Subscribe to CIO Magazine »

Are Facebook passwords fair game for employers?

The Associated Press in late March reported on the issue of employers asking job applicants for their Facebook passwords, citing new and old incidents. The story apparently hit a sore point because it was all over the press within a day or so and in short order politicians were posturing and reaching for the limelight by introducing legislation to ban the practice and sending letters to enforcement agencies demanding action. Based on the comments since the story broke, it is clear that the specific practice of demanding an applicant's password to a social media site is not common but that there is a common worry that it might become so.

The ruckus started when the Associated Press reported that two years previously the Maryland Division of Corrections had demanded an officer's Facebook password during a recertification interview. Facebook quickly weighed in, said that employers should not be doing this because it violates the Facebook user's privacy and Facebook's terms of use, and seemed to threaten to sue employers that did so -- only to drop the threat a few hours later.

YIKES: 15 worst Internet privacy scandals of all time

U.S. Sens. Charles Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.) sent letters to U.S. Attorney General Eric Holder and Equal Employment Opportunity Commission Chairwoman Jacqueline Berrien asking that they investigate if any laws had been broken, and U.S. Rep. Patrick McHenry (R-N.C.) said he was drafting legislation banning the practice.

Certainly a lot of fervor -- now for a bit of reflection.

Is the practice common? Likely not. Very few companies have fessed up to doing this and few employees have come forward to say that it happened to them. But, that said, the majority of companies have been looking at information applicants post on social media sites for years. One survey a few years ago found that 60% of companies had rejected an applicant based on something publicly posted on a social media site. So don't think you are off the hook for that incriminating picture taken at the beach house last summer just because you were not asked for your password.

Is asking for an applicant's password legal? Maybe not, as the Schumer/Blumenthal letter points to court cases that might indicate it is illegal.

What messages does such a request send to the applicant? Clearly the first is that the company treats its employees like chattel, not people. The idea that a company would want to root around in an employee's private life should be deeply disturbing to any applicant. I wonder how many of the people asking for passwords would be happy if their own personal life were regularly reviewed by others in the company?

Another message is that the company does not care much about information security. Asking for an applicant's password would violate just about any company's information security policy that's worth being called one. Maybe the right response if asked is, "Is this a test to see if I am willing to follow the company information security policy? I am, so I will not give you my password."

This practice of asking for employee social media passwords appears to be rare, and hopefully will remain so. But the reaction to the AP report clearly indicates that a lot of people have been conditioned to expect the worst when it comes to privacy and dignity in modern society -- and that is sad.

Disclaimer: Harvard's information security policy includes a rule not to share passwords and I have not heard that recruiters violate the policy. So the above set of opinions is my own.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Facebook, LAN
References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
  • Information Management
    Valuable data can be a needle in a haystack, but by leveraging the value in existing information assets, organisations can generate real and achievable gains in revenue generation, IT investments and productivity gains. This whitepaper discusses how Information Management (IM) is a multi-faceted discipline that can be employed to meet or exceed your business objectives.
    Learn more »
  • CISO 2013 Security Insights: A new standard for security leaders
    Insights from the 2013 IBM Chief Information Security Officer Assessment which uncovered a set of leading business, technology and measurement practices that help to address the questions CISO's and security leaders have in managing diverse business concerns, creating mobile security policies and in fully integrating business, risk and security metrics.
    Learn more »
  • IDC MarketScape Excerpt: Worldwide Client Virtualization Software Assessment
    The rise of BYOD is creating governance and regulatory nightmares while providing end users with unprecedented flexibility and agility. While IT is still intrigued by the possibility of a better desktop management model and the operational savings client virtualization software could deliver, it is the increased governance and the ability to deliver desktops, applications, and data to any device that are driving today's purchases.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments