Fired flight attendant forced to give employer access to Facebook and bank accounts

Filed Under: Facebook, Featured, Privacy

Login window. Image courtesy of ShutterstockA flight attendant was forced to allow her employer to examine her Facebook activity and bank account after she was fired over her activity while on sick leave.

The employee, Gina Kensington, was canned by Air New Zealand earlier this year following a dispute over sick leave she took to care for her sister, according to Television New Zealand (TVNZ).

Ms. Kensington disputed accusations that she abused sick leave and took up her case for reinstatement with the Employment Relations Authority (ERA).

Air New Zealand's response was to demand her Facebook and bank details - a move that one employment lawyer interviewed by TVNZ said signals a future in which bosses will demand increasing access to what most employees consider to be private data.

The lawyer, Andrew Scott-Howman, told TVNZ that this means that what we now consider to be at least semi-private behavior - i.e., posting about our activities on Facebook - is now anything but private:

"I don't really know that society has seen this sort of thing previously. But at a time when we think we are behaving privately, or at least within a restricted circle of friends, we are actually effectively on trial."

Getting fired over Facebook postings is nothing new, of course.

The Huffington Post, for one, has a gallery of Facebook postings that got people canned.

A few examples:

  • A Swiss woman who got caught surfing Facebook after claiming that "she could not work in front of a computer as she needed to lie in the dark."
  • An 18-year-old cheerleader with the US football team the New England Patriots was fired over photos she posted to Facebook. One such: a photo of herself and a friend leaning over a passed-out boy whose face and body was covered in graffiti that included the word "penis," phallic symbols, "I'm a Jew" and multiple swastikas.
  • A juror in the UK who was dismissed after disclosing sensitive case information on her Facebook profile and running a poll of her friends to help her decide "which way to go" in her decision.

Granting an employer access to an employee's bank accounts is a new wrinkle, however.

Ms. Kensington initially refused the ERA's command to hand over access to her Facebook and financial information, saying that Air New Zealand didn't have the information when it sacked her and that "it is well accepted in New Zealand there are general and legal privacy expectations about people's personal and financial information".

But the ERA ordered her to hand over details for March 8 and 9 2013, saying they would provide "substantially helpful" evidence.

ERA member Tania Tetitaha told TVNZ that "The explanation for taking sick leave must be tested for veracity."

TVNZ reported that a hearing was held on 5 August, but as of 11 August, the findings hadn't yet been released.

Are employees obligated to comply with employers' demands for either Facebook or financial details?

They certainly haven't shied away from demanding that potential employees hand over their Facebook user name and password if they want to get a job.

That behavior has sparked outrage in the demographic of spied-on employees, with 91% of Naked Security readers saying it should be illegal to ask for such data.

Gavel USA. Image courtesy of ShutterstockIn the US, that outrage has in turn stimulated state legislatures to take action.

From the site of the National Conference of State Legislatures, here's a summary of state legislation on laws regarding employer demands for social media passwords.

As of 31 July 2013, legislation preventing employers from requesting passwords to personal internet accounts to get or keep a job had been introduced or was pending in at least 36 states. Eight states - Arkansas, Colorado, Nevada, New Mexico, Oregon, Utah, Vermont and Washington - had enacted legislation as of that date.

US laws governing employer access to employees' bank account details is another thing; I haven't found an easy way to figure out what the laws are, or if there's a site that compiles varying state law, so if you know of such, please put it in the comments, below.

If you'd like to stay on top of who's getting into trouble on Facebook and why, along with all other things Facebook, think about following - appropriately enough - Naked Security's Facebook page.

Image of login window and American gavel courtesy of Shutterstock.

, ,

You might like

34 Responses to Fired flight attendant forced to give employer access to Facebook and bank accounts

  1. Freida Gray · 377 days ago

    How is someone's computer usage going to verify an explanation for sick-leave ?Do they think the IP adresses would be different for her & her sister if they both live in the same house ?

    • Meh · 377 days ago

      If they find posts of her saying, "WOO HOOO WHAT A GREAT DAY AT THE AMUSEMENT PARK!!!!!", or, "WHAT AN AWESOME TIME SHOPPING TODAY WITH MY FRIEND DERPA!!!!" when she should have been sick, then there may be a problem. People also post a lot from their phones these days. Not just from home. We live in a very wireless and public domain these days. Don't want it out there, don't post it.

      • Cheryl · 377 days ago

        Yes, but Meh, is she not entitled to leave the house even if she is taking care of her sister? I think expecting her to remain inside with her sister 24/7 is a bit much. She should be entitled to recreation. Remember, this is about her sister being ill. Not her.

