In the past few months we've seen an uptick in the number of employers asking job seekers for their Facebook passwords as part of the vetting process. Apparently it's not enough to see any information the job seeker may have on their public profile. Now employers want to take a look behind the scenes.
Facebook has weighed in on the practice indictating that it's a violation of their Terms of Service and that they will do what is necessary to protect people from this privacy intrusion. From their Facebook and Privacy Page:
In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.
We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.
Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).
Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.
While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right.
When working with employers, it would be a good idea to advise them of the ramifications of asking for this kind of information. We also need to advise job seeker customers on how to handle employers who may ask for their password.