Can An Employer Be Liable For Not Googling A Job Applicant?

I’ve written and spoke a lot during the last year on the topic of using the Internet (primarily Google) to conduct background research on job applicants and employees. I have always maintained that employers are permitted to use the Internet to conduct these “background checks.”

There were a number of attorneys out there who recommended that employers not do this, and there probably attorneys who still are maintaining this position. But a job applicant, or employee, would have a very hard time claiming that they have a privacy interest in anything posted on the Internet for everyone else to see. For example, individuals who do not take careful steps to protect their Facebook information, would have a hard time arguing that because they did not limit access to their information that it would still be private information.

I think the bigger concern these days is if employers do not search out potential applicants on the Internet. As Seth Godin recently noted, a friend of his found some very interesting information through Google about three people he thought would be a good housekeeper.

I could easily see a case made against an employer for negligent hiring when a simple and free Google search would have put the employer on notice that the individual has a criminal record or might pose a threat to other employees or customers. Now, employers still need to be careful about the information they are relying upon: it goes without saying that everything you read on the Internet is not true and some information found in the Internet cannot be used for employment purposes. For example, California’s Megan’s Law website that provides information about registered sex offenders clearly sets forth the information cannot be used for employment purposes.
 

Approach With Caution: Conducting Background Checks Using Facebook, MySpace or the Internet

Employers are becoming more and more aware of the information obtainable via the internet about their current employees as well as applicants.  Many are looking up prospective and current employees' Facebook and MySpace pages to glean more information about the individual.  As the the Fox News video below shows, current employees need to be careful what they tell their bosses to get the day off of work, versus the information posted on their Facebook page.


While the information posted on the Internet on social networking sites is usually public for everyone to see, employers need to be aware of potential claims against them.  The law is behind in the times and there are many uncertainties in this area.  Listed below are some potential pitfalls that employers need to be aware of when using the Internet to conduct background checks.

Federal and State Discrimination Claims


Because people are becoming so comfortable in sharing private information on social networking sites, employers may learn too much information about an applicant that would not and could not have been discovered through an interview. Discovery of this personal information is not unlawful – it is likely that the employer would find out many of these traits at the first in-person interview with the applicant anyway. However, employers cannot base its employment decisions upon a protected category, such as race or gender.   By learning about this type of information of an applicant via their on-line profile, the employer may have to explain that the information did not enter into the hiring decision. 

Invasion of Privacy Claims

Though one might argue that members of social networking sites have no expectation of privacy (since they’re posting information to the world) some applicants or employees might argue that the employer overstepped its legal bounds by using profile data in employment decisions. Arguably, the terms of service agreement may create expectation of privacy for users of site.
 
State Law Privacy Claims
Employees could potentially argue that using Facebook, MySpace or similar site to conduct background checks violate state statutory law. For example, California and New York have statutes that prohibit employers from interfering with employee’s off-duty private lives. Employees may attempt to argue a public policy violation has occurred in violating a state statute that protects off-duty conduct from employer’s control.

State common law could also create liability. Generally, there are four common law torts for invasion of privacy:
  1. intrusion upon seclusion,
  2. public disclosure of private facts causing injury to one's reputation,
  3. publicly placing an individual in a false light, and
  4. appropriation of another's name or likeness for one's own use or benefit.
As explained by one court, the tort of unreasonable intrusion upon the seclusion of another, "depends upon some type of highly offensive prying into the physical boundaries or affairs of another person. The basis of the tort is not publication or publicity. Rather, the core of this tort is the offensive prying into the private domain of another." (citing Restatement (Second) of Torts § 652B, comments a, b, at 378-79 (1977)). Generally, the invasion of privacy must consist of (1) highly offensive intrusion (deceitful means to obtain information); and (2) prying into private information (information placed on the web is most likely not private).

