Tuesday, April 24, 2012

Hand over your social media login info? Not in Canada, you don't!

Imagine being in a job interview, across from the panel, relieved that the character and scenario questions are over, when one of the recruiters asks for the passwords to your social networking profiles. The practice has grown among companies and government agencies hoping vet candidates. Companies that don’t ask for passwords may ask applicants to “Friend” human resource managers; others may ask a prospective employee to log in to a company computer during an interview, allowing recruiters to “shoulder surf”; that is, have a look around. These practices have come under fire, with many questioning their legality. Can a potential employer really ask you to hand over your login information for Facebook and other social media sites?

What’s going on? What are employers doing?

In this Orwellian age, we more or less expect recruiters and hiring managers to pore over the intimate details of our social media profiles on Facebook, Twitter, LinkedIn and other sites. As a result, many users, particularly on Facebook, have locked down their privacy settings, making their profiles available only to selected people. Yet, in their efforts to vet job applicants, some companies and government agencies, and public agencies especially, including those seeking to fill law enforcement positions, are going beyond merely looking at people’s social networking profiles: instead, they are asking for login information—to go in and take a look around.

This is what happened to Justin Bassett, a New York City statistician: when interviewed for a job, he was taken aback when an interviewer turned to her computer to search for his Facebook page. When she could not see his private profile, she asked Bassett for his Facebook username and password. Bassett declined and promptly withdrew his application, saying that he did not wish to work for a company that would insist on having such personal information.

Some companies may not be as unabashed as to ask for applicants’ login details, yet they employ other practices that are just as questionable. E. Chandlee Bryan, a career coach and author of The Twitter Job Search Guide, says that more companies, including Sears, are using third-party applications to scour Facebook profiles. One such app, BeKnown, can sometimes access personal Facebook profiles if a job seeker allows it. In the case of Sears, anyone applying has the option of logging into the Sears job site through Facebook by allowing a third-party application to draw information, such as friend lists, from the applicant’s profile. Sears rationalizes the practice, claiming that, because people keep their social profiles updated to the minute, using a Facebook profile to apply allows the company to receive updates about an applicant’s work history. It lets Sears consider people for jobs in the future or for ones they may not realize are currently available.*

Employers have taken other steps as well, including “shoulder surfing”, the practice of using direct observation techniques and looking over someone’s shoulder to gather information. Recruiters may also require applicants to “Friend” human resource managers or to log in to a company computer during an interview. Bryan doesn’t think this measure is a privacy violation if an employer asks to see a Facebook profile through a friend request.

Once hired, some employees have been asked to sign non-disparagement agreements that forbid them from speaking negatively about an employer on social media sites.

So, why do they do that?

Human resources managers may posit that it has become increasingly difficult for them to run the necessary background checks on candidates and, as such, they have little recourse but to demand direct access. Looking deeper into candidates’ profiles—that is, digging below the surface—is akin to making reference calls or conducting a background check. It’s necessary to weed out the few bad apples who might bring down morale, adversely affect corporate culture and damage brand reputation, right? Besides, applicants, like Justin Bassett, have the right to refuse. And those who refuse have something to hide, so why hire them anyway?

Perhaps employers would be well advised to consider what might happen if job seekers were to turn the tables and request private access to CEOs', political leaders’ and other senior executives' profiles to ensure these individuals don't exhibit unsavory behavior, undesirable friends and other past instances of bad judgment. I doubt very much that Bill Clinton, Allan Hunsperger, Silvio Berlusconi, Francesco Schettino or Hosni Mubarak would object. It isn’t as though any of these upstanding individuals was ever at the centre of a personal or corporate scandal, right?

A simple rebuttal of “What’s good for the goose is good for the gander” is indeed simplistic. On the other hand, it’s worth considering that demanding candidates hand over login information could lead to claims of discrimination.

Can they really do that?

Short answer? No.

Can we cry foul? Yes, and the backlash appears to be gaining momentum.

Facebook, noting “a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles” in recent months responded by posting a statement entitled “Protecting Your Passwords and Your Privacy” (23 March 2012) warning that the company could “initiate legal action” against employers insistent upon requesting Facebook passwords. The practice, Facebook claims, “undermines the privacy expectations and the security of both the user and the user’s friends, it also potentially exposes the employer who seeks this access to unanticipated legal liability.”

