Social Media Privacy Laws Provide Protection for Employers and Employees

Do you know your social media privacy rights as they pertain to your workplace?

They will be different depending on where you live because the laws vary from state to state. Utah recently became the fifth state to put into effect such a law that governs the rights of both employees and employers. Legislation has also been introduced or is pending at the Federal level and in 35 states.

This has become a hot topic because more than 90 percent of employers use social media sites to help screen applicants. Since applicants have the ability to determine their online privacy settings to decide what is out there for public viewing, some employers have asked for access to their private social media content to get the real picture.

In addition, employers contend that having access to social media accounts of employees allows them to protect sensitive company information such as trade secrets and financial figures. Employees argue that the information may be used to discriminate against them and inherently invades their privacy. In reality, most of the current legislation actually seeks to protect both sides.

Utah’s Internet Employment Privacy Act enforces protection of employees’ online identities, dictating that an “employer may not request disclosure of information related to [a] personal Internet account.” Also known as House Bill 100, this law, which applies to both employees and applicants, includes asking for usernames and passwords. If employers are found guilty of this, they may face up to a $500 fine. Additionally, the law states that employers may not “take adverse action, fail to hire, or otherwise penalize” anyone who will not disclose their information.

There are exceptions built in to protect the employer. They may legally require such information if the employer has provided the device and/or service or if the information is needed to carry out a disciplinary investigation, particularly if the employee’s actions in some way compromise the company – i.e. sharing of proprietary/confidential information or financial data. In addition, the employer can still view publicly available information in order to conduct due diligence.

In the ever-changing world of social media privacy legislation, one thing is clear; it will keep changing! Both employees and employers should check the current status in their state. The National Conference of State Legislatures provides a good listing to help you do this. As always, know your rights and act on your responsibilities.

John Sileo is a social media privacy expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Twitter privacy expert John Sileo talking with 9News on the AP hack

This Tweet disrupted the stock market as well as gold and oil prices: “Two explosions in the White House and Barack Obama is injured”.

Associated Press Twitter Account Hacked by Syrian Electronic Army

The Associated Press’ primary Twitter account was hacked today, allegedly by a group called the Syrian Electronic Army. This is the same group that took responsibility for the 60 Minutes and 48 Hours account takeovers. 

Syrian Electronic ArmySyrian Electronic Army AP Hack

Once again, the Syrian Electronic Army has managed to take over the Twitter feed of a highly respected news agency, the Associated Press. As you can see in the screen shots above, the hackers used the hacked AP Twitter account to falsely report that there had been two explosions in the White House and that President Obama was injured. Note: Both reports are false.

Hijacking high-profile Twitter accounts and using them for nefarious purposes is nothing new. But causing the stock markets, oil and gold prices to plunge in response is a new, critically significant development.

Are we living in an age where 140 characters are so powerful that they can send the Dow Jones down by more than 100 points? Yes, we are.

That is the undeniable power of digital reputation. The Associated Press has a strong, well-respected reputation online and off. The Syrian Electronic Army hijacked that reputation and used it to manipulate financial markets (however briefly).

Immediate Steps that Associated Press, Twitter Must Take

Twitter has been the focus of so many attacks, it makes you wonder when they will begin to take the basic steps necessary to prevent account takeovers like the AP, 60 Minutes and NPR:

  1. Twitter should immediately implement Two-Factor Authentication, which requires both a password and a texted passcode in order to get into an account. This makes it much harder to hack high-profile handles. 
  2. Both Twitter and the AP should champion a User Education Process that trains their users/readers on how to best detect phishing emails (which is how most of these accounts have been taken over). See the painfully simple video below that gives an example of how to educate people users about what a phishing attack looks like.
  3. Again, both entities should give their users guidance on how to create long, strong, site-specific and frequently varied passwords to lower the relative hackability of their accounts.


In previous weeks, NPR and CBS both had their online presence temporarily hijacked by the SEA. The group did get its own Twitter account suspended in the process, though new ones have been springing up in response.

Unlike some similar attacks by other groups, the SEA is very public about its involvement, often leaving messages like “Syrian Electronic Army was here.” The official “60 Minutes” and “48 Hours” accounts were among those compromised and made to display pro-Syria tweets bashing the U.S. Although control of the CBS feeds was eventually wrestled back, they have been officially suspended in response.

