Employers Using Facebook for Background Checking, Part I

Is it legal?

This post originally appeared oncollegerecruiter.com

Recently there has been considerable media attention to instances of employers rejecting candidates or firing employees based on information obtained from social networking sites such as MySpace and Facebook.

For example, see New York Times: “For Some, Online Persona Undermines a Résumé,” telling this story:

When a small consulting company in Chicago was looking to hire a summer intern this month, the company’s president went online to check on a promising candidate who had just graduated from the University of Illinois.

At Facebook, a popular social networking site, the executive found the candidate’s Web page with this description of his interests: “smokin’ blunts” (cigars hollowed out and stuffed with marijuana), shooting people and obsessive sex, all described in vivid slang.

It did not matter that the student was clearly posturing. He was done.

“A lot of it makes me think, what kind of judgment does this person have?” said the company’s president, Brad Karsh. . .

Today I’ll discuss a question posed by Steven Rothberg of collegerecruiter.com — prefacing my remarks with a lawyerly disclaimer that I am not providing legal advice and have not thoroughly researched these issues, but am merely making some general comments.

Steven asked that I comment on the lawfulness of making adverse employment decisions on this basis. He raised several concerns:

  • With Facebook, students often have an incorrect understanding that only other students can access their profiles.
  • There may be false information on those sites, perhaps not even posted by the individuals themselves.
  • Facebook’s terms of service explicitly prohibit users from using Facebook for commercial purposes.

General rule (employment at will)

Let’s start with the proposition that, like it or not, generally employers are free to make unfair, stupid, arbitrary, and wrongheaded hiring and termination decisions, even based on false information, as long as in doing so they do not violate some specific law.

Discrimination Law

One category of specific laws that could be violated by an adverse employment decision based on information on a social networking site is federal and state discrimination law.

It could be evidence of unlawful discrimination if an employer checked for such Internet information on only certain types of applicants or employees, for example, African-Americans and Hispanics.

It could also be evidence of unlawful discrimination if, although the employer searches for such information on all applicants or employees, discriminatory bias affects the employer’s evaluation of the information obtained.

For example, an employer may view more negatively photos of an African American male, beer in hand, hanging out at a bar with a hip-hop DJ than photos of a white boy, also with beer in hand, hanging out at a rock ‘n roll bar with a bunch of other white boys wearing frat T-shirts.

In such a situation, was it really the public evidence of drinking or intoxication that disqualified the individual? How many current employees would be disqualified from employment if never getting publicly intoxicated — or even drinking in public — was a job requirement? These are the kinds of questions the EEOC would ask if discrimination was raised.

Sexual orientation might be another touchy area. These days, it may be frankly disclosed on social networking sites without much thought. Yet, sexual-orientation bias remains common, and it might cause some employers to make adverse decisions. In many states and municipalities, though not yet under federal law, sexual orientation discrimination is unlawful, so such decisions will be prohibited.

Invasion of Privacy

Invasion of privacy is a claim that would be tougher. It requires a “reasonable expectation of privacy.” A student may believe that access to their Facebook profile is limited to a few thousand of their schoolmates. The Facebook FAQs clearly support such a belief in limited access, stating:

Can I see the profiles of people on other networks?

Facebook was intentionally designed to limit the availability of your profile to only your friends and other people on your networks. This simple but important security measure promotes local networking and makes sure that your information is seen by people you want to share it with, and not by people you don’t.

Nonetheless, it might be tough to prove that this expectation of limited access, even if reasonable, is an expectation of “privacy.”

On the other hand, if you are using privacy features that you believe allow you to limit access to only invited, carefully selected individuals, as opposed to all others on your network, and an employer somehow hacks past such a privacy barrier, you might have a strong privacy claim.

Terms of Service Violation

Now, onward to the terms of service issue raised by Steve. For sake of brevity, I will only address Facebook. MySpace may present somewhat different issues. The Facebook terms include the following:

You understand that the Service and the Web site are available for your personal, non-commercial use only. You represent, warrant and agree that no materials of any kind submitted through your account will violate or infringe upon the rights of any third party, including copyright, trademark, privacy, publicity or other personal or proprietary rights; or contain libelous, defamatory or otherwise unlawful material.

You further agree not to harvest or collect email addresses or other contact information of Members from the Service or the Web site by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications. Additionally, you agree not to use automated scripts to collect information from the Service or the Web site or for any other purpose.

