
So where does social media come into this? Many employers
routinely access social media to do their own applicant screening, and there is
nothing
inherently unlawful about that. If anti-discrimination laws are followed –
that is, if applicants of a particular ethnicity, gender, age, or other
protected characteristic are not singled out for screening, and if the employer
does not consider protected characteristics in making employment decisions -
the use of social media-based screening is legally acceptable and may be a
helpful hiring tool. When social media-based screening of applicants is
done by a third party, however, the requirements of FCRA, as well as the
requirements of anti-discrimination law, must be considered.
Regardless of what it’s called or how it’s obtained,
background information obtained from a third party must be handled with care.
The EEOC
and the Federal
Trade Commission (FTC) have both concluded that “cyber screening,” social
media “scraping,” and information obtained from data aggregators and social
media data collection companies are subject to the requirements of FCRA. That
means that the collectors of such data must take reasonable steps to ensure the
accuracy and relevance of the information they provide, and must require their
employer-customers to certify that the information won’t be used in a manner
that violates EEO laws. Both data collectors and employers must keep the
data secure and dispose of it properly when it’s no longer needed. And
for employers, there is no difference between information obtained from social
media and information obtained through any other sort of background check by a
third party. FCRA requirements and restrictions apply.
Employers who use or plan to use an internet or social
media-based background screening service to identify prospective hires or check
out applicants’ backgrounds should understand their FCRA obligations, and
should keep the following in mind:
-
Providers of social-media based data should be able to demonstrate their understanding of and compliance with FCRA.
-
Any claim by a data collector or other provider that it is exempt from FCRA, and any claim that data provided doesn’t constitute a FCRA-controlled background check, should be treated with utmost skepticism.
-
Before social media-based information from a third party is accepted or considered, employers should be confident of their internal practices and ready to comply with FCRA’s complicated notice provisions.
There is more than FCRA to think about when using
social-media based information, of course. The EEO laws noted above,
including state and local laws, must be considered. Data security
and the protection of personally
identifiable information are important. But we find that FCRA is less
known and less well understood than other legal obligations, and we know that
new methods and providers of social media-based background checks are popping
up all the time. We encourage employers to stay aware of the changing landscape
and avoid its legal pitfalls.
Posted by Judy Langevin