Posted on July 15, 2011 by Lisa Stam

Social Checks on Potential Candidates

Good employers always conduct a reference check to determine whether to hire a candidate.  With the world of online communications, however, how far should an employer go when researching the background of a potential candidate?  At what point does that legitimate research become inappropriate snooping into a person's private life?

I posted on the topic of social media in the workplace last February, and continue to get questions about what social media information an employer can use.

It's Good Practice to Do a Social Check

Doing some amount of a social check on a candidate is a good practice.  You want to know if your candidate is publicly racist, overly opinionated about his supervisors, or parties a little too hard on a school night.  A basic Google search will pull up most of the LinkedIn, Facebook, Twitter or blogging presence.  It's free and not overly time consuming.  If nothing else, it will provide a glimpse into the candidates' general judgment on public comments.

Leave it to the Experts?

Companies are now starting to pop up that specialize in gathering social media and online information about candidates.  One US example that has been in the news lately is Social Intelligence.  While the extent of online information it can dig up has led some to question whether it is going to far, it does appears to remain within legal parameters.  As discussed on the Workplace Privacy Blog, in the US, the Federal Trade Commission recently indicated that "employers that rely on a social check service, like Social Intelligence, to search social media for information about job candidates must comply with the Federal Credit Reporting Act.".  According to the Federal Trade Commission, Social Intelligence does comply, presumably giving the green light to other similar companies.

In its Factsheet on Privacy and Social Media in the Workplace, the Privacy Commissioner of Canada does not reject the use of social media resources for employment purposes, but does warn that employers should not use the information in a discriminatory manner towards potential candidates.  For example, if you see that a candidate "Likes" a page on mental health issues, the CNIB or a women's right organization, it could be discrimination to pass the candidate over on that basis.  This falls in line with the various Canadian human right commission policies on discrimination in the workplace.

Of course, most employers would not expressly admit that they are not hiring a candidate because of the person's race, gender, or perceived disability, but there is no doubt that the information gathered in a social check would influence a hiring decision.  That is the point of the reference check, after all. 

Be Careful What You Wish For

The problem with a social check is whether you can rely on the information you dig up.  A general rule I have is that if the employee wrote the information him or herself, you're probably good to go.  If they were drunk when they sent out that tweet, then, well, perhaps they should have thought twice - the old "don't drink and dial" rule is transferable to the online world. 

While employers will want to pause to ensure the information is actually posted by the person (as opposed to posted by someone else on their Facebook wall), I say that that information is probably fair game for an employer to take into consideration (with all the usual caveats about not relying on information in a discriminatory manner). 

If, however, the information is posted by another person about the candidate, then employers should pause to consider the weight of the information.  Is the information posted by a bitter ex-spouse?  An angry teenage daughter?  A drunk friend who thought it was funny at the time?  Whether a deliberately false statement or an innocently incorrect one, social media checks need to proceed with caution to ensure any employment decisions are based on hard facts, not one or two potentially incorrect or "funny-at-the-time" comments. 

Sidenote: The Social Checks Can Bite You Back

As a sidenote to employers:  the social check can work both ways.  On Bob Sutton's Work Matters blog, he lays out a checklist for candidates to determine if their future employer will be a "bosshole".  Potential candidates can now dig for that kind of information online and equip themselves with far more information than a few years ago.

 

 

Tags: , , ,
Posted on July 5, 2011 by Lisa Stam

Privacy in the Workplace 101

Privacy in the workplace is an area that invites a broad range of views and perspectives.  Whether the information relates to data on an electronic device such as an employer-provided computer or blackberry, or personal employee information such as bank account information for pay cheque deposits, we all expect some degree of privacy in the workplace. 

What remains in dispute in many workplaces is where to draw the line between public space and personal privacy.  The law on workplace privacy continues to evolve in a non-linear fashion, in part because of the patch-work of Canadian legislation that governs privacy.   This post will outline the basic framework of law that governs privacy issues in Ontario workplaces.

Privacy Legislation in Ontario

Ontario does not have its own privacy legislation (other than for health care information) and therefore defaults to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  PIPEDA applies to the commercial information of an Ontario company, but not to personal employee information, unless the employee works for a federally governed organization (banks, railroads, etc). 

Here is the specific language in PIPEDA:

4. (1) This Part applies to every organization in respect of personal information that

(a) the organization collects, uses or discloses in the course of commercial activities; or

(b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business.

If the information in question relates to health and medical information, then the  Personal Health Information Protection Act (PHIPA) applies.

Privacy Case Law

To keep it interesting, the courts also continue to develop the common law on privacy.  In addition to filing a claim with the applicable privacy commission office for a breach of a privacy statute, an individual or organization could instead take their matter to the courts. There is still debate, however, about whether one can file a claim in the courts based on an independent claim of a privacy breach, as opposed to adding on a privacy claim to an underlying claim such as breach of contract.

[**JANUARY 2012 ADDENDUM - see my post on Jones v Tsige regarding new developments in privacy case law in Ontario.  We now have a tort of privacy in Ontario and the following commentary on caselaw is out of date.]

The court in the recent case of Jones v Tsige [2011] ONSC 1475 (Ont. Sup. Ct) held that there is no independent right to sue for invasion of privacy.  A bank employee in that case had accessed and viewed another employee's banking information 174 times.  The case walks through the recent authorities on the possibility of a tort of privacy as its own actionable wrong and concludes that there is no such authority in Ontario.  The court made reference to Euteneier v Lee [2005] CanLII 33024 (Ont. C.A.), a case which noted in passing that there was no free standing right to privacy under the Charter or common law.

There is another line of cases, however, that suggests it may be time to recognize the tort of privacy.  See for example, Somwar v McDonald's Restaurants of Canada Limited (2006) CanLII 202 (Ont. Sup. Ct.).

Jones v Tsige is the more recent case, so at this moment, it is likely that a party could not sue on the basis of a privacy claim alone. 

The Gap

Given the current state of the legislation and caselaw, for non-health related employee information in Ontario workplaces, there is a legislative and judicial gap.  Often the gap is taken care of through language in a collective agreement, an employment contract, an employee handbook, workplace policies on email or computer use, or general expectations communicated to employees in the workplace. 

Where the gap remains outstanding, however, companies would be wise to integrate the principles of privacy law outlined in PIPEDA throughout the organization.  Privacy legislation and privacy caselaw continues to grow and it's only a matter of time before there will be some sort of express legislation or body of caselaw that requires employers to maintain a minimum level of protection of employee personal information. 

In any event, Ontario companies are required to comply with PIPEDA in their commercial dealings, so it may prove difficult to defend if employee personal information is less protected than other corporate data. 

 

Tags: , , , ,