Invasion of Workplace Privacy or Protecting Confidential Information?

Social media such as
Facebook and LinkedIn, blogs and Twitter, have changed the way people
communicate, creating a wealth of online information regarding people’s conduct
and behavior—often revealing, occasionally too revealing. Ever-conscious of
public image and liability risks, employers began mining these types of online
data for information on current employees and job applicants. In some cases
employers have gone so far as to ask for job applicants’ Facebook user names and
passwords
. In light of this growing
trend, questions have arising as to how much of a person’s data is truly
‘public?’ How far may an employer go in obtaining ‘less public’ information?
What is the risk?
Generally, data
available on search engines such as Google represents readily available
information regarding an individual or subject. An employer is as free to
access and use that data as any member of the public. Likewise, Blogs and
Tweets [1]
accessible by the general public are safe sources to access, as well as
information on Facebook, MySpace, and LinkedIn under a user’s profile that is
not designated as ‘private.’ [2]
When employers and
businesses ask, or even demand, access to private information on sites such as
Facebook, however, a conflict arises between the employer’s request and the
account owner’s right to privacy. [3]
Employer efforts to access private social media accounts have raised a storm of
criticism from privacy advocates, who have likened requests for access to asking for an employee’s house keys or to open their
mail
. Others have cited concerns that
allowing employer access to social media accounts could reveal personal information such as race,
religion, age and sexual orientation that could be used to discriminate against
an otherwise qualified job applicant
.
Such requests
typically fall between two extremes. At one extreme, employers request that a
current employee or job applicant log into their social media accounts during
performance reviews and job interviews. At the other extreme, employers request
user names and passwords. Other ploys have included requesting a current
employee or job applicant to add an HR manager, the job interviewer, or a
supervisor, to the list of people authorized to access the information. [4]
The growing practice has drawn a response from Facebook, which warns that providing account information to
third parties undermines the privacy expectations and security of the user and
user’s friends
. The practice also
violates Facebook’s terms of use policy.
Privacy advocates
are prevailing in State legislatures. California, Illinois,
and Maryland
have all enacted statutes prohibiting such practices by employers, and several
states are considering similar laws. Legislation is also currently pending on
Capitol Hill that would extend the prohibition nationwide.
In Texas, litigation
on the subject has been sparse and there appear to be no holdings at the
appellate level at present regarding whether and to what the extent employers
may request access to social media accounts.
What
steps can an employer take to limit its exposure? The first step is to simply
limit online research to Google and similar search engines, publicly available
blogs and Tweets, and data from social media sites that is already publicly
available. Generally, the wealth of information from such sources is sufficient
to most employers’ needs. Any risk an employer faces comes not from how the
employer obtains the information, but from how the employer uses it. For
example, an employer should set very specific policies regarding how that
information will be retained and used, and specifically point out to hiring and managing personnel that the information may not
be used in a discriminatory manner.
Some employers,
however, have legitimate business interests in seeking the more detailed
information often available only through access to private profiles. Businesses
dealing with highly confidential information, business trade secrets,
information as to business mergers and acquisitions, are but a few examples.
Those employers should seriously consider seeking legal counsel to assist with
drafting protocols for requesting, accessing, and using information from social
media accounts.
State and national
legislatures appear to be trending towards legislation that prohibits or limits
an employer’s right to ask for access social media accounts. Business people
should consult with their business attorney or employment lawyer to asses that
the company comply with changing standards in employee privacy law, and still
protect your business’ confidential information.

[1]
A ‘Tweet’ is a short, public posting to the Internet through Twitter.
[2]
Although an entire Facebook or MySpace profile may be designated as ‘private,’
some basic information is always viewable, such as the user’s name.
[3]
Most social networking sites allow users the option of setting their profiles
to ‘private,’ thereby limiting access to information posted there to other
users who are on their ‘friends’ list.
[4]
These ‘lists’ take many forms, but are most commonly referred to as ‘friends’
lists.