The use of social media in the hiring process has important legal ramifications that employers need to be aware of. While the content and postings by job applicants on social network sites is in the public domain, considerable legal problems exist for employers over the use of the obtained information if it infringes upon legally protected areas of privacy. This section discusses compliance issues primarily in the United States and also in Japan. Recently, there has been a lot of publicity over some employers requesting Facebook password and login information from job applicants. While this practice caught the media’s attention, the reality is employers have been using social media to investigate job applicants for years. According to a survey conducted in 2011 by Reppler, a social media monitoring service in the US, 91% of the recruiters and hiring managers stated they have used social networking sites to screen prospective employees.
And, 69% of these recruiters and hiring managers revealed that they have denied employment to job applicants due to something they found on an applicant’s social networking site. Employers therefore need to be very cautious when using information that is obtained from social media when making hiring decisions. In litigation happy US, this can be a veritable minefield. Though the technology has outpaced the law, employers should be sure that the information they receive does not lead them to liability under the Fair Credit Reporting Act (FCRA), or under various state and federal employment discrimination laws.
2. Pre-employment Background Check
What is FCRA? FCRA governs pre-screening obtained from outside agencies. This law sets out various requirements and rules for pre-employment background reports, called Consumer Reports. Under the FCRA, employers must provide to job applicants (and employees) a disclosure that consumers report/background check will be performed and the employer should obtain the individual’s authorization to proceed with the check. Checks include medical, criminal and credit histories etc. FCRA states, among other things, that the most accurate up-to-date information must be used when screening and evaluating an applicant for employment. Companies who conduct their own in-house background checks does not fall under FCRA, but also face risks in crossing legal and ethical boundaries. Both will be discussed below.
Importantly, the FCRA requirements do not apply to employers who perform their own background checks. Thus, for example, if the employer’s own human resources personnel, or if the hiring manager, performs social media research on a job applicant, the FCRA does not apply to those actions. This searching is facilitated by the availability of smart phone applications for this type of research.
The Federal Trade Commission (FTC), which enforces the FCRA, has already warned a few of the companies providing these smart phone applications, but the FTC has not yet determined that an employer’s use of these smart phone applications is subject to the FCRA. Consequently, employers should be sure to understand the requirements and procedures of the FCRA, and are recommended to consult with an employment attorney. Employers should also be sure to monitor the “apps” they are using to learn whether the FTC has decided about a certain smart phone application. As the law evolves so must an employer’s behavior.
3. Privacy and Anti-Discrimination Laws
The topic of privacy is much more volatile. First let’s discuss from the job applicant perspective. Some argue that the applicant has surrendered the right to privacy by putting this information out there on a public forum and that they should be mindful of what they post. Some describe as akin to putting out your garbage out on the street. You have given up reasonable expectation of privacy and anyone is free to go through it. Most people would find that quite intrusive; especially if someone were to come across personal photos, and other effects, even worse, factor their findings into an employment decision. Others say that an applicant has a reasonable expectation of privacy and personal information should not be viewed or considered. Whatever your position on the matter, consider the purpose for making such a query. Is it in search of information that can’t be found during a high-quality interview and testing process? Is it job-related or just a quick open-ended search to discover if the applicant meets one particular person’s standard of decency?
Employers must therefore pay very close attention to privacy and anti-discrimination laws. For years, employers have been counseled not to invade employee privacy and not to base any employment decisions on ‘protected characteristics’. By reviewing social networking profiles and information, employers are learning about job applicants’ religious beliefs, marital status, family relationships, race, ethnicity, medical conditions, and other information that cannot be used to make an employment-based decision — protected characteristic information that is considered “taboo.” As a result, employers must take care when performing such research. Ultimately, should a discrimination claim arise, the employer will have the burden of proof to demonstrate that the decision to reject a job applicant was based on a legitimate non-discriminatory reason.
Once an employer reviews a candidate’s online profile, a court will assume you are aware of that person’s “protected characteristics” that are often part of their online postings. But what if a candidate’s profile suggests that he or she may not be appropriate for the position — or even shows a lack of candor about their background or abilities? Here are a few such scenarios: * A female candidate has numerous postings on her Facebook account about her ‘dog’ of an ex-husband who constantly skips his time with their children, causing her to miss work at her current job. * An applicant has applied for a job that requires heavy lifting and a lot of walking but whose online profiles reveals that he uses a cane. * Or postings of pictures of a job applicant getting drunk and acting stupid, or comments that reveal ignorance or bigotry.
