Facebook Passwords, Information Need to Be Kept Private

By Wayne Rash  |  Posted 2012-03-27

Facebook Passwords, Information Need to Be Kept Private

The recent practice of employers and would-be employers requesting Facebook and other social network log-in information is probably a violation of equal employment laws, say two Senators. U.S. Senators Charles Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.) have asked the U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Justice to investigate the practice of requiring job applicants and employees to provide their social network log-in information as a condition of employment.

The senators sent a letter to the EEOC regarding the practice. Schumer and Blumenthal noted that some jobs require comprehensive background checks, but that access to private information on social media sites could give those employers information that they are not permitted to request under federal law, such as race, religion, marital status or pregnancy status along with other protected information.

The senators also wrote a letter to U.S. Attorney General Eric Holder asking the Justice Department to investigate whether the practice of requesting Facebook credentials violates the Stored Communications Act (SCA) (18 U.S.C. § 2701) of the Computer Fraud and Abuse Act (18 U.S.C. § 1030(a)(2)(C)). In their letter, Schumer and Blumenthal asked Holder to issue a legal opinion as to whether requesting and using prospective employees€™ social network passwords violates federal law.

€œTwo courts have found that when supervisors request employee log-in credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA,€ the Senators said in their letter. €œSee Pietrylo vs. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009); Konop vs. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). Although these cases involved current employees, the courts€™ reasoning does not clearly distinguish between employees and applicants.€

In their letter to the EEOC, the senators point out that access to private Facebook information allows prospective employers to see information they€™re not allowed to see under federal law.

€œThis allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status and age,€ the Senators said in their EEOC letter. €œIf employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination.€

The Lesson for Employers or Would-Be Employers Should Be Pretty Clear


The two Senators have announced that they are preparing legislation prohibiting the practice as violation of privacy, which job applicants have little if any way to fight against.

€œThis is especially important during the job-seeking process, when all the power is on one side of the fence,€ Blumenthal said in his prepared statement. Blumenthal said that he€™s confident that the practice will be found to violate federal law. The senators noted that Facebook itself announced that such a practice would violate its privacy policies, and that the company intended to take legal action against any employer that violated it or forced Facebook users to reveal their log-in credentials.

The lesson to employers or would-be employers is quite clear: If you€™re asking potential employees for their social network log-in info, then you€™re almost certainly breaking the law.

Employers are allowed to see what your employees or applicants say in public, and you can do that by viewing the information they post in public. But if you go beyond what€™s public and base a hiring or employment decision on protected information, you€™re setting yourself up for serious legal problems. You could even find that you€™re committing a crime, an activity that would be certain to annoy your legal department.

If your human resources department is doing this, it might be a good idea to suggest that they take refresher training in EEOC nondiscrimination practices. You might also have them refer to the cases mentioned above for details on how they might be impacted by civil liability claims.

If you€™re a job applicant, the story is a little different. If you€™re applying for a job, and your prospective employer demands your social network log-in info, then you have a decision to make. Do you really want to work for a company that could be potentially violating federal law? If you really need this job, then ask the employer to make the request for credentials in writing. If you don€™t get the job, file a complaint with the EEOC, and use the written request as evidence.

Of course, you have to understand that there are a few jobs out there where the employer will still get to look at your private Facebook information. So if you€™re applying for a highly sensitive job at an intelligence agency, you€™d better hope that your Facebook pages don€™t contain anything incriminating.

But in reality, you should make sure that your Facebook pages don€™t contain anything that€™s potentially harmful to your employment or your peace of mind. Even if your employer doesn€™t have€”and can€™t get€”access, that doesn€™t mean your friends can€™t. And while I can€™t tell you whether to trust your friends, just ask yourself if there€™s anything in your Facebook profile that would be a problem if one of the people you trust decided to release it. If so, it shouldn€™t be there.

Rocket Fuel