Passwords are like police dogs: They belong to one person. But the sanctity of passwords is being breached. Some HR staffers and recruiters have asked job candidates for their passwords to Facebook, Twitter and other social media sites. Hiring managers have asked applicants to log on to social networking sites during interviews in order to review the interviewee's online activities. And some companies have policies that require employees to be Facebook "friends" with their HR liaisons.
Such scrutiny may be acceptable for job hunters who will need high-level government security clearance, but it's an unwarranted invasion of privacy for most people. Even if you're comfortable showing everything in your Facebook account to your grandmother, this type of intrusive demand is insulting and intolerable. Job candidates should fight back, and employers should think about the consequences.
Employers may claim that reviewing social media activity helps them make the right choices in expensive hiring decisions. But they should consider the following potential ramifications:
• A culture of mistrust. Few people want to work in an environment that operates on the assumption that everyone is untrustworthy and must be monitored. George Orwell's 1984 was fiction, and it should stay that way.
• Brain drain. Some people may be desperate enough for a job to divulge their passwords, but most will not tolerate such a request. Talented people have choices, and they might choose to work elsewhere -- perhaps at your competitor.
• Security policy violations. Most organizations' security policies forbid sharing passwords for corporate systems. Demanding job applicants' social media passwords sends a mixed message. Furthermore, it's essentially coercion.
• Biased hiring decisions. Posted information may cause interviewers to lose their objectivity. The candidate could be dating someone the interviewer knows, or supporting (or attacking) the interviewer's favorite charity or political organization. Such scenarios could unfairly sway hiring decisions.
• Legal limbo. In the U.S., it's illegal to ask job candidates about their race, religion, sexual preference, and so forth. Demanding access to candidates' social media accounts may not technically violate this prohibition, but it certainly violates the spirit of the law because those details can often be inferred from posts and pictures.
Privacy experts are becoming concerned about this abuse of social media. Maryland recently prohibited employers from requesting access to social media accounts of job applicants and current employees. California and Michigan are close behind. Congress is also considering bills banning the practice nationally. Stay tuned.
What's more, Facebook has threatened legal action against employers that ask for passwords. Section 4.8 of the Facebook Statement of Rights and Responsibilities states that "you will not share your password, ... let anyone else access your account, or ... jeopardize the security of your account." If Facebook enforces this policy aggressively, employers may discover that many people would rather change jobs than lose their Facebook accounts.
Publicly available information about job candidates is fair game. But responsible organizations will not condone interviewing techniques that violate a person's right to privacy. They should update their corporate security policies and be prepared to enforce appropriate sanctions. Don't let your organization become the first court case.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com.