Employer asking for social media log in details!

billybob123

My employer has requested I provide my LinkedIn, Facebook and Twitter passwords to them. Or any social media site used to "promote" the business.

Am I correct in understanding my LinkedIn account is mine alone. It states where I work etc

Why would they be asking for this?

Do I have to turn over all of my passwords?

What are the legal implications of this?

Paulw

They can ask for anything they like, but you have no obligation to provide them.

I would definitely never give my passwords to my employer.

They want this to judge your character, and see what you are like out of hours.

kilp10

Not sure how any employer thinks they can get away with this one nowadays! I'm not from a legal background but I'd imagine the answer is a straight no, you are not obliged and would be foolish to do so. I certainly would not under any circumstances supply my manager with private passwords to anything that is personal!

Only reason I can think of as to why they're chancing their arm asking for it is, do you have friends from work on your social media and do you mention your company in any way, positive or negative on your feeds that could have gone back?

Think of a reasonably diplomatic answer to say no, and don't give them over, they're not entitled to them.

zarquon

There is no legal requirement for you to do so, so you can politely decline. If this affects your working conditions you can take action against your employers

Kimbot

Im sure the social media's website will have something in their signup T&C's that would state that you are the sole user of the account etc etc.

tricky D

There are 3 reasons why this is a Bad Idea(tm)

FB's own T&Cs do not allow employers to access accounts

From https://www.facebook.com/legal/terms

3 Safety

5 You will not solicit login information or access an account belonging to someone else.

4 Registration and Account Security

8 You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

The 2 above simply mean an employer can not ask you for account access.

5 Protecting Other People's Rights

7 If you collect information from users, you will: obtain their consent, make it clear you (and not Facebook) are the one collecting their information, and post a privacy policy explaining what information you collect and how you will use it.

This suggests that if an employer does look at your profile, they should seek consent, and provide a privacy and usage policy for that purpose.

There are also the other 2 principles: basic password security ie. keeping control of it and the associated account; and the second being a matter of trust in your employer/employee relationship.

Grolschevik

I've never heard of this actually happening in Ireland, but there was an article on it in the Law Society Gazette last year:

http://www.lawsociety.ie/Documents/Gazette/Gazette%202013/November-2013.pdf

Page 18 of that pdf. Not sure how definitive this is, but the authors conclude with this:

"To conclude, there are significant legal obstacles to an employer obtaining a
social media password, and the law would seem to prevent an employer from forcing an employee to hand over their private password.

It could perhaps be seen as victimisation of an employee, under some of the employment law statutes, if the employer penalises an employee for refusing to reveal their password.

The privacy of the employee must be respected, so it is not clear under the present law that there is any legal basis for an employer to request their employees’ private passwords."

28064212

billybob123 wrote: »

My employer has requested I provide my LinkedIn, Facebook and Twitter passwords to them. Or any social media site used to "promote" the business.

Am I correct in understanding my LinkedIn account is mine alone. It states where I work etc

Why would they be asking for this?

I'm guessing they probably want to post business-promoting stuff to your accounts e.g. "See our new product at..." posted to your Facebook wall.

billybob123 wrote: »

Do I have to turn over all of my passwords?

No. I would tell them that your accounts are personal, and that if they want to promote their business, they should do so through a business account at each of the social media sites

Sadderday

absolutely not, I wouldn't provide these passwords. It is giving access to your employer and anyone else that comes across your info written on a piece of paper floating around the office.

Anyone who has these passwords can use your identity and read your personal messages etc.

You would be crazy to hand these over, its even crazy for them to ask.

If you don't want to say No... delete these accounts for a while until this blows over... I'm sure its hard to say no to an employer.

If they wanted you to promote the business via social media they could ask you to do so without this information.

Its not required to benefit to the business.

Five Lamps

billybob123 wrote: »

My employer has requested I provide my LinkedIn, Facebook and Twitter passwords to them. Or any social media site used to "promote" the business.

Am I correct in understanding my LinkedIn account is mine alone. It states where I work etc

Why would they be asking for this?

Do I have to turn over all of my passwords?

What are the legal implications of this?

