Should your employer have access to your Facebook account?

privacyrisksfacebookYesterday, I read a report in the American magazine The Atlantic which asked the question Should Employers Be Allowed to Ask for Your Facebook Login?

It’s the story of a man in the US state of Maryland who applied for a job at the state’s Department of Corrections (prison service) and who was obliged to disclose his Facebook log-in credentials during the job interview. As The Atlantic tells it:

[…] According to an ACLU letter sent to the Maryland Department of Corrections [PDF file], the organization requires that new applicants and those applying for recertifications give the government “their social media account usernames and personal passwords for use in employee background checks.”

Let’s get this straight: this particular organization is saying that if you want a job with them, you have to give them access to your Facebook account (and of your other social presences online) which means they can log into that account with your credentials, ie, as you. All for the stated purpose of conducting “employee background checks.”

In an initial exchange of tweets about this story with Sue Llewellyn, one of my Twitter community, I said:

[…] I think there’s an ‘it depends’ answer in there somewhere re employer right to ask for login info.

What did I mean by that? Would an employer have any right to do what the Maryland Department of Corrections (DOC) is doing?

I clarify my comment by citing this statement from the ACLU’s letter:

[…] we believe the DOC policy constitutes a frightening and illegal invasion of privacy for DOC applicants and employees – as well those who communicate with them electronically via social media.

Neither Officer Collins nor his Facebook “friends” deserve to have the government snooping about their private electronic communications. Login information gives the DOC access to communications that are intended to be private, such as personal email messages and wall postings viewable only by those selected individuals who have been granted access. For social media users who maintain private accounts, the  DOC demand for login information is equivalent to demands that they produce all of their private correspondence and photographs for review, or permit the government to listen in on their personal telephone calls, as a condition of employment. Such demands would be unconscionable, and  there is no basis for treating electronic communications differently. While employers may permissibly incorporate some limited review of public internet postings into their background investigation procedures, review of password-protected materials overrides the privacy protections users have erected and thus violates their reasonable expectations of privacy in these communications.

That’s a well-stated position and argument supporting the reasonable rights of the individual to privacy, sentiments that I believe are equally viable here in the UK and in other countries in addition to the USA. Even (or perhaps especially) when employees ignore common sense and disclose far too much personal information in their online social networking profiles. And let’s not forget that access to someone’s account also means access to information about the friends that person is connected to.

The employer has reasonable rights, too, let’s not forget that either, as well as responsibilities to ensure the integrity, security and safety of the workplace, among many other things, for other employees as well as other people (children, for instance, in a school setting). Yet the only circumstances I can imagine where an employer is given access to an employee’s Facebook or any other online social presence account are either with the employee’s freely- and willingly-given permission, or under an order from a court of law. No matter what job someone is applying for, you don’t need the potential or actual employee’s social network log in details in order to do background checks that would satisfy such investigation. I can see no right for any organization to require login access to someone’s Facebook account a prerequisite for employment.

Incidentally, take a look at the comments to the story in The Atlantic – over 80 as I write this post, many with compelling arguments to support views highly critical of the DOC.

Do you agree that carte-blanche employer access to Facebook and other places online as described in this example must be off limits? Watch the video of Officer Robert Collins explaining the circumstances as he sees them.

What does it all say about the DOC’s understanding of what Facebook is and what people do with it?

What’s your take on this story?

Neville Hobson

Social Strategist, Communicator, Writer, and Podcaster with a curiosity for tech and how people use it. Believer in an Internet for everyone. Early adopter (and leaver) and experimenter with social media. Occasional test pilot of shiny new objects. Avid tea drinker.

  1. Armin

    The answer is very simple, Facebook Ts&Cs:

    4.8. You will not share your password, (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

  2. Chris Reed

    Wow – hadn’t seen that Atlantic story, and it’s a real step change. An unwelcome one too. There are good reasons for wanting to double-check that people who apply for roles at the DoC are legit, but surely there are existing (and better?) ways than this. It is the equivalent of giving someone permission to steam open all the letters you receive, or eavesdropping telephone calls – just with a more modern form of communication. And imho it’s asking for too much to expect people to agree to it…

    Having said all that, I have recently been mulling over (from an employer’s POV) how to stop employees from using Facebook (in particular FB Messaging) from sending sensitive/confidential work-related communications via Facebook – given the content-sniffing implications of doing so. A different thing entirely I know, but at its heart a similar ‘workers privacy v employers confidentiality’ trade-off… No doubt one I’ll return to, or you’re already aware of ;)

  3. Chip Griffin

    It’s important to recognize that being hired for a law enforcement position is different from most other employment situations. It is common for there to be extensive background checks of potential new hires — not the cursory electronic database checks that many employers run, but in-depth, invasive examinations.

    For instance, the background checks may include interviews with family, friends, neighbors, classmates, colleagues, and more. In addition, some agencies use lie detector tests that ask all manner of invasive personal questions. Then there are medical tests, including drug tests, and financial investigations that may be undertaken.

    So access to one’s Facebook account may be among the least invasive requests made during the process of obtaining a job in law enforcement.

    Now I am not familiar with this particular employer’s approach, so this could be an extension of already aggressive background investigation, or it could be a knee-jerk reaction to social networking fear.

    In any case, it isn’t an especially good example to use when looking at employer behavior with regard to Facebook because the nature of the job is very different from what most of us experience.

  4. Janet Aldrich

    Under no circumstances would I give any potential employer a PASSWORD. You want to know what my “identity” is on FB or twitter? Sure. It’s even in my email sig. Read anything I’ve posted publicly — that’s why it’s there. But no way on earth am I giving you the possible ability to post as me. There isn’t a job on the planet worth that potential indignity.

  5. neville

    Armin, Chris, Chip: thanks for your comments. I included them (read them out) in today’s FIR #587 podcast where we discussed this matter.

    Janet, thanks for your comment, too, which I didn’t see in time for recording. Agree with your pov, btw.

  6. Sales Management Training

    First, they aren’t asking to see his Facebook profile, but his credentials, which he may use on other sites. This request could put the applicant at risk since all it takes is one disgruntled or corrupt employee to wreak havoc. As well, the DOC could delete, update or pose as the applicant using those credentials as a way to entrap the applicant’s friends into saying something or “clean up” the applicant’s profile.

    Second, even if they did just want to see his profile, the purpose that it is for a background check is false on its face (no pun intended). With a name, date of birth and other information, a background check can be run of public records. With a little more effort, a search of Facebook and other social media tools can be run. For example, the DOC could ask for usernames of the applicant in publicly available forums, e.g., Twitter, news sites, blogs, etc., which I think is reasonable considering the responsibilities of the position. But to demand access to personal, private conversations (assuming the privacy settings are in place) when there is no reason to believe the applicant poses a threat or has done something wrong is a 4th and 5th Amendment violation.

Comments are closed.