WASHINGTON'S LEADING BUSINESS MAGAZINE

CEO Adviser: What’s the Password?

Employers would be wise not to ask to seek out their employees’ social media posts.
Michelle Bomberger |   September 2012   |  FROM THE PRINT EDITION

Scoping out an employee’s or a potential employee’s social media life online has become common practice for employers who believe sound reasons exist for requesting this type of information. But requesting a Facebook password or other personal access codes crosses a line that many experts think should not be crossed.

Before entering these murky waters, consider what benefits are gained by accessing employees’ personal online accounts and compare those benefits with the potential negative consequences, which could include bad publicity, an ethical quandary and exposure to a host of legal issues.

When businesses request passwords for online personal accounts, it is reminiscent of Orwell’s “Big Brother” and indicates the business places low value on personal privacy and the security of information.

Do businesses have the right to gain access to these accounts? Is it ethical to place employees in the position of choosing between protecting their privacy and violating employer policies? Businesses should consider these implications and ask if legitimate business interests are served.

If these concerns aren’t persuasive enough, such requests also carry legal implications. While this area remains unsettled, requests for access to personal online information likely violate the law on several fronts.

1. Terms of Use Violation. Asking employees to provide passwords will likely be asking them to violate the terms of their contracts with their online providers. Almost without exception, online providers’ terms of use prohibit users from sharing their passwords. Several social media providers have condemned this employer practice. In March of this year, Facebook warned employers not to ask job applicants for their passwords and threatened legal action against employment applications that violated its long-standing policy against sharing passwords.

2. Unauthorized Access. Because of the power imbalance between employer and employee, some courts have found an employer’s request for login and password information to be essentially coercive. Using the information can be considered “unauthorized access” and in violation of some states’ laws. In May, Maryland passed a law prohibiting the practice of requesting user names and passwords as a condition of employment. Similar bills have been introduced in seven other states, including Washington, where proposed legislation would make violators pay a $500 penalty to the affected employee.

3. Discriminatory Information. Some types of personal information, such as ethnicity or religious affiliation, cannot be requested of employment applicants or from employees; these same types of information cannot be considered in employment decisions. Employers may not legally use this information in the employment arena. Accessing employees’ private online accounts might inadvertently provide this information. Merely possessing this information may cause the employer future headaches, such as a disgruntled employee seeking to bolster a discrimination claim.

4. National Labor Relations Act. Requiring employees to provide passwords to social media sites is likely a violation of the National Labor Relations Act. Among other things, this federal law prohibits employers from taking actions that discourage employees from “concerted activity.” Concerted activity is defined as activities workers may partake in without fear of employer retaliation. Recent case law has held that employees’ actions on social media regarding their employment and working conditions are considered protected concerted activity. Therefore, employers are limited in what they can do to regulate or restrict social media activities. Although it has yet to address the entirety of this specific issue, the National Labor Relations Board has considered more than 100 cases regarding employer social media policies and has struck down portions of six policies.

In March, United States Senators Charles Schumer of New York and Richard Blumenthal of Connecticut asked the Justice Department to investigate if the practice violates federal law. Schumer and Blumenthal have said they are drafting legislation that would fill any gaps in federal law that allow employers to require personal login information from prospective employees.

In the meantime, while requesting Facebook passwords or other access to employees’ online accounts may be a current trend in employee relations, overall, it is a high-risk, low-reward strategy that employers should avoid.

 

Michelle Bomberger is managing attorney at Equinox Business Law Group. Reach her at michelle@equinoxbusinesslaw.com or 425.250.0205.

    Subscribe Free     Free Insight Newsletter