Legal Issues Surrounding Social Media Background Checks
By Michelle Sherman
Agatha Christie had a novel take on invention being the mother of necessity. She disagreed and said, “[I]nvention, in my opinion, arises directly from idleness, possibly also from laziness. To save oneself trouble.” She may have been onto something when you think about businesses that are turning to outside vendors to research employees and job candidates for them. Whether or not these outside vendors are the best solution, however, remains to be seen.
- Companies Should Have An Internal Procedure For Researching Job Candidates And Employees On The Internet
We recommended earlier this year that businesses establish an internal procedure for making employment decisions based on Internet research, so they would not run afoul of state and federal laws that prohibit job discrimination based on protected factors. The protected factors include, for example: (1) Race, color, national origin, religion and gender under Title VII of the Civil Rights Act of 1964; and (2) Sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity under California law. Most states have their own list of protected factors, which should be considered depending on where your company has employees.
Not surprisingly, the legal risks of making employment decisions using the Internet have become a real concern for businesses, especially when you consider that 54% of employers surveyed in 2011 acknowledged using the Internet to research job candidates. The actual number of employers using the Internet is probably higher, and sometimes companies may not even be aware that their employees are researching job candidates and factoring that information into their evaluations. This is yet another reason to establish an internal procedure for researching job candidates, and communicating your procedure to employees who are participating in the employment process.
There is nothing wrong with researching people on the Internet so long as it is done properly. The Internet has a wealth of useful information, some of it intentionally posted by job applicants for employers to consider such as LinkedIn profiles.
With this “necessity” to do Internet searches properly, some businesses have turned to outside vendors to do the research for them, and, thereby, try to reduce their legal exposure and the administrative inconvenience of doing it themselves. At least one of these vendors has received letters concerning its business practices from the Federal Trade Commission (“FTC”) and, more recently, two U.S. Senators.
- The Business Practices Of Outside Vendors That Provide Social Media Background Checks Are Being Examined For Compliance With Privacy And Intellectual Property Laws
On May 9, 2011, the staff of the FTC’s Division of Privacy and Identity Protection sent a “no action” letter to Social Intelligence Corporation (“Social Intelligence”), “an Internet and social media background screening service used by employers in pre-employment background screening.” The FTC treated Social Intelligence as a consumer reporting agency “because it assembles or evaluates consumer report information that is furnished to third parties that use such information as a factor in establishing a consumer’s eligibility for employment.” The FTC stated that the same rules that apply to consumer reporting agencies (such as the Fair Credit Reporting Act (“FCRA”)) apply equally in the social networking context. These rules include the obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports. Businesses should also be mindful of similar state consumer protection laws that may be applicable (e.g. California Investigative Consumer Reporting Agencies Act).
The FTC concluded by stating that information provided by Social Intelligence about its policies and procedures for compliance with the FCRA appears not to warrant further action, but that its action “is not to be construed as a determination that a violation may not have occurred,” and that the FTC “reserves the right to take further action as the public interest may require.” This FTC “no action” letter was reported fairly widely, and probably increased the comfort level of businesses that wanted to use an outside service for Internet background checks.
On September 19, 2011, Senators Richard Blumenthal (D-Conn) and Al Franken (D-Minn) sent a letter to Social Intelligence with 13 questions regarding whether the company is taking steps to ensure that the information it is gathering from social networks is accurate, whether the company is respecting the guidelines for how the websites and their users want the content used, and whether the company is protecting consumers’ right to online privacy. The letter raises some legitimate concerns, and requests a prompt response from Social Intelligence to the questions presented.
- Legal Assurances That Your Company May Want To Seek If Using An Outside Vendor
Some of the questions also warrant due consideration on the part of businesses receiving reports from outside vendors about how much weight they want to give the information provided. Further, what the business may want in the form of legal assurances from the outside vendor that no laws (e.g. FCRA, privacy, copyright, or other intellectual property laws) have been violated in gathering the information or providing screenshot copies of pages from social networking sites.
Some of the questions from the Senators which raise these concerns include, for example:
1. “How does your company determine the accuracy of the information it provides to employers?” [Social Intelligence is reportedly collecting social networking activity dating back 7 years, and, therefore, may capture something that was later removed, or was a “tag” post through a picture that the job candidate was not responsible for making public, and may have removed once it came to his attention.]
2. “Is your company able to differentiate among applicants with common names? How?” [e.g. Have they researched the correct “Jane Smith” of the hundreds on Facebook since social security numbers or other specific identifying information is not useful on social networking sites as it is with the standard background check.]
3. “Is the information that your company collects from social media websites like Facebook limited to information that can be seen by everyone, or does your company endeavor to access restricted information.”
4. “The reports that your company prepares for employers contain screenshots of the sources of the information your company compiles…These websites are typically governed by terms of service agreements that prohibit the collection, dissemination, or sale of users’ content without the consent of the user and/or the website….. Your company’s business model seems to necessitate violating these agreements. does your company operate in compliance with the agreements found on sites whose content your company compiles and sells?”
5. There appears “to be significant violations of user’s intellectual property rights to control the use of the content that your company collects and sells. …. These pictures [of the users], taken from sites like Flickr and Picasa, are often licensed by the owner for a narrow set of uses, such as noncommercial use only or a prohibition on derivative works. Does your company obtain permission from the owners of these pictures to use, sell, or modify them?”
Establishing an internal procedure for using the Internet to make employment decisions is one more piece of a sound ethics and compliance program that addresses how your company is using social media. If using an outside vendor to perform social media background checks is part of that policy, you should assure yourself that the company is acting in compliance with the relevant laws.
This article was originally posted on Sheppard Mullin's Social Media Law Update blog, which can be found at www.socialmedialawupdate.com.
For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)