European Data Protection Digest

ICO Warns Employers on Password Requests


March 30, 2012

Following reports in the U.S. that employers are increasingly requiring employees and job applicants for their social networking credentials, the Information Commissioner's Office (ICO) has issued a warning about the practice, The Guardian reports. "The UK Data Protection Act clearly says that organisations shouldn't hold excessive information about individuals, and it's questionable why they would need that information in the first place," an ICO spokesman said. Last week, Facebook said employers should not exercise the practice. Meanwhile, author Cory Doctorow worries that simply preventing an employer from accessing social networking passwords is not enough to protect personal data. Doctorow points out that many companies use "self-signed certificates," which means an employer can "undetectably" eavesdrop "on your connection."
Full Story