The Idiocy And The Irony
I remember first hearing about prospective employers asking candidates for Facebook login information in late February on, of all places, an international HR discussion board I moderate. I thought it was a bizarre, one-off situation and couldn’t believe it as I saw the issue hit mainstream news media sites like wildfire and go viral in the next few weeks. And I asked myself: what HR/Recruiting organization is IDIOTIC enough to try this?
Let’s think about the ramifications of this. First of all is the obvious discrimination potential. Marital status, religious affiliations, sexual orientation, age, ethnicity/nationality, children/family status. Second is the invasion of privacy; not only for the candidate but for the candidate’s connections. You may receive the candidate’s permission to access their account, but certainly not the information of their friends and family members. I asked a friend of mine that is an Information Security Program Manager, and her response was, “It can be a violation of HIPAA and PII info both for the candidate and for their friends/family. If an employer asked for it, I would not work for them. Period.” Here is an example she gave: “Your wife sends you the ‘Thanks so much for being so supportive through my cancer diagnosis. You are the best’ update.” All organizations are required to be compliant regardless of their industry.
There also some tertiary considerations to take into account; although it may not seem important to an employer, this is a violation of the Facebook Terms and Conditions. Why is that important, you ask? Because as candidates spread the tales of potential employers violating this basic User Agreement tenet, an employer risks developing a bad reputation not just from an employment branding perspective, but also as a business in general. If you are so eager to violate Facebook’s terms, what would stand between you violating other sorts of business arrangements and contracts?
Finally, I’m not sure that HR departments that are doing this understand the potential system IT security threat/breach this could cause.
I really can see no valid reason for asking this of a candidate in an interview. Reports of employers asking their *employees* for this information could potentially be defensible, especially if employees are accessing their profiles on their employers’ equipment. But opening your company up for potential lawsuits all in the name of what appears to be pre-employment screening seems to violate the very role of HR in the organizational structure. There is now at least one federally-sanctioned Social Networking background check agency, and any organization that has the need to run “thorough” background checks should do the right thing and use a neutral third party that is in the business of following legal precedents and procedures.
I also wanted to address the “irony” of all this, in that most of the employers that have actually been named during this practice seem to be public organizations such as police, universities, and other government-affiliated employers. The irony of this is, of course, that it is the federal government that creates and administers the very laws that this practice would violate.