If you are one of the increasing number of employers using social-networking sites to research job candidates, you may want to pause for a moment before hitting the “search” button. In this and a following e-brief we examine how employers could be infringing one of a number of laws that impact on this area. In this e-brief, we focus on hiring.
US study on hiring managers
It is clear that social networking sites are becoming a favourite port of call for employers involved in screening recruits. A US study conducted last year showed that 22% of hiring managers used social networking sites to vet job candidates, with a further 9% saying they planned to start doing so.
Of those who screened profiles, 34% rejected candidates without further consideration after reading online entries. Top concerns included candidates posting provocative or inappropriate photographs or information (40%), the screen name being unprofessional (22%), and candidates being linked to criminal behaviour (21%).
But how lawful is it for you to use a candidate’s social networking profile to access information and then to reject them on the basis of what you find?
Site terms and conditions
The terms and conditions of Facebook, MySpace, and Bebo all include a general prohibition on commercial use, so any employer accessing these sites for recruitment purposes is immediately contravening the conditions of use. Even if this goes unnoticed by the site provider, you could lay yourself open to claims under Guernsey’s Data Protection and Sex Discrimination laws.
Data protection and vetting
The Data Protection Law requires you to process a job applicant’s personal data fairly and for lawful purposes. The Law is interpreted by reference to the UK Information Commissioner’s Code of Practice on Data Protection and Employment.
The Code prohibits an employer from placing reliance on information collected from possibly unreliable sources. It also stipulates that a job applicant should be allowed to make representations regarding any information that will affect the recruitment decision. On this basis, if you don’t give a candidate an opportunity to explain any profile entry which has influenced your decision, you will be in breach of the Code.
In addition, supplementary guidance to the Code requires that employers should “only use vetting as a means of obtaining specific information, not as a means of general intelligence gathering”. As such, trawling through a candidate’s Facebook profile and forming a general impression of whether they are “the right fit” without giving them a right of reply will also breach the Code.
By breaching the Code, you risk breaking the Law.
Data protection and sensitive personal data
Two of the top concerns cited by hiring managers in the US study were the posting of provocative or inappropriate photographs or information and the use of inappropriate screen names. If you reject a candidate because of provocative postings with a sexual connotation, you could breach specific provisions of the Data Protection Law which relate to sensitive personal data. “Sensitive” personal data for these purposes include data relating to sexual life, criminal convictions, and political and religious beliefs.
The Data Protection Law normally requires an individual’s explicit consent to be obtained before sensitive personal data can be used for any purpose. If you rely on profile information with a sexual slant to reject a candidate without telling them that you have done so, you risk breaking the Law.
Data protection and criminal convictions
If the Facebook trawl links a candidate to criminal behaviour (another top concern of hiring managers), then not only do you need to be aware of the rules relating to sensitive personal data, you also need to bear in mind the Code of Practice on the Disclosure of Criminal Convictions in connection with Employment issued by the Guernsey Data Protection Commissioner.
If you reject a candidate as a result of criminal convictions that you have stumbled across in a Facebook search, you could well be processing that information unfairly. If the conviction is irrelevant to the job you are looking to fill, it should not be taken into account.
It is also important that criminal record information is handled securely, including limiting its dissemination on a “need to know” basis and ensuring its destruction within six months of the recruitment decision. Failure to process and handle the information properly will put you in breach of the Law.
As well as data protection implications, rejecting a candidate on the grounds of their Facebook or MySpace profile may give rise to a sex discrimination claim. The basic duty under the Sex Discrimination Law is not to treat a woman less favourably than a man on the grounds of her sex (or vice versa, but the majority of sex discrimination claims are still brought by women).
A hiring manager who reads that a candidate is in the early stages of pregnancy, or perhaps undergoing IVF treatment, may decide at that point to put her application on the “reject” pile. Alternatively, graphic tales of one night stands which may be acceptable in a man may be less acceptable in a woman. From the US study, it would seem that something as innocuous as the screen name “Minx” or “Sex Bomb” may dissuade a potential employer from hiring a female candidate. If the same negative connotations would not be applied to “Ladykiller” or “Wolf”, again a woman may have a sex discrimination claim.
If you are thinking that these claims are unlikely because the rejected candidate will never know why you rejected them, think again. With increasing numbers of data subject access requests being made by disgruntled job applicants under data protection legislation, there is no room for complacency.
In our next employment e-brief, we will focus on Facebook and firing.
This article appeared in the May edition of Business Active.