While the information posted on the Internet on social networking sites is usually public for everyone to see, employers need to be aware of potential claims for using this information in the employment context.  The law, as usual, cannot keep up with the fast-moving technology and change social media sites, so there are many uncertainties in this area.  This Friday’s Five discusses potential pitfalls California employers need to be aware of when conducting background checks.

1. Local City “Ban The Box” Ordinances

Many local cities in California have passed ordinances restricting an employer’s ability to conduct criminal history checks on applicants and employees.  For example, Los Angeles passed the Fair Chance Initiative for Hiring Ordinance that prohibits employers from seeking criminal background information prior to offering a job to applicants.  The law became effective on January 1, 2017, and the city began enforcing the law on July 1, 2017.  Under the ordinance, employers cannot conduct any “direct or indirect” activity to gather criminal history from or about any applicant using any form of communication, including on application forms, interviews or Criminal History Reports.  This includes searching the internet for information pertaining to the applicant’s criminal history.  Employers must be aware of their local ordinances to ensure that any background research on applicants or employees meets the requirements that apply to them.  More information on Los Angeles’ ordinance can be read here.

2. Federal and State Discrimination Claims

Because people are becoming so comfortable in sharing private information on social networking sites, employers may learn too much information about an applicant that would not and could not have been discovered through an interview. Discovery of this personal information is not unlawful – it is likely that the employer would find out many of these traits at the first in-person interview with the applicant anyway. However, employers cannot base its employment decisions upon a protected category, such as race or gender.   By learning about this type of information of an applicant via their on-line profile, the employer may have to explain that the information did not enter into the hiring decision.

3. Invasion of Privacy Claims

Though one might argue that members of social networking sites have no expectation of privacy (since the information is posted publicly) some applicants or employees might argue that the employer overstepped its legal bounds by using profile data in employment decisions. Arguably, the terms of service agreement may create expectation of privacy for users of site.

State Law Privacy Claims
Employees could potentially argue that using Facebook, Snapchat, Instagram, or similar site to conduct background checks violate state statutory law. For example, California and New York have statutes that prohibit employers from interfering with employee’s off-duty private lives. Employees may attempt to argue a public policy violation has occurred in violating a state statute that protects off-duty conduct from employer’s control.

State common law could also create liability. Generally, there are four common law torts for invasion of privacy:

  1. intrusion upon seclusion,
  2. public disclosure of private facts causing injury to one’s reputation,
  3. publicly placing an individual in a false light, and
  4. appropriation of another’s name or likeness for one’s own use or benefit.

As explained by one court, the tort of unreasonable intrusion upon the seclusion of another, “depends upon some type of highly offensive prying into the physical boundaries or affairs of another person. The basis of the tort is not publication or publicity. Rather, the core of this tort is the offensive prying into the private domain of another.” (citing Restatement (Second) of Torts § 652B, comments a, b, at 378-79 (1977)). Generally, the invasion of privacy must consist of (1) highly offensive intrusion (deceitful means to obtain information); and (2) prying into private information (information placed on the web is most likely not private).

4. Fair Credit Reporting Act (“FCRA”)

An employer’s use of social networking sites may implicate the FCRA, which places additional disclosures and authorization requirements on employers. In enacting the FCRA, Congress stated its underlying purpose was to ensure that decisions affecting extension of credit, insurance, and employment, among other things, were based on fair, accurate, and relevant information about consumers. The FCRA is intended to provide employee with notice of the background check, authorization to conduct the check in certain circumstances, and disclosure to the employee if the information is used in the employment context.

FCRA Definitions:

  • A “consumer report” is defined at as information (oral, written, or other communication) provided by a “consumer reporting agency” about credit matters as well as about a person’s “character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes.”
  • Another kind of “consumer report,” called an “investigative consumer report” contains information on a consumer’s character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews with friends, neighbors, and associates of the consumer.
  • A “consumer reporting agency,” is defined as “any person who regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.”

Employers who conduct the background checks internally do not qualify as a “consumer reporting agency” and therefore the FCRA does not apply. Employers still need to be careful, however, because state law may apply. For example, California Investigative Consumer Reporting Agencies Act is more restrictive than the FCRA.

5. Terms of Service Violations

Social media sites have terms of service posted on their pages that generally prohibit use of their content for “commercial purposes.” Violation of the terms of service would not automatically create a cause of action in and of itself. However, as discussed above, it may be a way for a plaintiff to argue that there is an expectation of privacy in using the site and everyone who signs up to use the site is agreeing to abide by those terms.

California passed a new law taking effect January 1, 2013 that prohibits employers from “requiring or requesting” employees and applicants to provide their passwords to social media accounts. This law was passed after a few cases made the news where employers were actually asking for this information. As I argued before, this law was probably not necessary as California law probably already prohibited this type of conduct to begin with.

However, now that the law is taking effect, there are also new questions that employers are facing under the law. For example, if an employer has the right policies in place that limit an employee’s expectation of privacy, it is pretty well established that the employer may monitor the employee’s internet use and record this. However, under the new law, what if an employee accesses their social media accounts during work? Or on a break? Can employers still monitor employees and record the employee’s login and password information?

I would argue that employers can still monitor employees’ internet use as long as they have made the proper disclosures through a handbook or policies that limit the employees’ expectation of privacy in using the company network or computers. The new law only prohibits employers from requiring employees to divulge their passwords. If the employer notifies the employees that it is recording all activity by the employees on the company network or computers, then the employees have made a voluntary decision to continue to access their account knowing that their employer is monitoring and/or recording the activity. Granted, the law is just going into effect next week, so obviously there is no case law to rely upon in making this argument, so employer will have to wait to see how the law is ultimately interpreted by the courts. 

[image: topgold]