  2. What you post on social media isn't private - you're freely giving away information about yourself. People need to wise up. That's one thing.

    Another is that your employer's only entitled to know what you're saying off-premises if he/she gets on well enough with you to be your friend/follower already.

    It's no different to an employer demanding to know what you say in the pub or on the phone to your mum. Except that it's in writing and the internet never forgets.

  3. Tristan M · 377 days ago

    I think it is referring to different information being posted on Facebook, e.g saying you are looking after your ill sister but posting on face book a check in at a theme park, although there are loop holes in using that as evidence I am sure.

    • Cheryl · 377 days ago

      So, she should not be allowed at a theme park if it was during what normally would have been her time off? I'm sure they cannot confine her to her sister's home 24/7. That would be a little out there.

  4. AN Other · 377 days ago

    It is strange that in "the days before computers" it was completely illegal to pry into any other person's personal affairs. It is still illegal in the UK to tamper with post sent via Royal Mail, but managers want access to users' e-mail? What is the difference? It is a public system in both cases. It is "mail" in both cases. Some argue that it is company resources being used. Okay, if that argument applies, can the boss (yes - nothing more than a boss, as the word "manager" imply some integrity) then also go into the bathroom with anybody and look what they are doing, seeing that it is company bathrooms and company time?

    What does my personal life have to do with the company? There are laws preventing people to discriminate on a person's sexual preference, race, religion for example. In the same way, the laws should protect companies from discriminating against ANYTHING about a peron's personal life. Yes, if I mess up in my OFFICIAL capacity, by all means, fire me. But I don't even put my current employer on my Facebook account. And I set privacy settings to determine who can see what. So, anybody out there in the wide world who does a search for me, will only see what I allow them to see, and that is no reflection on my employer. Or are these people naive enough to think I don't verbally communicate my issues/feelings/etc about people I dislike to my closest friends and family? Or are they going to prevent me from doing that as well. People have the RIGHT to do what they like within the boundaries of the law, whether their bosses like it or not.

    In a case like this, I will provide management access to my personal information, if they do the same in return. Oh, I forgot - they are the rich and powerful, and I am just a pleb...

    • 4caster · 376 days ago

      Quite right too. Personal correspondence, including messages to friends, whether on Facebook or by snailmail, are no business of the employer.
      If the employer suspects fraudulent activity by the employee, then a court order is needed to release the evidence. Otherwise personal information remains just that.
      In any case it would be a breach of Facebook's terms and conditions to give one's password to anyone else. Do not these employers want staff who can be trusted to keep agreements?

  5. Andrew Yeomans · 377 days ago

    On my London Midland train home from London last night, the ticket inspector made an announcement, that if you were found to be avoiding payment and were taken to court, the train company would check with your employer and your bank. They would try to find whether you had been defrauding the train company for some time, and then sue you for the unpaid fares, based on your employment pattern and ticket payments from your bank.

    I'm curious whether this is true and how it stands up with the various laws on data protection. (I have a season ticket - not guilty!)

  6. Janet · 377 days ago

    If a potential employer asked me for my facebook login, I would walk out of the interview. I don't want to work for a company like that. And if everyone did that, companies would have a hard time finding staff.

    • This made me think... I wonder if companies who do this end up with staff that is more prone to phishing? Iif employees willingly trust their private life to their employer carte blanche, does that mean they are more likely to trust their corporate information to some unverified third party? Something for HR and management at such companies to think about.

      It seems to me that for any job handling sensitive corporate information, asking for potential employee personal accounts should be part of the interview, with anyone voluntarily handing them over being automatically dropped from the hiring process (at least until they've gone through some information security training).

    • J T · 376 days ago

      I don't have a facebook account. I wonder if an employer would not hire me on that basis ("He's refusing to give us his information, he must have something to hide."). I wonder if that's going to be a detriment going forward.

      • JMN · 375 days ago

        Simply do what I do. I create a fake account full of useless tripe. Ocasionaly update it with stuff like, "Sorry for the lack of updates, but my work is so freekin awesome that I don't have time for social media!". Just play them like the fools they are...

  7. Susan B · 377 days ago

    If you wouldn't want to see something posted on the 6:00 news, don't post it on the internet or in an electronic message of any kind, regardless of your "privacy" settings.

  8. **EJ** · 377 days ago

    Got a typo in this - "Are employers obligated to comply with employers' demands for either Facebook or financial details? ". I believe the first reference should be "employees", unless employers are fond of making demands of themselves. ;)

  9. jonathan · 377 days ago

    here in canada it is a federal crime for an employer to demand personal info that is not related to the job. IE bank account and facebook.

    it is also a crime for an employee to give out the bank account info under the banks terms of use policies. A balance statement is something that can be given out but any other info is against bank policy to be given out.

