A story has been making the rounds about how some employers are asking applicants for Facebook and other social media login information. Specifically their password so that an entire profile/account/page can be checked. Judging by the same story being repeated in several publications, this feels like a mountain being made out of a molehill. But there’s been enough outrage and public posts on the topic that I thought I’d throw in a couple pennies on one side of the story. This post is not about whether such a practice is an invasion of privacy. This post is not about whether the job applicant has a legal action or if it violates the platform’s terms of service.
This post is saying that any employer doing this, at least in the United States, isn’t very smart.
But there are other factors that will weigh on a hiring decision that may not be based on the questions asked at an interview. If someone is applying for a sales job that will cater to government agencies at a very conservative company and the applicant shows up at the interview with facial tattoos, multiple nose piercings, a purple mohawk, and a shirt that reads “F*** THE MAN!” except without the asterisks, that might have some bearing on their suitability for the job. Those aren’t protected classes and would likely impact their ability to perform the position so it’s an issue.For the other classes, smart employers train their hiring staff to not ask the questions. Don’t ask “Are you pregnant?” Don’t ask “Any disabilities I should know about?” Don’t ask “You love Jesus, right?” Don’t ask “Any diseases you’re genetically predisposed to?”
What has become more of an issue is information about a candidate available to the public via social media. That is a tricky area. There have been some companies who specifically perform social media background checks in order to provide employers with relevant information about the candidate without revealing information about protected classes. For example, if the candidate is being initially screened then photos of the person will have identifiable sections blocked–even things like hands and faces that could identify a candidate’s race. In fact, these social media background checks typically look for a very narrow number of topics: drug use, violence, etc. (Gizmodo had a great post on the topic back in July: I Flunked My Social Media Background Check).
Because once you start looking at a candidate’s Facebook/Twitter account, even though they have made that information public (imagine you aren’t friends with them) they may be giving you information that they are in a protected class. And now you have greatly increased your risk of being accused of an illegal hiring decision if they don’t get the job. There are many other factors for the lawsuit itself, but avoiding it in the first place is exactly why there are rigorous hiring processes for sophisticated companies these days.
Granted, when hiring someone you’re always at risk of finding out information that puts the candidate in a protected class. If a candidate shows up 8 months pregnant, it’s hard to avoid finding out they’re pregnant. Or if they blurt out “I just took a pregnancy test this morning and it was positive!” you may respond “Oh, I was just asking if you were having a good day.” but the information has been transferred. There are ways of dealing with that.
But once you start down the path of searching their public information you are putting yourself at risk. It can be managed, of course, but it’s even riskier to ask for the passwords of the candidate. Because at that point you are not even limiting yourself to the information the candidate has shared (which could be relevant if, say, the position was in social media and you were questioning their personal practices independent of protected class information). You are asking for all information they have.
So when they posted they were thinking about getting pregnant next year, now the employer with the password knows. When they posted how their mother and grandmother have breast cancer, now the employer knows. When they posted about celebrating Chanukah this year, now the employer knows.
As I’ve said in other posts, risk is a spectrum and social media is no different. But there are certain activities which will only increase your risk for very little reward. Asking for a social media password is one such activity. What could you find out from their private pages that you couldn’t find another way (like a background check) that doesn’t dramatically increase your risk of a lawsuit? Even the act of asking for the password creates more risk than just browsing their public information–if someone browses public information about someone they’ll likely scan a page or two and move on. Asking for a password is effectively saying you want and will review the entire account. Why else would you ask for it?
Different companies have different comfort levels with risk. But any smart company is going to put asking for passwords over the line.