Much more than a friend request
Employer requests for Facebook passwords increase liability,
employee resentment
April 08, 2012|By Jeff Nowak
Picture yourself in the interview for the job of your dreams: You're sporting a
fabulous new suit, you're nailing every question, and you've developed a
rapport with your prospective boss.
As the interview draws to a close, he appears ready to invite you back for a
second round. Then he offers one last question: "Would you provide me your
Facebook password so we can access the content in your profile?" The intent
of the question is clear: This prospective employer wants to scour social media
sites for any content that might effectively screen you out for employment.
Over the past few weeks, news outlets across the country as well as Facebook itself have reported
that employers are increasingly seeking access to individuals' Facebook accounts to find out more
about candidates. The outrage has been so intense and visceral, it's as if Bears fans just learned
Mike Ditka had agreed to coach the Green Bay Packers.
At this early juncture, there are no good data indicating how many employers are engaging in this
practice. I would venture to guess it's a mere handful. Nevertheless, late last month several U.S.
senators called for Attorney General Eric Holder and the Equal Employment Opportunity Commission
to investigate the legality of this practice. Even local legislators have joined in: State Rep. La Shawn
Ford, D-Chicago, recently introduced a bill in the Illinois General Assembly that would make it
unlawful for an employer to ask a current or prospective employee to provide login information to their
social media accounts or profiles. The bill would allow job seekers to sue if asked for such access.
To some extent, this practice should not surprise us. In the past few years it has become increasingly
common for employers to review public social media profiles to learn more about job candidates.
Some surveys put the number of employers doing so at more than 50 percent. So, as candidates
have increasingly set their Facebook and other social media profiles to private, some employers are
taking the next step, seeking direct access to them.
Facebook insists that employers should not ask for candidates' passwords because it's not the "right
thing to do." As one who represents employers exclusively, I am one of the last to advocate for
restrictions on employers' rights. However, beyond this question of "right or wrong," requesting
passwords to social media accounts and profiles is not good business for a host of reasons:
• It could expose the employer to discrimination claims. A fundamental best practice for employers
when gathering information about prospective employees is to make sure that any inquiry is "jobrelated." When employers access a candidate's social media account, they lose control of the
information presented and almost surely collect a lot of information that is not job-related and should
never be considered in an employment decision.
Put another way, an employer would never require a candidate to submit a resume with a photo or
ask about the candidate's race, age, religion or sexual orientation. Yet all of this information is
potentially available through social media. Once an employer knows this, how does the employer
unlearn it?
• Employers also can be exposed to privacy claims. Social media effectively is the water cooler of the
tech-savvy workplace; it's the busy intersection where employees gather to share deeply personal
commentary and voice their complaints. Today's Facebook is like yesterday's snail mail; it's how a
growing number of us communicate. Just as a prospective candidate wouldn't want an employer
rummaging through his or her mail, it seems equally unseemly to allow the employer in the
candidate's social media account or profile.
New legislative initiatives aside, employers accessing social media could be violating existing antieavesdropping and privacy laws, depending on the state.
• Most employers are not prepared to handle this private information. Nearly all those requesting
these passwords are not staffed to do so. And if the employer misses clear signs that the applicant
may engage in conduct harmful to others, will the employer face liability for so-called negligent hiring?
After the employer is finished with the password, what does it do with it? Throw it out? Store it in the
human resources department? In addition, the employer may have some responsibility for preventing
the disclosure of this password to third parties