While the information posted on the Internet on social networking sites is usually public for everyone to see, employers need to be aware of potential claims for using this information in the employment context.  The law, as usual, cannot keep up with the fast-moving technology and change social media sites, so there are many uncertainties in this area.  This Friday’s Five discusses potential pitfalls California employers need to be aware of when conducting background checks.

1. Local City “Ban The Box” Ordinances

Many local cities in California have passed ordinances restricting an employer’s ability to conduct criminal history checks on applicants and employees.  For example, Los Angeles passed the Fair Chance Initiative for Hiring Ordinance that prohibits employers from seeking criminal background information prior to offering a job to applicants.  The law became effective on January 1, 2017, and the city began enforcing the law on July 1, 2017.  Under the ordinance, employers cannot conduct any “direct or indirect” activity to gather criminal history from or about any applicant using any form of communication, including on application forms, interviews or Criminal History Reports.  This includes searching the internet for information pertaining to the applicant’s criminal history.  Employers must be aware of their local ordinances to ensure that any background research on applicants or employees meets the requirements that apply to them.  More information on Los Angeles’ ordinance can be read here.

2. Federal and State Discrimination Claims

Because people are becoming so comfortable in sharing private information on social networking sites, employers may learn too much information about an applicant that would not and could not have been discovered through an interview. Discovery of this personal information is not unlawful – it is likely that the employer would find out many of these traits at the first in-person interview with the applicant anyway. However, employers cannot base its employment decisions upon a protected category, such as race or gender.   By learning about this type of information of an applicant via their on-line profile, the employer may have to explain that the information did not enter into the hiring decision.

3. Invasion of Privacy Claims

Though one might argue that members of social networking sites have no expectation of privacy (since the information is posted publicly) some applicants or employees might argue that the employer overstepped its legal bounds by using profile data in employment decisions. Arguably, the terms of service agreement may create expectation of privacy for users of site.

State Law Privacy Claims
Employees could potentially argue that using Facebook, Snapchat, Instagram, or similar site to conduct background checks violate state statutory law. For example, California and New York have statutes that prohibit employers from interfering with employee’s off-duty private lives. Employees may attempt to argue a public policy violation has occurred in violating a state statute that protects off-duty conduct from employer’s control.

State common law could also create liability. Generally, there are four common law torts for invasion of privacy:

  1. intrusion upon seclusion,
  2. public disclosure of private facts causing injury to one’s reputation,
  3. publicly placing an individual in a false light, and
  4. appropriation of another’s name or likeness for one’s own use or benefit.

As explained by one court, the tort of unreasonable intrusion upon the seclusion of another, “depends upon some type of highly offensive prying into the physical boundaries or affairs of another person. The basis of the tort is not publication or publicity. Rather, the core of this tort is the offensive prying into the private domain of another.” (citing Restatement (Second) of Torts § 652B, comments a, b, at 378-79 (1977)). Generally, the invasion of privacy must consist of (1) highly offensive intrusion (deceitful means to obtain information); and (2) prying into private information (information placed on the web is most likely not private).

4. Fair Credit Reporting Act (“FCRA”)

An employer’s use of social networking sites may implicate the FCRA, which places additional disclosures and authorization requirements on employers. In enacting the FCRA, Congress stated its underlying purpose was to ensure that decisions affecting extension of credit, insurance, and employment, among other things, were based on fair, accurate, and relevant information about consumers. The FCRA is intended to provide employee with notice of the background check, authorization to conduct the check in certain circumstances, and disclosure to the employee if the information is used in the employment context.

FCRA Definitions:

  • A “consumer report” is defined at as information (oral, written, or other communication) provided by a “consumer reporting agency” about credit matters as well as about a person’s “character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes.”
  • Another kind of “consumer report,” called an “investigative consumer report” contains information on a consumer’s character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews with friends, neighbors, and associates of the consumer.
  • A “consumer reporting agency,” is defined as “any person who regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.”

