Facebook Warns Employers Asking Job Applicants for Social Media Passwords May Expose Businesses to Legal Liability

Responding to an increase in reports of employers seeking to gain “inappropriate access” to social network profiles of job applicants, online social media giant Facebook issued a warning to employers in a recent blog posted on the company website – ‘Protecting Your Passwords and Your Privacy’ – that the practice of asking job applicants for their social media passwords “undermines the privacy expectations and the security of both the user and the user’s friends” and could potentially expose businesses to “unanticipated legal liability.” The blog is available at: http://www.facebook.com/notes/facebook-and-privacy/protecting-your-passwords-and-your-privacy/326598317390057. In a blog dated March 23, 2012, Erin Egan, Facebook’s Chief Privacy Officer, responded to recent news reports of employers “seeking to gain inappropriate access” to the social media profiles of job applicants and employees. She also said that Facebook would “take action to protect the privacy and security” of users and consider “initiating legal action” where appropriate. The entire blog is below: ‘Protecting Your Passwords and Your Privacy’ In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability. The most alarming of these practices is the reported incidences of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information. As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password. We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person. Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do–the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime). Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges. While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right. — Erin Egan, Chief Privacy Officer, Policy The warning from Facebook comes at a time when so-called “social media background checks” of job applicants are becoming more prevalent and more controversial. One example of the controversy raised by social media background checks occurred in 2009 in Bozeman, Montana. The city made national headlines when local media reported that the city government’s background check had requested that job candidates provide their usernames and passwords for social networking sites for a few years. The background check form stated: “Please list any and all current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.” Although the city said the information was not actually sought until a conditional job offer, overwhelmingly negative reactions to the city’s policy raised privacy and free speech concerns for job applicants. A poll indicated 98 percent of respondents believed the city’s policy had amounted to an invasion of privacy. Bozeman later dropped the requirement until it conducted a more comprehensive evaluation of the practice. More news stories have appeared recently concerning social media background checks where prospective businesses, government agencies, and colleges are increasingly curious about the online life of potential workers and students. While some employers review publically social networking web sites such as Facebook and Twitter to learn about job candidates, many users have their social media profiles set to ‘private’ which makes them available only to selected people and more difficult for employers to view. However, any difficulty in gaining access does not stop many employers from conducting social media background checks. A commissioned research study released in January 2010 by Microsoft that examined how Human Resources professionals used publicly available personal information found online when screening job candidates revealed:

• 79 percent of HR professionals surveyed in the United States reported reviewing information found on the Internet when examining job candidates.
• 84 percent of HR professionals surveyed in the United States categorized online reputation information as one of the top two factors they considered when reviewing a comprehensive set of candidate information.
• 70 percent of HR professionals surveyed in the United States had rejected a candidate based on online information, with the top factor for rejection being unsuitable photos and videos online.

In addition, a February 2012 study in the Journal of Applied Social Psychology – ‘Social Networking Websites, Personality Ratings, and the Organizational Context: More Than Meets the Eye?’ – claims that a quick review of social networking website profile pages of job applicants on sites such as Facebook can be a better predictor of job success than standardized tests currently used by many human resources departments. The authors of the study examined the properties of the ‘Big Five’ personality traits assessed through social networking profiles in two studies of social networking website users:

• Extraversion.
• Agreeableness.
• Conscientiousness.
• Emotional stability.
• Openness.

The study involved trained raters who spent five to ten minutes evaluating 274 Facebook pages of job candidates and answering questions related to personality. The researchers followed up six months later for performance reviews from the supervisors of 69 of the job candidates – approximately 25 percent of the original group – and found that the quick Facebook evaluations more accurately predicted success than standard tests. However, despite the lure of social media background checks – as well as the obvious need for safe workplaces – businesses should approach the social media background checks with extreme caution, according to Attorney Les Rosen, founder and CEO of San Francisco-area background check firm Employment Screening Resources (ESR). “Employers have discovered a treasure trove of information about job applicants on social media sites such as Facebook and Twitter with social media background checks,” says Rosen, author of ‘The Safe Hiring Manual,’ a comprehensive guide to background checks. “However, the use of the Internet for screening job applicants can land employers in legal trouble since information found online is not always risk free or even true.” Rosen says employers in the digital age are in a “Catch 22” situation when it comes to social media screening. “Failure to utilize social media resources can arguably be the basis of a negligent hiring claim if an unfit person was hired for a position where a search of the internet may have raised a red flag. Conversely, employers face numerous pitfalls that can include that include privacy, discrimination, and accuracy issues.” To help employers understand the legal dangers of social media background checks, ESR offers white paper written by Attorney Rosen, ‘Managing the Risks of Using the Internet for Employment Screening Background Checks,’ which was updated in March 2012. In the white paper, Rosen warns employers could encounter legal landmines while using social media background checks that include:

