Protecting Your Passwords and Your Privacy

March 23, 2012 at 5:32am

In recent months, we’ve seen a distressing increase in reports of employers or others seeking to gain inappropriate access to people’s Facebook profiles or private information. This practice undermines the privacy expectations and the security of both the user and the user’s friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability.

 

The most alarming of these practices is the reported incidents of employers asking prospective or actual employees to reveal their passwords.  If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends.  We have worked really hard at Facebook to give you the tools to control who sees your information. 

 

As a user, you shouldn’t be forced to share your private information and communications just to get a job.  And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job.  That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password.

 

We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do.  But it also may cause problems for the employers that they are not anticipating.  For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person. 

 

Employers also may not have the proper policies and training for reviewers to handle private information.  If they don’t—and actually, even if they do—the employer may assume liability for the protection of the information they have seen or for knowing what responsibilities may arise based on different types of information (e.g. if the information suggests the commission of a crime).

 

Facebook takes your privacy seriously.  We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.

 

While we will continue to do our part, it is important that everyone on Facebook understands they have a right to keep their password to themselves, and we will do our best to protect that right.

 

-- Erin Egan, Chief Privacy Officer, Policy