Why Asking For Facebook Passwords Is Bad Policy and May Be Illegal

Written by Robert G. Brody and Rebecca Goldberg on April 16, 2012

With unemployment rates still over eight percent nationally, employers know they have the upper hand in the hiring process.  But asking for Facebook passwords is a bad practice and may be illegal.  Maryland’s legislature just passed a law – still awaiting the governor’s signature – prohibiting employers from asking applicants or employees for their usernames or passwords to personal accounts.  The law also prohibits employers from retaliating or threatening to retaliate against applicants or employees who do not comply with such requests.

Other states and the federal government are considering similar legislation.  But even if your state does not enact similar legislation, asking for social media passwords is a bad idea.  First, such a request may offend your top prospect, and despite the buyer’s market, top talent is still hard to find.  Second, you may be exposing yourself to legal liability in the form of “TMPI” – too much protected information.  Many facts that are exposed on Facebook – someone’s religion, sexual orientation, charities of choice – should be irrelevant to employers but can be fuel to feed a discrimination lawsuit. 

Before making any employment decision, including asking for access to social media, employers need to ask two critical questions: (1) Can you? and (2) Should you?  In this case, the answer to the first question is yes, in most circumstances.   It is the second question– should you – that is the tough one.

First, it is true the employer may see “unprofessional” conduct that gives you pause before hiring the candidate, be it pink hair, foul language, racist leanings, displeasure with a current employer, and more.   If it were just a balance between the risk of uncovering TMPI – too much protected information –and getting insights you might otherwise miss, you might quickly say yes.  But what about offending that top candidate?  Worse yet, what if you are the test case that gets national attention for being “Big Brother” and experience a public backlash?  And the desperate applicant who reluctantly provides her password now may harbor resentment about the intrusion on her privacy and quit as soon as the economy recovers and she has another offer.

Second, while making this demand is not illegal, there are possible legal ramifications from your choice.  If an applicant’s membership in a protected class is apparent from his Facebook profile, you may be faced with a lawsuit if you don’t hire him, even if you had a legitimate reason for choosing someone else.  Religion, sexual orientation, disabilities, family responsibilities, past criminal convictions, cigarette and alcohol usage, and other statuses are protected by a number of states and in some cases, federal law.  Therefore, if you uncover this information with a Facebook password, you are putting yourself at risk.  Because you can’t “un-learn” this information, you should try to avoid learning about it in the first place, at least until an offer is made.  Knowing any of this before extending an offer may be TMPI.

Another emerging legal ramification arises if your policy intimidates current or future employees from using social media to communicate with co-workers about work conditions.  The mere presence of a policy that could reasonably discourage such activity is likely a violation of the National Labor Relations Act.  And employees who believe management is overreaching are more likely to unionize than those who believe their employer respects personal and professional boundaries.

Finally, laws governing computer and Internet use could also present problems.  Senators Chuck Schumer (D-NY) and Richard Blumenthal (D-CT) asked the Equal Employment Opportunity Commission and the Department of Justice to investigate whether this practice violates the Computer Fraud and Abuse Act or the Stored Communications Act by relying on coerced authorization to access electronic information.  Blumenthal is drafting legislation that would specifically ban employers from asking for Facebook passwords.

The takeaway in this case is simple.  Asking for passwords to personal accounts is just a bad idea. 

Brody and Associates regularly advises its clients on all labor management issues and provides various training programs.  If we can be of assistance in this area, please contact us at info@brodyandassociates.com or 203.965.0560.

About the Authors

Robert G. Brody is the founding member of Brody and Associates, LLC. He has been quoted and published in national publications and appears as a guest T.V. commentator on contemporary Labor and Employment issues. Learn More