In May 2011, the Federal Trade Commission (FTC) ruled that companies providing social media information to employers – and employers who use the reports – must follow the same Fair Credit Reporting Act (FCRA) regulations that apply to more traditional sources. The FTC also stated that postings on any social media site can be saved by on-line background screening companies for up to seven years.
According to the FTC’s letter dated May 9, 2011 to a company that sells information from social networking sites for employment purposes, such a company is considered a Consumer Reporting Agency (CRA) and thus must take reasonable steps to ensure the accuracy of the information obtained from online social networks (as well as other sources) and positively identify it with the subject. It also must comply with other FCRA provisions, such as providing a copy of the report to the subject and maintaining an established protocol if the subject disputes the reported information. As with “traditional” background investigations, employers who use a report prepared by a CRA must certify to the CRA that the report will not be used in violations of federal or state equal employment opportunity laws or regulations. Additionally, both the CRA and the employer have a legal obligation to keep and dispose of the reports securely and properly. (For more information, see the FTC blog, “The Fair Credit Reporting Act & Social Media: What Businesses Should Know.”)
Social media legal experts and various literature point to a multitude of issues and risks faced by both the CRA and the employer who uses social media checks, which include, but are not limited to:
- Problems under FCRA section 607(b) in exercising “reasonable procedures to assure maximum possible accuracy” of the information.
Since the information on social media sites is self-reported and can be changed at any time, it is often difficult if not impossible to ascertain that the information is accurate, authentic and belongs to the subject. Online identity theft is not uncommon, as are postings under another person’s name for the purpose of “cyber–slamming” (which refers to online defamation, slander, bullying, harassment, etc.)
- Information may be discriminatory to job candidates or employees, or in violation of anti-retaliation laws.
Social sites and postings may reveal protected concerted activity under the National Labor Relations Act (NLRA,) and protected class information under Title VII of the Civil Rights Act and other federal laws, such as race, age, creed, nationality, ancestry, medical condition, disability, marital status, gender, sexual preference, labor union affiliations, certain social interests, or political associations. And while the information may have no impact on the employment decision, the fact that the information was accessed may support claims for discrimination, retaliation or harassment.
- Accessing the information may be in violation of the federal Stored Communications Act (SCA).
To the extent that an employer requests or requires an employee’s login or password information, searches of social networking sites may implicate the SCA (18 U.S.C. § 2701) and comparable state laws which prohibit access to stored electronic communications without valid authorization. A California court recently ruled that the SCA also may protect an employee’s private information on social networking sites from discovery in civil litigation.
- Assessing the information may violate terms of use agreements and privacy rights.
While certain social media sites have stricter privacy controls than others, most if not all limit the use of their content. The terms of use agreements typically state that the information is for “personal use only” and not for “commercial” purposes. Although the definition of “commercial” in connection with employment purposes is interpretive, most legal experts indicate that employment screening fits that scope.
- Information may be subjective and irrelevant to the employment decision.
Blogs, photos and similar postings often do not provide an objective depiction of the subject or predict job performance. The California Labor Code, for example, specifically provides that an employer is prevented from making employment-related decisions based on an employee’s legal off-duty conduct. Employers may use such information only if the off-duty conduct is illegal, if it presents a conflict of interest to the business or if it adversely affects the employee’s ability to do his/her job. And the evidence of such activities must be clear.
The popularity of employment-related background checks that include social media searches is growing rapidly. But the unreliable and unverifiable information from these sources is a potential landmine of legal liabilities.