There have been a number of articles recently covering the practice of prospective employers requesting access to social media sites, personal email accounts, or other deeply personal stores of information.
Despite this being an egregious violation of privacy, it is a growing practice, and one that requires clear guidance and regulation or legislation to protect users. The good news is that the tech industry doesn’t need to wait; most of the major players have clearly defined policies which forbid this practice.
Facebook asks its users to commit not to share their passwords or accounts as part of their “rights and responsibilities” which stands in place of the terms of service. LinkedIn has a similar requirement in theirs. I am not going to do an exhaustive survey, but it is highly likely that these terms are included in most others as well.
These service providers should clearly and publicly respond to this usage pattern and inform businesses that if they continue this unethical (and potentially illegal) activity, they will be blocked from accessing the services.
There is not much of a motivation for them to do so, but Social Media sites should also take technical measures to detect and actively warn users that are granting access to 3rd parties that they may be violating the terms of service.
A few strategic short-term bans on users who grant this type of access would create a a world of hurt for recruiters and compel users to refuse to participate in this behavior.