You further agree that you may not use the Service or the Web site in any unlawful manner or in any other manner that could damage, disable, overburden or impair Web site. In addition, you agree not to use the Service or the Web site to:

  • impersonate any person or entity, or falsely state or otherwise misrepresent yourself or your affiliation with any person or entity; . . .
  • intimidate or harass another;
  • use or attempt to use another’s account, service or system without authorization from the Company, or create a false identity on the Service or the Web site.

Steven thinks it’s a no-brainer that checking individuals out on Facebook for purposes of employment decisions is a commercial use. This certainly is a possible interpretation, but I believe not the only one.

The next sentence focuses on materials submitted through your account, not what you do with information you learn about others. Therefore, “non-commercial use only” could be interpreted as prohibiting only posting information for commercial gain, such as advertisements, not surfing the site for information in support of a business purpose.

The paragraph goes on to specifically prohibit certain methods of obtaining and using information about others. Though it prohibits automated scraping and spamming, it does not address the issue of searching for specific individuals and using the information to make employment decisions.

It seems a stretch to say an employer is “intimidating or harassing” the user of Facebook by using Facebook information to make an adverse employment decision, but this certainly could be argued.

A more serious issue would arise if the employer misrepresented their affiliation with a college in order to create an account allowing them to look up certain individuals, or used another’s account to do so. This would appear to be a plain violation of the terms of service.

Consequences of Terms of Service Violation

Now, let’s assume the employer violated the terms of service. So what? My answer is that this fact may support a tortious interference with business expectancy claim, but probably only if it was a third-party recruiter or investigator who committed a violation. This is because interference by a third party is required. Perhaps such a claim against the individual who obtained the information improperly, not the company, would satisfy this requirement, but that is still somewhat iffy.

Other elements of this type of claim might also be difficult to prove, such as whether the candidate has a reasonable expectancy of employment.

There might also be a federal cause of action under the Federal Computer Fraud And Abuse Act to the extent the recruiter/employer exceeds authorized access (as authorized in the terms of service) in obtaining data from a computer system (the Facebook server).

Other Laws

Another law that could come into play is the Fair Credit Reporting Act. Despite its name, this law has broader application than credit inquiries. It might apply if the Facebook information was obtained by a third party investigator such as a recruiter or background-checking service. It would not prohibit use of the information, but would require disclosure of the fact that such information was the basis for the decision.

Thinking Practically

Those are a few of my well-educated, but still speculative, legal thoughts. Long ago, one of my mentors taught me to always ask not only what the law requires my client to do, but also what the client should do, taking into account extra-legal factors such as business realities, employee morale, employee and public perceptions, etc. Here, in the face of some murky and emerging law, I have some thoughts on what both employers and applicants/employees should do, given this growing trend of employers checking social networking sites.

I would advise applicants/employees to assume that future employers will read everything you post. So when you put something about yourself out there, you can be yourself, but avoid obvious negatives like saying you hate to work or posting sleazy or drunken photos. It may help to ask yourself whether you would want your mother to see your site. Sorry to say, but you may not even want to admit homosexuality or extreme political or religious views.

On a positive note, use your Internet postings, including blogs as well as social networking sites, affirmatively. They can help you build visibility and credibility as an expert in your field (or hobby). Join more “serious” networking sites like LinkedIn even if you are still a student — and work at building a network there that can help you in future job searches.

I would advise employers to cut applicants and employees some slack. You were once young too and maybe did similar things — if not publicly on the Internet. Ask yourself how relevant the information creating the negative impression is to job performance.

If you are going to do Internet searches and use them as a basis for employment decisions, you better do so consistently, without regard to any legally protected classifications, e.g. race, sex, age. You should document them.

I also agree 100% with Steven’s suggestion to use social networking sites and blogs in a positive fashion in your search to find good candidates. Consider the whole person, of whom the Internet persona is not always a fully accurate reflection.


  1. karen

    Excellent Article George!

  2. Googling job candidates is also common practice at mid to senior levels – and also handy when selecting lawyers or consultants. See my post at

    robert edward cenek

  3. Employers need to remember that just because they have certain tools at their disposal, doesn’t mean they have to use them. I would think that such a practice could eventually boomerang to hurt them. If employees find out that their employers are looking into their off-duty lives, it could only negatively affect their morale.

    Timely post.

    Peter Mullison

Leave a Reply