Facebook and Senators Say Requiring Passwords Could Be Illegal

By | Apr 6, 2012

There is a new trend in the job market: Employers are requiring job candidates to give them their Facebook passwords as part of the interview process. It is not uncommon for employers and schools to review online profiles to verify that there are no unscrupulous behavior or tendencies displayed. But now, they have upped the ante and are requiring full access to these accounts. Shockingly, some of the biggest culprits making these requirements are government offices.

The Stored Communication Act (SCA) and Computer Fraud and Abuse Act (CFAA) are in place to stop these kinds of actions from employers. However, by the fine line of the law, they only correspond to employees, not potential employees.

Facebook states that these actions are against their policies and could result in the closure of those accounts infiltrated. Information on Facebook profiles can include age, nation of origin, race, or other information that could be construed as discriminatory if the employer decided not to hire the person. This could, in turn, result in litigation actions against the employer.

U.S. Senators Richard Blumenthal (D-CT) and Charles E. Schumer (D-NY) are not happy with employers demanding job applicants to turn over their user names and passwords for social networking and email websites to gain access to personal information.

Senator Charles E. Schumer's website shows documents sent to the U.S. Equal Employment Opportunity Commission and the Department of Justice requesting an investigation to review whether this practice is legal. Senators Schumer and Blumenthal are also drafting legislation to fill in any gaps not covered in the SCA and CFAA.

Senator Blumenthal stated, "A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy. An investigation by the Department of Justice and Equal Employment Opportunity Commission will help remedy ongoing intrusions and coercive practices, while we draft new statutory protections to clarify and strengthen the law. With few exceptions, employers do not have the need or the right to demand access to applicants' private, password-protected information."

A company's litigation department of Human Resources department should be aware of these laws, but in some companies, if it has anything to do with the Internet or computers then it is the IT Manager's position to keep them informed. IT managers need to verify the national and local laws in their state, or states that the company works out of, and pass on any information about privacy laws.

Penalties for breaking these laws are considered a civil matter. If the potential employee feels he did not get the job because of information gleaned from a social media site, then he can go after the company or the hiring manager. If management claims they were not informed, then the civil proceedings could include others in the human Resources, IT, or legal departments, depending on the structure of the company.

The privacy laws pertain to social media sites, email, and even the family website--anything of a personal nature that is not considered work related. If the employer wishes to go look at the site, then that is fine, because it is public domain. If they do not have access to the site, then they can't force the employee or potential employee to give them access.

The new laws will prohibit retaliation or discrimination against individuals who report or sue their employer for breaking these laws.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

IBM Solution Midsize Business Solutions

IBM and its Business Partners understand your challenges and needs. We've created specific products and solutions designed to help growing companies like yours work more productively and profitably.

Learn More »