IT experts and lawmakers say jobseekers’ privacy is crucial on Facebook
A few IT executives have offered their views in response to the Govpro posting about public sector employers’ demands that jobseekers turn over their Facebook login info. Some government employers then view the job candidates’ Facebook pages for evidence of inappropriate behavior or images.
Security experts from San Francisco-based nCircle see some unintended consequences from the practice. “Asking job applicants for their Facebook username and password is ridiculous and irresponsible. It also raises a number of serious security issues. Anyone with the username and password can change anything in a Facebook account. They can also change other social media services linked to Facebook. This practice is rife with the opportunity for abuse,” said Tim Keanini, nCircle’s chief technology officer.
“It’s very common for users to reuse the same user credentials in several online accounts, even though it’s not good security practice. Facebook credentials may provide access to an applicant’s online banking or credit card accounts. It’s easy to imagine these credentials being stored casually in HR, where they are accessible to any number of security issues. It’s a security disaster just waiting to happen,” Keanini told Govpro.
Hiring managers will ‘Google’ and find a jobseeker’s Facebook page and Twitter account, said Andrew Storms, nCircle’s director of security operations. “If you are looking for a job, [and] if your social media privacy settings are set to public, then anyone involved in the hiring process has every right to read everything posted. Giving up social media user credentials so hiring managers can see your personal information should not be permitted, ever. That’s why they are called ‘privacy’ settings,’” Storms told Govpro.
nCircle provides information risk and security performance management solutions to automate compliance and reduce risk. The company helps organizations boost security levels and operate more efficiently. More than 6,500 organizations use the company’s services.
In a blog post, Erin Egan, who is Facebook’s chief privacy officer, said, “It is a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.” She cautioned employers not to demand the passwords of job applicants, noting that employers could be vulnerable to legal challenges. She said Facebook would engage policymakers and take legal action against security violators.
Democratic Sens. Chuck Schumer of New York and Richard Blumenthal of Connecticut have requested that Attorney General Eric Holder investigate whether employers asking for Facebook passwords as part of job interviews are infringing on federal regulations.
After reading news reports of the practice, the senators called on the Department of Justice and the U.S. Equal Employment Opportunity Commission to start investigations.
What do you think? Add your comments below!