A new practice has emerged since my article on Social Media for Utilities was published in January 2011: requiring job seekers to provide their prospective employers with the password to their Facebook accounts. According to this article, several cities and law enforcement agencies asked applicants to supply passwords to their social networking sites or agree to “friend” an investigator running a background check.
But is it legal for employers to impose this requirement? Many employers argue that password disclosure is voluntary and that job candidates can withdraw from consideration if they don’t want to grant access.
Others are both troubled and offended by this new development, as discussed in the Wall Street Journal. Both the ACLU and Orin Kerr, a law school professor characterize the disclosure policy as an “egregious privacy violation,” and at least two states, Illinois and Maryland have considering legislation that would prohibit it. Other commenters note that companies that access a candidate’s Facebook profile do so at their peril since the practice may open companies up to liability for basing hiring on consideration of improper factors like family status, or would run afoul of Facebook’s terms of service (users are not permitted to grant others access to their accounts), which in turn, could violate the Computer Fraud and Abuse Act.
Like many law enforcement agencies, utilities have a strong interest in reviewing the background of potential employees who will have access to confidential information or may deal with safety issues every day. Even so, forcing job candidates to disclose their Facebook password goes to far and isn’t likely to produce any potentially damaging material. Those applicants who truly have something to hide will simply cleanse their accounts before revealing their password — while those who don’t pose any problems are forced to put their private lives – unflattering photos and recipes and pictures of kids – on display for all to see.