Can you confirm if your employer is asking for your own personal accounts or the credentials for company accounts. In many companies, employees take the initiative in setting up social media accounts and effectively control them. It would be good practice for the employer to have the creds for these accounts.

If you are using your own account to promote the company you might be better off to set up official company accounts.

the_syco

billybob123 wrote: »

Or any social media site used to "promote" the business.

Is it your personal account, or an account that you set up for the business, that they want access to?

Pocoyo

Crazy i cant believe an employer would ask for passwords,Record his request and see your solicitor.

zl1whqvjs75cdy

If its your personal account tell them to do one. Absolutely none of their business. If they are concerned that employees may be bringing the company into disrepute on facebook simply remove where you work from your profile. That was requested in my gfs workplace after one of the other staff appeared topless in a facebook photo. (female)

techdiver

They sound like the most unprofessional, misguided and information security unconscious employer I've ever heard of!

Most companies go to a great deal to keep even passwords for internal system completely secure and belonging to the employee only. It would present a massive security vulnerability for more than one person to process a single password and could lead to a serious breach and in some countries would break information security compliance laws.

In short, never, ever disclose your passwords to anyone, not even your employer and not even for internal systems, unless you change it immediately before and afterwards.

Please note, that if your company is, for example based out of the US they can potentially breach US federal law even whilst operating in Ireland.

mikom

OP, watch out you don't get fraped by you prospective employer.

ZENER

I know of 2 very large companies operating in Ireland who demand to see social media pages such as Facebook before considering an applicant for a position. If you refuse then tough luck, your CV is thrown away. I've spoken to at least 2 people where this has happened. A drop in the ocean perhaps, but a development to worry about none the less.

How badly do you want the job ? What price your privacy ?

Ken

AnonoBoy

ZENER wrote: »

I know of 2 very large companies operating in Ireland who demand to see social media pages such as Facebook before considering an applicant for a position. If you refuse then tough luck, your CV is thrown away. I've spoken to at least 2 people where this has happened. A drop in the ocean perhaps, but a development to worry about none the less.

Wanting to see somebody's social media page and demanding passwords are different things.

Allowing someone to see your Facebook page supervised once is not the same as allowing them to log into your account whenever they want.

Marcusm

ZENER wrote: »

I know of 2 very large companies operating in Ireland who demand to see social media pages such as Facebook before considering an applicant for a position. If you refuse then tough luck, your CV is thrown away. I've spoken to at least 2 people where this has happened. A drop in the ocean perhaps, but a development to worry about none the less.

How badly do you want the job ? What price your privacy ?

Ken

But that's not the same as seeking a password; there might be some justification in an employer wishing to connect on LinkedIn or be friended on Facebook or to follow on Twitter with a view to understanding how someone presents themselves and whether they might pose reputational risks. i would have thought that the categories of employees who should be subject to this would be very limited but am hardly surprised that, especially in graduate type jobs, this proliferates due to nosey parkers.

Pat Mustard

ZENER wrote: »

How badly do you want the job ? What price your privacy ?

Ken

I take it that they only hire people with facebook accounts then?

Might be worth considering a sanitised decoy facebook page for creeps to stalk.

When people ask me if I'm on facebook, I tell them that I'm not. No good can come of it.

zetalambda

Who do you work for, Hitler?

If an employer asked for my social network passwords, I'd rudely decline, hand in my notice and take my chances.

billybob123

I have worked here for over 1 year. I do promote the business somewhat through my LinkedIn, however it is not a premium account so they have not paid for it and i had it 4 years before i start here.

They say it is regarding an ISO compliance thing to do with data protection.

zl1whqvjs75cdy

Well thats a heap of ****e. If anything what they are asking is a breach of data protection legislation. They are chancing their arm. Tell them to **** off.

If they know anything about data protection they know not to ask for passwords

whomitconcerns

billybob123 wrote: »

I have worked here for over 1 year. I do promote the business somewhat through my LinkedIn, however it is not a premium account so they have not paid for it and i had it 4 years before i start here.

They say it is regarding an ISO compliance thing to do with data protection.

ISO compliance....hahahahahahahaha what chancers!!!!!!! Thats a no!

