Are Employers who ask for Facebook Login Information playing with Fire?

Data Information Security Rule # 1: Never Collect and Store Private Information you do not need.

A Business/Organization/Institution is responsible for the Private Information they collect. Only collect sensitive personal identifying information that has a legitimate business need. Then only keep it for as long as you need it.

Social Security Numbers should only be used for required and lawful purposes – like taxes. Never use all or part of a SSN as an employee or customer ID number. Losing your employees’ SSN to identity thieves will destroy morale and productivity.

Data Information Security Rule # 2: If You Collect and Store Private Information you need to Protect it.

A written policy needs to be created identifying what information is kept, how it is secured, how long it is kept and the method of disposal.

Data Information Security Rule # 3: If You lose Private Information you are liable for its loss.

A rule of thumb: Each item of Private Information lost will cost a company $200. Lose 1,000 credit card numbers and will cost you $200,000. Not all Private Identifying Information is created equal. Lose a Social Security number and the liability grows with how the thief uses it. Each lost SSN could cost thousands. How much could it cost if a stored Facebook password is used to trash someone’s reputation? The law suit could be in the tens of thousands.

Are you willing to risk the liability resulting from asking for an employee’s Facebook password?

Other Links:

Employers Should NEVER Be Allowed to Ask for Facebook Passwords

Go ahead and ask for the Facebook password, IF…

About Bruce Demarest

Bruce Demarest is a Identity Theft Protection Specialist. He has designed and taught classes to educate individuals and businesses in identity theft risk management. The individuals have learned how to continuously monitor their financial identities from credit fraud, plus how to monitor their personal identifying information for unauthorized use. His business clients have become compliant with the federal & state privacy laws. He has conducted information security audits to identify their potential problems and has designed security policies, programs, and practices to address those problem areas.
This entry was posted in Business Identity Theft, Business Law, Identity Theft Protection and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s