Fol­low­ing can­di­dates or employ­ees on social net­work­ing sites: A minefield

In Brief

Social net­work­ing is not a fad, but a fun­da­men­tal shift in the way we com­mu­ni­cate. Thus it is no sur­prise that employ­ers are increas­ing­ly using social net­work­ing sites to vet poten­tial employ­ees and to mon­i­tor the behav­iour of cur­rent employ­ees. How­ev­er, this devel­op­ment rais­es sig­nif­i­cant pri­va­cy con­cerns and can expose both cur­rent and poten­tial employ­ers to claims of discrimination.

Social media vetting

In the Unit­ed States there is a cur­rent prac­tice of employ­ers ask­ing for direct access to prospec­tive employ­ees’ social media accounts, includ­ing user names and pass­words. In 2011, a social media mon­i­tor­ing ser­vice sur­vey revealed that 91% of the sur­veyed recruiters in the Unit­ed States used social net­work sites to eval­u­ate job appli­cants; 69% of these revealed that they had denied employ­ment to can­di­dates due to some­thing they found on an applicant’s social net­work­ing site.

There have also been instances where employ­ers have required can­di­dates to pro­vide their pass­words for social net­work­ing sites dur­ing the recruit­ment process. Some reg­u­la­tors have, or are con­sid­er­ing, sim­i­lar require­ments. For exam­ple, the Board of the Flori­da Bar is con­sid­er­ing whether to require lawyer appli­cants to list per­son­al web sites and grant access to the Board to those sites. Clear­ly, social net­work­ing is con­sid­ered of great val­ue in deter­min­ing the appro­pri­ate­ness of candidates.

It is impor­tant to remem­ber that com­mu­ni­ca­tions that occur offline, have lim­it­ed reach. More thought may also go into the con­tent or tone of an offline writ­ten com­mu­ni­ca­tion. Per­son­al com­mu­ni­ca­tions offline gen­er­al­ly are and remain pri­vate com­mu­ni­ca­tions. Social net­works break down bound­aries, make it easy for intend­ed pri­vate com­mu­ni­ca­tions to become pub­lic, and have a seem­ing­ly lim­it­less reach. Many for­get that whilst social media may be a means of per­son­al (and pub­lic) com­mu­ni­ca­tion, it is not a pri­vate” domain – the default posi­tion is that every­thing is pub­lic. Indi­vid­u­als (and busi­ness­es for that mat­ter) need to remem­ber that every­thing they post is pub­lic” and may be avail­able not only to their friends and peers, but employ­ers, clients and poten­tial clients. 

The already fine line between what is con­sid­ered per­son­al space’, pri­vate space’ and pub­lic space’ is expect­ed to become even fin­er with new social media offer­ings. For exam­ple, Face­book is about to launch a new job post­ing ser­vice her­ald­ed as a poten­tial rival to oth­er online job ser­vices such as LinkedIn. Whilst it is unclear as yet how this new job ser­vice will oper­ate, if a can­di­date lodges a job appli­ca­tion through the Face­book ser­vice (par­tic­u­lar­ly if the appli­ca­tion is linked to the can­di­date’s Face­book account), this may be con­sid­ered as implied con­sent for the employ­er to vet that can­di­date on the basis of the infor­ma­tion con­tained in their Face­book account.

Legal ram­i­fi­ca­tions of social media vetting

Employ­ers must be care­ful when using social media to obtain infor­ma­tion about staff or can­di­dates, even if there is express or implied con­sent to access that infor­ma­tion from the indi­vid­ual con­cerned, as it can lead to sig­nif­i­cant legal implications.

Face­book has respond­ed to the prac­tice of request­ing user­names and pass­words by mak­ing solic­i­ta­tion or shar­ing of a user’s pass­word a breach of its terms of ser­vice. Any coer­cion by an employ­er (who is also a Face­book user) of a can­di­date to pro­vide Face­book details is a breach of those terms by the employer.

Where infor­ma­tion is only avail­able to friends”, and access is not pro­vid­ed by the can­di­date, it may be unlaw­ful and an eth­i­cal breach to ask a third par­ty to send a friend request to a can­di­date or employ­ee in order for the employ­er to dis­cov­er infor­ma­tion on that person‘s pro­file page. This is par­tic­u­lar­ly the case in pro­fes­sions that have spe­cif­ic codes of ethics and con­duct (such as those gov­ern­ing lawyers, accoun­tants or oth­er pro­fes­sions). Fur­ther, it may also equate to mis­lead­ing or decep­tive con­duct in breach of Aus­tralian law. Sim­i­lar­ly, shoul­der-surf­ing (the prac­tice of request­ing can­di­dates to log-in whilst the employ­er looks over that per­son­’s shoul­der), may also breach eth­i­cal guidelines. 

