While the information posted on the Internet on social networking sites is usually public for everyone to see, employers need to be aware of potential claims for using this information in the employment context.  The law, as usual, cannot keep up with the fast-moving technology and change social media sites, so there are many uncertainties in this area.  This Friday’s Five discusses potential pitfalls California employers need to be aware of when conducting background checks.

1. Local City “Ban The Box” Ordinances

Many local cities in California have passed ordinances restricting an employer’s ability to conduct criminal history checks on applicants and employees.  For example, Los Angeles passed the Fair Chance Initiative for Hiring Ordinance that prohibits employers from seeking criminal background information prior to offering a job to applicants.  The law became effective on January 1, 2017, and the city began enforcing the law on July 1, 2017.  Under the ordinance, employers cannot conduct any “direct or indirect” activity to gather criminal history from or about any applicant using any form of communication, including on application forms, interviews or Criminal History Reports.  This includes searching the internet for information pertaining to the applicant’s criminal history.  Employers must be aware of their local ordinances to ensure that any background research on applicants or employees meets the requirements that apply to them.  More information on Los Angeles’ ordinance can be read here.

2. Federal and State Discrimination Claims

Because people are becoming so comfortable in sharing private information on social networking sites, employers may learn too much information about an applicant that would not and could not have been discovered through an interview. Discovery of this personal information is not unlawful – it is likely that the employer would find out many of these traits at the first in-person interview with the applicant anyway. However, employers cannot base its employment decisions upon a protected category, such as race or gender.   By learning about this type of information of an applicant via their on-line profile, the employer may have to explain that the information did not enter into the hiring decision.

3. Invasion of Privacy Claims

Though one might argue that members of social networking sites have no expectation of privacy (since the information is posted publicly) some applicants or employees might argue that the employer overstepped its legal bounds by using profile data in employment decisions. Arguably, the terms of service agreement may create expectation of privacy for users of site.

State Law Privacy Claims
Employees could potentially argue that using Facebook, Snapchat, Instagram, or similar site to conduct background checks violate state statutory law. For example, California and New York have statutes that prohibit employers from interfering with employee’s off-duty private lives. Employees may attempt to argue a public policy violation has occurred in violating a state statute that protects off-duty conduct from employer’s control.

State common law could also create liability. Generally, there are four common law torts for invasion of privacy:

  1. intrusion upon seclusion,
  2. public disclosure of private facts causing injury to one’s reputation,
  3. publicly placing an individual in a false light, and
  4. appropriation of another’s name or likeness for one’s own use or benefit.

As explained by one court, the tort of unreasonable intrusion upon the seclusion of another, “depends upon some type of highly offensive prying into the physical boundaries or affairs of another person. The basis of the tort is not publication or publicity. Rather, the core of this tort is the offensive prying into the private domain of another.” (citing Restatement (Second) of Torts § 652B, comments a, b, at 378-79 (1977)). Generally, the invasion of privacy must consist of (1) highly offensive intrusion (deceitful means to obtain information); and (2) prying into private information (information placed on the web is most likely not private).

4. Fair Credit Reporting Act (“FCRA”)

An employer’s use of social networking sites may implicate the FCRA, which places additional disclosures and authorization requirements on employers. In enacting the FCRA, Congress stated its underlying purpose was to ensure that decisions affecting extension of credit, insurance, and employment, among other things, were based on fair, accurate, and relevant information about consumers. The FCRA is intended to provide employee with notice of the background check, authorization to conduct the check in certain circumstances, and disclosure to the employee if the information is used in the employment context.

FCRA Definitions:

  • A “consumer report” is defined at as information (oral, written, or other communication) provided by a “consumer reporting agency” about credit matters as well as about a person’s “character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes.”
  • Another kind of “consumer report,” called an “investigative consumer report” contains information on a consumer’s character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews with friends, neighbors, and associates of the consumer.
  • A “consumer reporting agency,” is defined as “any person who regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.”

Employers who conduct the background checks internally do not qualify as a “consumer reporting agency” and therefore the FCRA does not apply. Employers still need to be careful, however, because state law may apply. For example, California Investigative Consumer Reporting Agencies Act is more restrictive than the FCRA.

