Facebook privacy among employees has been discussed for a long time, but a couple of recent events have brought the issue to the forefront of public discussion. At the beginning of the month Forbes reported on a lawsuit moving forward in Minnesota against a school district that requires Facebook passwords of students. Then, last Friday, Facebook issued a statement with commentary that it is changing its user agreement to make it a violation to share your password:
“In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.
The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords. If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends. We have worked really hard at Facebook to give you the tools to control who sees your information.
As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.
We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.
Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).
Facebook takes your privacy seriously. We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.
While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right.”
— Erin Egan, Chief Privacy Officer, Policy
So, what does this mean for Texas non-governmental employers? Realistically – nothing. An employee or prospective employee has a right to maintain their privacy, but you don’t have an obligation to employ people who insist upon this right.
If someone refuses to provide you with access to their Facebook account, you can refuse to hire them or fire them. Yes, even if it would make them violate Facebook’s policies. What then, you say, about the threat Facebook might sue? It is the prospective employee who would be in violation of the policy, not the employer. Facebook could theoretically sue employers for tortious interference, but they really don’t have any damages to support a claim. (NOTE: I am not offering any commentary about whether it is morally or societally appropriate to put someone in that position. I could write a a whole article on that subject . . .)
That said, there are some things to consider. With prospective employees, your request may provide information that you don’t want to see. As my partner Travis Crabtree observed on his blog eMedia Law Insider, looking at a Facebook account has the potential to give employers information they really don’t want to know about a prospective employee. If potential employee Suzy Smith posted that she ran last weekend in her Baptist church 1/2 marathon, you now know her religion. Ooops. You didn’t really want to know that did you? Now, if you don’t hire her, she could claim that knowing her religion biased your decision.
What if a female employee posts something on her Facebook page indicating that she is having trouble with her boss and his wandering hands only to be fired the following week? She files a lawsuit for harassment and retaliation, arguing that while she never complained to HR the company surely knew of the conduct of her boss because they have full access to her Facebook account . . .
Of course, you also have to be careful with existing employee Facebook information. As I have previous warned, the National Labor Relations Board has rabbidly chased after employers who use employee complaints as a basis for termination or discipline. Employee complaints about supervisors, pay, or working conditions are considered pre-union activity and protected under the National Labor Relations Act.
So, while the announcement likely changes nothing, previous cautions remain in effect.