Wise counsel advises treat it the same way you would if you had gained the knowledge via the interview or in a resume. Similarly, certain applicants may allege discrimination if the employer subjects them to additional scrutiny because they have an “Internet presence” or holds them to a higher standard while viewing and considering the information as opposed to those applicants who do not have social networking profiles. One practical method or work around being suggested is to only allow someone who is not involved in the hiring of the specific position to be the person who conducts the social media background check. Then, when the social media background check is completed, that person can summarize the job-related information that may be helpful in considering the applicant.
They don’t have to make no mention of the “protected” information (race, religion, medical condition, etc.) that would otherwise get the employer into trouble. This way, the hiring manager, or ultimate decision-maker, receives only the job-related information, and can demonstrate that the information unknown to him or her had nothing to do with the decision to hire another candidate.
Furthermore, before the job opening is even posted, employers should be clear about what they are really looking for in a social media background check, and whether it is necessary for the particular position. For example, the importance and extent of a social media background may depend on the position the company needs to fill (for example, a CFO position versus a seasonal stockroom employee). Certainly, employers should doing enough pre-hiring due diligence to avoid potential claims of negligent hiring, but they must balance those concerns with finding out information that exposes them to liability for discrimination.
4. Evolving Legislation Landscape
As reported earlier in this section, some employers are reported to be going further than just simple web surfing to research job candidates. Some have started to ask job applicants to provide the company with their Facebook username and password, and/or to require applicants to login to their Facebook accounts during an in-person interview. This situation has prompted legislative movements in the US this year. Senators Richard Blumenthal (D-CT) and Charles E. Schumer (D-NY) requested the US Department of Justice (DOJ) to determine if these employer requests violate the federal Stored Communications Act (SCA) or the Computer Fraud and Abuse Act (CFAA). They also asked the Equal Employment Opportunity Commission (EEOC) to determine whether employers who request login/password information are violating anti-discrimination statutes.
State legislators, including those in California, Illinois, Maryland and New Jersey, have also jumped on the bandwagon and have introduced legislation that aims to prohibit this practice. For example, in California, on March 27, 2012 Senator Leland Yee, (D-SF), introduced the “Social Media Privacy Act” (SB 1349) to the legislature. Senator Yee’s proposal would add new sections to the California Labor Code and Education Code prohibiting private and public colleges, universities, and employers from “requiring, or formally requesting in writing, a student or an employee, or a prospective student or employee, to disclose the user name or account password for a personal social media account, or to otherwise provide the institution or employer with access to any content of that account.”
While this piece of legislation is considered simple, and will need to be refined, the law is attempting to catch up. In general, employers should think twice, and consult an employment attorney, before establishing a practice of requiring employees and applicants to turn over login information. And, though the law is evolving in this specific area, employers should understand that such a practice might have many “non-legal” ramifications, like, the company losing talented employees and/or potential employees who refuse to give access to social media login credentials. Furthermore, such policies may lead to lower employee morale and distrust.
As in the US, there are similar risks for employers and recruiters crossing ethical and legal boundaries when using personal information as part of the hiring process. Stringent local privacy data laws have been enacted in Japan (Act on the Protection of Personal Information April 1 2005) but as in the US, a gap between technology between new and evolving realities of the internet and the existing law. So companies do face a risk here although it is recognized that resort to litigation is less here than in the US, and that recruitment using SNS is not being as embraced by companies here in Japan. Under the PPI Act companies or business operators having acquired personal information are required to promptly notify the person of the purpose of utilization.
But as in the US the legal situation regarding social medial is also a legal grey area and will remain so specific legislation is enacted. The tricky balancing act between a right to personal privacy and a right to conduct an investigation or recruiting; helping the selection of a fitting candidate, and protect against negligent hiring claims. There are some guidelines and limits to what a recruiting company may do, but companies would be well advised to consult with local attorneys and to consider developing their own social media policy
6. Final Comment on Compliance
There are several moving parts to the whole Internet, social media, recruiting, screening dynamic; many of which have yet to be defined. Social media related law is evolving. So the debate rages on…but without a doubt, the use of the Internet and social networking sites related to employment and hiring decisions will be finding its way into courts more and more in the not too distant future.