Employers Be Cautious Using Social Media To Screen Job Applicants

Print Friendly

Employers-Be-Cautious-Using-Social-Media-To-Screen-Job-Applicants-V1 copy

Recently, there has been “much ado” over some employers seeking Facebook password and login information from job applicants.  While this practice just recently caught the media’s attention, the reality is employers have been using social media to investigate job applicants for years.  For example, in 2011, Reppler, a social media monitoring service, conducted a survey of 300 hiring professionals to learn if, when, and how they are using social media to screen job applicants.  Specifically, according to the survey, 91% of the recruiters and hiring managers stated they have used social networking sites to screen prospective employees.  And, 69% of these recruiters and hiring managers revealed that they have denied employment to job applicants due to something they found on an applicant’s social networking site.

Employers, however, should be cautious when using information obtained from social media to make hiring decisions.  Though technology has outpaced the law in this area, employers should be sure that the information they receive does not lead them to liability under the Fair Credit Reporting Act (FCRA), or under various state and federal employment discrimination laws.

Complying With The FCRA:  Under the FCRA, employers must provide to job applicants (and employees) a disclosure that a consumer report/background check will be performed, and the employer should obtain the individual’s authorization to proceed with the check.  Furthermore, the employer must provide notice to the individual if it will take adverse action (not hire the individual, for example), before the employer takes that action.  The FCRA also requires an employer to provide a post-adverse action notice as well.

Importantly, the FCRA requirements do not apply to employers who perform their own background checks without using a consumer-reporting agency to obtain the information.  Thus, for example, if the employer’s own human resources personnel, or if the hiring manager, performs social media research on a job applicant, the FCRA does not apply to those actions.  And, of course, there are smartphone applications for this type of research.  The FTC warned a few of the companies providing these smartphone applications, but the FTC has not yet determined that an employer’s use of these smartphone applications are subject to the FCRA.

Consequently, employers should be sure to understand the requirements and procedures of the FCRA, and consult an employment attorney.  Employers should also be sure to monitor the “apps” they are using to learn whether the FTC has opined about a certain smartphone application.  Simply, as the law evolves, so must employer behavior.

Watch Out For Discrimination Claims:  Employers must also pay close attention to privacy and anti-discrimination laws.  For years, employers have been counseled to not invade employee privacy, to not base any employment decisions on protected characteristics, and to avoid unlawful questions during the hiring process.  Now, with so many employers conducting pre-employment research on a job applicant’s social profile, employers are opening themselves up to discrimination claims under federal, state, and even local laws.

By reviewing social networking profiles and information, employers are learning about job applicants’ religious beliefs, marital status, family relationships, race, ethnicity, medical conditions, and other information that cannot be used to make an employment-based decision — information that is considered “taboo.”  As a result, employers must take care when performing such research.  Ultimately, should a discrimination claim arise, the employer will have the burden of proof to demonstrate that the decision to reject a job applicant was based on a legitimate non-discriminatory reason, rather than the fact that the employer learned of the job applicant’s sexual orientation, the projected due date of the job applicant’s baby, or any other protected characteristic.

One practical method is to only allow someone who is not involved in the hiring of the specific position to be the person who conducts the social media background check.  Then, when the social media background check is completed, that person can summarize the job-related information that may be helpful in considering the applicant, and can make no mention of the “protected” information (race, religion, medical condition, etc.) that would otherwise get the employer into trouble.  This way, the hiring manager, or ultimate decision-maker, receives only the job-related information, and can demonstrate that the information unknown to him or her had nothing to do with the decision to hire another candidate.

Furthermore, before the job opening is even posted, employers should be clear about what they are really looking for in a social media background check, and whether it is necessary for the particular position.  For example, the importance and extent of a social media background may depend on the position the company needs to fill (for example, a CFO position versus a seasonal stockroom employee). Certainly, employers should doing enough pre-hiring due diligence to avoid potential claims of negligent hiring, but they must balance those concerns with finding out information that exposes them to liability for discrimination.

About Those Requests For Login/Password Information:  As recently reported, some employers have gone much further than just simple web surfing to research job candidates.  Some have started to ask job applicants to provide the company with their Facebook username and password, and/or to require applicants to login to their Facebook accounts during an in-person interview.

