Those of us who have argued that it is unlawful (and immoral) for employers to demand secret passwords to social media accounts of job applicants received more support today from Ontario’s Privacy Commissioner.
By way of review, I took the position that asking job applicants to disclose their private Facebook passwords would violate Section 23(2) of the Ontario Human Rights Code, since this is akin to asking for the key to a secret document that will allow the employer to see such things as the person’s marital status, religion, family status, sexual orientation, disability, or ethnicity. My view was that the Code prohibits employers from seeking to obtain this information during the recruitment process, either through direct requests or indirect requests that allow the employer to obtain the information through the backdoor.
Subsequently, the Human Rights Commission issued a statement warning that “the OHRC believes employers should not ask job applicants for access to information stored on social media or other online sites and that doing so could leave an employer open to a claim of discrimination under the Code.”
The position that it is unlawful under the Code for employers to demand secret passwords from job applicatns is not without detractors, and I referred everyone to the blog post prepared by Dan Michaluk from Hicks Morley, who argued that the Code does not prohibit an employer from asking for a Facebook password, only from relying on information about prohibited grounds that might be seen in the secret vault . I understand that argument, but I respectfully disagreed with it because: (1) the Code is required to be interpreted expansively to protect human rights, and (2) if that argument succeeds, then Section 23(2) of the Code is basically meaningless, since Section 5 of the Code already prohibited employers from ‘acting’ on any information about prohibited grounds. In my view, Section 23 deals not with employers who rely on inappropriate information, but with the manner in which employers attempt to obtain that information during the recruitment process.
Anyhow, old news. But I mention it all again because today Ontario Privacy Commissioner, Ann Cavoukian, announced that in her view it is “fundamentally wrong” for an employer to ask current or potential employees for personal passwords. In a paper she has published (Reference Check: Is Your Boss Watching?) to help guide employers and employees, Cavoukian writes:
Employers cannot ask for information that may directly or indirectly reveal a prohibited ground of discrimination. In Ontario, requests for this kind of information may also put the employer at risk of a lawsuit as an unreasonable intrusion into not only an applicant’s private activities, but also the activities of their “friends.
Mark Ellis, and employer-side employment lawyer at Baker McKenzie in Toronto is quoted in the article saying that Baker lawyers advise employers that “probing beyond the password-protected wall constitutes unwarranted invasion of privacy.”
Is it now safe to assume that there is an emerging consensus in the employment law community that demanding passwords to social media accounts passes a legal and moral boundary in Canada?