• United States



by CSO Staff

Checking job candidates’ FB pages can come back to haunt you, legal experts say

May 02, 20113 mins
Data and Information SecurityFacebookNetwork Security

Is your company using background checks on prospective hires? If so, it might find itself in legal hot water.

Is your company using social networking and Web search services to conduct background checks of prospective hires? If so, it might find itself in legal hot water.

There are several substantial privacy issues involved, says Michael Overly, a partner with Foley & Lardner LLP and a member of its Information Technology & Outsourcing and Privacy, Security & Information Management practices. First, using these sources might provide an employer with information relating to an employee being in a protected category (for example, race, religion, age) for which the employer cannot base its employment decisions.

Second, Overly says, under the Fair Credit Reporting Act (FCRA), an employer cannot use this information, which essentially constitutes a consumer report, without providing written notice to the candidate, obtaining consent and obtaining the information from a credit reporting agency that uses reasonable means to obtain the information and verify its accuracy.

“Simply surfing the [Internet] would likely violate the FCRA,” Overly says. “Employers have also been known to violate the terms and conditions of social media sites by using the information they obtain for purposes other than as authorized in those terms,” such as using them for hiring decisions.

“If a pattern or practice of discrimination was established and linked to the screening of potential employees based on what a hiring manager sees on a social media Web site, this could present a higher risk of adverse action,” adds Christopher Pierson, a privacy attorney. “The laws that apply to social media and human resources are the same as what exist in the physical world. However due to the vast amount of publicly accessible data that exists on these sites, the risks are heightened.”

The practice of using the Web to gather information about people inappropriately is widespread, Overly says. “Very, very few organizations understand these limits and I would say use of social media information in violation of the FCRA is rampant,” he says. Overly says the activities could expose employers to a wide range of damages and liabilities.

How can companies ensure that they are not violating any privacy laws when doing background checks on people? “They need to conduct the checks using reputable companies, including recognized credit reporting agencies,” Overly says. In addition, “businesses should develop clear written policies for use of social media information in these contexts.”

Pierson says companies should educate their hiring managers and ensure that the topic is addressed in a policy. A social media policy should cover what is allowed by employees on company time as well as what human resources and hiring managers can and can’t do in terms of social media searches, he says.