CEO Adviser: What’s the Password?

| FROM THE PRINT EDITION |
 
 

Scoping out an employee’s or a potential employee’s social media life online has become common practice for employers who believe sound reasons exist for requesting this type of information. But requesting a Facebook password or other personal access codes crosses a line that many experts think should not be crossed.

Before entering these murky waters, consider what benefits are gained by accessing employees’ personal online accounts and compare those benefits with the potential negative consequences, which could include bad publicity, an ethical quandary and exposure to a host of legal issues.

When businesses request passwords for online personal accounts, it is reminiscent of Orwell’s “Big Brother” and indicates the business places low value on personal privacy and the security of information.

Do businesses have the right to gain access to these accounts? Is it ethical to place employees in the position of choosing between protecting their privacy and violating employer policies? Businesses should consider these implications and ask if legitimate business interests are served.

If these concerns aren’t persuasive enough, such requests also carry legal implications. While this area remains unsettled, requests for access to personal online information likely violate the law on several fronts.

1. Terms of Use Violation. Asking employees to provide passwords will likely be asking them to violate the terms of their contracts with their online providers. Almost without exception, online providers’ terms of use prohibit users from sharing their passwords. Several social media providers have condemned this employer practice. In March of this year, Facebook warned employers not to ask job applicants for their passwords and threatened legal action against employment applications that violated its long-standing policy against sharing passwords.

2. Unauthorized Access. Because of the power imbalance between employer and employee, some courts have found an employer’s request for login and password information to be essentially coercive. Using the information can be considered “unauthorized access” and in violation of some states’ laws. In May, Maryland passed a law prohibiting the practice of requesting user names and passwords as a condition of employment. Similar bills have been introduced in seven other states, including Washington, where proposed legislation would make violators pay a $500 penalty to the affected employee.

3. Discriminatory Information. Some types of personal information, such as ethnicity or religious affiliation, cannot be requested of employment applicants or from employees; these same types of information cannot be considered in employment decisions. Employers may not legally use this information in the employment arena. Accessing employees’ private online accounts might inadvertently provide this information. Merely possessing this information may cause the employer future headaches, such as a disgruntled employee seeking to bolster a discrimination claim.

4. National Labor Relations Act. Requiring employees to provide passwords to social media sites is likely a violation of the National Labor Relations Act. Among other things, this federal law prohibits employers from taking actions that discourage employees from “concerted activity.” Concerted activity is defined as activities workers may partake in without fear of employer retaliation. Recent case law has held that employees’ actions on social media regarding their employment and working conditions are considered protected concerted activity. Therefore, employers are limited in what they can do to regulate or restrict social media activities. Although it has yet to address the entirety of this specific issue, the National Labor Relations Board has considered more than 100 cases regarding employer social media policies and has struck down portions of six policies.

In March, United States Senators Charles Schumer of New York and Richard Blumenthal of Connecticut asked the Justice Department to investigate if the practice violates federal law. Schumer and Blumenthal have said they are drafting legislation that would fill any gaps in federal law that allow employers to require personal login information from prospective employees.

In the meantime, while requesting Facebook passwords or other access to employees’ online accounts may be a current trend in employee relations, overall, it is a high-risk, low-reward strategy that employers should avoid.

 

Michelle Bomberger is managing attorney at Equinox Business Law Group. Reach her at michelle@equinoxbusinesslaw.com or 425.250.0205.

Related Content

It wasn’t another episode of “we’re losing all the old stuff that made this place different and special” that prompted public consternation when Renton-based, family-owned retailer McLendon Hardware agreed to be acquired. 

If this journalism thing doesn’t work out, I have a backup plan: helping the pharmaceutical industry come up with names for their new drugs.

On a recent visit to Berkeley, where I attended the University of California in the late 1970s, I was struck by how little the city had changed. The neighborhoods are still lined with century-old houses. 

The United States pays more for and gets less from its health care system than peer nations.