Gini Dietrich

Facebook Speaks Out Against Employers Asking for Passwords

By: Gini Dietrich | March 28, 2012 | 
116

I’m having a really hard time understanding some employers today.

As I travel the country and spend time with business leaders, it’s very disturbing to me how many have firewalls installed that prevent their employees from using the social networks during business hours.

As if they aren’t just using their phones to get online during the day. Some business leaders go so far as to take phones away as soon as a person walks in the door to prevent even that.

I really don’t understand it. Unless you’re running a daycare for adults, is the trust level so low you can’t expect they’ll get their jobs done if they spend 10 minutes on Facebook during the day? We can allow smoke breaks, but not social media breaks.

It blows my mind, but I didn’t think it could get worse.

And then I read about some companies requiring employees to hand over their social network passwords in order to get hired.

Stop. The. Madness.

This reminds me of the companies that read people’s emails, looking for reasons to fire them. This happened to a friend of mine. She sent an email to a recruiter from her Hotmail account, they were reading anything going over their network, and they fired her.

It didn’t happen to me and I felt betrayed for her. And, really, who has the time?

Thankfully Facebook is stepping in, speaking out against businesses who do this.

Facebook chief privacy officer Erin Egan writes in a Friday blog post:

In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.

If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends.

Reports of such practices are widespread. In June 2009, the city of Bozeman, Montana made headlines when it was revealed that its job applications forms asked for usernames and passwords for the job seekers accounts on “social networking,” including everything from Facebook and Twitter to YouTube and Google.

Earlier this year, the American Civil Liberties Union took aim at the Maryland Department of Corrections after it asked a Maryland man for his Facebook credentials during a recertification interview.

And last week, the Calgary Herald reported on a similar incident in Canada.

It’s even against our civil liberties for employers to hire or fire based on what we have on our social networks.

Employers: Watch how you monitor the social networks for candidates and employees. You could get in a lot of trouble if you’re too closely monitoring the personal activities of your team.

Employees: While it’s still important to be careful what you post online, if anyone asks for your passwords or writes you up (or, worse, fires you) for something you’ve posted on your personal network, you have some recourse.

This doesn’t apply for anything posted on business social networks so mind your Ps and Qs.

About Gini Dietrich


Gini Dietrich is the founder and CEO of Arment Dietrich, an integrated marketing communications firm. She is the author of Spin Sucks, co-author of Marketing in the Round, and co-host of Inside PR. She also is the lead blogger at Spin Sucks and is the founder of Spin Sucks Pro.

Spin Sucks in Your Inbox

116 responses to “Facebook Speaks Out Against Employers Asking for Passwords”

  1. jennwhinnem says:

    Gini – thank you for this, it’s a topic near and dear to my heart. I know you’re traveling, and I have two questions (perhaps the SS community can help with this!). One, I interviewed for a SMM position at a bank, and they said front-line employees couldn’t use private email, Facebook, etc, because it was a security risk for customer financial information. Thoughts?
     
    Two, I agree that it’s against our civil liberties that someone fire us for what we wrote on a social networking site – but has this been put into law? I’ve followed various cases on this, and it seems it differs case by case. Is Illinois not a employment-at-will state?
     
    thanks!

    • ginidietrich says:

       @jennwhinnem On your first question, I’m not sure. That very well could be…or it could be like having to turn your Kindle off when a flight takes off (totally bogus). Maybe someone else here can answer that one.
       
      Yes, Illinois is an at-will state and this hasn’t been put into law, but most attorneys I know, across the country, are telling employers “Do this at your own risk.” While it’s not law, it is a civil liberties issue and can be tried in civil court.

      • jennwhinnem says:

         @ginidietrich Thanks so much. One more question if I may – does AD have an employee social media policy? Do you think it’s out of line to have one?

        • ginidietrich says:

           @jennwhinnem We do have one. It’s pretty informal. It has things like, “Don’t swear, be funny, and don’t discuss company financials.” I think there are 10 or 11 things like that. 

