CEO Adviser: What’s the Password?
Scoping out an employee’s or a potential employee’s social media life online has become common practice for employers who believe sound reasons exist for requesting this type of information. But requesting a Facebook password or other personal access codes crosses a line that many experts think should not be crossed.
Before entering these murky waters, consider what benefits are gained by accessing employees’ personal online accounts and compare those benefits with the potential negative consequences, which could include bad publicity, an ethical quandary and exposure to a host of legal issues.
When businesses request passwords for online personal accounts, it is reminiscent of Orwell’s “Big Brother” and indicates the business places low value on personal privacy and the security of information.
Do businesses have the right to gain access to these accounts? Is it ethical to place employees in the position of choosing between protecting their privacy and violating employer policies? Businesses should consider these implications and ask if legitimate business interests are served.
If these concerns aren’t persuasive enough, such requests also carry legal implications. While this area remains unsettled, requests for access to personal online information likely violate the law on several fronts.
2. Unauthorized Access. Because of the power imbalance between employer and employee, some courts have found an employer’s request for login and password information to be essentially coercive. Using the information can be considered “unauthorized access” and in violation of some states’ laws. In May, Maryland passed a law prohibiting the practice of requesting user names and passwords as a condition of employment. Similar bills have been introduced in seven other states, including Washington, where proposed legislation would make violators pay a $500 penalty to the affected employee.
3. Discriminatory Information. Some types of personal information, such as ethnicity or religious affiliation, cannot be requested of employment applicants or from employees; these same types of information cannot be considered in employment decisions. Employers may not legally use this information in the employment arena. Accessing employees’ private online accounts might inadvertently provide this information. Merely possessing this information may cause the employer future headaches, such as a disgruntled employee seeking to bolster a discrimination claim.
4. National Labor Relations Act. Requiring employees to provide passwords to social media sites is likely a violation of the National Labor Relations Act. Among other things, this federal law prohibits employers from taking actions that discourage employees from “concerted activity.” Concerted activity is defined as activities workers may partake in without fear of employer retaliation. Recent case law has held that employees’ actions on social media regarding their employment and working conditions are considered protected concerted activity. Therefore, employers are limited in what they can do to regulate or restrict social media activities. Although it has yet to address the entirety of this specific issue, the National Labor Relations Board has considered more than 100 cases regarding employer social media policies and has struck down portions of six policies.
In March, United States Senators Charles Schumer of New York and Richard Blumenthal of Connecticut asked the Justice Department to investigate if the practice violates federal law. Schumer and Blumenthal have said they are drafting legislation that would fill any gaps in federal law that allow employers to require personal login information from prospective employees.
In the meantime, while requesting Facebook passwords or other access to employees’ online accounts may be a current trend in employee relations, overall, it is a high-risk, low-reward strategy that employers should avoid.
Michelle Bomberger is managing attorney at Equinox Business Law Group. Reach her at email@example.com or 425.250.0205.