5. Terms of Service Violations

Social media sites have terms of service posted on their pages that generally prohibit use of their content for “commercial purposes.” Violation of the terms of service would not automatically create a cause of action in and of itself. However, as discussed above, it may be a way for a plaintiff to argue that there is an expectation of privacy in using the site and everyone who signs up to use the site is agreeing to abide by those terms.

Mayor Garcetti signed into law the “Los Angeles Fair Chance Initiative for Hiring” ordinance on December 7, 2016.  The law takes effect January 22, 2017.  The Mayor’s holiday gift to employers leaves only a couple of weeks to them to change applications and hiring processes to comply with the new ordinance.  This Friday’s Five lists five aspects of the ordinance employers operating in the City need to understand:

1. New law applies to employers with 10 or more employees.

The new law applies to any individual, firm, corporation, partnership, labor organization, group of persons, association, or other organization however organized, that is located or doing business in the City of Los Angeles and employs ten or more employees.  The owners, management, and supervisory employees are counted when determining if the employer has ten employees.

Employers cannot inquirer into criminal backgrounds of applicants until after a conditional offer of employment is made.

2. The ordinance limits employers’ ability to gather information about applicants’ criminal history.

Employers cannot conduct any “direct or indirect” activity to gather criminal history from or about any applicant using any form of communication, including on application forms, interviews or Criminal History Reports.  This includes searching the internet for information pertaining to the applicant’s criminal history.

3. Employers must revise applications to remove any questions seeking information about criminal history.

The ordinance provides: “An Employer shall not include on any application for Employment any question that seeks the disclosure of an Applicant’s Criminal History.”

4. Employers must comply with stringent notice and written obligations if employment is not offered to applicant based on their criminal history.

Employers can require disclosure of an applicant’s criminal history only after a conditional offer of employment has been made.  The only condition on the offer of employment can be the review of the applicant’s criminal background.  There cannot be any other conditions on the offer.

If the conditional offer is made, but employment is denied, employer must perform “written assessment that effectively links the specific aspects of the Applicant’s Criminal History with risks inherent in the duties” of the job.  In conducting the assessment, employers must consider the factors set forth by the U.S. Equal Employment Opportunity Commission and other factors set out by the City.

Prior to taking any adverse employment action against the applicant, employers are required to provide a “Fair Chance Process,” which includes a written notification of the proposed adverse action, a copy of the written assessment performed by the employer, and any other information or documents supporting the employer’s action.  The employer then must wait at least 5 business days for employee to provide additional information.  If the applicant provides additional information, the employer then must perform a written reassessment of the adverse action.  If the employer continues with the adverse action, it must provide the applicant with the written reassessment.

The process has many requirements employers must be careful to follow, and it is recommended that employers relying upon an applicant’s criminal background to deny employment should seek legal counsel to ensure compliance with the ordinance.

5. Employers’ other requirements to comply with the law

Some other obligations the ordinance creates for employers:

  • Employers “[s]hall state in all solicitations or advertisements… that the Employer will consider for employment qualified Applicants with Criminal Histories in a manner consistent with the requirements of this article.”
  • Post a notice informing applicants of the law at each workplace, job site or other location in the City of Los Angeles under the employer’s control and visited by the applicants.
  • Employers must retain applications and related information for three years.

Happy Friday!

Generally, California employers must comply with the following rules governing whether they may obtain criminal history information when conducting background checks for applicants or employees:

  1. Employers cannot consider prior arrests not leading to conviction in employment decisions.
  2. Employers cannot seek information or rely on information pertaining to referral to diversion programs.
  3. California prohibits employers from relying on information about expunged or sealed records.
  4. Employers cannot collect or rely on information about misdemeanor convictions for marijuana possession more than two years old.
  5. Employers may consider arrests for which the applicant is waiting for trail, and convictions.

In regards to item number 5, employers must be aware that California’s Fair Employment & Housing Council has proposed regulations that could make employer’s use of any criminal history in the employment context if the use of the information would “have an adverse impact on individuals on a basis protected by the Act, including, but not limited to, gender, race, and national origin.”  Employers would be prohibited from using criminal information in employment decisions if it would create an adverse impact on individuals and the employer cannot demonstrate that the criminal history is job-related with business necessity or if the employee can show that there is a less discriminatory means of achieving the business necessity.  The Council is considering written comments about this proposed regulation from any interested party until April 7, 2016.  Comments can be submitted by e-mail to FEHCouncil@dfeh.ca.gov.

