[Image of: RetailWire Logo and Tagline (for print)]

Senator Not 'Liking' Bosses Asking for Facebook Passwords

March 26, 2012

It's long been known that what you write on Facebook or other social media sites can come back to haunt you. Young job applicants, in particular, have been warned from sharing accounts of college parties gone wild and other details that may be off-putting to a potential employer. Now comes word that employers, primarily in government it appears, have asked applicants for their Facebook passwords to see if there are any skeletons in their closets.

Upon hearing of the practice, Sen. Richard Blumenthal of Connecticut told Politico that he was working on legislation that would bar a practice that he sees as an "unreasonable invasion" into the private lives of prospective employees.

Sen. Blumenthal disputed the notion that workers hand over such information voluntarily.

"The coercive element of the request," he told Politico, "really makes it less than voluntary."

Facebook responded last week that asking an employee for a personal password to its site was a violation of its privacy. At first, the social media site indicated that such a practice would be grounds for a company to have its page removed from the site, although it did later appear to dial-back from that position a bit.

A report by the Los Angeles Times said that although the Justice Department views the violation of Facebook's terms of service as a criminal act under federal law, it was not looking to get into prosecuting every violation.

Discussion Questions:

Discussion Questions: How far should employers be allowed to go when it comes to checking out prospective employees on social media sites? Should businesses be able to ask prospective or even current employees for access to their accounts?

While we value unfettered opinion, we urge you to show respect and courtesy for people or companies about whom you comment. Keep in mind that this is a public, professional business discussion. RetailWire reserves the right to edit or refuse the publication of remarks that we deem unsuitable. We may also correct for unintended spelling and grammatical errors.

Instant Poll:

Should employers have the right to require that prospective employees hand over access to their social media accounts?


Employers should not ask prospective or current employees for access to their social media accounts. If they fail to do this voluntarily, they should be banned from doing it through legislation. At the same time, people need to be aware that the moment something is posted on the Internet, it is no longer private. If you don't want something to be public, do not post it on the web.

[Image of: View Braintrust Panelist button]
Max Goldberg, President, Max Goldberg & Associates

It was bad enough when I was beginning; employers were allowed to make employees take lie-detector tests as a requirement of continued employment. This isn't far from it. Judging employees based on their private lives is just wrong -- no job is worth it in retail.

[Image of: View Braintrust Panelist button]
Bob Phibbs, President/CEO, The Retail Doctor

With the possible exception where law enforcement or top security types of jobs are concerned, I think it's entirely unreasonable to put pressure on an employee to surrender his or her facebook password. If this type of thing happens it will hurt the social media in a very big way on so many levels and I would go as far as saying that in doing so it will even negatively impact our economy.

[Image of: View Braintrust Panelist button]
David Biernbaum, Senior Marketing and Business Development Consultant, David Biernbaum Associates LLC

Prospective employees are still human beings first and therefore have a right to privacy. It's dangerous to allow potential and/or actual employers the right to compel any employee to involuntarily reveal any password to any internet site they might participate in. One, for example, would not think of asking an employee for their Amazon password to check on what books they had ordered even though it might offer insights into their thinking.

At the same time Max is dead right. Young people in particular should be very careful about what they post. Pictures and posts shared with "BFF"s from college might be reminders of great times when you are 20 but most of us wouldn't want them on public revue when we were 30, 40 or 50.

[Image of: View Braintrust Panelist button]
Ryan Mathews, Founder, ceo, Black Monk Consulting

Yes, they should be able to ask for the passwords. I always suggest to college students that they shut down their Facebook account before graduating -- and while job hunting, never post anything other than professional postings. I have friends with Facebook accounts who work for some very strict companies and their Facebook page is a joke. It's nothing more than the most generic stuff or an online commercial for their employer, or an online monument to their CEO. Over-restrictive employment laws have put a burden on employers. I have clients that have to follow job candidates out to their cars to see first what kind of cars they drive, look for political bumper stickers, child car-seats and toys, cigarettes, etc, anything that would indicated they might not work out. They have to do this because they cannot ask important questions about fertility, age, and political views during the interview.

David Livingston, Principal, DJL Research

Since it gives access to private correspondence, there's no fundamental difference between requiring an employee to hand over a Facebook password and requiring one for a webmail account like Gmail or Yahoo mail. And of course there's no fundamental difference between that and requiring employees to turn over the faxes they receive or the contents of their physical mailboxes for the employer's scrutiny.

I'm not a constitutional law expert, but I think we all would agree that this last example is far out of bounds. Witness that fact that we've had snail mail for centuries and employers are not making this demand on that medium (even the government). The difference is that Facebook is new, and therefore the people who are making these demands fundamentally don't understand what it is they're demanding.