    • Dom · 376 days ago

      Not entirely true, there is also what is known as a "bank profile", which is obtainable through the bank, as well, under bank policy.

  10. MikeP_UK · 377 days ago

    Without a Court Order, my bank account is sacrosanct and not visible to anyone (I hope). The UK's Data Protection Act means it is illegal for anyone to reveal personal data. So an employer will need a Court Order to see my emails and would need a very, very good reason that convinces a sceptical Judge that sight of my bank account is a valid activity.

    That other countries have a different approach to personal privacy and safety I do understand, but don't necessarily agree with the often lax approach to protecting people in the electronic world.

  11. Ben · 377 days ago

    Here's a radical thought ... if an employer asks for social media or bank info just say you don't use those things. If you're interviewing for a job the worst that can happen is you don't get hired. (And would you really want to work for a company that thinks so little of its employees?) If you're already employed and being investigated for something, let the company prove you use social media sites or banks.

  12. David · 377 days ago

    How can it be that an employer is given the right to private bank account activity of an employee? The account number, yes, else how is the employee to be paid. But no more. Surely.

    In the UK (I think I'm right in saying) if a legal trial requires knowledge of bank activity, it's only the police who are allowed access, and then only after having obtained a magistrate's warrant.

    Which raises the question, just what powers does the ERA have? True, it is part of the NZ government, but is it part of the NZ judiciary? Does it really have the authority to allow someone else to snoop into what ought to be private data?

  13. Andrew · 377 days ago

    A rather interesting story, let my employer try and get my personal data out of me, no way Jose even if he took it to the highest court in the land. My privacy is my privacy and no one will demand anything from me, by what right. Under human rights laws I am entitled to my privacy. Being a UK citizen or should I say a British Subject the Crown is the only office that is entitled to know, as even the crown is aware that privacy is a sacred issue and any information that is disclosed is kept totally private between yourself and the Crown. Employers are going too far and this needs to be stopped and right now.
    This story only makes me wonder what is the point of the data protection act if employers are entitled to force employee's into submission.

  14. Gavin · 377 days ago

    AN Other touched on an interesting point, noting how information concerning medical records, sexual preferences, religious beliefs and so on cannot be asked for or used by employers.

    So I wonder if that could be spun into a fairly watertight legal argument to state to an employer that access to personal social media cannot be granted on the basis that it contains information about medical records, sexual preferences, religious beliefs and so on, and thus is an invasion of privacy?

    Sounds good to me.

  15. I once applied for a job at ToysRUs. I was informed--at orientation, not during the interview--that every day, before leaving work, I would be frisked and my purse searched before leaving the building. After consideration, I quit the job rather than allow my person to be searched when they had no reason to do so.

    My personal life, and certainly my bank accounts, are not any of my employers' business.

  16. Wolf_Star · 376 days ago

    Anyone who posts anything online should never expect it to remain
    private, despite assurances by vendors.

    If you really, truly want something to be private, keep it to yourself.

  17. ODA155 · 376 days ago

    But what does nay of this have to do with her banking information... let alone FB?

  18. matt · 376 days ago

    Yeah - as a NZLer I'm disturbed and a little ashamed by this and wondered if/when it would turn up on nakedsecurity. Sign 'o the times here in Godzone - if you *really* want a fright about the way we're heading in regards to personal privacy go google 'gcsb bill 2013'

  19. peggy · 376 days ago

    Do we as employees have the right to check employer's bank accounts and FB? Shouldn't they be concentrating on their job that they were hired to do? Do we have the right to delve into their "off" time activities? Holy big brother!

  20. DoktorThomas™ · 372 days ago

    Thinking people do not use Facebook. It is that simple. ©2013

  21. Vindicated · 315 days ago

    Just FYI, Air NZ Flight Attendant Ms Kensington has been reinstated and is flying today. :-)

    • Mick A · 295 days ago

      Good on you Ms Kensington. I hope you didn't reveal the information these people were trying to wheedle out of you?!

  22. MrSwanky · 92 days ago

    Surely it could be argued that in some of the above cases the employers are breaking the US law regarding authorised access to computer systems that was (tragically) applied in the case of Aaron Swartz. According to which if a user breaks the terms and conditions of a website then they are guilty of computer misuse (something along those lines IANAL). Thus the defence of it breaking the terms and conditions of FB surely carries genuine legal weight against the employer / potential employer demanding access? As they would be guilty of an offence and liable for excessive jail time and fines. I repeat though that I am not a lawyer.

  23. Cashe · 71 days ago

    What about the privacy rights of all the people that post on the employee's FB, or that trade private messages with the employee?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.