Employers must also be aware of their local ordinances, such as those in San Francisco, that create additional prohibitions, Federal requirements and the changing legal landscape in this area.

Based on last week’s post about the lawsuit filed against LinkedIn alleging that it violated the federal Fair Credit Reporting Act (FCRA), I thought it would be good to point out a few issues the arise when employers conduct background checks.  This article is not comprehensive, and this area of the law is very detailed, but the article is to remind employers to use caution when implementing these policies, as the exposure for violations could be huge.

1.      Treat everyone equally.

If an employer makes the decision to obtain background reports for applicants or employees, the practice of obtaining the reports needs to be uniformly applied.  Simply by complying with the federal and state requirements for background reports and credit checks does not shield an employer from discrimination claims or other claims that the practice used by the employer is illegal.

2.      California employers can only conduct credit checks (which are different from background checks) for certain types of employees.

Since 2012, California employers can only perform credit checks on employees who meet very specific categories.

 3.      If using a third-party to perform the background check, federal and state law must be complied with. 

Generally speaking, three applicable laws apply to California employers who perform background checks: the federal Fair Credit Reporting Act (FCRA), California Investigative Consumer Reporting Agencies Act (ICRAA), and the California Consumer Credit Reporting Agencies Act (CCRAA).  Just as the three names of the statutes indicate, the laws are complex and are very detailed.  For example, the FCRA defines a “consumer report” as “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes….”  Alternatively, California’s ICRAA uses the term “investigative consumer report”, and this pertains to generally the same items as the FCRA but not credit reports.  California’s CCRAA applies to credit reports, and defines the term “consumer credit report” to refer to credit reports and credit worthiness of an employee.  As one can easily see, the interaction of these three laws becomes very complex, and is not an area that most employers feel comfortable wading into without experienced legal counsel.

The laws generally require employers to:

  1. Obtain written authorization from the employee to conduct the background check
  2. Provide notice about background checks
  3. If taking an adverse employment action based on the information obtained through the background check, additional notices must be provided to the employees.

For example, before the employer takes an adverse employment action, they must provide the employee with a notice that includes a copy of the consumer report being relied upon in the decision.  The employer must also provide a copy of “A Summary of Your Rights Under the Fair Credit Reporting Act”.

After the adverse employment action has been taken, the employer must provide certain information to the employee, such as:

  • The employment decision was taken because of the information in the report
  • The name, address, and phone number of the company that compiled the report
  • The company that compiled the report did not make the hiring decision, and
  • That the employee has the right to dispute the accuracy or completeness of the report, and to get an additional free report from the reporting company within 60 days.

As explained above, California employers can only perform credit checks for a very limited set of positions, and cannot perform a credit check on every employee.  In addition, the CCRAA requires additional disclosures to the employee if a credit check is performed.  See Cal. Civ. Code section 1785.20.5.

4.      Even if conducting a background check in-house, if an employer searches public records, these records must be disclosed to the employee within seven days.

Generally, if the employer conducts the background checks itself, the FCRA, ICRAA and CCRAA do not apply to the process.  One exception to this rule is that the ICRAA requires that if the employer searches “public records” the employer must produce a copy of the public record to the employee within seven days of receiving the information (this applies to records received either in written or oral form).  “Public records” are defined as “records documenting an arrest, indictment, conviction, civil judicial action, tax lien, or outstanding judgment.”

 

5.      Employers are required to provide certain notice to the third-party conducting the background check.

Employers using outside credit reporting agencies must provide a certification to the reporting agency that the employer obtained the permission from the applicant/employee to obtain a background report, complied with the FCRA, and does not discriminate against the applicant or employee or otherwise use the information for an illegal purpose.