This report is just the latest incident in a storied history of the U.S. government doing a bad job when it tries to meddle in technology. The unfortunate but undeniable fact is that since the advent of the personal computer, government policy has been unable to keep up with the progress of technology, leading to a long string of "doesn't get it" moments, typically involving trying to regulate or control what it cannot. Do we all remember the V-Chip?

When government is wise, it creates an environment that helps private industry and private individuals work out how to use technology best. When it is unwise, it makes ill considered decisions like this one.

Tim Callan, CMO, SLI Systems

I agree that everyone should know better than to post all their private thoughts and actions on Facebook or any other social media as once it on the web it lives forever. However, the fact is many people don't see anything wrong with doing so. This leaves them vulnerable to have this information shared by their friends with others and virtually making their private life very public including current and potential employers.

However that is different from the employer compelling them to grant direct access having to the same information. That I believe falls in the area of invasion of privacy and should not be allowed with the possible exceptions noted by David.

[Image of: View Braintrust Panelist button]
Steve Montgomery, President, b2b Solutions, LLC

First of all, I think people are slowly learning that nothing they post online is "private." The "circles" feature of Google+ gives people the illusion they are able to segregate their "friends" between professional and personal, work and play, etc., but once something is online there is no guarantee of privacy. Of course I don't expect every fraternity member to think of this on Saturday nights.

Which is what actually opens up the opportunity for a whole new business model. Facebook makes money by selling access to its users' data. (So why would anyone expect their data to be private? Duh?) Why not have a social network built on subscription fees instead of targeted advertising. At the most, such a network may categorize users internally to allow advertisers to reach all the golfers or all the quilters, but it would never identify specific users to anyone else. By offering its heightened security and privacy as a differentiator, such a network would appeal to users who want to keep their information private.

Having said all that, the major difficulty with providing this type of service would be the inevitable breach of privacy that is impossible to prevent. Maybe that is the reason I've not heard of anyone promising it.

Bill Bittner, Principal, BWH Consulting

Anything posted on the public site is in play.

Asking for the person's password is definitely out of bounds.

[Image of: View Braintrust Panelist button]
Ben Ball, Senior Vice President, Dechert-Hampe

Technology is inventing things that we are receiving with a lot of exuberance but, perhaps, lesser thought to its possible future consequences. What you post can lead to a roast --- or a career hotfoot.

Businesses don't want "disappointing discoveries" to be part of their workload and concern systems. But employees are entitled to privacy. More government regulations are not the answer. Circumspection is.

Gene Hoffman, President/CEO, Corporate Strategies International

Ok, let me get this straight, I am 18 years old, an adult, eligible to vote and serve in the military, drive a car, rent or even buy a home if I have the means, go to or currently attend college and I should be advised/reminded/warned that what I put on my Facebook page could be damaging to my career aspirations? Seriously?

Life today is legislated enough. Reactionary moves by Facebook to ban employer pages because they employ this type of pre-employment screening was a bad shot across the bow. Let's not assume that this would be a one-time check once the password is secured. HR could keep themselves busy viewing pics from frat parties and Spring Break for ongoing monitoring -- even more invasive.

If a citizen who has the right to privacy and an equal measure of common sense can't discern what is right and wrong to post on their site, they deserve to not get the job. Perhaps they would likely have poor judgment to begin with. If the employer is that worried or has practices that invasive, the prospective employee should take a pass on working for them, a non-starter.

For positions that demand a high moral or even higher penchant on good judgment and social appropriateness, then certainly they should expect the prospective candidate to demonstrate good judgment. Have as a requirement that you must surrender access to your personal profiles and let the candidate decide whether or not to check a box "I accept."

Post at your peril is the guiding principle here.

David Slavick, Director, Loyalty & Retention, FTD.com

Ben's succinct reply covers the issue completely, in my estimation. Act like posts and photos are public and only post what you would want to see highlighted in Macy's window. Employers -- asking for passwords is out of bounds.

[Image of: View Braintrust Panelist button]
David Zahn, Owner, ZAHN Consulting, LLC

Prospective employers don't hold all the cards in this game -- prospective employees do too. Would-be employers who want to lurk around in others' private lives send a message, loud and clear, that they're not the kind of company anyone should want to work for.

[Image of: View Braintrust Panelist button]
Cathy Hotka, Principal, Cathy Hotka & Associates

Interestingly enough, we had a similar situation just this morning with Verizon. First, you can't get to speak with anyone in a call center in the United States. Second, they read from scripts and don't hear what you say. Then, and this is the last "get it off your chest" piece, they asked for my wife's full social security number. They explained it was for security purposes. Guess what, for security purposes we did not give it. And we still did not accomplish what the call was about.