  2. ComputerArtMan says:

    @kmueller62 We Keep rolling! It was an Incredibly #awesome week come C our newest W/SM Hero @Poochie7060 http://t.co/kASGJj8n #Vlog4Art

  3. Thanks for doing the leg-work for most of us. I care about it, but am too lazy to follow it all myself 🙂

  4. britt_thomas says:

    I read an article about this a week ago and sent it to my HR division to get their thoughts explaining that I didn’t believe that companies should be able to do this. I got a curt response that it is, in fact, legal. 
     
    I really do understand trying to keep your employees on task and off of social networks. But this is an invasion of privacy on a very high and personal level.The story that surfaced awhile ago about the gentleman who was running a company Twitter account but then took that when he left is an example of a blurry line. 
     
    Handing over a Facebook password to a potential employer is completely ridiculous. Just writing about it infuriates me.

    • ginidietrich says:

       @britt_thomas I think your HR person is wrong. It’s not legal. I run a business in an at-will state, but I know I can’t fire anyone for what they put on their social networks. Talk to them about it? Yes. But fire them? No. The ONLY reason you should be handing over the passwords is if you’re running the company pages.

      • britt_thomas says:

         @ginidietrich I 100% agree. I have a feeling this whole topic will get ugly in the coming months.

        • ginidietrich says:

           @britt_thomas I hope it does. It’s ridiculous. I run a business. I *know* we have better things to do. If my team isn’t getting their work done, it’s not a social media problem. It’s an operational issue.

    • jennwhinnem says:

       @britt_thomas Proud to say that my HR person was not in favor of the idea!

  5. MarkCRobins says:

    In Canada our Privacy Commissioner has declared these actions to be illegal, no employer has the right to even ask let alone demand personal passwords. There is also discussion here about potential litigation against employers that attempt this. Personally if I was asked I would of course refuse and mount a serious Social media campaign against such a company.

  6. KenMueller says:

    We had a discussion about this in class last night, and my gut feeling is that in the end, in most cases, this won’t hold up in court. It really opens up a slippery slope. Password to your private email account? Password to your online banking?
     
    Also, what to companies hope to gain? Are you afraid of what people are putting on their Facebook page will look bad for your business? How about you try this first: Go to Facebook and do a search for the prospective or current employee. Can you find their Facebook Page? If not, it’s not a problem. Neither can anyone else. If you can, what do you see? If you see anything troubling, then talk to the person about it, or make your hiring decision that way. Getting a password doesn’t give you any more real access to anything except private info.
     
    I also understand that we are in a very rough job market, but would you really want to work for such a company? To me, that indicates a real internal culture problem. If they are willing to go that far in this case, I’m sure there are other issues with which you’ll be confronted down the line. 

  7. ginidietrich says:

    @kellee725 It makes me crazy!

  8. JeffRice63 says:

    @ginidietrich Issue goes back 2 quality of employee n product protection than employer. I think it’s funny when technophobics can’t play!

  9. JeffRice63 says:

    @ginidietrich I think it’s rite that technoholics can’t play at work! Facebook stance seems user count oriented than anything else.

    • ginidietrich says:

      @jeffrice63 Totally disagree. We use it for business…which also means some of my team will use it personally. But they get their work done

      • JeffRice63 says:

        @ginidietrich Bemused by tweet! I should also thank u 4 answering mine! Plan worked! I do think technoholics should sweat!

  10. Roslynalwarups says:

    @bdorman264 Get for yourself an walmart voucher. All you need to do is answer walmart’s question! Check my profile page!

  11. Noemilg6zjjb says:

    @bdorman264 Get yourself a walmart voucher. All you need to do is respond walmart’s question! Look at my profile page!

  12. davidledgerwood says:

    @ginidietrich that is such a shady idea. Duh.

  13. Codyqncwkg says:

    @bdorman264 Get yourself a walmart voucher. All you need to do is answer walmart’s question! Look at my profile url!

