The Privacy Setting You Cant Control: With Friends Like These, Who Needs Enemies?
August 18, 2016
If youre not paying for the product, you are the product. This phrase has been a popular way to describe the tradeoff we make for utilizing the many free and convenient services available online. While many consumers try to fiercely guard their personal information, it would appear that these attempts are in vain. Youre only as strong as your weakest link, and every friend or colleague is a potential chink in your armor.
Contacts For Hire
For example, in the past few years, companies began checking the social media profiles of job candidates and employees in fact, reported on this trend as far back as 2012. This practice is illegal in a handful of states. However, according to 2016 data from the , some legislation designed to protect job seekers and workers failed in seven states this year, and also failed in 10 states last year. (Legislation is either pending or it has not been introduced in several other states.)
Heres the problem with checking social media profiles. Some companies arent just performing a cursory search; theyre asking for login and password information so they can see everything. In fact, some online job applications wont allow individuals to even submit their applications unless they have authorized social media access and provided their usernames and passwords.
If that type of access is downright illegal in some states, isnt it at least unethical in the rest of the country? I asked several experts to weigh in on this subject.
According to Tim Sackett, a human resources and recruiting talent pro as well as the president of HRU Technical Resources, most employers are scouring the internet before they make a hiring decision whether they tell you or not. I would rather an employee just tell me this is part of the deal - plus, many candidates have their profiles locked down, so if you don't give me access, there is nothing to see, Sackett said. And he added that nothing to see can be a red flag that causes an employer to question what that person may be trying to hide.
However, from an ethical standpoint, Sackett explained that whether asking for social media login information is right or wrong depends on factors such as the employer, the clients, and the companys culture. The answer is to work for a company that doesnt have issues with your vices, said Sackett. If you like to party and post pics with your drunken friends on Saturday night, work for a company that is cool with that. If you and your friends like to dress up like Hello Kitty on your off time, work for a company that is cool with that.
Almost half of the companies in a recent survey by the Society of Human Resource Management admit to using social media to screen applicants, and one-third report that they have disqualified applicants based on the information they found.
Jonathan Westover, associate professor of Organizational Leadership in the Woodbury School of Business at Utah Valley University and a human resource management consultant, agrees that companies are probably looking for red flags. Will the applicant embarrass the company? Are they engaged in behaviors that might lead to poor performance? Hiring managers want to know this before they make a decision.
And Westover thinks its possible that companies are also looking for a strong professional network especially in highly-skilled or managerial jobs. They may leverage candidates with strong networks, such as LinkedIn, in the recruitment and headhunting of other highly-skilled potential workers (for example, in the high tech industry). But Westover said there are still underlying privacy issues and he thinks that this type of access can be abused and used for other purposes.
One of the major concerns is how this information is used, according to Don Mayer, J.D. chair of the Department of Business Ethics and Legal Studies, and professor-in-residence at the Daniels College of Business at the University of Denver. He questions the ethics of this practice because the candidate or employee is not given the opportunity to explain any information or associations that the company may consider to be derogatory.
Motives may vary, but Im not clear on what criteria companies would use to disqualify someone because of their contacts, or because of comments made to friends on social media, Mayer said. Are psychologists hired to do some sort of psych-analysis of patterns and likes from Facebook?
The possibility of disqualifying a candidate based on their list of friends is a serious ethical issue to Karen Young, SPHR, of HR Resolutions. Im concerned that all of a sudden, a companys valid business reason for not hiring an applicant is because someone looked at their Facebook page and saw that some their connections include LGBT, Hispanic and African American friends.
Also, Young believes the social media access requirement may reduce the number of qualified people that would actually complete the application process.
There are other ethical issues regarding this requirement, according to Kate Jones, a partner in the Kutak Rock law firm. Providing your social media credentials to a potential employer may not only infringe on your privacy, but also the privacy of your friends and contacts on social media, Jones said.
