All of a sudden, the prospect of employers demanding Facebook passwords as part of the hiring process has burst onto the scene. Cries of outrage have ensued - Facebook hinted at legal action, the ACLU is talking privacy-related lawsuits, state legislators (including one in Minnesota) are drafting bills in prohibiting the practice, and two U.S. Senators are calling for investigations by the Department of Justice and the Equal Employment Opportunity Commission.
Employers’ use of social networking sites (“SNS”) like Facebook or LinkedIn to screen applicants is nothing new. One 2011 Reppler study even found that 91% of employers were doing it and that 69% of those eliminated at least one candidate based on information uncovered.
Just what are the risks of using SNS’s in the pre-employment arena?
Risks of Reviewing SNS Information
In general, anti-discrimination laws prevent employers from asking applicants about their marital status, pregnancy, future child bearing plans, religion, disability and other questions related to characteristics or traits protected by these laws. Perusing an applicant’s Facebook page or Twitter site may allow the employer to obtain this prohibited information, and may give the rejected applicant reason to believe that it was this information that caused them to lose the job, not their lack of qualifications or poor interviewing skills.
Risks of Asking for Applicants’ Passwords
In particular, requesting an applicant’s SNS password may also violate the federal Stored Communication Act (“SCA”) or the Computer Fraud and Abuse Act (“CFAA”). The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, and the CFAA prohibits intentional access to a computer without authorization to obtain information.
Of course, neither of these statutes applies where the individual has consented to the access. Thus, the question becomes whether any such consent is truly voluntary or whether it was coerced by the threat of not getting the job if the consent is withheld.
In the case of Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. Sept. 25, 2009), for example, employees created an online chat group for venting frustrations about the employer and their managers. When the company learned of the site, one participating employee provided her log-in information under the belief that she was would have been penalized if she did not do so. This was enough for the jury to find that the access was not authorized and that it violated the SCA.
While Pietrylo involved a current employee, the analysis seems just as compelling in the pre-hire context. For this reason, until we have more certainty about the legalities of this practice, employers should be wary of requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites.
This does not mean that SNS’s are not valuable tools in an overall pre-employment procedure. It just means that employers should be cautious about whether they wish to enter this legal gray area by requiring access to what is otherwise considered a private domain.