Employers who conduct the background checks internally do not qualify as a “consumer reporting agency” and therefore the FCRA does not apply. Employers still need to be careful, however, because state law may apply. For example, California Investigative Consumer Reporting Agencies Act is more restrictive than the FCRA.

5. Terms of Service Violations

Social media sites have terms of service posted on their pages that generally prohibit use of their content for “commercial purposes.” Violation of the terms of service would not automatically create a cause of action in and of itself. However, as discussed above, it may be a way for a plaintiff to argue that there is an expectation of privacy in using the site and everyone who signs up to use the site is agreeing to abide by those terms.

For good or bad, the use of AI is already prevalent and its potential uses are expanding quickly, including to the workplace.  LinkedIn is currently suing a competitor, hiQ Labs, for use of information “scraped” from the social network’s site and used for AI analysis.  hiQ uses the information gleaned from LinkedIn to predict whether employee are likely to leave their jobs.  While the issue in the lawsuit is whether outside companies have the right to use information made public on social media sites and does not involve any employment work-place privacy issues, the lawsuit has disclosed how AI is currently being used and in the workplace.  AI is quickly being adopted, and its effects will have huge ramifications for employers and employees.  This Friday’s Five discusses five impacts AI will have in the employment context:

1. Predictions of whether employees are likely to leave their jobs.

The analysis being done by hiQ Labs is a prime example of information that would be highly relevant to employers, employer’s competitors, recruiters and others.  As the Wall Street Journal article notes:

Among its services, hiQ monitors and analyzes LinkedIn profile pages to see who is polishing their résumés and liable to be poached, assigning so-called flight-risk scores to individual employees.

LinkedIn’s primary argument in suing hiQ to stops its “scraping” of LinkedIn’s information is that if LinkedIn users understood that their data was being gathered and used in this manner that they would be reluctant to share information and update their profiles.  This illustrates that there is value in the information being shared on LinkedIn when AI can analyze user’s data.  Regardless of which company has access to it, the fact that LinkedIn is suing over who has access to this data establishes how valuable the data is.  Employers are likely to begin using this data to evaluate their workforce in the near future, if it is not already occurring.

2. Set pay and performance standards.

One positive use of AI in the workplace could be as an aid to highlight good performers in a company and remind the managers to provide positive feedback or raises to high performing employees to increase employee retention.  Another potential use is analyzing data to set pay scales commensurate with the market for a particular locale or skill set.

3. Predictions of potential litigation.

Just as AI has been used to predict future mechanical failures of engines or other devices based on data history and monitoring the device, AI will likely be used to highlight employees who may pose a litigation risk.  Just as hiQ sets flight-risk scores, it is conceivable to set litigation-risk scores based on data.  Not commenting on whether this is appropriate (or legal) to do, the reality is that AI can and will be used for this analysis.

4. Help evaluate candidates interviewing for a job.

AI will likely be used in helping companies evaluate candidates for a job.  AI could evaluate education, experience, and other data obtained through the internet to predict an employee’s likely fit with the company as well as skill set.  There are laws already in place about employer’s use of certain public information, such as credit history and criminal backgrounds that must be excluded from such analysis, employers would have to approach this type of analysis cautiously to ensure compliance with existing laws.

5. Will there be a backlash for use of AI in the employment context, and will it be regulated?

Employers are already regulated on how they can use background information about candidates and employees under the Fair Credit Reporting Act (FCRA) and California’s Investigative Consumer Reporting Agencies Act (ICRAA).  Similarly, AI is using background information known about a person and comparing that data to a wide data set to glean likely future outcomes.  There could be a case made that just as the FCRA and ICRRA create obligations to provide notice to employees about the background information that an employer is relying upon to make an employment decision for the employee to correct any mistakes in that information, employees should be able to see the data being relied upon in the AI analysis.  However, given that AI can gather and process a huge amount of data, it might be impossible to review all of the data.  Moreover, the data relied upon by AI about the employee’s background may be very accurate, but the algorithms relied upon by the AI might weight information in a way that does not result in accurate predictions.  Don’t forget, AI predictions are just that – predictions.  Nevertheless, employers are always looking for a small advantage over competitors, and AI may be one additional tool to do this.  However, like many other areas of technology, the legal system is slow to adopt to technical advancements.  AI in the workplace exists and is being used, employers and the legal system needs to start considering it ethical and legal parameters.

