Facebook Offers Advice About Employers Requiring Applicants to Surrender Their Facebook Passwords
Over the last week or two, there have been many articles written about private employers and colleges that are requiring applicants to surrender their Facebook password as part of the hiring/admissions process. Today, Facebook's chief privacy officer published Facebook's position on this practice on its website. Click here for the details.
What is interesting about this, is that the position statement, published by Facebook's chief privacy officer, Erin Egan, a former Covington and Burling attorney, offers her legal opinions to try to convince employers (private and public), colleges, and others not to engage in this practice. Egan, offers the following legal analysis in the position statement:
"We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s right the thing to do. But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person." "It also potentially exposes the employer who seeks this access to unanticipated legal liability."
"Employers also may not have the proper policies and training for reviewers to handle private information. If they don’t—and actually, even if they do--the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime)."
Setting aside whether or not private employers in California should be getting their legal advice from Facebook's chief privacy officer, Ms. Egan's advice that engaging in this practice is subject to challenge is accurate. However, Egan's statement fails to address the biggest problem for California employers (and colleges) who engage in this practice: the California Constitution's privacy protections.
In California, individuals have a constitutional right of privacy that is provided by the California Constitution. Article I, Section I of the California Constitution provides: "All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy." California courts have further held that this provision gives rise to the independent tort of invasion of privacy.
The California Supreme Court has held that to determine whether an individual's constitutional right of privacy has been violated the court must balance the compelling need for the information against the reasonable expectation of privacy the person has in the information. Most jurors and many judges have Facebook accounts, or at least have password protected information on the internet. Their expectation of privacy with respect to the information behind the password is almost always going to be very high. It will be difficult for most employers (other than perhaps those hiring for national security or other related positions where they are exposed to extremely sensitive information), or any college, to demonstrate a compelling or strong need for this information. Employers have been hiring employees without detailed personal information for hundreds of years. In most cases, it will be extremely difficult for an employer to demonstrate a new and sudden compelling need to get behind an applicant's Facebook password to be able to evaluate that individual. When that is measured against a practice that many view as highly offensive and a significant intrusion into personal privacy (requiring someone to give up their personal password), this practice would likely be found improper by our courts and is likely to give rise to an independent tort.
In sum, Egan's conclusion that requiring applicants to surrender their facebook password as a condition of employment or admission is a legally risky practice, appears to be very accurate. However, for California employers or employers hiring California applicants, the risks are even higher, due to the privacy protections of the California Constitution.