Fair Credit Reporting Act

An employer’s use of social networking sites may implicate the FCRA, which places additional disclosures and authorization requirements on employers. In enacting the FCRA, Congress stated its underlying purpose was to ensure that decisions affecting extension of credit, insurance, and employment, among other things, were based on fair, accurate, and relevant information about consumers. The FCRA is intended to provide employee with notice of the background check, authorization to conduct the check in certain circumstances, and disclosure to the employee if the information is used in the employment context.

FCRA Definitions:
  • A “consumer report” is defined at as information (oral, written, or other communication) provided by a “consumer reporting agency” about credit matters as well as about a person’s “character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes.”
  • Another kind of “consumer report,” called an “investigative consumer report” contains information on a consumer’s character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews with friends, neighbors, and associates of the consumer.
  • A “consumer reporting agency,” is defined as “any person who regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.”
Employers who conduct the background checks internally do not qualify as a “consumer reporting agency” and therefore the FCRA does not apply. Employers still need to be careful, however, because state law may apply. For example, California Investigative Consumer Reporting Agencies Act is more restrictive than the FCRA.

Terms of Service Violations

Facebook, MySpace, and similar sites have terms of service posted on their pages that generally prohibit use of their content for “commercial purposes.” Violation of the terms of service would not automatically create a cause of action in and of itself. However, as discussed above, it may be a way for a plaintiff to argue that there is an expectation of privacy in using the site and everyone who signs up to use the site is agreeing to abide by those terms.

The Electronic Communications Privacy Act of 1986

The ECPA was intended to expand wiretapping protections to electronic communications.

Title I of the ECPA provides that “any person who intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished ... or shall be subject to suit ...."

Title II, known as the Stored Communications Act (SCA), focuses on communications in storage (e-mails, blogs, electronic bulletin or similar message boards) and most likely social networking sites. The Store Communications Act provides that "whoever (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished ...."

However, the SCA exempts from liability, ``conduct authorized ... by a user of that service with respect to a communication of or intended for that user.´´ A virtual community that has some type of privacy protection can create liability for an employer who provides false information or assumes an identity to gain access to the site.

Therefore, employers need to stay away from pretexting in order to gain access to an applicant's or employee's on-line profile. Also, websites and social networking sites open to the public are not covered by the SCA. Courts have indicated that a terms of service agreement, and nothing more, would not be enough to create a private webpage. There needs to be more protections taken by the publisher of the on-line content in order for the individual to prevail in asserting the site was “private” under the ECPA.  

Conclusion
Generally, under Federal law, employers may utilize social networking sites to conduct background checks on employees if:
  1. The employer and/or its agents conduct the background check themselves;
  2. The site is readily accessible to the public;
  3. The employer does not need to create a false alias to access the site;
  4. The employer does not have to provide any false information to gain access to the site; and
  5. The employer does not use the information learned from the site in a discriminatory manner or otherwise prohibited by law.

Teleconference On Using Facebook, MySpace, and Other Websites to Scope Out New Hires

I would like to thank everyone who participated in the BLR teleconference this morning.  It was a pleasure speaking to everyone. 

Due to the great interest in this topic, we will be conducting the seminar again on at least one one occasion, maybe two.  We will also provide a seminar specifically addressing liability under California state law when using social networking sites and the Internet in conducting background checks.  Please check back within the next week or two for the dates on these teleconferences, or send me an email and I can notify you when we finalize the dates.

To download today's PowerPoint slides, click here

Also, I've had a lot of requests to repeat the five general guidelines employers should keep in mind to avoid liability when conducting background checks on applicants on the Internet.  Under Federal law, employers may utilize social networking sites to conduct background checks on employees if:
  1. The employer and/or its agents conduct the background check themselves (i.e., does not use a third party to conduct the search);
  2. The site is readily accessible to the public;
  3. The employer does not need to create a false alias to access the site;
  4. The employer does not have to provide any false information to gain access to the site; and
  5. The employer does not use the information learned from the site in a discriminatory manner or as otherwise prohibited by law.