• Categories

  • Archives

    « Home

    Opinion at Cyber-Screening, Social Media, and Fair Credit Reporting

    In an opinion column at, University of Washington law professor Anita Ramasastry discusses the question: Is it legal for employers to evaluate employees or job applicants based on their social-media activity? We’ve discussed before how social-networking data — from sites such as MySpace and Facebook — can be used against employees (which can lead to lawsuits when employees fight back). And last month, the Federal Trade Commission announced a settlement with data broker Spokeo over charges related to the Fair Credit Reporting Act. Spokeo collects data on individuals from online and offline sources, such as social-networking sites Facebook and Twitter. The information, gathered into an individual profile, can include name, address, e-mail address, hobbies, religion, and more. Spokeo then sold these profiles “to human resources professionals, job recruiters, and others as an employment screening tool.”

    Ramasastry writes:

    As American employees, we are increasingly becoming aware that our current and potential employers are trawling the Internet to look for our social-media activity as a way of judging whether we should be hired or retained.  Is that practice legal? As a baseline rule, it is, as long as the current or potential employer does not discriminate on protected grounds, such as race, religion, or gender.

    Many companies are turning to private data-collection firms as a way of getting around possible discrimination claims or problems. To do so, they are hiring data brokers or aggregation firms that can collect data and “scrub” it (for example, by removing someone’s race).  These companies—much like Experian, Transunion, or Equifax, which prepare traditional credit reports—are subject to the Fair Credit Reporting Act (FCRA)—a federal law that was designed to ensure that the information provided by third parties to employers or creditors is accurate, and that consumers are informed of any adverse decisions that are made about them, based on such information.

    Are companies that compile social-media data subject to the FCRA? Until recently, the answer was unclear, but the FTC has now made it clearer.  Indeed, the FTC recently imposed a $800,000 fine against one of these social-media-data companies, Spokeo, for its failure to adhere to the FCRA when collecting social-media data and passing it on to prospective employers.

    In this column, I will discuss the implications of the FTC’s Spokeo enforcement action, and why it is important. I will also discuss why the collection and use of social-media data is inherently different from the collection of the kind of data that has traditionally been gathered for credit-reporting purposes. This contrast means that policymakers now need to look afresh at the FCRA to see how it does, or does not, adequately address the ways in which social-media data is used to assess consumer and employee behavior.

    Read the full column for her analysis of the issues, including privacy questions.

    Leave a Reply