Based on last week’s post about the lawsuit filed against LinkedIn alleging that it violated the federal Fair Credit Reporting Act (FCRA), I thought it would be good to point out a few issues the arise when employers conduct background checks.  This article is not comprehensive, and this area of the law is very detailed, but the article is to remind employers to use caution when implementing these policies, as the exposure for violations could be huge.

1.      Treat everyone equally.

If an employer makes the decision to obtain background reports for applicants or employees, the practice of obtaining the reports needs to be uniformly applied.  Simply by complying with the federal and state requirements for background reports and credit checks does not shield an employer from discrimination claims or other claims that the practice used by the employer is illegal.

2.      California employers can only conduct credit checks (which are different from background checks) for certain types of employees.

Since 2012, California employers can only perform credit checks on employees who meet very specific categories.

 3.      If using a third-party to perform the background check, federal and state law must be complied with. 

Generally speaking, three applicable laws apply to California employers who perform background checks: the federal Fair Credit Reporting Act (FCRA), California Investigative Consumer Reporting Agencies Act (ICRAA), and the California Consumer Credit Reporting Agencies Act (CCRAA).  Just as the three names of the statutes indicate, the laws are complex and are very detailed.  For example, the FCRA defines a “consumer report” as “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment purposes….”  Alternatively, California’s ICRAA uses the term “investigative consumer report”, and this pertains to generally the same items as the FCRA but not credit reports.  California’s CCRAA applies to credit reports, and defines the term “consumer credit report” to refer to credit reports and credit worthiness of an employee.  As one can easily see, the interaction of these three laws becomes very complex, and is not an area that most employers feel comfortable wading into without experienced legal counsel.

The laws generally require employers to:

  1. Obtain written authorization from the employee to conduct the background check
  2. Provide notice about background checks
  3. If taking an adverse employment action based on the information obtained through the background check, additional notices must be provided to the employees.

For example, before the employer takes an adverse employment action, they must provide the employee with a notice that includes a copy of the consumer report being relied upon in the decision.  The employer must also provide a copy of “A Summary of Your Rights Under the Fair Credit Reporting Act”.

After the adverse employment action has been taken, the employer must provide certain information to the employee, such as:

  • The employment decision was taken because of the information in the report
  • The name, address, and phone number of the company that compiled the report
  • The company that compiled the report did not make the hiring decision, and
  • That the employee has the right to dispute the accuracy or completeness of the report, and to get an additional free report from the reporting company within 60 days.

As explained above, California employers can only perform credit checks for a very limited set of positions, and cannot perform a credit check on every employee.  In addition, the CCRAA requires additional disclosures to the employee if a credit check is performed.  See Cal. Civ. Code section 1785.20.5.

4.      Even if conducting a background check in-house, if an employer searches public records, these records must be disclosed to the employee within seven days.

Generally, if the employer conducts the background checks itself, the FCRA, ICRAA and CCRAA do not apply to the process.  One exception to this rule is that the ICRAA requires that if the employer searches “public records” the employer must produce a copy of the public record to the employee within seven days of receiving the information (this applies to records received either in written or oral form).  “Public records” are defined as “records documenting an arrest, indictment, conviction, civil judicial action, tax lien, or outstanding judgment.”

 

5.      Employers are required to provide certain notice to the third-party conducting the background check.

Employers using outside credit reporting agencies must provide a certification to the reporting agency that the employer obtained the permission from the applicant/employee to obtain a background report, complied with the FCRA, and does not discriminate against the applicant or employee or otherwise use the information for an illegal purpose.