Jones also explained that when applicants share their login credentials, theyre making a conscious decision to do so. But your friends and contacts on social media do not have an opportunity to make that choice. Jones said they might have chosen to share certain information only with certain friends and contacts. Sharing your login credentials may affect your friends privacy, she warned.
But should the bulk of the ethical blame rest on the job seeker or the potential employer? After all, no one is forcing applicants to agree to these terms. They can choose to terminate the application process and seek employment elsewhere. But is that a realistic expectation?
Keith Swisher, ethics consultant at Swisher P.C., thinks its an abuse of the potential employers power. People need jobs, and employers should not exploit that need by, for example, requiring access to private communications. Regarding employees, Swisher says, Performance interviews, probationary periods or on-the-job observations would provide far more accurate and less intrusive information than the screening of private, out-of-office communications and associations.
Shadow Profiles
In 2015, reported that Facebook secured a patent that would allow banks to determine a potential borrowers creditworthiness by analyzing the credit ratings of the individuals social media connections. If the average credit rating of the individuals friends happened to be below the minimum credit score, the individuals application would be rejected even if that person had good credit. Fortunately, Facebook decided against proceeding with the project.
Facebook also creates shadow profiles based on the information provided by an individuals friends. For example, lets say youre a Facebook user, but youve given the company the email address you use for junk mail, and youve never supplied other information, such as your phone number.
However, if your friends have ever used Facebooks find friends feature and allowed Facebook to scan their mobile phone contacts, all of this information is stored on Facebooks servers. In other words, Facebook may have all of your email addresses and phone numbers stored in a shadow profile.
Facebook isnt alone in this practice. One day, M. Forrest Abouelnasr was exchanging emails with a friend, and the friend switched to his business address. A few days later, when Abouelnasr was on LinkedIn, he noticed that this friends name popped up as someone he may know and want to connect with although the two were already LinkedIn connections.
Abouelnasr realized that LinkedIn assumed the new email address belonged to a different person who didnt have a LinkedIn account, and he wanted to know how LinkedIn was able to track his email contacts. In his , Abouelnasr shares the transcript of his conversation with LinkedIns customer service department.
When I contacted Abouelnasr about his experience, he told me at first, the rep erroneously stated that if a user had LinkedIn open and also had their mail server open (Gmail, Yahoo, etc.), LinkedIn would grab those email contacts. This is impossible, and the company representative later corrected the mistake, saying that instead what the company actually does is collect a users smartphone contacts when the LinkedIn app is installed on their smartphone.
How many users upload their contacts to various apps without stopping to consider that their friends and colleagues may not want their personal information exposed to a third-party? How many users stop to obtain permission?
But is it really such a big deal that LinkedIn, Google, Facebook and other companies are collecting information on people from their friends and without their knowledge? Mayer said he believes it is a big deal. In terms of trustworthiness which is a core ethical value to most people, and even to many corporations striving to be more ethical this is not an entirely straightforward process, he said. Also, Mayer stresses that companies dont really explain what they intend to do with the information.
Among other things, we now know that companies sell information to data brokers. A CBS News revealed that Acxiom, the largest data broker, has roughly 1,000 tidbits of data on over 200 million Americans. On top of that, Acxiom along with thousands of other data brokers sells various types of lists to other companies. Some of these lists might include people with gambling habits, gun owners, members of LGBT organizations, or patients with specific medical conditions. These groupings, and an assortment of other information, help advertisers market to specific individuals. But not all of the information is used for advertising. The information is also sold to insurance companies, banks, hospitals, schools and other organizations to help them make risk assessments.
This brings us back to the weakest link: You can take every conceivable precaution to protect your privacy, but be advised that it only takes one friend or colleague through sheer carelessness, willful ignorance, the desire for convenience or the lure of a job to create a vulnerability that companies can, and will, exploit.
Terri Williams writes for a variety of clients including USA Today, Yahoo, U.S. News & World Report, The Houston Chronicle, Investopedia, and Robert Half. She has a Bachelor of Arts in English from the University of Alabama at Birmingham. Follow her on Twitter @Territoryone.