Last week, the Associated Press reported the story of Justin Bassett, a New York statistician who was asked to disclose his Facebook username and password during a recent employment interview. The AP report went viral, and other media outlets and the blogosphere lit up with stories about Mr. Bassett’s dilemma and the questionable practice of employers asking potential employees for social media login information. General outrage over such an employment practice ensued—including from Facebook itself—and the week ended with Senator Richard Blumenthal, D-Conn., promising a bill to prohibit employers from requesting login information during the interview process.
The uproar over the questionable employer practice of asking for an applicant’s Facebook login information continued this week. On Monday, March 26, 2012, Senator Blumenthal, along with Senator Charles E. Schumer, D-NY, sent letters to the U.S. Department of Justice and the U.S. Equal Employment Opportunity Commission urging those agencies to investigate whether the practice of requesting such information violated various federal laws. From the senators’ letter to the U.S. Equal Employment Opportunity Commission:
We write concerning reports in the media that some employers are requiring job applicants to provide their usernames and passwords to social networking sites like Facebook as part of the hiring process. By requiring applicants to provide login credentials to social networking and e-mail sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions. We are concerned that this information may be used to unlawfully discriminate against otherwise qualified applicants.
This concern is well-founded. The fact that employers Google applicants and look at public information from their social media profiles is no longer a surprise to most, but requesting the login information to applicants’ social media profiles struck a chord with many commentators—with most decrying the severe invasion of privacy. While both practices could subject an employer to a state or federal discrimination claim (for failure to hire based on learning an applicant’s protected class status through the online search), the request for login information could further implicate state invasion of privacy laws and the federal Stored Communications Act (for unauthorized access to communications in storage when password obtained under duress) or the Computer Fraud and Abuse Act (intentional access to a computer without authorization). The risk of a discrimination or privacy claim increases exponentially when an employer—by virtue of access to otherwise private areas of an applicant’s social networking profile—is able to review personal photos, private e-mail messages, and otherwise confidential biographical data. This risk certainly may outweigh the reward.
It is important to note that invasion of privacy claims differ by state, and the issue of whether forcing applicants to disclose login details has not been considered by any court. Indeed, there are currently no laws specifically banning the practice (or blessing it). However, case law is clear that unauthorized access—through duress or otherwise—of an employee’s social networking profile or personal e-mail account could violate the Stored Communications Act or, potentially, the Computer Fraud and Abuse Act.
Senator Blumenthal and various states are also angling towards prohibiting employers from requesting the login information to applicants’ social media profiles. Last week, Senator Blumenthal told Politico that requesting login information from prospective employees amounts to an “unreasonable invasion of privacy” for those looking for work. This week, Senator Blumenthal and Senator Schumer indicated that they were presently drafting a bill outlawing the practice and to fill in any gaps in federal law that would allow employers to require login information for social networking sites from applicants in order to be considered for employment. In addition, some states have already taken action to ban the practice. There is legislation pending in Illinois and Maryland addressing the very issue, and each bill would prohibit employers from seeking applicants’ social networking passwords.
On Friday, March 23rd, Facebook itself jumped into the discussion by publishing a “note” on its website. Erin Egan, Facebook’s Chief Privacy Officer, did not mince words regarding Facebook’s stance on the practice of employers requesting Facebook login information during the interview process, and the employment law issues that might arise from the practice:
In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability. The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information. As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password. We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person. Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime). Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges…
Ms. Egan’s concerns are well-grounded. The practice could subject employers to state invasion of privacy claims, state or federal discrimination claims, or a Stored Communications Act or Computer Fraud and Abuse Act claim. Also, creative plaintiffs or plaintiffs’ attorneys could come up with other causes of action based on the practice.
While applicants for employment have every right to refuse to hand over login information during an interview, in this economy, many applicants are not in the position to refuse such a request. The solution is for employers to not put applicants in that position in the first place. Employers should refrain from requesting or accessing the personal e-mail accounts or social networking profiles of their applicants. There is simply no good excuse or need for requesting the non-public information, and the practice could lead to legal and public relations nightmares for employers. As simply put by Senator Schumer: “Facebook agrees, and I’m sure that most Americans agree, that employers have no business asking for your Facebook password.”