Facebook: Don't give passwords to employers
AP Photo/Adrian Wyld
(MoneyWatch) COMMENTARY The Maryland Department of Public Safety and Correctional Services recently stirred controversy when it asked job applicants to hand over their social network logins. The agency wanted "social media account usernames and personal passwords for use in employee background checks," according to the ACLU. The situation is cause a lot of kick-back, including from U.S. Senator Richard Blumenthal, who is writing a bill that would prohibit the practice.
The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
As a user, you shouldn't be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn't have to worry that your private information or communications will be revealed to someone you don't know and didn't intend to share with just because that user is looking for a job. That's why we've made it a violation of Facebook's Statement of Rights and Responsibilities to share or solicit a Facebook password.
On one hand, it only matters if Facebook calls asking for a password a violation of its terms of service if the organization asking has a Facebook page. If it doesn't, what could Facebook do?
Should job seekers open up their Facebook page?
Job seekers asked to give Facebook passwords
Want a job? Give up Facebook
But Facebook might not have to do anything. As the company's post points out, there are other potential legal problems for employers. As any corporate HR person could tell you, there are protected classes under employment law. A company can't discriminate based on such things as age, race, and creed. In fact, hiring managers aren't even supposed to ask things like how old an applicant is.
Access someone's social networking accounts, however, and you're likely to come across such sensitive information. Now what happens if you don't hire that candidate? You're potentially the target of an employment discrimination suit.
There are other potential problems, as well. According to David Baffa, partner in the labor and employment department of law firm Seyfarth Shaw, "about half of the states have some manner of a statute of the books that would seek to protect against discrimination against lawful, off-duty conduct. The tobacco industry drove a lot of those laws. But it is something that can be applied."
Should it store the data, an employer could fall afoul of a variety of privacy regulations that govern retention of people's personal data. Or individuals might claim that they were forced to violate the terms of service of a social network by giving away a password and that the hiring company in question coerced them to do so, under threat of not hiring them.
"Asking for someone's password, while I do think that the area of the law is murky, is not something I would view as a best practice," Baffa says.
It's a messy situation, and one you can bet that will land in a court sometime in the near future.
Popular on MoneyWatch
- TGI Fridays nailed for doctoring booze
- Reverse cell phone lookup service is free and simple
- Amy's Baking Company could face legal 'nightmare'
- How Bernanke's testimony affects investors
- Help! My boss is promoting the wrong person
- Snapple co-founder Leonard Marsh dies at 80
- Meat labels getting facelift under new USDA rules
- My company is ending OT pay, but not OT work
Alternatively, a person being coerced to give up their password can temporarily close their account and simply (and truthfully) tell their prospective employers that they are not on Facebook. Later on, the can re activate the account.
Naturally, the very idea that someone would be legally required to share their private information with prospective employers is utter nonsense. However, the threat continues to be real and potentially harmful.
First, if you're not prepared to surrender your Facebook password (and know you won't be hired because of it), have some fun with them before you leave. It's a version of the childhood game of "Playing Doctor" (I'll show you mine if you show me yours, hehe).
Tell them you'll give them your Facebook password if the company will give you "its" Facebook password. Tell them that, just as much as they want to find out if you're the type of employee they want to hire - you want to find out if they're the type of employer you want to work for. And when they scoff at YOUR request for THEIR password, walk out - with a smile on your face and your dignity intact.
The "solution" to this problem was, in a way, first proposed by classic author Robert Louis Stevenson in his novel, "The Strange Case of Dr. Jekyll and Mr. Hyde." Put simply, set up TWO accounts with Facebook (using different browsers with separate cookies and two unique email addresses). On the "Jekyll" Facebook account, post photos of your trips to the zoo, a list of your favorite charities, and reviews of your favorite PG movies (grin). On the "Hyde" Facebook account, post all your gripes and spleen-venting. Then, when an employer asks you for your Facebook logon info, give them the info on your "Jekyll" account.
Of course, if you do this, be absolutely sure you don't "friend" your alter-ego account (grin).
I think you get the idea. There should be no way an employer could "cross-reference" your two identities based on personal information requested by Facebook. And, besides not friending your shadow identity and vice versa, you should make sure neither identity friends the same person.
Beyond that, make sure your Jekyll account is updated every now and then to make it appear you're really using it.