  14. Tedceasver9 says:

    @bdorman264 Get yourself a walmart gift card. All you have to do is answer walmart’s question! See my profile page!

  15. knoxsafety says:

    @susanavello @ginidietrich I’m suprised it took them this long after the whole google nightmare last year

  16. JGamblin says:

    @ginidietrich Read your Facebook story and agree with you. Blocking SM is a technological solution to a management issue.

    • ginidietrich says:

      @jgamblin It makes me a little nuts. People can smoke, but can’t check Facebook quickly?

      • JGamblin says:

        @ginidietrich It comes down to employee management. The same people who abuse SM at work are the same who will abuse smoke breaks.

      • JGamblin says:

        @ginidietrich its easier for management to have IT say we need to block SM for security than you know, to manage their employees.

  17. Javierutkfpcuv says:

    @feliciahudson Get for yourself a walmart coupon. All you need to do is answer walmart’s question! Look at my profile website!

  18. jennimacdonald says:

     @ginidietrich  I can’t even comment because I am blown away that this is even an issue. How do they think that they have the right to do that???

    • ginidietrich says:

       @jennimacdonald I don’t know the answer. I guess they feel like, if you’re going to use my computer, you can give me your PW?

  19. ginidietrich says:

    @thepaulsutton Seriously.

  20. PattiRoseKnight says:

    I’ll respond to the first paragraph….because you are not like any of them.  This doesn’t surprise me that other employers do that and because of that you are stuck with me 🙂

  21. Agog.
     
    With one caveat…as a parent fearful of cyber-bullying when my 10yo reaches Facebook age, should schools require passwords of student suspects/allegeds executing serious cyber bullying? (We’ve all heard of children committing suicide due to such serious attacks.)
     
    I’ve read this to be true although can’t recall in which school district. I’m going to stick my neck out, against my better judgment in re privacy and rights to privacy and personal intellectual freedoms, and free speech to suggest that “where crimes are being perpetrated online with minors” there needs to be some policing of content.  Call it my fearful-mom syndrome.
     
    As per the above; absolutely NOT — when did big corporation become big brother spy?

    • ginidietrich says:

       @Soulati | B2B Social Media Marketing Every parent I know who have kids on Facebook, they’re on there with one condition: The parents have the password. That’s totally different than requiring it of your employees.

      • sydcon_mktg says:

         @ginidietrich  @Soulati | B2B Social Media Marketing Thats our rule.  We have the password & she knows full well I check it out daily! I think there is a huge difference between parents/guardians & schools/employers.
         
        I think as parents it is our responsibility if we allow our children on social networks to monitor their activity & behavior.  As an employer, it is not for me to monitor my employees personal life.  I would have a issue with my 13 year olds school having access to her passwords or accounts.  That is my job. The policing should be the parents job.  If bullying is occurring inside the school then the school needs to address it & bring in parents. You cant expect that the school is responsible for or should be monitoring what is happening outside of school time.

    • wabbitoid says:

       @Soulati | B2B Social Media Marketing This is a grey area, since schools serve <i>in loco parentis</i> (in place of the parents) in a legal sense – they are responsible for the children and their well being when in school.  It would be wrong to go that far in the schools, however, for practical reasons of trust.  But I think that they could do that if there was a procedure in place that included the parents involved and other safeguards.  It would be best to not have to go that far, of course, but I think it’s both legal and covered by social precedent.

  22. You know how there’s the separation of Church and State? There should be a separation of business and personal! Back in the day, there was, but now I play my cards as if nothing was private. Two examples would be your post yesterday… I didn’t comment for the odd chance big brother is watching as I’m not allowed to opine about anything related to financial services. The other is felt VERY compelled to write a post on race relations yesterday in light of the fiasco w/ Detroit facing an emergency manager and a religious leader saying they won’t bow to white supremacy and they’ll burn the city down before that happens. I might have been able to make a difference, but in the end, didn’t think it was worth getting a pink slip if big brother didn’t like it.