In response to the spotlight on these news reports, Senators Richard Blumenthal (D-CT) and Charles E. Schumer (D-NY) have requested the Department of Justice (DOJ) to determine if these employer requests violate the federal Stored Communications Act (SCA) or the Computer Fraud and Abuse Act (CFAA).   Generally, the SCA, 18 U.S.C. § 2701, prohibits intentional access to electronic information without authorization or intentionally exceeding that authorization, and the CFAA, 18 U.S.C. § 1030(a)(2)(C), prohibits intentional access to a computer to obtain information without authorization.  They also asked the Equal Employment Opportunity Commission (EEOC) to determine whether employers who request login/password information are violating anti-discrimination statutes.

State legislators, including those in California, Illinois, Maryland and New Jersey, have also jumped on the bandwagon and have introduced legislation that aims to prohibit this practice.  For example, in California, on March 27, 2012 Senator Leland Yee, D-San Francisco, introduced the “Social Media Privacy Act” (SB 1349) to the legislature.   Senator Yee’s proposal would add new sections to the California Labor Code and Education Code prohibiting private and public colleges, universities, and employers from “requiring, or formally requesting in writing, a student or an employee, or a prospective student or employee, to disclose the user name or account password for a personal social media account, or to otherwise provide the institution or employer with access to any content of that account.”  While this piece of legislation is a bit too simple, and will likely need to be refined, the law is attempting to catch up with technology in this area.

In general, employers should think twice, and consult an employment attorney, before establishing a practice of requiring employees and applicants to turn over login information.  And, though the law is evolving in this specific area, employers should understand that such a practice might have many “non-legal” ramifications, like, the company losing talented employees and/or potential employees who refuse to give access to social media login credentials.  Furthermore, such policies may lead to lower employee morale and distrust, and other issues that will be explored in future posts concerning social media and employment law.

Information provided on this website is not legal advice, nor should you act on anything stated in this article without conferring with the Author or other legal counsel regarding your specific situation.

James Wu
James Y. Wu contributes a monthly column on Social Media and Employment Law. For nearly 20 years, James has provided day-to-day counseling and advice to employers regarding compliance with employment laws and reducing the risks of employment-related claims and lawsuits. He also provides strategic litigation services when claims and lawsuits do arise. After practicing at some of the nation's leading law firms, James opened his own law office in order to continue to provide his top-notch service at a much more reasonable rate for his clients. James earned his JD from Boston College Law School and both his BA and MA from Stanford University. +James Wu
James Wu


  1. BettyBlueEyes says

    Now, if only someone will prevent the practice of asking for your Social Security number on the application. If you don’t provide it, the application is rejected. They say it’s so they can do a background check. But why do you need a background check on every applicant? They also are now asking for the year of your high school graduation. Why? Obviously, they’ve realized that older people can graduate from college along with younger people. So a college grad year no longer reveals the candidate’s likely age. However, a high school graduation typically coincides approximately with the applicant’s 18th birthday. Now the prospective employer can avoid hiring on the basis of age and yet not be so obvious about it. Discrimination is alive and well.

    • says

      Betty, thanks for your comment.  I advise my clients to NOT request SSNs on applications. If the applicant gets farther into the hiring process, and if the employer feels it needs to conduct a background check, the practice of employers asking for SSNs at that point is not likely to change as long as SSNs remain the best way to identify someone via record-keeping (criminal records, address/residency, etc.).  Employers should definitely be cautious about background checks, and the use of the SSN once it is provided to them.  Many states have laws regarding what a business can and cannot do with an individual’s SSN.  For example, in California, there are various provisions under the California Civil, Family and Labor Codes regarding SSNs. 

      As for asking for year of HS graduation:  Such a question can certainly raise an eyebrow or two and support the argument that the employer may have some sort of age bias.  The better question for an employer to ask is if the applicant is 18 years or older.

  2. says

    Good article.

    From a security point of view, this is a totally counterproductive practice. Anyone that is willing to hand over their personal credentials like this is going to be even more likely to hand over professional credentials.

    In a way, this practice ensures that you reject the people you should hire from a data security perspective.

    • says

       Christopher, interesting perspective, and thank you for your comment.  Some employers, however, ask the employee to access their social media accounts during an interview, so the employer does not necessarily ask for the personal credentials.  One justification for doing this is to check if the applicant has posted any confidential information from the applicant’s current or former employers.  Thus, the employer is checking to see if there has been a data security issue in the past.

      • says

        Thanks James,

        Yeah, from a security point of view it’s less egregious to let someone “shoulder surf” (though I’d worry about them trying to watch and remember my password).I still though would take any willingness to give up personal privacy as a cautionary sign about the person’s dedication to protecting my company’s information and secrets.

Please Leave a Comment!