Illinois on Wednesday joined a number of US states that are fighting to keep prying employers from asking for workers’ passwords on social networking sites such as Facebook.
The law, which protects both current employees and prospective hires, decrees that Illinois employers who ask for login data can be fined $200 and up as of January 1.
The new law (here’s the text, and here’s the Right to Privacy in the Workplace Act that it amends) is known as the Facebook bill.
The bill makes it illegal for employers to ask for login information “or to demand access to it in any manner.”
This will only protect private posts, mind you.
There’s nothing barring employers from asking for workers’ social networking user names, thus leaving them free to check out employees’ public postings, get into a snit, and fire their unprofessional and/or debauched butts.
A recent case in point was when Robert J. Sumien, an emergency medical technician, was fired for posting a comment on Facebook about giving a “boot to the head” to unruly patients.
(Sumien sued, claiming that he misunderstood Facebook’s settings, and thereby didn’t know his employer could read his postings. The court did not sympathize.)
Bear in mind that employers’ interests in workers’ social networking selves is climbing ever skyward.
According to Gartner’s predictions, by 2015, 60 percent of employers are likely to be eavesdropping on our social media selves to make sure our e-blabbing isn’t poking security holes into their outfits.
This growth in employer surveillance has seen a corresponding indignation on the part of workers, has interested the media, and has motivated some lawmakers to push legislation similar to that of Illinois.
To wit: Maryland has a similar law, while Connecticut, New York, California, Washington, Delaware and New Jersey are all considering bans.
Meanwhile, two U.S. senators – Richard Blumenthal of Connecticut and Charles Schumer of New York – have asked the US Department of Justice and the Equal Employment Opportunity Commission to look into whether US law already prohibits employers from demanding Facebook passwords from job applicants.
The senators’ letters of inquiry have been posted online.
The upshot: you can still be as law-spurning, drunken and/or unprofessional as you want on Facebook and other sites, but at least for now, you have a chance to keep that behavior out of employers’ sight – if you work in Illinois or Maryland, that is.
Of course, if you’re one of the estimated 13 million US Facebook users who don’t use and/or are oblivious to the site’s privacy controls, the new law means zilch.
Sophos readers tend to not need any of the following advice, but we all have acquaintances, friends and/or family who do.
So for them:
Here’s Facebook’s privacy page.
And here’s what to tell the privacy-settings challenged:
If you’ve set Facebook privacy to only show your posts to friends, bear in mind that when you comment on other people’s posts, your words are subject to those friends’ privacy settings.
They’re also viewable to their friends.
Be careful!
If you want to stay on top of privacy and security threats on Facebook and other cyber spots, click like on Sophos’s Facebook page.
Follow @LisaVaas
A $200 fine? That's peanuts to a company that is interested in doing a decent background check and ongoing monitoring of it's employees and potential employees.
Now jail time for the executive board members? That might have an effect.
If a prospective employer asks for a password, is that not the same as wanting to record all their phone conversations and texts? Of course, the application form may change from 'what is your password' to 'You do not have to provide your password, but we would like it anyway.' The same as not discriminating – but many do.
The freedom to express one's self is OK, provided that it is positive in content, and agrees with the authorities. Opinions and privacy – express opinions wisely, and expect no privacy.
Historically, such types of 'information' and privacy have always found a new conduit. Until then, in order to express one's opinions, or ask the boss's daughter on a date in private will require will require the use of some old fashioned tools – such as, PGP email, avoid social networks – even as a casual reader, use anonymous relays, even if just looking around the Internet, and a course in personal security 101.
The Internet is being used by corporations and government to exercise control.
With all the expertise at SOPHOS, I look forward to a series of article on just that – where are we headed and what can we do about it.
As a retired police officer, I find it offensive that some police agencies attempt to obtain this information and some require it. I wonder if they think that if you agree to a site not to tell others of your login information, and you violate that, what will you violate of theirs? This sounds counter intuitive, but some police are that way. I feel that we do not need these laws, but need people that hire to not require this type of information as a common right of the person applying. What else will they explore that is private and how stupid are you for doing it in the first place? What will we expect when it comes to our data out on 'clouds'? This will be a major failing of people who no longer own or control their data.
If businesses want our Facebook info then so does the government. Maybe I'll delete my account while I am still legally able to do so.
Seriously? I have a federal government background clearance. Lol if a prospective employer even asked me for such personal information I would politely and respectively tell them to eff off and give a polite finger. I don't believe this story is real but if it is our world has fallen.
Login information and passwords are private for the user only, whether for social media – or a bank account. If this article is true, I am amazed and appalled. American employers need to regain some integrity. That said, Facebook continues to be a source of concern, like a wayward and slightly rabid dog, since privacy settings continue to elude and not be explained. For example, if I post in private Group, and a member of that Group shares to his own timeline, who exactly can then see that post? I find no answer on the internet.