  23. rachaelseda says:

    “We can allow smoke breaks, but not social media breaks.” – Love this! It really is sad when you think about it.
     
    I wouldn’t give the confidential passwords of my employee email or passwords to my employers accounts that I know to anyone, so why should they expect me to breach my own confidentiality?
     

    • ginidietrich says:

       @rachaelseda THAT is a very good point! I wish I’d had that point in my blog post. 

    • sydcon_mktg says:

       @rachaelseda Great reasoning, Rachel! In the day of Confidentiality agreements & NDA’s how can companies expect us to hand over passwords & access to things that have no bearing on their company anyway?  But yet, expect us to keep their things confidential. 

  24. wabbitoid says:

    I doubt that this practice is legal and would love to see someone get their butts royally sued.  There has to be a good lawyer out there who wants to make a name for his/her self.  Hell, there has to be a bad lawyer who looks good on teevee who can take this on.

    • ginidietrich says:

       @wabbitoid I think that’s what is happening with the company in MD. They’re getting themselves sued in a big way. It’s not legal.

  25. Lisa Gerber says:

    It’s the epitome of insecure leadership! These same leaders – let’s call them managers, because they aren’t truly leaders, also fear hiring people smarter than they are in specific areas. (This actually references what @kamichat wrote about yesterday – if you aren’t a data geek, for example, hire one!). 
     
    The comment about smoke breaks really got me fired up. So true!!! 

  26. BethMosher says:

    I’d never give my FB password out and I’d cite too if asked in an interview the excellent point made earlier – “if I give you my FB password on a whim, how can I be trusted with your network login and password.”  But, this does bring up (again) the importance of watching how you conduct yourself on social networks and the rule I live by: I’m not on FB with anyone with whom I have a working relationship. It’s too easy to muddy the waters. 

  27. Corey Smith says:

    Companies that require your Facebook password are not violating civil liberties and not breaking laws but I agree that it’s stupid. If someone wants to work for an organization, they have to play by that company’s rules. If they don’t want to give up their passwords (and they shouldn’t) then they should go work somewhere else. If you are stupid enough to work for a company that expects you to give up passwords to your online accounts, then you get what you deserve.
     
    Let’s understand that social media is not a legally protected activity. You don’t have to participate. You can choose to not have an account and not utilize the services. If I was asked to give this up I would simply say, “No.” If they say my job depended on it, I would say, “I understand… the answer is still no.” If they actually fired me, I would tell everyone how stupid the company is.

    • ginidietrich says:

       @Corey Smith And, based on what the news is saying, you might actually have a case if they fired you (or didn’t hire you) for it. The Civil Liberties Union is all over it. It’ll be interesting to see what happens.

      • Corey Smith says:

         @ginidietrich Recently, I was a teacher at a local college. I won’t name their name but their initials are http://www.stevenshenager.edu/.
         
        They sent an email stating that the college needed to have all Facebook passwords. Moreover, they said that the Facebook accounts were the property of the college (again, I won’t say who they are).
         
        I chose to ignore it but figured if they asked again, I would be public in my scoffing of them.
         
        I don’t teach there anymore and it’s the attitude that causes them to ask for this information that prevents me from wanting to not because I felt my civil liberties were violated. It’s because they are idiots.
         
        I’ve been blessed that I don’t face much discrimination and I offer my employees the same privileges that I’ve enjoyed. People who are facing these problems should find companies like mine to work for and stop working for idiots.

    • jeremypratte says:

       @Corey Smith I mostly agree. But, if you’re talking about being FIRED (not before you’re hired) beware of a slippery slope. If asking for you Facebook password isn’t violating civil liberties, is asking for a key to your house violating that? Technically, you don’t have to own a house, either. 

