Privacy is Dead: The Birth of Social Media Background Checks
Sherry D. Sanders*
“Privacy is dead, and social media hold the smoking gun.”1
INTRODUCTION
Many people believe social media background checks are today‟s weapon in the murder
of privacy.2 These background checks are a one-stop shop for anyone eager to dig up
incriminating evidence on another person. Consider the following scenarios:
1) Prospective employee one and a friend return to his car after an exciting night out on the
town. As the designated driver, he drank only soda and water while his friend partied like
it was 1999. As he enters the car, his friend hands him an empty beer container and snaps
a picture. The friend later posts the picture on Facebook. Does this make prospective
employee one a drunk driver?
2) An imposter hacks into prospective employee two‟s Twitter account. As he peruses her
profile, the anonymity and thrill of expressing his ideas without punishment guide his
hands as he types away on the keyboard. He tweets comment after comment filled with
profanity and derogatory statements about blacks and Mexicans. One tweet calls for all
blacks to return to the motherland so the U.S. crime rate can decline. Prospective

*

Sherry Sanders, 2013 J.D. Candidate, Southern University Law Center; B.J. University of Texas at Austin. Thanks
to Gail Stephenson, a professor at Southern University Law Center, Stefanie Lee, Renashia Mullin, Floyd Price, and
Chauntelle Wood for their invaluable comments on this article.
1
Mirna Bard, 99 Favorite Social Media Quotes and Tips, SOCIAL MEDIA (Apr. 6, 2010),
(quoting Pete Cashmore, Mashable
CEO).
2
Kashmir Hill, Feds Okay Start-up That Monitors Employees‟ Internet and Social Media Footprints, FORBES, June
15, 2011, at 1, />
1

Electronic
Electroniccopy
copyavailable
availableat:
at: /> />

employee two has not been on Twitter in months and has no idea her profile has been
hacked. Does this make her a racist?
Employers are no longer the only ones who may determine a current or prospective
employee‟s fate with a click of the mouse and browse of a profile page. With a recent “stamp of
approval” by the Federal Trade Commission (FTC), credit reporting agencies (CRA) may also
gather information about an employee from social networking sites (SNS), such as Facebook and
Twitter.3 Based on the subjective judgment of a CRA or human resources employee, a
prospective employee could hear “you‟re fired” before he even sets one foot in the office door.
To add insult to injury, information posted on an employee‟s site within the past seven years is
fair game.4 Although both employers and CRAs must comply with the Fair Credit Reporting Act
(FCRA),5 this practice raises serious questions about invasions of privacy, inaccurate reporting
of information, and liability for all players involved in the practice.
The purpose of this article is to look at the legal ramifications of social media background
checks and show why this practice is detrimental to prospective and current employees. The first
section of this article will focus on the purpose of social media and the FCRA. The second
section will focus on what CRAs are reporting to potential employers and when they may be
liable for inaccurate information due to their failure to use reasonable procedures. The third
section will look at employers and when their use of SNSs may be considered discrimination or
an invasion of privacy and how a failure to check these sites may result in a claim for negligent
hiring. Next, this article will focus on whether SNSs must abide by the FCRA, and if not, when

3


Jennifer Preston, Social Media History Becomes a New Job Hurdle, N.Y. TIMES, July 21, 2011, at B1.
Preston, supra note 3, at B1.
5
Hill, supra note 2, at 2.
4

2

Electronic
Electroniccopy
copyavailable
availableat:
at: /> />

they may be liable for invasions of privacy. The final section will address whether employees
may be guilty of contributing to an invasion of their own privacy.
HISTORY
I.

THE BEGINNING OF THE END OF PRIVACY: THE BIRTH OF SOCIAL MEDIA
Social networking sites, such as Facebook, Twitter, and LinkedIn, have seen an increase

in usage over the past few years.6 Seventy-five percent of individuals between the ages of
eighteen to twenty-four have a profile on a SNS.7 One-third of individuals between the ages of
thirty-five to forty-four have an active account posted online.8 Additionally, nearly twenty
percent of individuals between the ages of forty-five and fifty-four have a profile posted on a
social network.9
The use of SNSs has expanded tremendously since SixDegrees.com, the first
recognizable SNS, launched in 1997.10 A SNS is a service that allows “individuals to create a
personal or business network.”11 Between 1997 and 2001, users were able to set up professional,

personal, and dating profiles on various SNSs, such as “Friends, AsianAvenue, BlackPlanet, and
MiGente.”12 Friendster was launched in 2002 to provide friends-of-friends with an avenue to
meet, date, and become romantic partners.13 Since 2003, new SNSs have continuously launched

