16 August 2012 Following candidates or employees on social networking sites: A minefield

By Commercial and IP & Technology Team

In Brief

Social networking is not a fad, but a fundamental shift in the way we communicate.  Thus it is no surprise that employers are increasingly using social networking sites to vet potential employees and to monitor the behaviour of current employees.  However, this development raises significant privacy concerns and can expose both current and potential employers to claims of discrimination.

Social media vetting

In the United States there is a current practice of employers asking for direct access to prospective employees' social media accounts, including user names and passwords.  In 2011, a social media monitoring service survey revealed that 91% of the surveyed recruiters in the United States used social network sites to evaluate job applicants; 69% of these revealed that they had denied employment to candidates due to something they found on an applicant’s social networking site.

There have also been instances where employers have required candidates to provide their passwords for social networking sites during the recruitment process.  Some regulators have, or are considering, similar requirements.  For example, the Board of the Florida Bar is considering whether to require lawyer applicants to list personal web sites and grant access to the Board to those sites.  Clearly, social networking is considered of great value in determining the appropriateness of candidates.

It is important to remember that communications that occur offline, have limited reach.  More thought may also go into the content or tone of an offline written communication.  Personal communications offline generally are and remain private communications.  Social networks break down boundaries, make it easy for intended private communications to become public, and have a seemingly limitless reach.  Many forget that whilst social media may be a means of personal (and public) communication, it is not a "private" domain – the default position is that everything is public.  Individuals (and businesses for that matter) need to remember that everything they post is "public" and may be available not only to their friends and peers, but employers, clients and potential clients. 

The already fine line between what is considered 'personal space', 'private space' and 'public space' is expected to become even finer with new social media offerings.  For example, Facebook is about to launch a new job posting service heralded as a potential rival to other online job services such as LinkedIn.  Whilst it is unclear as yet how this new job service will operate, if a candidate lodges a job application through the Facebook service (particularly if the application is linked to the candidate's Facebook account), this may be considered as implied consent for the employer to vet that candidate on the basis of the information contained in their Facebook account.

Legal ramifications of social media vetting

Employers must be careful when using social media to obtain information about staff or candidates, even if there is express or implied consent to access that information from the individual concerned, as it can lead to significant legal implications.

Facebook has responded to the practice of requesting usernames and passwords by making solicitation or sharing of a user's password a breach of its terms of service.  Any coercion by an employer (who is also a Facebook user) of a candidate to provide Facebook details is a breach of those terms by the employer.

Where information is only available to "friends", and access is not provided by the candidate, it may be unlawful and an ethical breach to ask a third party to send a friend request to a candidate or employee in order for the employer to discover information on that person‘s profile page.  This is particularly the case in professions that have specific codes of ethics and conduct (such as those governing lawyers, accountants or other professions).  Further, it may also equate to misleading or deceptive conduct in breach of Australian law. Similarly, shoulder-surfing (the practice of requesting candidates to log-in whilst the employer looks over that person's shoulder), may also breach ethical guidelines. 

Requests for access to social media sites also raises the extent of any consent given to access that information.  Is the candidate authorising access only during the recruitment process, or can an employer continue to access the account subsequently (for example, during the employment relationship)?  Even if consent extends beyond the recruitment process (which, in the absence of an express term, we doubt), that consent does not authorise the use of any information for unlawful discriminatory purposes.  Further, the information that may be gathered is unlikely to fall within the employee record exception in the Privacy Act and so must be dealt with by the employer as "personal information".

Purely as a method of recruitment, the practice is risky because employers may find out information that is not relevant to the hiring decision. Even if the information is not used as part of the process, an unsuccessful candidate could challenge the employer that the information obtained was used adversely, for example not to hire that candidate.  The fact that the information, which otherwise would not be available and would never be solicited in an interview, came into the possession of the potential employer will arguably allow an unsuccessful candidate to allege that it was weighed in the decision making process and used to discriminate against the candidate unlawfully.  The employer is then obliged to demonstrate that the information gathered was not a factor in the decision.  Difficulties for the employer arise when the information is in the possession of the employer and the implication of the search for that type of irrelevant, personal information is that it was to be used in the hiring decision.

Recently, some jurisdictions have introduced new laws that restrict on the practice. California has passed a bill that prevents employers from demanding job applicants' passwords for social networking sites.  Similar legislation has been introduced in the U.S. Congress and is being considered in six other U.S. states.

There is no legislation dealing with this in Australia and, as far as we can tell, it is not being considered.  Whilst the NSW Workplace Surveillance legislation requires an employer to only undertake surveillance of an employee "at work" with the employee's knowledge and consent and in accordance with the organisation's policy, which is disclosed to the employee,  the legislation does not regulate any surveillance of employees electronically (through monitoring social network content) of activity outside of work.

However, best practice dictates that, if social media is used for purposes of tracking employee activity (including, for example, validating activity when on sick leave), the practice is dealt with in the organisation's workplace surveillance and electronic communications policy and is with employee knowledge and consent.  Any terms, including limitations, of the consent given by the individual must be set out clearly in writing.

As the technology and corresponding business practices in this space continue to develop, so too will the law.  Given the global nature of social networking, the law in Australia is not the only legislation that employers will need to consider.  It is clear that, to minimise liability, employers must ensure that they are fully aware of all the potential risks in engaging in any candidate vetting or employee surveillance activities using social media.

If you would like to know more, please contact our Commercial and IP & Technology Team.

If you would like to republish this article, it is generally approved, but prior to doing so please contact the Marketing team at

This article is not legal advice and the views and comments are of a general nature only. This article is not to be relied upon in substitution for detailed legal advice.

Back to publications
Association Memberships
Tristan Jepson Memorial Foundation
  • 2018 - Recommended Doyles Guide
  • 2018 - Recommended Doyles Guide
  • 2018 - Recommended Doyles Guide