This is a very brief and general introduction to the laws that apply to background checks in the employment setting.  Here are some resources for employers to learn more about their requirements under federal law:

The Fair Credit Reporting Act & social media: What businesses should know (FTC)

Background Checks: What Employers Need to Know (FTC)

The interaction between the federal FCRA, and California’s own requirements under the ICRAA and CCRAA adds another level of complexity to the analysis.  It is important for employers to review these laws closely to ensure compliance, and it is highly recommended to have experienced legal counsel review the practices.

Recently, the issue raised in Sweet v. LinkedIn is whether the Reference Searches functionality offered by LinkedIn is governed by the LinkedIn candyregulations set forth in the FCRA.  The Reference Search feature allows users who pay a fee to search for references that have worked with any other LinkedIn member.  The results list common employers and other LinkedIn members who are in the same network as the person running the search and the person who is the subject of the search.  When a LinkedIn user runs a Reference Search on a particular LinkedIn member, the Reference Search results provide the user with two different categories of information.

The Court granted LinkedIn’s motion to dismiss Plaintiffs’ complaint on a number of grounds.  The reasons are items that employers need to understand, and provide a good reminder about the FCRA requirements:

1.      Court held that the information being provided by LinkedIn is not a “consumer report.” 

The FCRA defines “a consumer report” as:

[A]ny written, oral or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for . . .

(B) employment purposes; or

(C) any other purpose authorized under section 1681b of this title.

The FCRA provides an exception to this definition, and states that a “consumer report” is not any “report containing information solely as to transactions or experiences between the consumer and the person making the report.”  Because LinkedIn publishes the employment histories of the consumer who are the subjects of the Reference Searches, and this information was provided by the LinkedIn users themselves (i.e., is information obtained by “transactions or experiences” with the consumers) the information provided by LinkedIn is not a consumer report.

2.      The Court held that LinkedIn is not a “consumer reporting agency.” 

A “consumer reporting agency” is defined as “any person which, for monetary fees . . . regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.”

However, the FCRA provides that “[a]n entity does not become a [consumer reporting agency] solely because it conveys, with the consumer’s consent, information about the consumer to a third party in order to provide a specific product or service that the consumer has requested.”  The Court held that this exemption applies to LinkedIn because, “Plaintiffs’ own allegations show that consumers provide LinkedIn with information about their employment histories so that LinkedIn can publish this information online.”

 3.      The Reference Search offered by LinkedIn does not bear on the “character, general reputation, mode of living” or other relevant characteristics to trigger application of the FCRA.

The only information provided by LinkedIn’s Reference Searches function is a list of people who once had a common employer with the subject of the search and who are also in the same network with the person conducting the search.  The Court held that this information is not the type of information that the FCRA is intended to protect.  Indeed, the Court stated that at its essence, the search function only provides a way for the searcher a way to “locate people who might be able to communicate on information about the consumer-subjects of these results, not that this results themselves convey bearing on information.”

 4.      The Court held that Plaintiffs failed to state a claim that the Reference Searches results are used or intended to be used as a factor in determining whether the subjects of the searches are eligible for employment. 

Again, the Court pointed out that the information provided by LinkedIn is only contact information about other people who may be able to provide reliable feedback about job candidates.  Since this LinkedIn does not market this report a source of reliable feedback about job candidates, the FCRA does not apply.

 5.      While the Court granted LinkedIn’s motion to dismiss, Plaintiffs still have an opportunity to cure any defects and file an amended complaint. 

So this probably is not the final analysis of this case.

The case is an important reminder to employers to be aware of the Federal and state laws that apply to background checks on applicants and employees.  Even though this case pertains to LinkedIn’s status under the FCRA, employers need to understand whether or not the background checks they are conducting trigger the FCRA, as the law places requirements on employers who use consumer reporting agencies.

For more information about the FCRA, the Federal Trade Commission and the EEOC published this joint report: Background Checks: What Employers Need to Know.

[Photo: Nan Palmero]

I will be conducting a webinar on January 15, 2013 on legal issues of social media in the workplace. The presentation will cover everything a California employer needs to know about social media in the modern workplace of 2013:

  • Discussion on the new law (Labor Code section 960) that prohibits employers from asking applicants and employees for their social media passwords taking effect on January 1, 2013.
  • How to avoid invading employees’ privacy rights when using social media for background checks.
  • Developments on how the NLRB held that some social media policies restrict an employee’s right to “engage in concerted activities.”
  • How to use the Internet to properly conduct a background check for applicant.
  • Discussion on whether your company needs a social media policy.
  • Evaluating whether an employer may be held liable for failing to use social media and the Internet to conduct a background check.
  • Alternatives to social media policies.

