Be Careful Out There

Be Careful Out There

For companies that want to learn more about their job candidates’ online activity without risking a lawsuit, using a third party to filter this information can be an effective method. But even when using a third party, experts warn, legal landmines remain afoot.

By Andrew R. McIlvaine

As an HR leader, are you concerned about using information gleaned from social networks to make employment decisions? You should be.

The ubiquity of social-networking sites means it can be quite tempting — for HR and hiring managers — to do a quick search of promising candidates just to make sure they are who they say they are, or aren’t actually miscreants posting hateful messages about other ethnic groups or graphic photos of themselves.

In fact, compared to the laws in many European countries, U.S. law gives employers a much freer hand in what they can monitor with respect to employees’ and candidates’ online behavior — and companies should take advantage of it, says Nancy Flynn, executive director of the ePolicy Institute in Columbus, Ohio, and author of The Social Media Handbook.

“Social media can give you real insight as to who the person behind the resume really is,” she says. “But you need to be very careful with how you use that information.”

When it’s mishandled, such information can be legally toxic for employers, says Flynn.

The public’s concern over the issue has resulted in new laws. Illinois recently became the second state (Maryland was the first) to ban the practice of employers asking job candidates and employees for the passwords to their social-network profiles. Other states, including Delaware, are considering similar legislation.

For companies that want to learn more about their job candidates’ online activity without risking a lawsuit, using a third party to filter this information can be an obvious solution. But even there, they must be careful.

“Once you use a third party for this, you become subject to the requirements of the Fair Credit Reporting Act,” says Peter Gillespie, an attorney with Fisher & Phillips in Chicago. That includes ensuring the vendor you hire for this purpose is compliant with FCRA, he adds.

A number of firms, including Santa Barbara, Calif.-based Social Intelligence Corp., offer social-media employment-screening services to clients. These firms — like all background-screening firms —å are required to abide by FCRA, which mandates that, among other things, they must do everything possible to verify that the information they uncover is accurate and furnish it to job candidates upon request.

“Get authorization from the candidate first, and ensure you’re getting a very limited report of what the person is doing,” says Gillespie.

“My understanding is that these vendors will only give you so-called ‘red flag reports,’ which detail activity that would most likely be undesirable in the workplace,” he says. “You’re not going to see photos, their ‘About Me’ page on Facebook or any personal information that would suggest a disability that they haven’t already disclosed to you.”

At least one such firm has gotten in trouble: In June, the Federal Trade Commission levied an $800,000 fine against Spokeo, a Pasadena, Calif.-based data collector for what the commission said was compiling and selling peoples’ personal information for use by potential employers in violation of FCRA.

Spokeo agreed to pay the fine without confirming that the charge was true.

At EmployeeScreen IQ, a Cleveland-based background-screening firm, company officials debated whether to offer a social-media-screening service to its clients.

The final verdict was “no,” says Angela Bosworth, the firm’s vice president and general counsel.

“We decided not to, because we have not figured out how to do it in a way that is accurate and compliant, and our focus is on providing solutions that are reliable and dependable,” she says.

On the Web, it’s too easy for employers to come across content — pertaining to age, race and disability status, for example — that they’d be prohibited from using to make hiring decisions, potentially exposing themselves to liability, says Bosworth.

“With the web, there’s always an audit trail,” she says. “If a candidate can track the fact that the employer even looked at their profile, then they can make a claim, even if HR says no decision was made on the basis of that information.”

Then there’s the very real risk that the information gleaned from social networks is inaccurate or entirely false, says Bosworth.

“There are many ways to create profiles for other people in their names,” she says. “It’s so easy to manipulate photos. How do you know whether this information is accurate?”

Employers that decide to vet candidates via social media on their own, instead of using a third party, must carefully document their reasons for rejecting such candidates, says Flynn.

“You need a legitimate business reason for rejecting them,” she says. “That can include the fact that they’ve posted content that’s contrary to your organization’s code of conduct and policies. It can’t be a vague ‘We just felt this person wasn’t right for us’ kind of thing.”

And, what if HR receives a complaint from an employee that a colleague is spreading malicious falsehoods about that person via social media — is there a way for the company to investigate without risking liability, particularly in states like Illinois?

There is indeed, says Gillespie.

“Ask the employee to print out a screen shot of the offending activity or download their Facebook activity and send it to the employer,” he says. “This way, you’re not accessing anyone’s account — they’re just giving you the information.”

Copyright 2012© LRP Publications. Reprinted with permission.