Headlines have been made recently with stories about US businesses requiring job applicants to hand over their Facebook login details so that they can collect candidate information from the social media site before making a recruitment decision. This practice, which is causing a storm in the US and has led to several states seeking to introduce legislation to prohibit it, is not yet commonplace this side of the Atlantic. In this interview, Vicky Clark – director of BCL Legal – speaks to Jane about why UK employers should be wary of following suit….
What potential legal liabilities can arise from using social media in recruitment?
Potential legal liabilities can arise from simply accessing an individual’s social media profile, irrespective of the use to which the information is subsequently put. According to the Information Commissioner, the practice breaches the Data Protection Act, which prohibits organisations from holding excessive information about an individual. Having full access to a candidate’s Facebook account would also give access to information not just about the candidate, but about third parties to whom they are connected. Accessing this information would be in breach of the Data Protection Act as those individuals are unlikely to have given consent to having their data accessed in this way. Vetting candidates via social media could also put an organisation at risk of discrimination allegations if the employer discovers information about, for example, sexual orientation, caring responsibilities, health or age and rejects the candidate on these grounds.
Can employers use social media in recruitment?
The Information Commissioner’s guidance is that “vetting” of candidates’ social media sites should only be used where a recruitment decision poses significant risks to the employer, clients, customers or others and there is no alternative available. Trawling social media sites to sift applicants is, in reality, a form of vetting and, to avoid comeback, employers should make sure they give clear guidance to managers about how social media can and cannot be used in recruitment.
Should employee use of social media be regarded as private?
Although requiring log-in details to gain access to a job applicant’s Facebook account seems rather heavy handed, there are a number of legal risks inherent in employee use (and misuse) of social media which make it important for employers to know what their staff are up to online. For example, an organisation’s reputation or brand might be damaged by an employee posting derogatory comments or controversial opinions (especially if they are contrary to the brand ethos), confidential information might be deliberately or inadvertently disclosed, an employer can be liable for an employee’s “cyber-bullying”, and there can be significant loss of productivity associated with use of social media sites during working time.
What about monitoring social media use during employment?
Monitoring employees’ use of social media is essential for a business to be able to control the risks. However, monitoring can create its own risks if it is done in the wrong way or for the wrong reasons. Any monitoring must be proportionate, and not intrude into employees’ private lives or interfere with the trust and confidence at the heart of the employment relationship.
Monitoring sites visited and time spent on social media sites in working hours will rarely be contentious, provided employees have been informed that their usage will be monitored and the reasons for doing so. Monitoring content, however, is more intrusive and will require tighter safeguards. Employees’ work related use of social media can be monitored provided that data protection principles are complied with and, as part of this, it will be important to consider if there are less intrusive alternatives. The really tricky area is monitoring an employee’s personal social media activity. The Courts’ attitude to this so far remains largely untested but it is clear that the key to effective legal monitoring and control of social media usage is a well drafted and business specific social media policy. This should include:
• rules on social media activity during working hours;
• rules on the use of personal social media accounts and how personal use could impact the employer’s business;
• rules on social media including a reminder that social media activity is not necessarily private and the employer may discipline for inappropriate activity which breaches the policy whether work related or personal; in/outside the workplace and on personal/company IT equipment; and
• an explanation that the organisation monitors social media use and how and for what purposes this monitoring is carried out.