Requests for access to social media sites also rais­es the extent of any con­sent giv­en to access that infor­ma­tion. Is the can­di­date autho­ris­ing access only dur­ing the recruit­ment process, or can an employ­er con­tin­ue to access the account sub­se­quent­ly (for exam­ple, dur­ing the employ­ment rela­tion­ship)? Even if con­sent extends beyond the recruit­ment process (which, in the absence of an express term, we doubt), that con­sent does not autho­rise the use of any infor­ma­tion for unlaw­ful dis­crim­i­na­to­ry pur­pos­es. Fur­ther, the infor­ma­tion that may be gath­ered is unlike­ly to fall with­in the employ­ee record excep­tion in the Pri­va­cy Act and so must be dealt with by the employ­er as per­son­al information”.

Pure­ly as a method of recruit­ment, the prac­tice is risky because employ­ers may find out infor­ma­tion that is not rel­e­vant to the hir­ing deci­sion. Even if the infor­ma­tion is not used as part of the process, an unsuc­cess­ful can­di­date could chal­lenge the employ­er that the infor­ma­tion obtained was used adverse­ly, for exam­ple not to hire that can­di­date. The fact that the infor­ma­tion, which oth­er­wise would not be avail­able and would nev­er be solicit­ed in an inter­view, came into the pos­ses­sion of the poten­tial employ­er will arguably allow an unsuc­cess­ful can­di­date to allege that it was weighed in the deci­sion mak­ing process and used to dis­crim­i­nate against the can­di­date unlaw­ful­ly. The employ­er is then oblig­ed to demon­strate that the infor­ma­tion gath­ered was not a fac­tor in the deci­sion. Dif­fi­cul­ties for the employ­er arise when the infor­ma­tion is in the pos­ses­sion of the employ­er and the impli­ca­tion of the search for that type of irrel­e­vant, per­son­al infor­ma­tion is that it was to be used in the hir­ing decision.

Recent­ly, some juris­dic­tions have intro­duced new laws that restrict on the prac­tice. Cal­i­for­nia has passed a bill that pre­vents employ­ers from demand­ing job appli­cants’ pass­words for social net­work­ing sites. Sim­i­lar leg­is­la­tion has been intro­duced in the U.S. Con­gress and is being con­sid­ered in six oth­er U.S. states.

There is no leg­is­la­tion deal­ing with this in Aus­tralia and, as far as we can tell, it is not being con­sid­ered. Whilst the NSW Work­place Sur­veil­lance leg­is­la­tion requires an employ­er to only under­take sur­veil­lance of an employ­ee at work” with the employ­ee’s knowl­edge and con­sent and in accor­dance with the organ­i­sa­tion’s pol­i­cy, which is dis­closed to the employ­ee, the leg­is­la­tion does not reg­u­late any sur­veil­lance of employ­ees elec­tron­i­cal­ly (through mon­i­tor­ing social net­work con­tent) of activ­i­ty out­side of work.

How­ev­er, best prac­tice dic­tates that, if social media is used for pur­pos­es of track­ing employ­ee activ­i­ty (includ­ing, for exam­ple, val­i­dat­ing activ­i­ty when on sick leave), the prac­tice is dealt with in the organ­i­sa­tion’s work­place sur­veil­lance and elec­tron­ic com­mu­ni­ca­tions pol­i­cy and is with employ­ee knowl­edge and con­sent. Any terms, includ­ing lim­i­ta­tions, of the con­sent giv­en by the indi­vid­ual must be set out clear­ly in writing.

As the tech­nol­o­gy and cor­re­spond­ing busi­ness prac­tices in this space con­tin­ue to devel­op, so too will the law. Giv­en the glob­al nature of social net­work­ing, the law in Aus­tralia is not the only leg­is­la­tion that employ­ers will need to con­sid­er. It is clear that, to min­imise lia­bil­i­ty, employ­ers must ensure that they are ful­ly aware of all the poten­tial risks in engag­ing in any can­di­date vet­ting or employ­ee sur­veil­lance activ­i­ties using social media.

If you would like to know more, please con­tact our Com­mer­cial and IP & Tech­nol­o­gy Team.