Privacy Bills in the House, a First Look: Angela Williams is OK if You Don’t Want to Friend Her

by Eileen | 8:43 am, January 24, 2013 | 1 Comment

WHAT: HB 13-1046, prohibiting employers from asking for passwords or access to online social accounts

WHO: Rep. Angela Williams (D-7) and Sen. Jesse Ulibarri (D-21)

WHY: Because we all have a life outside of work.  Because we all have a right to a private life. Because your ability to balance A/R is not altered by your Spotify favorites.

So help me god, if any punk-ass Republicans pull some stunt to hobble this bill, I will start pairing names with all the examples of dirty business I use in my posts.

I thing I can make that threat without ever being tested.  Keeping non-friends out of your personal life is the hot new legislative thing.  Everyone is passing it.  I imagine there were fights over who got to carry this.  It’s a winner.

It’s obvious, though vulgar, that all the data on social networking sites has employers and recruiters drooling like malnourished zombies.  In this case, I may even concede (notice all that hedging language) market failure.  Absent the legal right to refuse to turn over passwords or accept the weird guy in HR as a friend, how do employees access the goods of social networking without giving up privacy to their employers – and to anyone they’ve ever applied with?

You could go offline completely, scrub your profile, or set up dummy profiles for the real adults to peruse.  There’s a lot to be said for each of these.  I recommend that people minimize their presence, only setting up accounts when they can derive value.  I am also a great fan of judiciously adding material to profiles and having one or two false flags out there.

But I tell people to do that for their own benefit.  Going to all that trouble to get a job means that you take on the externality of employers.  It’s a terrible idea to play along with people who stalk in the name of conducting pre-employment background checks.  There’s a principle here, and it requires drawing a line.  In America, we give people soooo much data as it is in return for the mere promise of consideration for a job.  The sheer volume and scale of intimate disclosures on password protected social profiles is too much.

A recruiter who can’t make a decision on the publicly and legally available information stinks.  Speaking of legally available information, there are laws banning employers from asking about all manner of things.  This does not mean they aren’t curious.  If they can gain backdoor access to such information, of course they’ll take it.

One could appeal that, in a true market, good employees will be able to get jobs without giving up access to personal information?  But, how?  Is that really the likely outcome in our hypothetical pure-market world?  Or would it become standard boilerplate in pre-hire paperwork to fill out your passwords and indemnify the company, its agents, and their dogs from any liability?

Protecting privacy is very much about protecting the norms that define it.

Let’s look at HB 1046.

AN EMPLOYER MAY NOT REQUEST OR REQUIRE THAT AN EMPLOYEE OR APPLICANT DISCLOSE ANY USER NAME, PASSWORD, OR OTHER MEANS FOR ACCESSING THE EMPLOYEE’S OR APPLICANT’S PERSONAL ACCOUNT OR SERVICE THROUGH THE EMPLOYEE’S OR APPLICANT’S ELECTRONIC COMMUNICATIONS DEVICE.

Sweet, simple, plan English.  Unlike FaceBook’s Terms of Service.

AN EMPLOYER SHALL NOT:
(a)  DISCHARGE, DISCIPLINE, OR OTHERWISE PENALIZE OR THREATEN TO DISCHARGE, DISCIPLINE, OR OTHERWISE PENALIZE AN EMPLOYEE FOR AN EMPLOYEE’S REFUSAL TO DISCLOSE ANY INFORMATION SPECIFIED IN PARAGRAPH (a) OF SUBSECTION (2) OF THIS SECTION; OR (b)  FAIL OR REFUSE TO HIRE AN APPLICANT BECAUSE THE APPLICANT REFUSES TO DISCLOSE ANY INFORMATION SPECIFIED IN PARAGRAPH (a) OF SUBSECTION (2) OF THIS SECTION.

This one’s a little stickier.  It’s a cracker of a goal.  But there is always the chance someone could be fired or passed over and some other reason given.  This shouldn’t be a problem for recruiters and HR teams – just don’t even ask.  Which the bill also requires.

There are a few other interesting tidbits.  HB 1046 gives aggrieved employees and applicants a civil action with a one year statute.  Guess that takes care of any uproar from the trial lawyers.  And it specifies that employers ay demand access to accounts used for business purposes as well as:

[INVESTIGATE] AN EMPLOYEE’S ELECTRONIC COMMUNICATIONS BASED ON THE RECEIPT OF INFORMATION ABOUT THE UNAUTHORIZED DOWNLOADING OF AN EMPLOYER’S PROPRIETARY INFORMATION OR FINANCIAL DATA TO A PERSONAL WEB SITE, INTERNET WEB SITE, WEB-BASED ACCOUNT, OR SIMILAR ACCOUNT BY AN EMPLOYEE

I think I just heard the sound of a new way to get back at co-workers you don’t like.  And I think this bill will trigger some changes on both the employer and the employee sides.

Employers will likely start to see policies banning supervisory personnel or anyone with hiring authority from making or accepting ‘friend requests’ with applicants and employees.  People may be asked to disclose to existing social profile links with employees at the time of their hiring, or even to recuse themselves from involvement in making a hiring decision if the applicant is a ‘friend’.  As companies often rely on word of mouth recommendations, this could be problematic.  Would you recommend a friend for a job if it meant the two of you had to sever cyberlinks?

Smart employees will similarly avoid ‘friending’ co-workers, especially the ones in management and HR.  This isn’t necessarily a bad thing.  I dislike the phony idea that we’re all supposed to be pals with people just because you work together.  You’re supposed to have different spheres in your life.

However, the really crucial thing for employees is to avoid accessing personal accounts on company time, on company property, or on company networks.  If you can’t go eight hours without updating the blog, do it at lunch, outside the building, from your own computer, and on a network that most emphatically does not belong to your employer.  In short, not only can something that simple be a dealbreaker in this economy, under HB 1046, any personal use of a corporate network could be the “receipt of information” that gives your employer some pretty broad investigatory powers.

Something like this should be covered under existing best practices for guarding proprietary data; don’t download the missile plans to your unsecured tablet, moron.  But I think it’s still fair to say that one development of the information age is a need for employer and employee to be very careful about mixing online.

HB 1o46 puts what is, on the while, a good limit on that, precluding the one holding the power from abusing it, in this one little arena.

Comments