The distinction between personal and professional lives in the “Big Brother”, hypervigilant era of social media is murky at best. However, Facebook and lawmakers have warned employers against requesting social media passwords when screening applicants. Providing anyone with your Facebook login information violates the site’s Terms of Service, although some legal experts argue that it doesn’t technically violate the law. Legal pundits further argue that these terms have no real legal weight and that the legality of asking for login information is still rather fuzzy.

According to the U.S. Department of Justice, it’s a federal crime to enter a social networking site in violation of its terms of service; however, during recent congressional testimony, it said that such violations would not be prosecuted.

Similarly, no law or legislation exists in Canada that deals specifically with social media. That means that there is also no law or legislation to prohibit employers from asking for login information. In Canada, labour matters generally fall under provincial jurisdiction, but there are also federal laws to help protect personal information. Moreover, the existence of privacy commissioners at both levels of government offers another safeguard. Therefore, the practice of asking candidates for their Facebook passwords and collecting more information than is necessary for employment could be in violation of multiple federal and provincial privacy acts, including the Canadian Human Rights Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).

PIPEDA applies to federally regulated organizations such as banks or telecommunications companies.** PIPEDA also has limitations on collecting personal information—personal information not only about candidates, but also about each of their Facebook friends.

Indeed, this raises another concern: by providing a prospective employer with your login credentials, you are providing not only access to your own profile, but also access to information from other people’s profiles that you don’t have permission to hand over.

This information may include hints about your age, religion, marital/relationship status, political affiliation, race or sexual orientation. Collection of this type of information during the hiring process is in direct violation of the Human Rights Act. Legitimate interview questions can help recruiters gain insight into candidates’ job performance; it is possible to glean this information without violating individuals’ privacy. Yet, recruiters who look at your profile, determine that you are a member of a protected group and then do not hire you may be opening themselves up to claims of discrimination.

So what’s a girl (or guy) to do?

Here are some useful tips for job seekers.

  • Ask employers to explain their motives behind questions you find intrusive.
    Recruiters and hiring managers often have valid reasons for probing into your background, but they should not use awkward or even inappropriate means to get this information. It’s also worth considering whether this is an employer you want to work for.
  • Check social media sites’ privacy policies and terms of service regularly.
  • Adjust your privacy settings, including your public search settings.
    Avoid having even your basic information (e.g., gender, name and profile picture) appear in search engine results. You can also control who sees your profile information by adjusting your privacy settings. Be sure to review your settings regularly.
  • Remove yourself from Facebook ads.
  • Be aware of what’s on your social media sites.
    Assume that someone is going to look at it. Avoid posting racy, illicit or otherwise incriminating photos posted on Facebook or Twitter: as former British Columbia NDP candidate Ray Lam can attest, these can cost you a job (or worse).
  • Follow “Grandma’s Golden Rule”.
    If you wouldn’t let Grandma in on your confessionals or admit to her that you are cheating on your tax return, are cheating on your spouse, hate your boss and shoplifted a package of gum the other day, why would you t tell Facebook? In a word, don’t.
    Once posted, it can be hard to erase proof of your illicit or illegal activities and difficult to keep it from spreading.
    Similarly, as Allan Hunsperger will tell you, it’s also unwise to post content that could be deemed as racist or hatespeech. Examples of posts that got people canned abound.
  • Don’t post your phone number.
    Do you really want the bully from junior high school, your stalkerish ex-boyfriend/girlfriend or even a prospective employer phoning you? Post your phone number in your profile and, depending on your privacy settings, even your most distant Facebook “friends” might be able to access it and give you a call.

What do you think?
  • Do you think employers should be allowed to ask for social media passwords?
  • Would you let your employer access your Facebook account?
  • What is your opinion about laws that protect Canadians from this invasion of privacy?
  • Do you have additional tips for job seekers?
  • What is your Facebook profile telling prospective employers? Find out.

*  Sears Canada spokeswoman Alicia Richler said the company has never entertained the idea north of the border.
** Although PIPEDA does not currently refer specifically to people applying for jobs at federally regulated organizations, proposed legislation before Parliament (Bill C-12) proposes to amend PIPEDA to include prospective employees in that context. Similarly, lawmakers in several American states have indicated they would introduce bills to prohibit companies from requesting access to private accounts in an effort to screen job candidates.

No comments:

Post a Comment