Over the last year there have been a number of reports of employers asking their employees to disclose social media passwords as part of ongoing monitoring of acceptable usage or inappropriate behavior. Other reports have surfaced regarding potential employers asking prospective employees to disclose passwords as part of the interview and qualification processes. In both cases the requests have been meet with a variety of responses, from disbelief and anger at the very nature of the request, to acceptance and even indignance that the requests would be questioned in today's fairly transparent and highly litigious workplace. This is a really bad idea that employers should stay far away from.
Some have likened the request to employers asking to be able to open your personal email - or your personal mail or to asking for a key to the front door of your house. No employee or candidate would submit to such a request - nor should they. Nor should employees have to lie about whether they maintain social media presences. At the same time, so much of what appears on social media streams isn't your content but your friends', your relatives', former employers', group members', etc. The fact that I have friends that curse fluently in 4 different languages has absolutely no bearing on my suitability for continued or future employment.
A comment to a recent blog post
made an interesting point: you shouldn't share your Facebook password with your employer if the employer isn't willing to let you share your network password.
It's also the case that it's generally against the terms of service of most of the major social media services. Facebook notes in its Terms
, for example, that "You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account." Violations of the Terms can result in Facebook terminating the account in question.
There are also significant logistical and security issues around how the organization would manage such a list of usernames and passwords - where would they be kept, who would have access to the list, what happens when users change their passwords, what happens when users leave the organization, and so forth.
What about the legal ramifications? Much of the information posted on social networks could run afoul of prohibitions against personal questions relating to marital status, sexual orientation, race/gender, and a host of other topics legally off-limits for hiring purposes. And in at least three states - Maryland, Delaware, and most recently Illinois, it is illegal for employers to ask for said passwords. From the law
passed just this week in Illinois,
"It shall be unlawful for any employer to request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee's or prospective employee's account or profile on a social networking website or to demand access in any manner to an employee's or prospective employee's account or profile on a social networking website." It may also violate U.S. federal law under the 1984 Computer Fraud and Abuse Act among other statutes.
Finally, the biggest reason not to ask for employees' passwords is this: why would anyone want to work at an organization that is so mistrustful of its employees? Organizations already have acceptable usage policies where these types of communications relate to the organization and the person as employee (and if they don't they should). But organizations that pursue this are going to lose current employees and not hire new ones for about the most avoidable reason imaginable. Put an acceptable usage policy in place, train employees on expectations, and take corrective actions where warranted. But don't throw the baby out with the bathwater.
#web2.0 #privacy #InformationGovernance #compliance #twitter #password #employment #legal #facebook #socialmedia