Tuesday, August 1, 2017

NBC reignites privacy debate by requiring social-media passwords of job applicants


“Those who cannot remember the past are condemned to repeat it.”  (George Santayana)
It’s been eight long years since Bozeman, Montana, set the internet on fire by requiring that job applicants for municipal positions turn over passwords to their personal social media accounts as part of the application process. In the wake of that story, states rushed to introduce legislation prohibiting this practice; many succeeded. And, the story more or less died.

Thank you, NBC, for reigniting it.

From the New York Post:
A fired NBC employee claims a recruiter who initially contacted her for a job as an audio-visual coordinator told her NBC “specifically asked for good-looking employees”— and wanted to see pictures before she could get her foot in the door. 
Stephanie Belanger says the recruiter asked her “to show her Facebook/Instagram profile to NBC before she could be interviewed.”
Despite all the the negative press that this story is going to receive, I would be surprised if one-percent of one-percent of all employers have even considered asking a job applicant for access to a private social-media account, let alone carried through on the thought by making it a hiring requirement.

And do you know why most (nearly all?) employers do not do this? It’s bad HR policy, with significant legal risk:
  • EEO Risks: Mining Facebook and other social sites for information on job applicants can reveal a wealth of protected EEO information (age, religion, protected medical information, genetic information). The risk is great enough when the information is publicly available; it is exponentially heightened when you gain unfettered access to information shielded by a password. For some thoughts on best practices on conducting Internet searches on applicants or employees, click here
  • Stored Communications Act Risks: At least one court has concluded that an employer who requires employees to disclose passwords to social media sites violates the federal Stored Communications Act, which extends liability to parties that exceed authorization to access electronic communications. While this area of the law might be unsettled, testing it could prove a costly mistake. 

Legal issues aside, this story raises another, more fundamental, question—what type of employer do you want to be? Do you want to be viewed as Big Brother? Do you want a paranoid workforce? Do you want your employees to feel invaded and victimized as soon as they walk in the door, with no sense of personal space or privacy? Or, do you value transparency? Do you want HR practices that engender honesty, and openness, and that recognize that employees are entitled to a life outside of work?

Social media provides a lot of benefits to employers. It opens channels of communication between employees in and out of the workplace. And, when used smartly, it enables employers to learn more about potential employees than ever before. You can learn if an employee has good communication skills, is a good cultural fit, or trashed a former employer. But, this tool has to be used smartly to avoid legal risks. Requiring passwords is not smart.

While it seems like we cannot recall a time without social media in our lives, it remains a new and developing form of media. The rules and regulations that govern it are still evolving. Moreover, governments are looking for opportunities to regulate it. If a small minority of businesses pursue this poor HR practice, state legislatures and Congress will continue pursuing legislative solutions. Do not provide the government the opportunity. Can we all just agree that requiring social-media passwords is a bad idea, and move on from this story, finally?