What You Need to Know about Shoulder Surfing and Facebook Password Requests from Employers

Some surprising and controversial new job seeker screening practices have been in the media recently: shoulder surfing, force friending, and requests for Facebook passwords.

Shoulder surfing refers to an employer asking a candidate in an interview to log in to his or her Facebook account so the HR team can screen friends-only postings for lurid party photos, questionable activities, drug use or racial/religious/gender slurs that might be revealed in a job seeker’s private online life.

Force friending is a growing practice among college athletic departments where administrators require players to friend them in order to keep tabs on potential non-compliant activities by their NCAA athletes.

And some types of employers, particularly law enforcement agencies, have been requesting the Facebook password of a job seeker, right on the job application. As intrusive as one might find these practices from a privacy and free speech perspective, there seems to be no hard and fast law preventing them — for now. Legal experts agree that employers are skating on thin ice in demanding access to employee or applicants’ personal social media accounts, and ACLU-backed legislation is in the works in several states.

NE Ohio Employers Not Asking – Yet
I’ve heard no reports of any of these social media screening practices occurring at NE Ohio employers, and an Associated Press article in the March 21 Plain Dealer did not cite any Cleveland-area companies asking for this information. It’s no secret that companies do screen candidates’ social media sites that are available for anyone’s eyes (such as their public Twitter, Facebook, MySpace or LinkedIn pages) to look for any red flags, and to calibrate information from a resume or interview with one’s public self-promotion on the web. But both job seekers and employers should be aware of this latest tactic to obtain private information that could impact a candidate’s chances at landing a job.

“Candidates always have a choice not to share information,” explains Sonya Weiland, president of WeilandWorks Consulting, an HR outsourcing consultancy, “but what message are you sending by denying someone access to your online profile? It may affect their ability for a second interview.” By now, every job seeker should know that if one puts a comment or a photo on the internet, and think it’s hidden, it can be forwarded by a friend to thousands of strangers around the globe in an instant. I’m constantly amazed at the number of working adults who can’t restrain themselves from uploading photos of every alcoholic beverage they ever sat behind, which adds nothing to their professionalism or maturity quotient. If the goal is to look like a 19-year-old, still thrilled to be in a room with beer, then keep posting these TeenBeat, frat house pictures of one’s liquid best friends.

Weiland agrees, adding that “discretion and professionalism are always valued by employers. Your brand and image can be severely damaged by derogatory comments or photos.” On the one hand, if a candidate wants the job, he or she is not likely to decline to reveal his or her social media pages. However, Weiland says she “warns employers against such drastic measures during an interview. The tactic seems extreme and distrusting, and not the best way to start an employment relationship.” Adds Cindy Beresh-Bryant, president of HR Solutions by Design, an HR consulting firm, “You may decide that a college or employer that is asking you to do something that you believe is morally out-of-bounds, is not the right fit for you. Feel good about that, and move on to one that is the right fit.”

Force Friending – Big Brother or Compliance Helper?
Force friending seems to have started at the collegiate level, with athletic departments seeking to keep tabs on any under-the-table payoffs given to NCAA athletes or other compliance infractions. There is no doubt that receiving a sports scholarship comes with strings attached, as well as strict rules, on the athlete’s part – and athletic department visibility into a player’s Facebook posts and friends could perhaps quash a potential NCAA infraction before it occurs. The University of North Carolina was an early adopter of this practice, outlining its force friending policy in its 2011-2012 Student Athlete Handbook on page 8 – but UNC’s social media monitoring caught the attention of the NCAA, which just ruled in a March 12, 2012 hearing of UNC infractions, that universities have no blanket duty to monitor social networking sites of student athletes – but that monitoring efforts would be appropriate if the institution becomes aware of an issue, such as reasonable suspicion of rules violations, that might be resolved in some part by reviewing information on a site.

“Applicants for anything – college, athletics, jobs, etc. always have a choice as to whom they allow access to their personal information,” explains Beresh-Bryant. She says “while it may be legal for interviewers to ask for private social media access, that doesn’t mean it’s right. In our current climate of moral relativism, it’s sometimes hard to know how or why to say NO. Applicants should remember the interview process is designed to help both parties determine if there is an appropriate fit which is based on education, experience, and values.” She adds that “there is a talent war going on – employers and schools have to re-think if they’re willing to ultimately lose strong candidates with impeccable credentials” simply because they can – for now – push the envelope and ask to peer inside the private social networking of applicants.

Again, while I’ve not been made aware of any NE Ohio companies or institutions seeking access to private online postings, the flurry of news about force friending and shoulder surfing is a sobering reminder for those who believe “I have total control over the privacy of my social media.” It’s unwise to think that privacy settings prevent other unintended recipients, such as potential employers, from getting access to your private posts, because people you’ve entrusted with your private reputation can forward and share your postings all they want. And with Facebook changing its privacy settings so frequently, it’s simply common sense to only post what you’d want your rabbi, priest, pastor, neighbors, grandma, customers or boss to see, anyway.

Government Entities Asking Candidates for Private Data, Too
Who else is requesting candidates to reveal private social networking content? Some cities, counties and states, such as Maryland’s Department of Corrections, the city of Bozeman, Montana, and sheriff’s departments in Illinois and Virginia have been asking for Facebook passwords or force friending to ensure that potential corrections or court/law enforcement officers were not involved in criminal or gang activity, or illegal behavior. After much negative publicity, both Maryland and Bozeman stopped their prior practice of asking for passwords, and governmental entities are now moving to shoulder surfing, which eliminates the sharing of a password but does allow visibility into private social networking posts if a candidate complies.

Legislative Attempts to Curtail Access
In both Illinois and Maryland, legislation has been introduced that limits an employer from asking for or accessing private social networking pages. During this year’s legislative session, Maryland Senate Bill 433 and House Bill 964 were introduced and if passed they will prohibit employers from requiring employees and applicants from disclosing their social media user names and passwords, which the ACLU is aggressively supporting. And in Illinois, House Bill 3782 would make it unlawful for an employer to ask for an employee’s or prospective employee’s password. In truth, Facebook’s own terms of service says that users cannot share their password, and doing so is a violation of use.

Weiland summarizes that “one will see from case history and articles that this is still a very gray area. Personally I believe in a balance of protecting the company and protecting the rights of employees/applicants.” And Beresh-Bryant warns employers who may be considering requesting access to private postings that “while we have more candidate screening resources at our fingertips, there is no replacement for good old-fashioned, behavioral-based interviewing and background checks that are fully disclosed and separate a jobseeker’s professional and personal life.”

Readers, have you been asked in an interview or job application scenario to provide private social networking access? Your comments are welcome – clearly, practices continue to evolve in the applicant screening process, for both employers and job seekers. At the end of the day, the rule still is, if you don’t want someone to find it, don’t put it online.

Kelly Blazek shares job search and work success tips in her blog, http://kellyblazek.wordpress.com and is a frequent speaker on creating more powerful resumes and LinkedIn profiles.  A Six Sigma Green Belt, she is available for one-on-one resume review consultations and is also a manufacturing communications advisor.  Contact her at kblazek@gembacomms.com.