Following reports of employers requesting Facebook usernames and passwords from job applicants as part of the interview process, such controversial practices and their potential legal ramifications have gained significant attention. Perhaps most notably, U.S. Senators Richard Blumenthal and Charles E. Schumer have called on the U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Justice (DOJ) to launch federal investigations into this employment practice. Employers currently requesting such information of job applicants are cautioned to follow this developing issue and remain aware of the potential legal issues involved.

Perhaps the greatest risk employers face by requesting an applicant’s login information for a social networking site is a claim that a refusal to hire was based on illegitimate factors, such as an applicant’s race, religion, age, or disability. It is generally known that Facebook elicits a wealth of information from its users. An employer would have a difficult time claiming that it was unaware of, for example, an applicant’s age, if that individual posted her birthday on her Facebook profile. 

Senators Blumenthal and Schumer expressed this sentiment in their letter to the EEOC. The Senators wrote that employer use of private login credentials “allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age.” If an employer directly asked for some of this information, it would violate federal anti-discrimination laws. The Senators are concerned, consequently, that collection of this information “under the guise of a background check may simply be a pretext for discrimination.”

In their letter to the DOJ, the Senators also expressed concern that employer use of applicant usernames and passwords might violate the Stored Communication Act (SCA) or the Computer Fraud and Abuse Act (CFAA). “The SCA prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, 18 U.S.C. § 2701, and the CFAA prohibits intentional access to a computer without authorization to obtain information, 18 U.S.C. § 1030(a)(2).” The Senators reasoned that demanding applicants’ Facebook login credentials and using them to access private information stored on the website might be “unduly coercive and therefore constitute unauthorized access” under both acts.

National Labor Relations Act (NLRA) claims also could be a potential concern arising out of employer requests for applicant login information. Information found on social networking sites regarding an applicant’s union affiliations or activities could bolster a refusal to hire claim based on ties to organized labor, just as information regarding an applicant’s age could bolster an age discrimination claim.

Facebook issued a statement on the employment practice, raising privacy concerns that pertain not only to the applicant, but also the applicant’s friends as a result of forced access. The statement, made by Facebook’s Chief Privacy Officer, notes that Facebook has made it a violation of its Statement of Rights and Responsibilities to share or solicit a Facebook password.

Some states have taken notice of this trending employment practice. Lawmakers in Illinois, Maryland and New Jersey have proposed or are drafting legislation that would make it illegal for employers to request login credentials to social networking sites from applicants.

Employers are encouraged to follow this developing issue. Due to the potential for resulting discrimination claims, employers are cautioned to use care in seeking information about applicants through social networking sites.