The cost is $150 (this is waived for clients). You may register below, or send me an email if you are a client.

This webinar has been preapproved by HRCI for 1 recertification credit hour. 

"The use of this seal is not an endorsement by the HR Certification Institute of the quality of the program. It means that this program has met the HR Certification Institute’s criteria to be pre-approved for recertification credit."

The recent (and not too recent) flurry of attention that has been given to the issue regarding whether employers can ask applicants and employees for their Facebook passwords is a good review of what is appropriate conduct for employers, but it is also a good reminder to employees that what they do online is of critical importance to their employment. Asking employees for passwords to social media account may cross the line. But how about Googling an applicant’s or employee’s name to find out more about them? This is not even an issue – or should not be one – given that this information is open to the public. I’ve even argued in the past that it could be negligent for an employer not to do this basic background internet check.

The Internet affords employers the ability to see beyond a resume to make better informed hiring decisions. If fact, Dorie Clark of the HBR Blog Network makes the point that everyone’s online presence is critically important to their professional careers. Dorie notes:

Sure, they probably have a Facebook account, and they may even be on Twitter. But they don’t recognize that these are no longer personal communication tools, or a means of strengthening weak ties across their networks. Instead, they are the criteria by which you will be evaluated in the future. Just as Michael Deaver ensured that Ronald Reagan always stood in front of a perfect, picturesque backdrop — and set the standard for all subsequent leaders — you’re now responsible for curating your image.

Dorie makes the observations that with the Internet: (1) your reputation always precedes you, (2) if you’re invisible online, you’re probably a fraud, (3) you progress or you stagnate (i.e., you create a valuable source of content through your twitter feed, blogging, etc…).

My interview with Guy Kawasaki last year discussed many of the same points. Guy noted that if you don’t have a Facebook page, or any other online presence, it will raise some questions about you. Are you not technical enough to get onto social media platforms? Are you hiding something?

I would love to be able to tell my clients that the Internet and social media has created a very complex set of legal issues that requires them to hire me in order to help develop all new handbook policies, change the way they conduct background checks on applicants, and monitor their employees. However, unfortunately, this is not the case. Employers and employees need to calm down a bit. I cringe when I hear employment lawyers (and Facebook’s Chief Privacy Officer recent comments about employers asking to have employee’s Facebook passwords) advising people to refrain from using the Internet to do background checks on applicants because it may reveal that they are in a protected category, and then this could (possibly) be grounds for a discrimination case. Are these same lawyers advising their clients not to conduct interviews because during a face to face interview the employer will learn the same information? And just because the employer knows that an applicant or employee is in a protect class does not mean that discrimination occurred if it takes an adverse employment action against the applicant or employee. Sure, all employers are subject to frivolous legal actions. But, as I tell my clients, there are only two things my clients and I can control: (1) the advice I give them about how to act according to the law, and (2) whether my clients listen to my advice and act accordingly. The one thing we cannot control, no matter how hard we wish we could, is being able to stop people from filing a baseless lawsuit.

We’ve had the Internet since the 1970’s, and it became mainstream in the 1990’s. I would argue that most people (at least in the U.S.) have had experience on the Internet for at least a decade now. There has not been a lot of case law that has changed the way employment lawyers advise their clients on new human resources policies given the advent of the Internet and social media.

Have the courts simply not caught up with these "new" developments?

As typical lawyers always suggests at this point – courts are slow to deal with emerging technology issues, but I don’t think that is a play here. Courts are slow, but we’ve been actively using the Internet for a decade now. They are not that slow, and I think rather that the rules that were already in place and governed employer’s and employee’s activities were and still are sufficient in addressing the vast majority of the employment issues involving the Internet and social media. Sure, on the fringes there are a few technical items that may be the exception to this, but for the vast majority of employers the Internet and social media does not change much about how HR should conduct itself. The basic analysis regarding monitoring and employee’s off work conduct and right to privacy – the issues usually at play in these types of cases – is the same if the conduct at issue was done off the Internet. I would even argue that privacy cases usually are easier when it involves a posting on the Internet, as no one has any reasonable expectation of privacy in such a public disclosure.

