more and more people report on employers demanding Facebook passwords to check out potential employees. I'm wondering if this is actually happening, how the legal situation is, and how to best react. This is such a legal minefield that my Reassuringly Expensive Lawyers held a seminar to explain the depth of hole that the dimwit end of HR are digging for themselves and the new Careers channel on TheRegister.com will have a story by me about the whole clusterfuck rising up out of the darkness consuming money and careers as soon as I'm next drunk.For a start there are boobytraps in the form of discrimination...A problem for antisemites and homophobes is that it is often quite hard to tell and the smart end of banks and HFs impose contract terms on recruiters that we must not tell them about sex,age,faith,race perceived sexuality, disability and military service. (both the last two are real)The logic is that if they don't know that you're HIV+ it is hard to make a case that they discriminated against you, though obviously a bit less good if you wear a turban and/or a skirt.In the UK and USA there are specific (unintentional) legal incentives to claim bigotry in your claim for wrongful dismissal.British law puts a relatively modest cap on the amount you can claim for wrongful dismissal if it's just "wrong", but "evil dismissal" like racism has no limit on the cash you can get, US law in some areas adds penalties and of course there is punitive damages if the employer is evil rather than merely bad.Also big firms really hate getting sucked into bigotry cases, hence their efforts to keep their hands clean by not knowing things.But with access to FB etc they would spot that you're a member of the gay black blind jews with AIDS group and once they know it, it is very hard to un-know it.So they hire you, then fire you, is it because you're crap or because a manager hates your subset of humanity ?Then of course they now know not only your secrets but those of people who've shared with you, who may be a client, competitor or employee, or someone famous, (unlikely for one individual, nearly certain if you have 10,000 staff)These factlets are on their systems and whereas it is depressingly easy to accidentally lose data, it's tough to provably destroy it.Here's a shock for you: Not everything on the Internet is true, yes really.So if two people have a conversation about a 3rd party and say bad things, copies of that "information" are now on the bank's systems.It might not be worth suing a low level bank staffer but if you convey a libel you dig a hole possibly millions of bucks deep for an employer with deeper pockets.Then there's insider trading and blackmail, I'm told a large % of all illicit affairs start or are coordinated on FB, what fun can be had there.If you says to a friend "I like my boss, Bernie Madoff, but it's clear the firm is going to explode in a ball of flaming shit" real money can be made and if you as an officer of the bank learn that another regulated firm is doing something wrong then you have a strict duty to report it, or a duty to short them, you choose.You might say that your HR has greater personal integrity than that, I might agree with you, but background checking is outsourced to chimps like Resource Solutions, part of Robert Walters and I wouldn't trust them with knowing my shoe size let alone private conversations.That's a vital part of any security process, you might say "I trust this person" but if you grant access that widely then the set of potential troublemakers goes up hard, you might trust Deutsche Bank, but do you want the Robert Walters group having access ?Even if they don't do anything bad, what if something bad happens just after they got access ?honestly, I don't know, but it won't be pretty for the employer.Then under the Data Protection acts that exist everywhere in the whole world except the USA, there are restrictions on how long personal data can be held and to what purpose it may be used.This shit sucks up the whole working time of some people in IT and compliance, for instance recorded phone calls that have not been marked as evidence in a case must be deleted after 6 months (it's more complex than that).If the data leaks onto the PC of an HR person, it may persist for years, or get copied into an email, just waiting for the legal discovery process to find it and say "aha ! here's an email from HR to the manager that sacked you saying you were kicked out of the Turkish army for being gay !"(this really happens in Turkey which still has a slave army). Given how often managers ignore HR emails it's entirely possible he never read it or simply didn't care, but he fired this guy who now is making a legal fuss.Then as some banks have found out women, gays or whatever can get together and push a class action down their throat, since (for instance) a bank may read FB where you tell a friend that you're trying for a baby and by coincidence your next bouns is zero when everyone else gets 150%.On top of that, the laws about what data you may hold vary across countries and across time.We may even do this horror story as a live stage show...Yes I know my metaphor is of a hole, filled with landmines, possessed by an evil spirit and taking the inhuman form of Resource Solutions staff, that is how bad it is, trust me on that.
Last edited by DominicConnor
on March 27th, 2012, 10:00 pm, edited 1 time in total.