Why Smart Employers Don’t Ask For Passwords, Among Other Things

A story has been making the rounds about how some employers are asking applicants for Facebook and other social media login information.  Specifically their password so that an entire profile/account/page can be checked.  Judging by the same story being repeated in several publications, this feels like a mountain being made out of a molehill.  But there’s been enough outrage and public posts on the topic that I thought I’d throw in a couple pennies on one side of the story.  This post is not about whether such a practice is an invasion of privacy.  This post is not about whether the job applicant has a legal action or if it violates the platform’s terms of service.

This post is saying that any employer doing this, at least in the United States, isn’t very smart.

"I can't ask her if she's pregnant. Maybe I'll just ask her when her next baby will be born! Bam! I'm super smart!"

But there are other factors that will weigh on a hiring decision that may not be based on the questions asked at an interview.  If someone is applying for a sales job that will cater to government agencies at a very conservative company and the applicant shows up at the interview with facial tattoos, multiple nose piercings, a purple mohawk, and a shirt that reads “F*** THE MAN!” except without the asterisks, that might have some bearing on their suitability for the job.  Those aren’t protected classes and would likely impact their ability to perform the position so it’s an issue.For the other classes, smart employers train their hiring staff to not ask the questions.  Don’t ask “Are you pregnant?”  Don’t ask “Any disabilities I should know about?”  Don’t ask “You love Jesus, right?”  Don’t ask “Any diseases you’re genetically predisposed to?”

What has become more of an issue is information about a candidate available to the public via social media.  That is a tricky area.  There have been some companies who specifically perform social media background checks in order to provide employers with relevant information about the candidate without revealing information about protected classes.  For example, if the candidate is being initially screened then photos of the person will have identifiable sections blocked–even things like hands and faces that could identify a candidate’s race.  In fact, these social media background checks typically look for a very narrow number of topics: drug use, violence, etc. (Gizmodo had a great post on the topic back in July: I Flunked My Social Media Background Check).

Because once you start looking at a candidate’s Facebook/Twitter account, even though they have made that information public (imagine you aren’t friends with them) they may be giving you information that they are in a protected class.  And now you have greatly increased your risk of being accused of an illegal hiring decision if they don’t get the job.  There are many other factors for the lawsuit itself, but avoiding it in the first place is exactly why there are rigorous hiring processes for sophisticated companies these days.

Granted, when hiring someone you’re always at risk of finding out information that puts the candidate in a protected class.  If a candidate shows up 8 months pregnant, it’s hard to avoid finding out they’re pregnant.  Or if they blurt out “I just took a pregnancy test this morning and it was positive!” you may respond “Oh, I was just asking if you were having a good day.” but the information has been transferred.  There are ways of dealing with that.

But once you start down the path of searching their public information you are putting yourself at risk.  It can be managed, of course, but it’s even riskier to ask for the passwords of the candidate.  Because at that point you are not even limiting yourself to the information the candidate has shared (which could be relevant if, say, the position was in social media and you were questioning their personal practices independent of protected class information).  You are asking for all information they have.

So when they posted they were thinking about getting pregnant next year, now the employer with the password knows.  When they posted how their mother and grandmother have breast cancer, now the employer knows.  When they posted about celebrating Chanukah this year, now the employer knows.

As I’ve said in other posts, risk is a spectrum and social media is no different.  But there are certain activities which will only increase your risk for very little reward.  Asking for a social media password is one such activity.  What could you find out from their private pages that you couldn’t find another way (like a background check) that doesn’t dramatically increase your risk of a lawsuit?  Even the act of asking for the password creates more risk than just browsing their public information–if someone browses public information about someone they’ll likely scan a page or two and move on.  Asking for a password is effectively saying you want and will review the entire account.  Why else would you ask for it?

Different companies have different comfort levels with risk.  But any smart company is going to put asking for passwords over the line.



Filed under Commercial Activity, Employment, Privacy, Social Tracking

7 responses to “Why Smart Employers Don’t Ask For Passwords, Among Other Things

  1. Adam B.

    Hey Ryan,

    Great post. It’s interesting to hear the legal side of that – especially around finding out protected class information on a search.

    I make the analogy that a person’s social media account is much like their living room – information there is pseudo-public and accessible to your friends and family, much like your living room. Things that are “out” in your living room can be seen by your friends, but probably not your employer (unless you clean up the place).

    No employer is going to ask to come over to your house for a “pre-employment house inspection.” But that is what employers are generally asking when they ask for your account passwords. They can “drive by” your home, just like they can visit your public personnas online. And doing either is completely ok. But coming in and looking around, that’s not appropriate for that vast majority of jobs that don’t require super-secret security clearance.

    Background checks, credit rating checks – I believe are totally fine and acceptable.

    Again, my personal opinion…

    • The living room is a great analogy. Social media background checks might be looking in the window but asking for a password is like asking for the keys to the front door and permission to go rummaging through the cabinets. Of every room. Unnecessary and unwise.

  2. Great post and analogy, any employer who feels the need to ask for social media passwords, needs to be passed over. That is not only unprofessional, but ticks the creep meter up.

  3. andrean1976

    Just think.. if they are asking the candidate for a password.. how much information are they trying to get from clients.. very creepy.

  4. Pingback: Quick Updates: The US Senate Does Not Want Your Facebook Password, Interwebz Eraser Button, and Why Anorexia Advocates Make Bad Plaintiffs | SoMeLaw Thoughts

  5. Pingback: Stumble Saturdays #1 | Cirquedumot

  6. Pingback: LPT » Blog Archive » Klout Matchups Add Human Element to Scores

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s