California moves to stop employers demanding Facebook passwords

The move is part of a wave of legislative activity to block the practice

The California assembly passed a bill on Thursday that prevents employers from demanding job applicants' passwords for accounts on Facebook or other social networking sites.

The bill passedunanimously and will now head to the state senate. Similar legislation was introduced Thursday in the U.S. Congress.

The legislative moves follow reports that employers have demanded passwords for social sites from job applicants, demanded a walk-through of the content on those sites or insisted applicants accept a friend request from a member of staff.

It's unclear how common the practice really is, but according to Nora Campos [cq], the Democrat who introduced the California bill, there are 129 cases before the National Labor Relations Board involving improper use of social networking accounts by employers.

The practice began to draw public attention in March when a New York statistician disclosed that a prospective employer had demanded his Facebook login as part of its screening process. Facebook responded by making it a violation of its terms of service to solicit or share account passwords.

"As a user, you shouldn't be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job," Erin Egan, Facebook's chief privacy offer for policy, wrote in a blog post.

The American Civil Liberties Union has supported legislation to ban the practice. Chris Conley [cq], a technology and civil liberties policy attorney at the ACLU of Northern California, said social networks have "vast amounts of information" about individuals that they should not have to share each time they apply for a job.

Bills blocking employer use of job applicants' logins are being considered in six other U.S. states and have passed in two.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Review: Security firewall distributions

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Mobile Security

Comprehensive enterprise protection for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.