Facebook has sharply criticized employers who demand applicants passwords to the social network, changing its policies to make soliciting login credentials a violation, and threatening legal action against companies that do so. "If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends" Facebook's chief privacy officer Erin Egan says of the social network's decision. "We’ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action."
Harvesting applicant information from publicly shared details on Facebook and other networks has become an increasingly commonplace background check, but more recently some employers have reportedly been demanding access to users passwords as well. With those, it's possible for HR departments to comb through profiles to identify any less than savory incidents, which may not have been shared openly.
Not so fast, says Egan: doing that is not only unfair to the users themselves, but to their friends who may have shared information on the understanding of privacy. Permitting third-party access "undermines the privacy expectations and the security of both the user and the user’s friends" and could leave both user and employer open to legal ramifications.
"As a user, you shouldn’t be forced to share your private information and communications just to get a job. And as the friend of a user, you shouldn’t have to worry that your private information or communications will be revealed to someone you don’t know and didn’t intend to share with just because that user is looking for a job. That’s why we’ve made it a violation of Facebook’s Statement of Rights and Responsibilities to share or solicit a Facebook password" Erin Egan, chief privacy officer, Facebook
The social network has modified its Statement of Rights and Responsibilities so that sharing or soliciting a Facebook password is now a violation, and has threatened serious action for anyone found doing so.
For Facebook, it's an opportunity to be spotted apparently on the side of privacy and data security for once, after multiple high-profile criticisms about the company's handling of user information. Earlier this week the site was criticized for seemingly piling privacy responsibilities onto users rather than moving to address them itself.