Employers, Schools, and Social Networking Privacy

The Problem

A growing number of employers and schools are demanding that job applicants, employees and students hand over the passwords to their private social networking accounts such as Facebook.

Robert Collins of Maryland, for example, was required to provide his Facebook login by his employer, the Maryland Division of Corrections. Justin Bassett of New York was asked for his Facebook password during a job interview. Police departments such as the Norman, Oklahoma Police Department ask applicants to turn over their Facebook passwords as part of background checks. Many students, such as this Minnesota girl, have been forced to provide access to their Facebook accounts. For several years, the city of Bozeman Montana instructed all job applicants to provide passwords for all social media accounts.

Such demands constitute a grievous invasion of privacy. Private activities that would never be intruded upon offline should not receive less privacy protection simply because they take place online. It is inconceivable that an employer or school official would be permitted to read an applicant’s or student’s diary or postal mail, listen in on the chatter at their private gatherings with friends, or look at their private videos and photo albums. Nor should they expect the right to do the electronic equivalent.

Employers have a legitimate interest in monitoring work to ensure efficiency and productivity. But electronic surveillance often goes well beyond legitimate management concerns and becomes a tool for spying on employees in furtherance of no legitimate business interest.

• Prospective employers have some interest in the backgrounds and public profiles of job candidates. But if employers want to know what prospective employees are saying or how they appear in public on Facebook or another medium, it is a simple matter for them (as members of the public) to see what the candidates have publicly said. They do not need to access private materials.
• Some online services such as blogs and Twitter are largely public; others such as e-mail are largely private. Other social media sites such as Facebook can lie anywhere along the spectrum, depending on how users adjust their privacy settings. One person might set up Facebook as the virtual equivalent of a public blog or web page, while another might use it as a private communications channel among a handful of close friends. This can lead to confusion over where the privacy boundaries lie.
• The privacy line should be clear: any communications not intended to be viewable by the public (including, at a minimum, any personal accounts or devices that are protected by passwords or other equivalent mechanism signaling an individual’s desire to keep the material out of public view) are out of bounds for employers or school officials. And, even when a Facebook page is open to all, sharing login information would permit the viewing of private e-mail messages that have been exchanged using the service.
• Once a person shares her Facebook or other similar passwords, she can be subject to screening not just at that time, but on an ongoing basis. Some companies even sell software that performs such continual screening automatically, alerting employers, coaches, or others to any behavior or speech they might find objectionable.
• When a person is forced to share the password to a private account, not only that person’s privacy has been violated, but also the privacy of her friends, family, clients, and anyone else with whom she may have communicated or shared files.
• Sharing a social network password may also expose a lot of information about a job applicant – such as age, religion, ethnicity, pregnancy – which an employer is forbidden to ask about. That can expose an applicant to unlawful discrimination. Learning such information may also expose an employer to lawsuits from rejected job candidates claiming such discrimination.

What You Can Do

Take action!

Anyone can help fix the gaps in our privacy laws by asking their member of Congress to support legislation on this issue. Some states are considering legislation to address this issue – you might check to see whether legislation has been proposed in your state and write to your state legislator to support it.

Students

If you are a public school student and a coach, principal or other school official asks you to turn over your password to Facebook or any other personal account or device, you should say that you wish to talk to a parent or a lawyer before answering any questions. Though you may be a student, you have privacy rights like any American, and school officials do not have the right to fish through your password-protected information. If you suffer adverse consequences, such as not being allowed to play on a sports team, you should contact a lawyer.

Note that you should not do or say things you want kept private on school equipment or accounts as school administrators likely have access to them.

For more on public school students’ privacy rights with regard to technology, see this guide produced by the ACLU of Washington or this guide from California (although parts are specific to state law, most of them are applicable across the nation).

If you are a private school student, it is likely that you have fewer rights, since a private school can choose to stop accepting your money and having you as a “customer.” The law needs to be changed to protect private school students.

Employees and applicants

If you are a job applicant and are asked to furnish your password, you may be in a difficult position. It is possible that some laws aimed at protecting employees from unnecessary employer monitoring, and protecting employees’ off-duty activities, might protect your rights. Generally, however, existing legal protections are very weak.

In the case of Facebook (and potentially some other services), you can tell a prospective employer that you are not permitted to share your password under the terms of service that you agreed to when you signed up for Facebook (you had to click your agreement that you would never share your login information with another party). Facebook itself has issued a statement pointing this out and condemning the practice of asking for passwords.

However, whether or not the employers appear to accept this, there is little to prevent them from declining to hire you because of your refusal. Protections against prospective employers’ refusing to hire on that basis are very weak or nonexistent, and even if there were an effective law on the books, it would be difficult to enforce. What is really needed is a law that prohibits employers from asking you to share such information in the first place, just as employers are barred by federal law from asking that you take a polygraph (lie detector) test. Some states (such as California, Maryland, Massachusetts, Michigan, Minnesota, New Jersey, and Illinois) are already considering legislation that would do just that. Maryland’s legislature and Illinois’ House passed bills in April 2012.

If your current employer requests that you turn over your password, you are in much the same position – there is little in the law protecting you from being punished or fired for refusing to allow access to private password-protected material. And again, even if there were, it would be difficult to enforce. We need a law protects current employees from such requests in the first place.

Individuals who are forced to share their passwords for a background check should change them immediately afterwards to prevent ongoing monitoring (though, some employers may not accept this).

Note that if you are accessing Facebook or any other private online accounts account using any computer (desktop, laptop, smartphone, etc.) owned by your employer, that employer may be monitoring your activities on that computer. That monitoring should not take place without notification to you, but if you were notified of the possibility of such monitoring when you were hired or at any other point, it may even be occurring at the level of your every keystroke, which could reveal your activities within private services such as Facebook.

What Legislation Needs To Do

Current laws are inadequate to protect individuals from these flagrant invasions of privacy. We need new state and federal legislation that expressly prohibits these violations. Comprehensive legislation should:

• Make it illegal for any government or private employer or any public or private school to require, request, suggest, or cause any student, employee or prospective employee to provide passwords to Facebook or any other password-protected accounts.
• Make it illegal for employers to require employees to permit access to private material through indirect routes such as requiring employees to add them to their private social networks (e.g., by “friending” them) as a condition of employment . The legislation should likewise make it illegal for schools to do the same as a condition for receiving educational benefits or privileges such as participating on a sports team.
• Make it illegal for employers to discharge, discipline, or otherwise penalize any employee who refuses to provide access to private materials, or to threaten to do so. It should also be illegal for prospective employees to refuse to hire anyone for that reason.