This is a very brief and general introduction to the laws that apply to background checks in the employment setting.  Here are some resources for employers to learn more about their requirements under federal law:

The Fair Credit Reporting Act & social media: What businesses should know (FTC)

Background Checks: What Employers Need to Know (FTC)

The interaction between the federal FCRA, and California’s own requirements under the ICRAA and CCRAA adds another level of complexity to the analysis.  It is important for employers to review these laws closely to ensure compliance, and it is highly recommended to have experienced legal counsel review the practices.

Recently, the issue raised in Sweet v. LinkedIn is whether the Reference Searches functionality offered by LinkedIn is governed by the LinkedIn candyregulations set forth in the FCRA.  The Reference Search feature allows users who pay a fee to search for references that have worked with any other LinkedIn member.  The results list common employers and other LinkedIn members who are in the same network as the person running the search and the person who is the subject of the search.  When a LinkedIn user runs a Reference Search on a particular LinkedIn member, the Reference Search results provide the user with two different categories of information.

The Court granted LinkedIn’s motion to dismiss Plaintiffs’ complaint on a number of grounds.  The reasons are items that employers need to understand, and provide a good reminder about the FCRA requirements:

1.      Court held that the information being provided by LinkedIn is not a “consumer report.” 

The FCRA defines “a consumer report” as:

[A]ny written, oral or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for . . .

(B) employment purposes; or

(C) any other purpose authorized under section 1681b of this title.

The FCRA provides an exception to this definition, and states that a “consumer report” is not any “report containing information solely as to transactions or experiences between the consumer and the person making the report.”  Because LinkedIn publishes the employment histories of the consumer who are the subjects of the Reference Searches, and this information was provided by the LinkedIn users themselves (i.e., is information obtained by “transactions or experiences” with the consumers) the information provided by LinkedIn is not a consumer report.

2.      The Court held that LinkedIn is not a “consumer reporting agency.” 

A “consumer reporting agency” is defined as “any person which, for monetary fees . . . regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.”

However, the FCRA provides that “[a]n entity does not become a [consumer reporting agency] solely because it conveys, with the consumer’s consent, information about the consumer to a third party in order to provide a specific product or service that the consumer has requested.”  The Court held that this exemption applies to LinkedIn because, “Plaintiffs’ own allegations show that consumers provide LinkedIn with information about their employment histories so that LinkedIn can publish this information online.”

 3.      The Reference Search offered by LinkedIn does not bear on the “character, general reputation, mode of living” or other relevant characteristics to trigger application of the FCRA.

The only information provided by LinkedIn’s Reference Searches function is a list of people who once had a common employer with the subject of the search and who are also in the same network with the person conducting the search.  The Court held that this information is not the type of information that the FCRA is intended to protect.  Indeed, the Court stated that at its essence, the search function only provides a way for the searcher a way to “locate people who might be able to communicate on information about the consumer-subjects of these results, not that this results themselves convey bearing on information.”

 4.      The Court held that Plaintiffs failed to state a claim that the Reference Searches results are used or intended to be used as a factor in determining whether the subjects of the searches are eligible for employment. 

Again, the Court pointed out that the information provided by LinkedIn is only contact information about other people who may be able to provide reliable feedback about job candidates.  Since this LinkedIn does not market this report a source of reliable feedback about job candidates, the FCRA does not apply.

 5.      While the Court granted LinkedIn’s motion to dismiss, Plaintiffs still have an opportunity to cure any defects and file an amended complaint. 

So this probably is not the final analysis of this case.

The case is an important reminder to employers to be aware of the Federal and state laws that apply to background checks on applicants and employees.  Even though this case pertains to LinkedIn’s status under the FCRA, employers need to understand whether or not the background checks they are conducting trigger the FCRA, as the law places requirements on employers who use consumer reporting agencies.

For more information about the FCRA, the Federal Trade Commission and the EEOC published this joint report: Background Checks: What Employers Need to Know.

[Photo: Nan Palmero]