Social Media Risks and Compliance
Companies continue to access social media sites to monitor employees and assess job applicants. They do so in the face of increasing risks. Federal and state laws and regulations are rapidly changing as social media use by individuals increases and the line between personal and business use of social media becomes fuzzier.
Public reaction was strong when companies insisted that employees or applicants provide passwords to social media accounts. This recent dust up underscores an important point – employers have to be careful before asking existing or potential employees for information needed to access social media accounts.
Companies face four significant risks:
1. Privacy Laws – In response to companies requesting personal passwords, Congress and many states are responding by enacting laws to prohibit the practice. Some of the proposed laws go much further in protecting the privacy of employees and potential employees, extending to information controlled by the employee or prospective employee. The implications of these laws could be far-reaching – an employee who accesses personal accounts (e.g. gmail, Facebook) would be protected from employer’s requests for access to the sites. Privacy laws in a number of states prohibit employers from taking any action against employees based on their activities outside work. This concept may be extended to employee actions outside of work on social media sites.
2. Labor Relations – The NLRB has become extremely active in regulating employers’ access to employees’ social media sites. Its concern relates to potential unfair labor practices violations created by management access to information about union activities. In recognition of the importance of social media communications, the NLRB has started to scrutinize companies’ social media policies to prevent any attempt to frustrate communications relating to employment conditions and/or union organization. The NLRB already has taken actions against employers who have terminated or disciplined employees based on social media postings.
3. Discrimination – Employers who require, or who inspect, social media sites of job applicants or employees face significant litigation risks for discrimination for race (Title VII), disabilities (Americans with Disabilities Act), and age (Age Discrimination in Employment Act). To the extent employers obtain sensitive personal information about a person, employees and/or job applicants may be able to raise claims that personnel actions were based on improper information. Companies will have to establish that there was its action was not based on social media information relating to a protected class.
4. Fair Credit Reporting Act – The FTC’s Division of Privacy has determined that the FCRA applies to job application screening by employers. Companies have to make sure they do not rely on FCRA-protected information in a background check of a potential job applicant.
These risks do not mean that companies should avoid social media information. Instead, companies need to adopt social media policies which address these (and other) risks. Social media policies have to be clear and communicated throughout the organization. Human resource departments have to be familiar with these policies and communicate to relevant departments the compliance requirements.
Employees and potential job applicants have to be informed about the social media policies before any potential violation can occur. In some cases, companies can obtain consent to some social media information. The line between permitted and prohibited is constantly changing and compliance officials and counsel need to stay abreast of developments in this area.
Michael, what do you mean by “Companies have to make sure they do not rely on FCRA-protected information in a background check of a potential job applicant”? Do you mean that if they rely on such information they have to comply with the law re disclosures and other matters? I don’t think you are saying that companies can’t rely on FCRA protected information in making hiring decisions.
Hi Ray: Thanks for the question and the clarification. I think your point is well taken — my statement wsa meant that companies cannot use FCRA information without complying with the FCRA; so you cannot take protected informaiton, disclose it to a third party (e.g. a reference) or someone else. It was not very carefully written. Thanks