      • Corey Smith says:

         @jeremypratte Access to my home is a very different thing that having access to my Facebook page. With that said, I tend to feel this way mostly because I have the naturally assumption that if something is on my Facebook page it’s public information regardless of my privacy settings because Facebook’s terms of service make the content technically their content and not yours.
         
        My home is my home because of current property right laws. I pay for my home not the employer. Even a renter has certain limitations to how much privacy they get in a rented property.

    • IamDez says:

       @Corey Smith I disagree. There are certain questions that interviewers cannot ask during an interview. Here’s a quick list (that I got form the link below the list:
      Race
      Color
      Sex
      Religion
      National origin
      Birthplace
      Age
      Disability
      Marital/family status
       
      Source: http://jobsearch.about.com/od/interviewsnetworking/a/illegalinterv.htm
       
      Some of those pieces of information CAN be obtained after hiring or be a pre-requisite to officially hiring (like age and current citizenship status). 
       
      I found a Michigan Tech pdf that has a nice list of Legal/Illegal questions for during interviews as well:
      http://www.admin.mtu.edu/hro/forms/whatyoucanandcantasklongversionmay05.pdf
       
      MOST of this information can be gleaned from your Facebook account.

      • Corey Smith says:

         @IamDez Whether these questions are legal or illegal is sort of a slippery slope. The reality is that in most states, the questions are not illegal but only in states where they have interpreted anti-discrimination laws as such.
         
        What is illegal is the discrimination based on the answers to those questions. If you ask those questions then discriminate based on that then you are in trouble. If you ask the question then hire them anyway, then the likelihood of anyone caring is pretty low.
         
        Let me be clear…I think it’s a stupid practice regardless and I think that anyone who is asked this question should get up and walk out the door and not work for that company.
         
        By the way. I don’t look at about.com as an official answer source. I found another about.com source that said what I think. However, I asked my HR department so, if I’m wrong then I’ll just shift the blame on them and come out smelling like roses 🙂
         
        Having access to a Facebook password doesn’t necessarily give you access to that information and not having access to the password doesn’t necessarily protect that information. But, if you get the password then not hire them, it might be pretty easy for the applicant to justify that there was discrimination.
         
        It’s a pretty stupid practice regardless.

  28. lgdrew says:

    Rob MacLeod’s interview story in the Calgary Herald was shocking. Digital strip search anyone?

  29. rustyspeidel says:

    TheLadders.com, that big high-profile job search site, recommends that you flat out refuse. I did a blog post on this last week (http://www.marijeanjaggers.com/2012/03/15/pry-facebook-password-cold-dead-hands/) in which I said the same thing. I don’t usually like to cross link like this, but it’s relevant and means I don’t have to reiterate everything in the comments. 

  30. rustyspeidel says:

    Maybe it’s a test. If you hand over the password you don’t get the job. Yeah, that’s it! 

  31. TheJackB says:

    I am sort of curious to see how this plays out. I am really curious what sort of policy Facebook has on social media and how it is implemented.

  32. Selenaig9ujy8g says:

    @shonali Get yourself a walmart coupon. Everything you have to do is answer walmart’s question! See my profile link!

  33. JeffRice63 says:

    @ginidietrich Working 4 $30.00+ min. (much more 4 skilled trades) (GM) would perhaps Change mind.

  34. Ike says:

    I have no problem with the practice.
     
    A proper interview allows for the prospective hire to learn about his potential boss and corporate culture.
     
    The correct response for the job-seeker is to ask those doing the interviewing to hand over their own passwords, as well as any of their supervisors, and the passwords of those in Human Resources.
     
    Trust is a two-way street.

  35. 3HatsComm says:

    I think @PattiRoseKnight is right – this is such bone-headed business mismanagement, it’s foreign to you Gini; as were my NON-smoking breaks to many managers back in the day. But this is the thinking of too many businesses out there.
     
    Valid security risks aside, they think people will goof off all day and not get work done (which is why you fire them) or WORSE, they’ll play on FB and still do a good job, get results and somehow it just doesn’t compute and middle managers heads explode. They think people will spend their time badmouthing their company and looking for other work, when ok – if it’s a crap place to work, maybe. 
     
