Facebook logins toxic for employers, violate security and privacy principles

Attention CEOs and HR Managers: Facebook login credentials belonging to current or prospective employees are not something that any employer should request, use, or posses. Why? Apart from the violation of security and privacy principles? The risks far outweigh any benefit you imagine you could gain by logging into a social media account that does not belong to you, even if you have persuaded the account owner to give their consent.
The practice of asking current or future employees for their Facebook credentials is not only a serious risk for employers, it is one of the most unpleasant HR stories that I've encountered since the time a lab technician with scissors created two bald patches on the back of my head to test me for illegal drugs at the request of a prospective employer.
In fact, an employer's desire to test prospective employees for illegal drug use makes a lot more sense to me than an employer seeking to impersonate someone online and invade their privacy. Such impersonation opens you up to serious liability, both corporate and individual. The fact that you managed to get the consent of the Facebook account holder to log into their account does not mitigate the risks. I think a lot of privacy experts, myself included, would argue that consent (continue reading...)