• Too Much Information (TMI): Discrimination Allegations: When using the Internet for screening, employers and recruiters may become aware that job candidate is a member of a protected group based on race, creed, color, ancestry, nationality, medical condition, disability (including AIDS), marital status, sex (including pregnancy), sexual preference, or age (40+), which can lead to allegations of discrimination if the candidate does not get the job. All hiring decisions need to be based upon non-discriminatory information that is a valid predictor for job performance.
• Too Little Information (TLI): Failure to utilize all available resources could potentially expose employers to lawsuits for negligent hiring if a victim could show that information was easily accessible online that could have prevented a hiring a person that was dishonest, unfit, dangerous, and unqualified, and it was foreseeable that some harm could occur. Employers failing to use social media web sites can potentially be sued for not exercising due diligence. Employers may be in a Catch-22 situation where they are in trouble if they use Internet background checks and are in trouble if they do not use Internet background checks.
• Credibility, Accuracy, and Authenticity Issues: Is the information found on the Internet about job applicants even credible, accurate, and authentic – in other words, true.  How do employers and recruiters know if information found online about an applicant is true?
• Computer Twins & Cyber-slamming: Most people have “computer twins” online, people with the same names and even a similar date of birth. Employers and recruiters need to make sure what they see online actually refers to the applicant in question. Also, “online identity theft,” false postings under another person’s name, and “Cyber-slamming,” online smearing with derogatory comments that is usually done anonymously, can be a problem.
• Privacy Issues: Another problem with Internet background checks yet to be fully explored by the courts is privacy. Everything online is not necessarily “fair game” for employers and recruiters. However, if users do not adjust the privacy setting so that their social network site is easily available from an Internet search, they may have a more difficult time arguing that there is a reasonable expectation of privacy. The bottom line is that the question of whether an applicant has a reasonable expectation of privacy can depend upon the specific facts of the case being litigated, and the issue is far from settled. Until the courts sort this out one thing does seem certain: If an employer uses subterfuge, such as creating a fake online identity to penetrate a social network site, the privacy line has probably been crossed.
• Requiring Applicants to Provide Facebook or Other Social Media Passwords: Unless an applicant is applying for a position that requires a security clearance or involves public safety, employers need to be very careful in asking applicants for their Facebook or other social media password. It is difficult to see how turning over such information is voluntary in the context of a job interview, where the choice is to hand it over or not get the job. If a lawsuit is filed, an applicant can alleged an invasion of privacy, by intrusion into private and personal information where an applicant would show they had a reasonable expectation of privacy. The employer would then have the burden to demonstrate both that such a request was justified, and that a less intrusive means to make the employment decision was not available. That could be a difficult standard for an employer to meet given all of the hiring tools at an employer’s disposal.
• Legal Off-Duty Conduct: If a social media search reveals legal off duty conduct, a candidate can claim they were the victims of illegal discrimination. A number of states protect workers engaged in legal off-duty conduct and have prohibitions limiting use of private behavior for employment decisions. However, employers do have broader discretion if such behavior would damage a company, hurt business interests, or be inconsistent with business needs.
• What is “Fair Game” on the Internet?: Employers should not simply assume that anything on the web is “fair game” and freely available without consequence. One area where an employer would be flirting with particular trouble is if information from Facebook or MySpace is obtained by manipulating the sites. This could be done by creating multiple identities or by using “pretexting,” which can include pretending to be someone else or something you are not.

“Because online privacy is an evolving area of law, employers need to tread carefully in the area of social media background checks since they may open themselves up to discrimination claims if the social network site reveals an applicant’s membership in a protected group such as race, nationality, religious afflation, marital status, and medical condition,” warns Rosen. “Employers should also formulate clear policies and procedures to ensure they are looking for factors that are valid predictors of job performance.” The complimentary white paper ‘Managing the Risks of Using the Internet for Employment Screening Background Checks’ from Employment Screening Resources (ESR) is available at https://www.esrcheck.com/Download/. For more information about background checks, visit Employment Screening Resources (ESR) – ‘The Background Check Authority’ and a nationwide background screening firm accredited by The National Association of Professional Background Screeners (NAPBS®) – at https://www.esrcheck.com or call 415.898.0044 or Toll Free 888.999.0044. Related Articles: Senators ask feds to probe requests for Facebook passwords. Bill to Stop Employers from Demanding Social Media Usernames and Passwords. Sources: http://www.facebook.com/ http://www.facebook.com/notes/facebook-and-privacy/protecting-your-passwords-and-your-privacy/326598317390057 http://www.facebook.com/legal/terms http://www.microsoft.com/privacy/dpd/default.aspx http://onlinelibrary.wiley.com/doi/10.1111/j.1559-1816.2011.00881.x/full About Employment Screening Resources (ESR): Employment Screening Resources (ESR) – ‘The Background Check Authority^SM’ – provides accurate and actionable information, empowering employers to make informed safe hiring decisions for the benefit for our clients, their employees, and the public. ESR literally wrote the book on background screening with “The Safe Hiring Manual” by Founder and CEO Lester Rosen. ESR is accredited by The National Association of Professional Background Screeners (NAPBS), a distinction held by less than two percent of all screening firms. By choosing an accredited screening firm like ESR, employers know they have selected an agency that meets the highest industry standards. For more information about Employment Screening Resources (ESR), visit https://www.esrcheck.com/ or call 415.898.0044 or 888.999.4474. About ESR News: The Employment Screening Resources (ESR) News blog – ESR News – provides employment screening information for employers, recruiters, and jobseekers on a variety of topics including credit reports, criminal records, data privacy, discrimination, E-Verify, jobs reports, legal updates, negligent hiring, workplace violence, and use of search engines and social network sites for background checks. For more information about ESR News or to send comments or questions, please email ESR News Editor Thomas Ahearn at [email protected].]]>