28064212

billybob123 wrote: »

I have worked here for over 1 year. I do promote the business somewhat through my LinkedIn, however it is not a premium account so they have not paid for it and i had it 4 years before i start here.

Remove all business promotion items from your LinkedIn, and tell them it's purely a personal account now, and as such, they have no requirement for access to it

KTRIC

I've been talking to a certain social media company recently about work and I've noticed that my account was actually accessed, as in logged into in the location of their HO in the US a couple of times. :rolleyes:

In this case theres not much I can do about it but in the case of the OP I'd tell them to take a flying jump.

Francie Barrett

Just close your accounts.

Fred Swanson

This post has been deleted.

KTRIC

KTRIC wrote: »

I've been talking to a certain social media company recently about work and I've noticed that my account was actually accessed, as in logged into in the location of their HO in the US a couple of times. :rolleyes:

In this case theres not much I can do about it but in the case of the OP I'd tell them to take a flying jump.

How did they do that? Change your password quick

KTRIC

bluewolf wrote: »

How did they do that? Change your password quick

Let's just say it's their site so I presume they can login to whomevers account they wish.

whomitconcerns

KTRIC wrote: »

Let's just say it's their site so I presume they can login to whomevers account they wish.

pretty certain that would breach ALL of their own privacy procedures..if you dont get the job I would definitely be showing them the proof!

bootybouncer

Not obliged to chap.................ask said employer to show you their gash or todge.......see how they like it

DoctorEdgeWild

billybob123 wrote: »

I have worked here for over 1 year. I do promote the business somewhat through my LinkedIn, however it is not a premium account so they have not paid for it and i had it 4 years before i start here.

They say it is regarding an ISO compliance thing to do with data protection.

Definitely nothing to do with ISO:9001 quality or 14001 environmental, that's an area I work in. Might be worth asking to explain what they meant exactly as there may have been a miscommunication. It's not something I'd ever even consider asking any of my employees though.

hullaballoo

All employees of certain social networking sites have full admin access to all users profiles, including messages etc. Again, I'm surprised more people don't expect this to be the case.

Dublinflyer

I got asked for my Facebook password by a company I worked for a few years ago as they got wind that some of the guys were bitching about managers on their pages. I told them that I did not have a facebook page, which was the truth, and they started disciplinary proceedings against me. I let it run a bit as I was intending to leave anyway and eventually got a solicitor involved. I think they wanted to make an example of somebody but picked the wrong person as I was able to prove that I never had a page. I am going back a good few years as FB was still a new thing but they ended up having to pay a few people in the company compensation as the LRC, it went that far, said it was a form of bullying. The company ended up going bust about a year later but I don't think there were many tears shed at the time.

whomitconcerns

hullaballoo wrote: »

All employees of certain social networking sites have full admin access to all users profiles, including messages etc. Again, I'm surprised more people don't expect this to be the case.

Really? Which sites are they. i want to see those t&c's please so i can get off them.

munchkin_utd

are you sure they asked you for a "password" or was it your "login" - the first being a request for your password but latter meaning just your user id just so they can "friend" you or whatever ?

hullaballoo

whomitconcerns wrote: »

Really? Which sites are they. i want to see those t&c's please so i can get off them.

Would you not just presume it's all unless they specifically state otherwise?

The general rule is that if you don't want other people to have information about you, don't post it on the internet.

whomitconcerns

hullaballoo wrote: »

Would you not just presume it's all unless they specifically state otherwise?

The general rule is that if you don't want other people to have information about you, don't post it on the internet.

And yes I agree 100% and I dont use a lot of those sites for that very reason. However, I would assume private messages,etc would be not in public domain. And yes I would have a legitmate expectation of privacy therin. From google or linkedin or facebook T&Cs.

Larbre34

Handover the passwords, then change them immediately. When the query comes back, 'eh, they dont work', sue the pants off them.

Five Lamps

billybob123 wrote: »

I have worked here for over 1 year. I do promote the business somewhat through my LinkedIn, however it is not a premium account so they have not paid for it and i had it 4 years before i start here.

They say it is regarding an ISO compliance thing to do with data protection.

In that case, you need to have a frank conversation with them - that you promote the company through your own social channels. Advise them that you are happy to stop doing this or assist the company in setting up and managing their own channels.

