Why Employers Asking for Employees’ Facebook Credentials is a Bad Idea: LXBN Roundtable

By | LXBN | March 27, 2012

Even as unemployment/employment metrics begin to trend in a positive direction, many people are still feeling the pinch of the recession. Job-hunters everywhere find themselves competing with overqualified applicants, and employers search for the one factoid that puts a prospective employee head-and-shoulders above the rest.  So it’s no surprise employers are looking for every scintilla of information on anyone applying for a position within their company.  In some situations, however, employers are going a bit too far in their search for the “perfect” employee.

Recently, the Associated Press reported (link to that story is above) that job applicants were being asked for their Facebook usernames and passwords. While it has become common practice for employers to view an applicant’s public profile on any social networking site they are a member of, requesting unfettered access to social networking accounts brings a new level of scrutiny to the job search.  This new trend may be in reaction to the increased savviness of job-seekers who intentionally limit what can be seen on their public profiles.  Whatever the cause, employees, as well as employment and privacy lawyers, are asking themselves the same question: “Is this legal?”

Daniel Schwartz, an attorney with Pullman and Comley LLC, was talking about this exact topic on his Connecticut Employment Law Blog long before it became a trending story on legal blogs everywhere.  In his post on September 19th, 2009, Dan looked at the two competing schools of thought on the practice of using social networking profiles to screen potential employees, and came to this conclusion:

“Overall, employers should tread very carefully in using social networking sites as a screening device.  There are very little substantive advantages to using such sites and there are several landmines employers need to avoid. While they may satisfy an employer’s curiosity, the time-worn principles of checking references, conducting interviews and, if necessary, background screening, should typically satisfy most employer’s need to hire the best candidate.”

In a post yesterday, amid the rash of blog posts, news bulletins, and “scholarly” articles on the matter, Mr. Schwartz points out that this story has been helped, in part, by one of his own state’s Representative to Congress:

“So, imagine my surprise the last few days when the topic of employers asking applicants forFacebook passwords has suddenly made front page news.  (Indeed, the topic of whether passwords are even protected by the Constitution is now making the rounds as well.)I couldn’t help but say to myself, “NOW you’re interested in this?”

The kerfluffle has been fostered in part by one of Connecticut’s senators, Richard Blumenthal, who wants to introduce legislation to make that practice illegal.  Facebook has responded by saying that it will take actionagainst those employers who engage in such a practice.”

While Mr. Schwartz approached this question from a practical perspective, assuming employers were going to look at social networking sites but wondering if it was a valuable exercise, other attorneys have been more concerned with the legalities of such hiring policies.  Peter Hall, a lawyer with Greenberg Traurig, wonders if asking for passwords under the duress of a job interview is coercion, which could violate the Stored Communications Act. Here’s what he had to say on the firm’s L&E Blog:

“The federal Stored Communications Act prohibits the access of electronic communications — which would include Facebook postings — without the user’s authorization. That authorization must be freely given and not coerced. At least one case, Pietrylo v. Hillstone Restaurant Group, has ruled that a management request for login information and passwords to otherwise private employee social media accounts can be coercive and violative of the Stored Communications Act.”

Joseph Lazzarotti, the editor of Workplace Privacy, Data Management & Security Report and partner with Jackson Lewis, discusses two bills in Maryland and Illinois that could deal directly with employers snooping around social networking profiles:

“Under one version of the law in Maryland, H.B. 364, employers would not be permitted to

  • require an employee or applicant . . . to disclose any user name, password, or other means for accessing any internet site or electronic account through an electronic device, or
  • require an employee to install on the employee’s personal electronic device software that monitors or tracks the content of the electronic device.

…..

The Illinois law being considered (H.B. 3782) would make it unlawful for “any employer to ask any prospective employee to provide any username, password, or other related account information in order to gain access to a social networking website where that prospective employee maintains an account or profile.”"

If the above bills are passed, they may eventually be superseded by any federal statutes that arise from this minor controversy, but they may serve as a welcome stop-gap measure in the interim.

As the debate heated up last week, Facebook, through their Chief Privacy Officer Erin Egan,  issued a statement of their own denouncing employers who asked for passwords, as well as making it a violation of their Terms of Service to share your password.  Michael Kelsheimer, an employment law attorney with Looper Reed, has Ms. Egan’s post in it’s entirety on the firm’s blog, Texas Employer Handbook.  Here are the first two paragraphs from that statement:

“In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.

The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.”

Mr. Kelsheimer echoes many of the sentiments in Facebook’s release, and points out that the NLRB would love nothing more then to get their hands on a discrimination claim brought about by an employer using an applicant’s Facebook password:

“Similarly, you have to be careful with existing employee Facebook information.  As I have previous warned, the National Labor Relations Board has rabbidly chased after employers who use employee complaints as a basis for termination or discipline.  Employee complaints about supervisors, pay, or working conditions are considered pre-union activity and protected under the National Labor Relations Act.”

Building on the idea that employers are opening themselves up to discrimination claims, Jason Shinn, the author of the Michigan Employment Law Advisor, outlines three reasons why employers should stay away from potential employees Facebook passwords.  Included in his list, is the potential for discrimination lawsuits:

“(G)iven the treasure trove of information that an employer may learn about an applicant or employee through Facebook or other social media outlets, e.g., race, age, pregnancy status, religion, disability status, etc., an employer is almost asking to have any legitimate, nondiscriminatory reasons for making an employment decision subject to being challenged upon review of a given Facebook profile.

Think of it this way, an employer would never in the course of interviewing a candidate require a resume to include a color picture of the candidate or ask about a person’s age, pregnancy status, race or ethnic background. Yet all of this information and more is readily available through a person’s social media profile.”

In his post, Jason, a lawyer with E-Business Counsel, also lists federal prosecution, along with the negative backlash employers may feel if they continue to act like “Big Brother” as reasons why employers should avoid utilizing this practice.  Honestly, I couldn’t agree more with Mr. Shinn’s last point.  Any potential benefits an employer would gain by digging through an applicant’s Facebook account are undoubtedly lost when people find out a company routinely asks for that sensitive information upon applying.  As a tech and social media-savvy child of the internet age, I can say that if I were asked for my Facebook username and password in a job interview warning bells would go off in my head.  If a company is asking that of you before you even sit down at a desk, what are they going to ask of you later?  What must the company’s culture be like?  Maybe some hiring managers think this is a shortcut to finding out how a person will fit in their office before they even enter, but all they’re really doing is finding a shortcut to losing talented employees before they even hire them.

To see LXBN’s full coverage on this topic, be sure to check out our library of posts from employment lawyers around the country.