[Image of: View Braintrust Panelist button]
Ed Rosenbaum, CEO, The Customer Service Rainmaker, Rainmaker Solutions

The answer to this question should be obvious. First, employers that ask for such information are overreaching, and should lead prospective and/or current employees to question the business's intentions, and their view toward employee relations. That said, anyone and everyone that utilizes social media should know by now that one should not publish or post anything online that the individual would be embarrassed or surprised to see "on the front page of the NY Times."

Mark Baum, SVP & CCO, Food Marketing Institute

Excellent counterpoint by Cathy Hotka!

Also... "Facebook responded last week that asking an employee for a personal password to its site was a violation of its privacy." Hmmm... Facebook is now the defender of individual privacy? Do they have other motives?

[Image of: View Braintrust Panelist button]
Ken Lonyai, Digital Innovation Strategist, co-founder, ScreenPlay InterActive

This has to be a joke! How can anyone be expected to turn over their password to access a personal account?

That being said, everyone should have no concern to hand over their password, meaning they should never ever ever post anything they do not want somebody else to see or read. When using any social network, keep it professional, respectful, and clean. Nothing is private when posted online. Share information, be helpful, show a personal side of you, but always show the world the type of person you can truly be, nothing more.

Rick Boretsky, Retail Data Integration Specialist, RIBA Retail (www.ribaretail.com)

I had the same reaction as Bob. It took me back to the days I had to take a lie detector test and was terminated for the results. Two days later the bank determined that the deposit wasn't missing, and it was also determined I was not very good at taking a lie detector test.

Asking for this from a prospective employee and/or a current employee is an invasion of privacy and should not be allowed by law. Period.

[Image of: View Braintrust Panelist button]
Doug Fleener, President and Managing Partner, Sixth Star Consulting

I'm with Cathy, with one additional wry observation.

Have we reached the point where only corporations have first amendment rights? Individuals should be able to a) say whatever they want to say and b) do so without fear of recrimination for doing so.

I chose to avoid working for companies that required drug tests for their employees. I am happy to know if the pilot flying my airplane is drunk, but could care less what the office workers do in their spare time. Similarly, I would never work for a company that requested my Facebook password. That's just sick.

[Image of: View Braintrust Panelist button]
Paula Rosenblum, Managing Partner, RSR Research

It is not a good idea to ask for the passwords. More and more financial apps become available on Facebook. If one of these apps are compromised, the employers who has a deep pocket can become a target for financial or criminal liability.

Joe Nassour, Chief Technology Officer, RetailTactics

Crazy. This trend will cause more firestorms in the arena of personal privacy debate. Employers should tread cautiously and think smarter.

[Image of: View Braintrust Panelist button]
Matt Schmitt, President, Chief Strategy & Innovation Officer, Reflect

The slippery slope we are in is not going to end, as "social justice" is the new USA. I am sick of the government as it is now, and it will continue to get worse because information on the web is everywhere about all of us. I'm glad I went to college without all of this instant video stuff of everyone acting like idiots. Could any of us get a job, if our whole college lifestyle was on video for everyone to see?

It is a crazy world we now live in...

[Image of: View Braintrust Panelist button]
Tony Orlando, Owner, Tony O's Supermarket & Catering

Privacy is not quite dead yet, despite declarations by the Facebooker and various HR departments. Asking for any account information from a prospective employee is in my view coercive and likely a constitutional violation.

Furthermore, any employer who obtains personal account or identity information takes on an obligation for life to protect that information. Can't wait to see the test case once a major employer gets hacked.

Of course Facebook profile contents go well beyond account and identity information. As a matter of "media literacy" it is the wise young person who limits the type of material they post about themselves. Embarrassing data never expire -- they just roll to the bottom of your history and lurk there until the most inconvenient moment.

[Image of: View Braintrust Panelist button]
James Tenser, Principal, VSN Strategies

I would recommend to any employee or prospective employee that they get as far away from an employer that asks for passwords as possible. It is not only out-of-bounds, but it also mindset of the employer that is totally unacceptable and suggests how that employer values their employees.

[Image of: View Braintrust Panelist button]
Gene Detroyer, Professor, Independent

Right! And we should give up our RetailWire passwords and our Handles as well. We have something called the First Amendment, for which or forebears paid for in blood and treasure.

We all have made comments to friends through email or at the water cooler about our employer and customers. That is free speech. What matters is performance.

The issue with Facebook is a slippery slope. Where does it stop? Cameras and audio feeds from the breakfast table?


I agree that if a person is uncomfortable handing over a password, they should pass on that employer. But I've had people apply to work for me and I've seen some pretty raunchy stuff on their Facebook page that I didn't even need a password to see. Women and men in off-color outfits, drinking alcohol to excess, using profanity in their posts, etc. Just being "friends" with someone who does this can hurt you. Facebook is fun, but its not necessary for survival. Many now just use an alternate email and an assumed alias so only people you choose can see you are even on Facebook.