    Had a discussion the other day about the ‘new’ PR resume – and how it’s the ‘Google test’ we should pass. Nice idea but too ‘pie in the sky’ when the reality is, most companies keyword search and it’s HR hiring by shopping list. Sure it’s not the kind of place we want to work ala @Ike comment (heh) – but can beggers really be choosers? If you’re looking for work and the only ones hiring are the ones banning social media, demanding drug screens (w/out cause) and for you to open the door to your social house (h/t @jeremypratte ). 
     
    I can’t stand this. I’d find someway to call those on their b.s. and yes, seek employment elsewhere. I’m cheering for the ACLU on this one and sadly think this will be but one of many ‘privacy’ issues of the digital age. FWIW.

  36. ginidietrich says:

    @Clarity4theBoss isn’t it??

  37. Andrea Hypno says:

    The more we go on the more it seems we are falling back to the Dark Age, with a bit more technology though. Or the KGB and Stasi teachings have spread almost everywhere. 1984 should become mandatory studying as soon as possible. At least everyone will know where we’re going to. Imho. 🙂

  38. yasinakgun says:

    @ginidietrich great post Gini! Retweeted!

  39. GnosisArts says:

    @ginidietrich @lisagerber Good grief you two ladies are some blogging fools!!!

  40. GnosisArts says:

    @ginidietrich @lisagerber Everytime I log into Twitter one of y’all got another blog post poppin’ up, lol!!

  41. msesthy says:

    @ginidietrich great post. at a convention last year the speaker told salon owners to fire any employee that didn’t friend them on FB.

  42. ginidietrich says:

    @cmcpointsofview Morning!

  43. bluediamond108 says:

    @corey_smith iam also against it.we live in a time,when children or spouses dont share their passwords with near and dear ones.EMPLOYERS ASK

  44. kamichat says:

    I would never hand over my passwords to anyone. However shelisrael wrote an article in Forbes that says the problem might not be as widespread as reported: http://www.forbes.com/sites/shelisrael/2012/03/25/the-great-facebook-employee-password-nonissue/

    • jenzings says:

       @kamichat I’m not sure it matters how widespread it is right now. The concern, of course, is if it will spread. I think that if the attention causes even one employer who was considering doing this to chuck it, that’s a good thing.
       
      Also, while the example Shel uses in the article is from 2010, I’m pretty sure that there have been other reports of people being asked in job interviews for their passwords.
       
      I would never hand over my passwords either. If asked, I’d point out to the potential employer that they were asking me to violate the terms of service I agreed with to another company, which I won’t do.

  45. CaptainLauren says:

    RT @vargasl Facebook Speaks Out Against Employers Asking for Passwords | Spin Sucks http://t.co/3IBFfPI4 #in

  46. HowieSPM says:

    This is nuts. A company just has to have employees sign a work rules document that allows them to fire employees when using company property improperly or if they are caught spending time ate work not working. For the most part we have employment at will anyway.
     
    If you use your work computer and spend hours on facebook the company will see that anyway with or without your password.`
     
    That said facebook IPO is in may,. Time spent per user is down from a high of 55 mins in early 2010 to just over 19 minutes today. And this threatens their page view grow since part of their time spent and page views happen during people’s work hours! So this is not some altruistic stance and more a selfish one.

  47. HowieSPM says:

     @ginidietrich based on that rogue @mitchjoel and his definition of a community I guess you have one. Of course if denperezfilms had his way your topics would only be about Hootie and the Blowfish and the Spin Doctors his favorite bands.

  48. […] Facebook Speaks Out Against Employers Asking for Passwords from SpinSucks   « Facebook rolls out timelines for pages |   […]

Leave a Reply

Your email address will not be published. Required fields are marked *

  
Please enter an e-mail address

[postmatic_subscribe_widget]