In Part 1 of this series, we discussed why some employers may want to take over a person’s LinkedIn account when an employee leaves, voluntarily or not.
As noted, in a layoff, the person who owns the password controls the account. There might even be a race to see who can change a password first when a layoff is pending. In one case, a company took over a LinkedIn account when they laid off an employee. She had to sue to get her account back. Another employee changed his password just before he was laid off on the same day and retained his LinkedIn account.
Can an employer ask for your social media passwords?
In at least fourteen U.S. states, there are laws to prevent an employer from asking an employee to give them their social media passwords. Other states are considering similar laws. Outside the United States, there may be fewer protections.
Most people would consider an employer asking for their passwords as an invasion of their privacy. There are other issues, too. Nobody wants an employer or business looking over your shoulder when you go online, whether or not it’s during company hours. With your password, an employer can change your account, edit your profile, delete any comments about them, add comments, send emails in your name, and change your privacy settings.
As one person commented in a related discussion: “I’ll give them my Facebook ID and Password when they give me their checking account number and PIN.”
Yet, when you are about to be hired, or face the threat of being fired, it may be difficult for you to refuse to give out a password, even if doing so gives your employer effective control over your account.
What is Your Employer’s Social Media Policy?
Many companies have a social media policy to explain details on how they deal with social media and using their computers. It should include whether they condone accessing social media during work hours and on the company’s computers, phones and tablets. Some companies discourage using social media on company time. Others encourage it, particularly to build up the company’s reputation. Some may restrict an employee’s freedom to criticize the company online. Some companies may allow you to use social media during breaks and lunch, others not. The policy may also say that the company is allowed to monitor your computer use.
In general, if your employer has a social media policy, you should read it before signing it. Knowing what they expect is good.
However, many employers have no policy and you may not know what they expect, or what they monitor.
Are You Unwittingly Giving Away Your Password?
Even if you don’t volunteer your LinkedIn (or other) password to your boss, there are many other ways they can learn it, especially if you use a company computer, phone or tablet to access LinkedIn.
Executives, in particular, may give their passwords (including email and social media accounts) to their personal assistants to monitor their accounts and even write responses and make and accept invitations to connect. If your boss or security or IT then asks your assistant for your password, it would be a rare one that would refuse, especially if their job was threatened. Incidentally, giving your password to anybody else is a violation of LinkedIn’s User Agreement.
But there are other ways you may accidentally give away your password:
- If you let your web browser memorize your password to ease logging in from your company’s computer, the password is often easy to find.
- If you use more complicated passwords (as you should), you might keep them in a file on your computer, on a server, or in your desk drawer where others can find them.
- Even if you use a password vault, like KeePass or LastPass, you may be required to give the master password (and, thus, all your passwords) to your employer when you are discharged and return their computer. If they installed the program, they probably already have a master key.
- Many employers use a keystroke capture tool, or keylogger, that captures everything you type, including your passwords. The program may email everything it captures to your boss or IT daily, weekly or monthly. This is surprisingly common in the workplace.
- Other software can monitor each website you visit, and what you do on each employer’s computer, phone and tablet. That would include your social media.
- If you have a utility that keeps multiple-clipboard text clippings, it could save your password if you cut and paste it. Some password vaults also use the clipboard.
- There could be other ways to monitor what you do online from your company’s Wi-Fi or LAN internet connections, too.
- If you use tools to broadcast to LinkedIn, such as Hootsuite, Tweetdeck, or Buffer, or a CRM, or an internet marketing tool, or use Rapportive, you had to use your LinkedIn password to connect those apps to your LinkedIn Contacts.
- If you are in an office that uses video surveillance, they might be able to see an employee typing in a password. (This might happen more easily on TV, but be aware.)
So, How Do I Keep My Password Private?
Second, do NOT use your company email account as your primary or secondary LinkedIn email address. If you ever ask LinkedIn to reset your password, they will send a reset link via email to your primary address.
Know your company’s social media policy. It might be spelled out right there. In general, if your company goes to the trouble of stating that they may monitor their computers, it’s safer to assume they are monitoring their computers, smartphones and tablets for what you do and even where you do it.
It may be safer not to use company equipment to connect with LinkedIn. Use your personal tablet or phone app through your private carrier. (Check your company’s policies on using private equipment.)