They have no requirement for the credentials of your personal accounts as part of their ISO process.

Manach

Purely from a devil's advocate position, it might be argued that a firm's reputation and/or security policy standpoint having the passwords would be allowed to ensure these are safeguarded. As the OP mentioned, there are work related material on those sites and as part of T&C in employment contracts there are usually articles on confidentiality as well as IP rights safety.
But aside from that, in the normal circumstances handing over passwords is just not on - and to even mention the Data protection act as a pretext for this is odd.

Pat Mustard

whomitconcerns wrote: »

Really? Which sites are they. i want to see those t&c's please so i can get off them.

I'd suspect that they all do.

Have a look at Facebook's privacy conditions for a start.

sopretty

Would ISO compliance not require access to and review of all marketing and marketing channels used?

DoctorEdgeWild

sopretty wrote: »

Would ISO compliance not require access to and review of all marketing and marketing channels used?

Not for 9001 or 14001. It would simply require that the process you have in place is adhered to and can be checked. Not every company would have marketing so it is not mentioned specifically in either standard.

However, if you said in a process/procedure that you monitored all online marketing by employees, you could be asked to show evidence that you do. It would be up to you to decide how best to do that to satisfy your auditor.

touts

Remove the business related posts from Linkedin and tell them that the business stuff is now gone and it is a purely personal account.

Tell them the other accounts are personal and not business related.

Leave it at that. Unless they take further action you should not. Do not get snotty and certainly don't go running to a solicitor as some people here have advised. Remember if you go all bolshy and legal then you might win the Battle of the passwords but you will lose the war or your career. Even when you leave there will be a note on your file to say you were a difficult employee and that'll go out to any future prospective employers looking for a reference. There is a reason the most bolshy people in the country are those with jobs for life in the civil service. They don't have to worry about a reference in the future.

sopretty

DoctorEdgeWild wrote: »

Not for 9001 or 14001. It would simply require that the process you have in place is adhered to and can be checked. Not every company would have marketing so it is not mentioned specifically in either standard.

However, if you said in a process/procedure that you monitored all online marketing by employees, you could be asked to show evidence that you do. It would be up to you to decide how best to do that to satisfy your auditor.

So, if they had stated that their marketing processes include the use of employee social media accounts, then it might well be a case that they do indeed need to provide evidence of this and the ability to review such marketing?

DoctorEdgeWild

sopretty wrote: »

So, if they had stated that their marketing processes include the use of employee social media accounts, then it might well be a case that they do indeed need to provide evidence of this and the ability to review such marketing?

Yep, if I were QM for a company that said they monitored all online accounts in a policy, I would show evidence of a company LinkedIn/Facebook page being regularly updated by an employee.

It is a big stretch to monitor an employees personal account though. I can't imagine a quality system that would include something like that and have yet to see one, definitely a question for HR/legal people rather than Quality/Conformance people.

Seems a bit mental to me and hopefully just a misunderstanding.

The only possible greyness would be if someone were conducting company business through their personal accounts - which is just a bad idea in my opinion.

GarIT

Enable two factor authentication. Then you will never be able to log into Facebook from a new computer without your phone. Give them the passwords and you will get text messages if anyone tries to log into your account and the location of the attempted access.

sopretty

I'd possibly discuss this with my employer then. I'd state that while you use the LinkedIn profile for marketing (which presumably they are aware of), you would like to separate your profile from the company one. Is there anything you'd be uncomfortable with currently on your LinkedIn profile?
A bit silly of the employer to use employees' personal accounts.

As for Facebook or anything else - this is a complete blurring of lines between personal and professional.

sopretty

Is it a small or relatively new company you work for OP?

Is this their first time applying for ISO certification?

I would think that their request is probably genuine, particularly if an ISO audit has been ongoing. I wouldn't think that there is any sinister intent, rather, a naivety as to what would be required to achieve ISO certification.

For that reason, I would discuss the issue frankly and without any fear of sinister motivations. ISO might not be happy with the employer accessing passwords of personal employee accounts either, so I think your employer might need to do a bit of research. Discuss it with them, and you might come out smelling of roses!