pre employment testing.
MikeG
Posted on March 22nd 2012 at 2:34AM

What I see is an evasion of privacy, but a corporation does have the right to screen potential employees.  With that said if you give up your personal information (Facebook, LinkedIn account information) voluntarily for the prospect of a well paying job, you just gave away your intellectual property that you share only with your friends.

With that information yes they could change your profile to fit the needs of a company’s public profile (if they did hire you), but what if you were not hired and now they have your personal social network information.  There is no law in place that I know of that stops corporations from profiting from your ideas that they gained from just looking at your personal profile to see if you meet the needs of that company’s ideals of a proper employee.  Of course they would never say they got that idea from your “Facebook, LinkedIn” page.