Employers warned against demanding Facebook details from staff

The Information Commissioner's Office has warned employers in the UK that it would have "very serious concerns" if they were to ask for Facebook login and password details from existing or would-be employees, following reports of such demands in the US.

A spokesman for the ICO said: "The UK Data Protection Act clearly says that organisations shouldn't hold excessive information about individuals, and it's questionable why they would need that information in the first place."

In the US, two American senators are asking the US attorney general, Eric Holder, to investigate whether the practice of employers asking for Facebook passwords during job interviews is violating federal law.

Troubled by reports of the practice, Democratic senators Chuck Schumer of New York and Richard Blumenthal of Connecticut said they are calling on the Department of Justice and the US Equal Employment Opportunity Commission to launch investigations. The senators are sending letters to the heads of the agencies.

Associated Press reported last week that some private and public agencies around the country are asking job seekers for their social media details. The practice has alarmed privacy advocates, but its legality remains murky in the US.

In the UK, however, it would potentially put employers in breach of the Data Protection Act because it would constitute "excessive" information about an individual, the ICO indicated. "We would have very serious concerns if this practice was to become the norm in the UK," said a spokesperson.

On Friday, Facebook warned employers not to ask job applicants for their passwords to the site so they can poke around on their profiles, noting that it would break its terms of service. The company threatened legal action against applications that violate its long-standing policy against sharing passwords.

A Facebook executive cautioned that if an employer discovers that a job applicant is a member of a protected group, the employer may be vulnerable to claims of discrimination if it doesn't hire that person. Facebook profiles often include personal information such as gender, race, religion and age – all details that are protected from being used to determine employment suitability by federal employment law. The same strictures apply in the UK.

Facebook said in a statement: "We don't think employers should be asking prospective employees to provide their passwords because we don't think it's the right thing to do. While we do not have any immediate plans to take legal action against any specific employers, we look forward to engaging with policy makers and other stakeholders, to help better safeguard the privacy of our users."

Not sharing passwords is a basic tenet of online conduct. Aside from the privacy concerns, Facebook considers the practice a security risk.

Senator Schumer said in a statement: "In an age where more and more of our personal information and our private social interactions are online, it is vital that all individuals be allowed to determine for themselves what personal information they want to make public and protect personal information from their would-be employers. This is especially important during the job-seeking process, when all the power is on one side of the fence."

Specifically, the senators want to know if this practice violates the Stored Communications Act or the Computer Fraud and Abuse Act. Those two acts, respectively, prohibit intentional access to electronic information without authorisation and intentional access to a computer without authorisation to obtain information.

The senators also want to know whether two court cases relating to supervisors asking current employees for social media credentials could be applied to job applicants.

"I think it's going to take some years for courts to decide whether Americans in the digital age have the same privacy rights as previous generations," said American Civil Liberties Union attorney Catherine Crump in a previous interview with the AP.

The senators also said they are drafting a bill to fill in any gaps that current laws don't cover. Maryland and Illinois are considering bills that would bar public agencies for asking for this information.

In California, Democratic state senator Leland Yee introduced a bill that would prohibit employers from asking current employees or job applicants for their social media usernames or passwords. That state measure also would bar employers from requiring access to employees' and applicants' social media content, to prevent employers from requiring logins or printouts of that content for their review.