This hack is a wake up call: the more people you reach, the greater your circle of influence, the more appetizing it is for politically motivated groups to take control of your social media accounts and use them to move markets. 

John Sileo is CEO of The Sileo Group and speaks around the world on social media privacy, identity theft prevention and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Social media privacy? Facebook snoops even when you're not logged in

Despite its claim to being aware of social media privacy, Facebook continues to mine user activity for ad data. Now, it’s expanding beyond the boundaries of its site – and even your browser.

Though it claims to respect user privacy and keep its targets protected, Facebook is offering advertisers on its site a new way to narrow its audience through demographics based on specific purchases called “Partner Categories.” Beware of the rather innocuous official announcement which says that a local business could use it to find customers who may be willing to give them their business, according to recent purchases. The feature would accomplish this using third party data collection companies like Acxiom to build predictions based on what you have bought.

Previously, advertisers showed ads to us based on the interests we expressed on Facebook. Now, they have the added ammunition of knowing every product and brand we’ve purchased through our desktop or mobile.

Even if all of our secrets aren’t being revealed to these outside sources, this is still a breach of privacy. And what kind of slippery slope could this be sending us down?

It’s yet another area where anyone with a credit card can be observed without their knowledge. True, it’s hard to imagine a world without omnipresent advertising, and Facebook says this sort of technique has existed for a while. However, bringing it into the realm of online personal networking raises social media privacy concerns.

Advertisers now have even more specific ways to know what we’ve been buying and how that will affect our decisions in the future. It’s a chilling thought to those who would rather keep our shopping history private.

Social media risk management can get overlooked in the face of new developments. But as companies like this find more ways into our lives, it’s important to remember how much of our activity is being watched – and what we can do to protect ourselves. 

John Sileo is a social media privacy expert and keynote speaker on data security, fraud and reputation protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Facebook scoffs at social media privacy by taking over Home page

All Facebook Home will cost you is … well … your right to social media privacy on your Android phone. That’s a steep price to pay for Facebook Home saving you the extra step of clicking through a mobile app to access photos, updates and messages.

Facebook recently announced its new application “Home,” which will essentially replace the standard home screen of a user’s Android phone, giving users all Facebook, all the time. If you thought this social media colossus had control over data before, wait until users start willingly handing over their home screens. By doing so, they’re offering up valuable information contained in their mobile phones.

Facebook makes it very cloudy to know what you’re actually giving away. And though it may not be as much as the doomsayers predict, it surely is more than you’ll want to willingly contribute. For instance, Facebook’s new feature “Chat Head” combines Facebook messages with SMS. Even if it’s not collecting voice data from calls, it will likely gather data such as who you’ve called, how long you talked and how often that number is called.

Moments after the Home announcement, Facebook posted a memo on its website addressing privacy concerns. The fact that Facebook knew questions about social media privacy would be raised immediately after the unveiling indicates the company’s fear of user concern.

“Home is software that turns your Android phone into a great, living, social phone,” the message read. “Home doesn’t change anything related to your privacy settings on Facebook, and your privacy controls work the same with Home as they do everywhere else on Facebook.”

Notice that Facebook never claims not to violate social media privacy with Home. It just says that it won’t violate your privacy any more than it already does.

This is, unfortunately, not unchartered territory for Facebook – a serial offender when it comes to violating users’ social media privacy. These same questions were raised after Facebook revealed Graph Search earlier this year. Just like with Graph Search, Home will make it easier for Facebook to sell your personal data to advertisers.

That is part of Facebook’s brilliance and our ignorance – they know that most of us won’t take the time to read the Data Use Policy. Fool Facebook; read the Data Use Policy. Then we users can no longer plead ignorance, as we know exactly what Facebook is doing – creating an inventory of our private data and behaviors to sell to an adoring advertising marketplace that rewards them with a bump in stock value.

Make the right decision when Facebook releases the software this Friday – after all, home is where your privacy is. Or at least, that’s the way it should be.

John Sileo is a social media privacy expert and keynote speaker on reputation, privacy and cyber data protection. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.