Social media such as Facebook and LinkedIn, blogs and Twitter, have changed the way people communicate, creating a wealth of online information regarding people’s conduct and behavior—often revealing, occasionally too revealing. Ever-conscious of public image and liability risks, employers began mining these types of online data for information on current employees and job applicants. In some cases employers have gone so far as to ask for job applicants’ Facebook user names and passwords. In light of this growing trend, questions have arising as to how much of a person’s data is truly ‘public?’ How far may an employer go in obtaining ‘less public’ information? What is the risk?
Generally, data available on search engines such as Google represents readily available information regarding an individual or subject. An employer is as free to access and use that data as any member of the public. Likewise, Blogs and Tweets[1] accessible by the general public are safe sources to access, as well as information on Facebook, MySpace, and LinkedIn under a user’s profile that is not designated as ‘private.’[2]
When employers and businesses ask, or even demand, access to private information on sites such as Facebook, however, a conflict arises between the employer’s request and the account owner’s right to privacy.[3]Employer efforts to access private social media accounts have raised a storm of criticism from privacy advocates, who have likened requests for access to asking for an employee’s house keys or to open their mail. Others have cited concerns that allowing employer access to social media accounts could reveal personal information such as race, religion, age and sexual orientation that could be used to discriminate against an otherwise qualified job applicant.
Such requests typically fall between two extremes. At one extreme, employers request that a current employee or job applicant log into their social media accounts during performance reviews and job interviews. At the other extreme, employers request user names and passwords. Other ploys have included requesting a current employee or job applicant to add an HR manager, the job interviewer, or a supervisor, to the list of people authorized to access the information.[4] The growing practice has drawn a response from Facebook, which warns that providing account information to third parties undermines the privacy expectations and security of the user and user’s friends. The practice also violates Facebook’s terms of use policy.
Privacy advocates are prevailing in State legislatures. California, Illinois, and Maryland have all enacted statutes prohibiting such practices by employers, and several states are considering similar laws. Legislation is also currently pending on Capitol Hill that would extend the prohibition nationwide.
In Texas, litigation on the subject has been sparse and there appear to be no holdings at the appellate level at present regarding whether and to what the extent employers may request access to social media accounts.
What steps can an employer take to limit its exposure? The first step is to simply limit online research to Google and similar search engines, publicly available blogs and Tweets, and data from social media sites that is already publicly available. Generally, the wealth of information from such sources is sufficient to most employers’ needs. Any risk an employer faces comes not from how the employer obtains the information, but from how the employer uses it. For example, an employer should set very specific policies regarding how that information will be retained and used, and specifically point out to hiring and managing personnel that the information may not be used in a discriminatory manner.
Some employers, however, have legitimate business interests in seeking the more detailed information often available only through access to private profiles. Businesses dealing with highly confidential information, business trade secrets, information as to business mergers and acquisitions, are but a few examples. Those employers should seriously consider seeking legal counsel to assist with drafting protocols for requesting, accessing, and using information from social media accounts.
State and national legislatures appear to be trending towards legislation that prohibits or limits an employer’s right to ask for access social media accounts. Business people should consult with their business attorney or employment lawyer to asses that the company comply with changing standards in employee privacy law, and still protect your business’ confidential information.
[1] A ‘Tweet’ is a short, public posting to the Internet through Twitter.
[2] Although an entire Facebook or MySpace profile may be designated as ‘private,’ some basic information is always viewable, such as the user’s name.
[3] Most social networking sites allow users the option of setting their profiles to ‘private,’ thereby limiting access to information posted there to other users who are on their ‘friends’ list.
[4] These ‘lists’ take many forms, but are most commonly referred to as ‘friends’ lists.