Many business will block Facebook from being accessed by employers and customers. My health club will not allow me to access any website through their Wi-Fi which even has a Facebook logo on it. I can't access retailwire.com because they have a Facebook logo someplace on their website. I can understand that. No employer wants its workers playing on Facebook all day when they should be working.

I would suggest to people who want to avoid this kind of mess simply opt into self employment. It's more fun anyway.

David Livingston, Principal, DJL Research

It's a sorry state of affairs when we have to choose between meddlesome government action and intrusive employer actions;(and the Libertarians find out quickly just where a world where people can ask/do anything they want leads.) But there may be an upside to all this: the abolition -- or nearly so -- of post-any-and-everything on sites like Facebook and YouTube.(The disappearance of FB itself I'd settle for, but Xmas is still 9 mos away.)


All too often, the private lives of employees affect their employer. Therefore, as Max Goldberg put it so succinctly, "If you don't want something to be public, do not post it on the web."

[Image of: View Braintrust Panelist button]
Ralph Jacobson, Global Retail Industry Analytics Marketing Executive, IBM

I think I can say both Ben and Cathy have it about right. I also look forward to Facebook themselves going after an employer that is doing this and to see where that goes.

If this is happening to any great extent, it's likely to come out in the open as to who the employers are that request them. Once that happens, let's see them defend their position and see how the legal action goes if there even needs to be any by that point. I'm thinking that now that this is out in the open, the sheer firestorm that could hit a company that is doing so will be far worse than the impact of legal action.

Then, we will see how powerful this social tool really is -- won't we?


There is an old saying, "Two can keep a secret, if one is dead!" It's called the "world-wide web" (www) for a reason. A password means that only you and others with access to the password have access to it. Don't provide your password to anyone? Really? How about the owner of the site, whether Facebook or your bank? If no one else had access to the information you are posting on the web, why are you posting it on the web -- a worldwide communication device?

My point is that the web is not a private repository of your personal data. Even if you NEVER share anything on DropBox, DropBox management, and who knows how many people in their company COULD look at it. Just like your tax information is sacrosanct with the IRS! Yeah, right. Forrest Gump's mother had this one figured out: "Stupid is as stupid does!"

Scott McNealy (Sun Microsystems,) had it right a dozen years ago, "You have no privacy, get over it!"

[Image of: View Braintrust Panelist button]
Herb Sorensen, Ph.D., Scientific Advisor Kantar Retail; Adjunct Ehrenberg-Bass, Shopper Scientist LLC

If people are smart they can make handing over their Facebook passwords work to their advantage. I used to work for a company that read all my emails. Those of you who know me know that I took full advantage of that knowledge. Simply create a Facebook page that shows you are part of the "cult" and you will be fine.

David Livingston, Principal, DJL Research

A social media account, or any other personal account is just that...personal. Personal accounts are not the property or should they be accessed by anyone other than the person who set them up. The employer should certainly not be asking for or suggesting that they gain access to the account for any reason.

[Image of: View Braintrust Panelist button]
Kai Clarke, CEO, American Retail Consultants

Although I still try to follow the advice to not post anything on Facebook I wouldn't want my mother to see, requesting personal social media passwords would seem to be the start of the proverbial slippery slope. The same would be true if employers required that they have friend status on Facebook. It would also seem to open up such employers to the risk of prosecution for discrimination for any number of factors including race, religion, sexual orientation, and more as many of these are clearly indicated on Facebook and other sites. If it is unlawful to require someone to divulge race, religion, etc on an application, then it would seem similar when asking for such passwords.

[Image of: View Braintrust Panelist button]
Verlin Youd, Managing Principal, Verizon

Perhaps the solution is more simple than anyone has suggested... simply create two Facebook profiles. The sicky-sweet, I-never-post-anything-controversial, I-love-my-boss-and-kittens-too profile is the one you grant access to, for the employer. The other one, you hide from employers and your parents. It's easy enough to make it look like two different people, enough to satisfy an employer. Add a few friends and nice posts to the employer's version, prior to any interviews, and call it a day.

Just make sure your friend's posts are monitored, so they don't bring you down with your typical "dude you were so wasted Saturday!" post. =)

We can always find a way to circumvent such oppressive employer rules... or have we lost our creativity as a species?


Search RetailWire
Follow Us...
[Image of:  Twitter Icon] [Image of:  Facebook Icon] [Image of:  LinkedIn Icon] [Image of:  RSS Icon]

Getting Started video!

View this quick tutorial and learn all the essentials...

RetailWire Newsletters