If you must use LinkedIn during the day, can you do it outside the office? Be aware that a library’s or restaurant’s or a public Wi-Fi access may have its own security risks.
If you need help maintaining your private LinkedIn account, hire a private virtual personal assistant instead of using a company employee. (Note, this is still a violation of LinkedIn’s User Agreement, but it protects your password and protects you from charges of using company employees for personal gain.)
If there is even a rumor of layoffs, or your boss is suddenly avoiding you, or people are being called in to HR, change your password. Try not to use a company computer to do it, unless you have no choice. If you are laid off, change your password ASAP.
In addition, it’s a good idea to download your list of contacts from time to time. That way, even if you need to start a new account from scratch, you at least know who your connections were. This is especially important if you have a large contacts list.
What can you do if your employer changes your LinkedIn password?
Immediately see if you can have a reset message sent to your primary LinkedIn email address (see above). If an IT person is simply instructed to change your password, they might not know to also change the email addresses associated with the account.
Your best bet is to go to LinkedIn Customer Service and explain the situation. They are in the best position to enforce the LinkedIn User Agreement. (You may need to explain why you also violated LinkedIn’s User Agreement by sharing your password.)
In fall, 2014, LinkedIn announced that it will let allow users to download the information that they keep on users, including their list of Connections. You should request the download periodically, probably at least once a year, so you have a backup of who you are connected to, who gave you endorsement and recommendations, and which groups you were active in. If you must create a new account, this is vital info and will speed up the process. Also keep the text in your profile in a word processing file or digital notebook so you don’t lose that, too.
You can also try to settle the dispute with your employer (or former employer). At least put it into writing and get a written response before resorting to lawyers.
If your employer does take over your account, be sure to disconnect your social media and email accounts from LinkedIn. If you connected your personal Outlook, Gmail, or Yahoo! mail to LinkedIn, you should disconnect the link from the email side. Why? Because with a connected account, they can send an email from your LinkedIn account via your Gmail or other email provider.
Also remember to disconnect your personal Twitter, Hootsuite, Tweetdeck, Buffer, Rapportive and other social media tools from your no-longer-accessible LinkedIn account. You can do this from their sites without logging on to LinkedIn.
Isn’t all this being a bit paranoid?
In a happy, healthy, business world without conflict, yes this would be paranoid. And maybe 98% of the time there won’t be a problem. But, if your employer doesn’t spell out a social media usage policy, or doesn’t address ownership of social media accounts, or requests you to use social media for work purposes, be aware and protect your LinkedIn and other assets. If you are in sales or social media marketing, be even more cautious and take precautions. If you are laid off or resign, you may be glad you did.
Probably obligatory legal stuff: The author of this article is NOT (and never wants to be) an attorney and is not trained in law. Confusing this article with actual legal advice would be a horrible mistake.
Online Bibliography and References:
There is a lot of information available online about social media ownership, business issues involved with social media, and ways for employers to monitor their employee’s activities. Here are just a few selected online articles on social media, office privacy, and your online security.
“10 New (And Legal) Ways Your Employer Is Spying On You, The right to privacy is fast vanishing” by Donna Ballman, Sep 29th 2013, on Jobs at AOL.com.
“Who Owns a Social Profile? You or Your Company?” by Steve Anderson,
August 07, 2013.
“Who owns your social media account? Your company or you?” by Paul Jacobson,
Feb. 14, 2013, on the South African site, Grubstreetcom.
“Just who owns YOUR digital profile ?” by Mark Northall, Nov. 8, 2012.
“The Truth About How Social Media Has Impacted Employees” by Dan Shawbel, guest post on Brian Solis’s blog.
“What to Do if a Company Asks for Your Facebook Password in a Job Interview, How to protect your privacy in a job search” by Joshua Waldman,
undated article on The Ladders.
“Federal and State Wiretap Act Regulation of Keyloggers in the Workplace” by Susanna Lichter, Edited by Laura Fishwick. Harvard Journal of Law and Technology.
2014 Employee Monitoring Software Comparisons & Reviews on TopTenReviews.com.
“Employee Monitoring Software: Protecting Your Privacy in the Workplace” by Barbara Applebaum. Undated article on TopTenReviews.com.
“Lens Password” (title artwork) used courtesy of
Salvatore Vuono and FreeDigitalPhotos.net.
“Woman Holding Katana Weapon” artwork used courtesy of
“Marin” and FreeDigitalPhotos.net.