A disturbing trend has ramped up over the past couple of years: employers demanding the login credentials for the Facebook accounts of their employees. Another example of this cretinism reared its ugly head here in Cassopolis, Michigan at Lewis Cass Intermediate School District where teacher’s aide Kimberly Hester was fired for refusing to cough up her password to administrators after posting a nondescript and safe-for-work photo of a co-worker’s pants around her ankles.
What makes this case doubly-stupid is that was completely unnecessary: if the school needed documentation of the alleged transgression, it could have taken a screen capture from the account of the local parent who raised the issue with the administration in the first place.
Demanding the Facebook credentials of an employee is just as outlandishly-inappropriate as demanding the login credentials for an employee’s online banking account. Employers should consider such a request with exactly the same level of caution (because they could open themselves up for liability).
1. It’s against Facebook’s terms of service, and in a legal sense – it’s actually an instance of “Phishing” – using social engineering to fraudulently obtain someone else’s account credentials. Right now the US Attorney General is looking into these instances as violations of the Stored Communications Act (SCA).
2. An employee’s Facebook account may contain a variety of sensitive information, including membership in support groups for medical conditions (which would be especially inappropriate for an employer involved in providing health benefits given that it could be used to terminate employees with conditions that make them more expensive to employ).
3. You’re not only compromising the employee’s privacy – but the privacy of all of their friends (some of which are also very likely employees of the same organization – think “Class Action Lawsuit”).
4. As a practical matter, Facebook stores a variety of financial information (Facebook Ads accounts for example) and the apps any given user may have installed also link to financial transaction systems for everything from social games to Amazon.com connectivity. So you are potentially breaking into someone’s financial services account.
Unfortunately the reality is that the US government is influenced disproportionately by anti-worker interests so none of us can rely that it will protect us. Groups like the Chamber of Commerce have been effective at tilting the court system so that it favors corporations over people, and predictably the Republican-controlled US House of Representatives killed a measure that would have prohibited employers from demanding Facebook credentials.
The best thing you can do is be prudent about what you share online, particularly when it comes to work. Even if you’re in the right, if you get busted on it you’ll have to go to court to make your case (an expensive and daunting prospect).