What about social media policies?

That usually leads to the next question, “What about social media policies?” Again, most employers probably don’t need a specific social media policy.  And a basic policy (if you really think a social media policy is necessary) that the employer may terminate or discipline an employee for anything they do on the Internet if the employer could terminate or discipline the employee if the conduct at issue did not occur on the Internet would normally be sufficient.

Employers, lawyers, and employees need to take a step back and realize that even though we have these great new technological advances, the law developed before this technology does a pretty good job at resolving these issues in the employment context.

California’s new labor code provision severely restricts an employer’s ability to conduct credit checks on employees. Labor Code 1024.5, which took effect on January 1, 2012, only allows employers to conduct credit checks for employees who meet one of the following categories:

    • A managerial position.

    • A position in the state Department of Justice.

    • That of a sworn peace officer or other law enforcement position.

    • A position for which the information contained in the report is required by law to be disclosed or obtained.

    • A position that involves regular access, for any purpose other than the routine solicitation and processing of credit card applications in a retail establishment, to all of the following types of information of any one person: (A) Bank or credit card account information. (B) Social security number. (C) Date of birth.

    • A position in which the person is, or would be, any of the following: (A) A named signatory on the bank or credit card account of the employer. (B) Authorized to transfer money on behalf of the employer. (C) Authorized to enter into financial contracts on behalf of the employer.

    • A position that involves access to confidential or proprietary information, including a formula, pattern, compilation, program, device, method, technique, process or trade secret that (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who may obtain economic value from the disclosure or use of the information, and (ii) is the subject of an effort that is reasonable under the circumstances to maintain secrecy of the information.

    • A position that involves regular access to cash totaling ten thousand dollars ($10,000) or more of the employer, a customer, or client, during the workday.

A “managerial position” is defined as an employee who qualifies for the executive exemption set forth in the Industrial Welfare Commission’s Wage Orders. The test of who qualifies as an exempt executive is very detailed, and it is determined by the amount of pay and actual duties the employee performs. So employers need to approach this prong with caution and obtain guidance to ensure the employee actually qualifies as an exempt executive.

The new law also added the requirement under California Civil Code section 1785.20.5 that employers must notify the employee in writing of the basis in Labor Code section 1024.5 as set forth above that applies to permit the employer to perform the credit check. The new law does not change the other obligations already in effect that employers had to comply with prior to conduct a credit check. These obligations include informing the employee in writing that a credit check would be performed, the source of the credit check, and that the employee may receive a free copy of the credit check. Finally, if an adverse employment action is taken by the employer based on the report, the employee must be notified of the name and address of the reporting agency making the report.

Mat Honan at Gizmodo wrote recently about a new company that helps employers search applicant’s “internet background” to assist in the hiring process. As Mat rightly points out, much of the concern over this “new technology” is overblown, and as he puts it, "[e]mployers would have to be stupid not to Google job candidates."  As I have pointed out before, much of the unduly concern is that lawyers don’t understand the technology, and therefore if they don’t understand it, their client’s use of the technology can only lead to bad things.

I think Guy Kawasaki had a great perspective on this issue when I recently interviewed him. He said he would be worried about a job applicant who did not have a Facebook page: what is wrong with this person? Is he anti-social? Is he not with the times or just simply does not understand simple technology? As Mat points out as well, with some common sense a job applicant can easily manage the results of an online search by being careful about which information he or she provides to the employer. For example, an internet search for the job applicant’s private email address might turn up more personal information than if the applicant has a separate email they only use for work purposes and lists on their c.v.

From the employer’s perspective I don’t think the analysis changes much for searching employees background on the Internet:

Generally, under Federal law, employers may utilize social networking sites to conduct background checks on employees if:

  1. The employer and/or its agents conduct the background check themselves;
  2. The site is readily accessible to the public;
  3. The employer does not need to create a false alias to access the site;
  4. The employer does not have to provide any false information to gain access to the site; and
  5. The employer does not use the information learned from the site in a discriminatory manner or otherwise prohibited by law.