Risk
10/1/2012
09:58 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

California Passes Tough Social Media Privacy Laws

Employers and colleges in the state now forbidden from demanding social media logins and related material from applicants.

California jobseekers with a penchant for the semi-scandalous can breathe a sigh of relief--sanitized Facebook accounts are no longer a prerequisite to employment. Thanks to two bills signed into law Thursday, businesses and schools throughout the Golden State are now prohibited from demanding that applicants share social media credentials and related private content.

In a gesture that fit the occasion, Governor Jerry Brown used a number of social media platforms to announce that he'd signed the legislation. The bills--AB-1844, which bars employers from demanding social media-related material, and SB-1349, which defines a similar policy for colleges and prospective students--were authored by state representatives in the tech-rich Bay Area and will go into effect January 1.

The vetting of social media content first national drew attention in February 2011, when a Maryland corrections officer revealed that he'd been required to provide his Facebook user name and password as part of a recertification process. The practice proved incendiary; opposing parties included purveyors of legal but off-color online antics, job applicants put off by the invasive request, the ACLU, and--in a move that raised eyebrows due to the company's sometimes nebulous privacy policies--Facebook itself.

[ California lawmakers have been busy. See Google Autonomous Cars Get Green Light In California. ]

Despite debates, the use of social networks for hiring purposes has been fairly widespread. A CareerBuilder survey found that around two-fifths of polled employers were using social networking tools to screen candidates as of last spring. This figure was down 18% relative to a 2009 version of the same study, suggesting the tactic might be losing favor. An additional 11% of the 2012 respondents reported plans to incorporate social media into hiring policies, however, so such conclusions are speculative. A Eurocom Worldwide study released around the same time drew comparable conclusions.

Whatever the rate of adoption, the policies have impacted hiring decisions. The Eurocom study found that around 20% of executives had chosen not to hire someone based on his or her social media profile. CareerBuilder, meanwhile, found that 12% of the companies that screen social networks do so expressly to look for undesirable behavior. This figure might undersell the real impact, as many respondents reported using social networks for goals so broad as to include virtually anything--such as assessing whether a candidate is "well-rounded."

Though rejected applicants attract headlines, hiring processes that include social media checks have actually helped some people find work; CareerBuilder found, for example, that 29% of the companies that check online profiles have found reasons to hire someone while doing so. A study in the Journal of Applied Psychology, meanwhile, somewhat validated the vetting technique, concluding that assessments drawn from social media screenings correlate with actual workplace performance. The researchers argued that more research is necessary, however.

Washington, D.C.-based attorney Bradley Shear served as an adviser to the California bills' respective authors and has frequently analyzed the use of social media monitoring in his blog. In an interview, he said difficulties with social media predate the employer-driven controversies. Universities, he stated, had already been using reputation monitoring services such as UDiligence and Varisty Monitor to keep tabs on high-profile student athletes. He characterized the practice as "very troubling" and potentially in violation of some laws, but countered that it took broader privacy concerns and Constitutional objections to foment public debate.

Indeed, California state Sen. Leland Yee, author of SB-1349, cited such broad concerns as an impetus for new legislation in a May interview with KQED Public Radio, declaring that even if social networks contain information in which employers might have legitimate interest, they also contain information that businesses are legally forbidden from collecting, such as religious affiliation and sexual orientation.

Shear described the monitoring of student athletes as emblematic of why California's new laws benefit not only privacy advocates but also businesses and institutions. "With access comes responsibility," he asserted, explaining that if an individual whose profile is being watched commits a crime, the monitors could be criminally liable if they're found to have overlooked or neglected warning signs expressed in social media. Others have similarly questioned whether employers might be vulnerable to lawsuits from rejected applicants who allege discrimination.

Shear also stated that economic dangers are implicit when hiring managers include social media in the application process. To combat perceived privacy intrusions and maximize appeal to employers, many candidates create false, anodyne accounts that skew social networks' respective user figures. This trend, he said, distorts advertising data, negatively impacting the bottom line of not only the social networking services but also the companies that rely on them for marketing strategies. Other jobseekers that simply opt to stop using social media, he said, only exacerbate this phenomenon.

The new laws are "common sense from both privacy and litigation perspectives," Shear asserted, because "they shield [businesses] against potential litigants." He said AB-1844 and SB-1349 are ultimately "pro-privacy, pro-business, and pro-technology" because they strike a proper balance among all parties' individual concerns.

Maryland and Illinois have adopted similar laws that extend only to employees, and Delaware passed legislation that applies only to students' social media accounts. When California's new restrictions become enforceable in 2013, the state will boast the most comprehensive set of regulations.

This status might be fleeting, however; several more states are considering laws of their own, and SNOPA, a federal-level version, is currently working its way through Congress.

Social media make the customer more powerful than ever. Here's how to listen and react. Also in the new, all-digital The Customer Really Comes First issue of The BrainYard: The right tools can help smooth over the rough edges in your social business architecture. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Deb Donston-Miller
50%
50%
Deb Donston-Miller,
User Rank: Apprentice
10/3/2012 | 11:36:24 PM
re: California Passes Tough Social Media Privacy Laws
I think it is good that laws are being passed preventing employers from asking for (or demanding) the keys to job candidates' social kingdoms, but many companies are looking at how candidates present themselves online--what kind of social "equity" they have built up in terms of friends/followers/followees/content developed/content shared. Of course, this kind of information isn't relevant for all jobs--maybe not even most--but I think it's relevant for an increasing number of positions.

Deb Donston-Miller
Contributing Editor, The BrainYard
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.