Password Protection: Are Companies Infringing on Employee Privacy?

Brook Zimmatore | October 17, 2016

Let’s face it, employer/employee, boss/worker, executive/subordinate relations have long been a point of tension.  Heating up the fire at this moment: your workplace and social media.  The boss wants to know what employees (or potential employees) have to say as they Tweet about the company, workers want to Insta in peace.

As always, there are two sides to every story.

The Case for Employers

When it comes to managing a business, your reputation matters.  A recent study found that just 4 negative search results could cost you 70% of your business.  Even just 1 negative result could mean a loss of almost 1/4 of your potential business.  If you search for your business name or the key players in your business and you find an incriminating hashtag, it could even mean the end of your business.

With the stakes so high, employers want all employees to represent them well on social media.

Social media scares aren’t the only situation; more than ever companies rightly fear insider attack on their cyber security. If an employee (or potential employee) could be a corporate spy, a closet addict, or a general menace, requesting passwords provides incredible insight.  Oh, and one of the most inane, and yet genuine threats?  Inadequate passwords!  If you know the passwords your employees are using, you can protect workers from themselves!

From a company perspective, then, requesting passwords serves two important functions: protecting your brand and your assets.

The Case for Employees

What you do on your own time is your own business, right?  If you have a secret obsession with koalas (and how they are not bears!) or what to complain about an irritating coworker to 700 of your closest “friends,” that’s your prerogative.  Some companies also want to infringe upon your rights by requesting you to:

• “friend” coworkers or managers
• open your social media accounts in their presence or provide user names and passwords
• advertise their products or services or capitalize on your social equity to further their brand
• change privacy settings on your social media accounts
• alter or delete material on your personal accounts that they feel are inappropriate by their corporate standards

In several states, such requests are actually illegal.  While no federal law exists at this time, motions have occasionally been put forward and several US states are considering similar legislation.

Not to mention, where’s the trust?  You can understand someone wanting to protect their brand and their assets, but at the expense of your freedom to communicate with your family and friends?

Finding Middle Ground

For both employers and employees, there may be a safe area in the middle, where assets can be protected but freedom exists.  In many cases, that “safe space” may just require an open conversation from both parties.

As a potential employee, you will likely be asked about social media and online personal accounts.  You can take certain steps to ensure you are signing up for something that you are comfortable with.

1. Find out what is expected of you.  Some organizations have tighter security than others, and perhaps justifiably so.  If you are going to work for the government or a tech field, be prepared to walk into a situation of cyber security where the organization feels they are “only as strong as the weakest link.” If security seems out of proportion with the field in which you intend to work, or what you are comfortable with, that might not be the right workplace for you.

2. If you do not feel comfortable with a request, state it nicely and factually.  Does a request for your private online persona feel uncomfortable?  Say so, respectfully.

3. Regardless of policy, take some steps to protect your accounts.  Use a different password for every account.  Use a name or a nickname for accounts where that makes sense.  Disable public web search.  Use a separate account or group settings for posts that you want to share with only a select few.  You can curate what others will see.

For employers, have clear policy.  If you state explicitly what you feel is acceptable online behavior, you can get employee signature on such policy.  (Probably goes without saying, but get legal review of your policy before including it in your employee agreements).  Then, if an employee violates that policy you have legal recourse and protection.

If you don’t already, you should also have a policy on passwords and security protocols.

With the right policies in place, and frank conversations on any sticking points, you can find the middle ground where both employers and employees are satisfied.

CEO / Co-Founder
Brook Zimmatore is the Co-Founder & CEO at Massive.