Friday, March 23, 2012

Note to employers: access public data, not password

Earlier today Facebook has released an official statement against employers asking for employee's and candidate's Facebook password.  Erin Egan, Facebook Chief Privacy Officer, has outlined their objection to user's revealing passwords to their employers.  Erin made it clear that Facebook will take action to protect their users through multiple means if necessary, such as engaging with policymakers and/or bringing legal action.

This is in reaction to recent report that some employers have requested job candidates to share their passwords as part of background check.  Other employers have also asked employees to provide passwords to ensure social media policy compliance.

Asking for Facebook password is not different Google Mail password.  That's because Facebook offers a way to exchange messages privately as well as share posts with closed group of friends.  Facebook is not just about status updates that users share on their timeline.  It's communication platform.  Sharing Facebook password means allowing employers to listen in on an every conversation that you have on Facebook.  It also allows employers to act as you without you knowing.

Employers must understand Facebook is not a site that just controls timeline.  Facebook has become an online identity hub where personal history, interest and social graphs are kept.  Because Facebook is a de facto standard for identity management, lot of other social applications have little choice but to integrate with Facebook platform to tap into this personal data.  Asking for Facebook password is clearly a violation of user's privacy.

That does not mean employers cannot access any Facebook data.  Employers can and should view user's profile wall (or timeline).  If user has left the profile public, all status updates will be visible (it should also tell employers that the person is not careful of what's shared on Facebook, or doesn't understand Facebook sharing).

As for social media compliance, there is a better way to manage.  Facebook allows user to create business pages.  If nature of position requires social media activity hence social media policy compliance, user can create a new business page representing the company.  This page can then be set up and managed by user and company admin.  If social media policy dictates that all business-related posts to be pre-approved by compliance officer, Actiance Socialite can help.  Company admin can also set up automatic capture of all posts made on the business page, and archive them for eDiscovery.  Actiance Socialite supports this too.

Trick is to separate what's public and private data, and access those available publicly.

No comments:

Post a Comment