6

Jordan B. Yeager & Ronalyn K. Sisson, USER BEWARE: Maximizing the Possibilities, Minimizing the Risks of
Using Social Media, 33-OCT Pa. Law. 26, 26 (2011).
7
JAY E. GRENIG & JEFFREY S. KINSLER, HANDBOOK OF FEDERAL CIVIL DISCOVERY AND DISCLOSURE E-DISCOVERY
AND RECORDS § 5:7 (West Group ed., 3d ed. 2011), available at Handbk. Fed. Civ. eDisc. & Records § 5:7 (3d ed.).
8
Grenig, supra note 7.
9
Grenig, supra note 7.
10
Danah M. Boyd & Nicole B. Ellison, Social Network Sites: Definition, History, and Scholarship, JOURNAL OF
COMPUTER-MEDIATED COMMUNICATION, (2007), available at
/>11
TOM FUNK, SOCIAL MEDIA PLAYBOOK FOR BUSINESS: REACHING YOUR ONLINE COMMUNITY WITH TWITTER,
FACEBOOK, LINKEDIN, AND MORE 8 (Praeger 2010).
12
Boyd, supra note 10.
13
Boyd, supra note 10.

3

Electronic copy available at: />


in an attempt to replicate earlier successful SNSs.14 Users of these online sites are able to (1)
create a public or semipublic profile, (2) assemble a network of friends, and (3) post comments,
messages, images, and videos to their page.15 Flickr allows users to share photos, Last.FM
provides users with a forum to share music, and YouTube is designed to share videos.16
MySpace launched in 2003.17 MySpace was unique because it allowed users to
personalize their pages and add features based on demand.18 MySpace became a global
phenomenon as it became popular with teenagers.19 In 2004, Facebook launched; however, it
was designed for use by college students only.20 Facebook expanded its services to include high
school students in 2005.21 Eventually, everyone was allowed access to Facebook in 2006.22 As
the number of people using SNSs continues to climb, privacy concerns have become the focus of
much of the press coverage of SNSs.23 Many people are concerned with whether the Fourth
Amendment to the United States Constitution covers invasions of privacy via SNSs.24
Two recent cases accused Facebook of invading the privacy of its users; these claims
have been brought under the Federal Wiretap Act.25 The court in In re Facebook Privacy
Litigation held that users of Facebook‟s networking site could not recover under the Wiretap Act
because the Act clearly states that “an entity providing an electronic communication service to
the public shall not intentionally divulge the contents of any communication…to any person or
14

Boyd, supra note 10.
Funk, supra note 11, at 8.
16
Boyd, supra note 10.
17
Boyd, supra note 10.
18
Boyd, supra note 10.
19
Boyd, supra note 10.
20

DAVID KIRKPATRICK, THE FACEBOOK EFFECT: THE INSIDE STORY OF THE COMPANY THAT IS CONNECTING THE
WORLD 30-31 (Simon & Schuster Paperbacks 2010).
21
Kirkpatrick, supra note 20, at 16.
22
Kirkpatrick, supra note 20, at 16.
23
Boyd, supra note 10.
24
Boyd, supra note 10.
25
In re Facebook Privacy Litig., No. C-10-02389-JW, 2011 WL 2039995, at *1 (N.D. Cal. May 12, 2011); Bill
Lodge, BR class-action suit targets Facebook, THE ADVOCATE, October 11, 2011, at 1A.
15

4

Electronic copy available at: />

entity other than an addressee or intended recipient of such communication.” 26 The court
concluded that the plaintiffs failed to prove that Facebook intentionally provided advertisers with
users‟ information.27 Additionally, a resident of Baton Rouge, Louisiana, recently filed suit
against Facebook alleging that Facebook is violating the Federal Wiretap Act and other laws “by
collecting information on users‟ Internet habits.”28 A court ruling has not yet been reached in this
case.
As the debate over what constitutes an invasion of privacy continues, it is obvious that
the use of SNSs has expanded from its original purpose of uniting people with similar interests.
Although initially SNSs were designed around online communities, the focus now revolves
around the individual, who is at the center of his own community.29 This new structure has been
referred to “egocentric networks.”30 Networks focused solely on one individual provide others

with the unique and easy opportunity to conduct research on a particular person and potentially
dig up incriminating evidence on that person.
II. THE FCRA AND THE ATTEMPT TO BREATHE NEW LIFE INTO PRIVACY
This section will first look at the important aspects of the FCRA and will then focus on
how the courts have interpreted the statute.
A. Important Provisions Governing CRAs and Employers
On October 26, 1970, Congress passed the FCRA.31 The purpose of the Act is to promote
fairness and accuracy in credit reporting.32 Consumer CRAs play an important role in

26

In re Facebook Privacy Litig., 2011 WL 2039995, at *5.
Id.
28
Lodge, supra note 25, at 1A.
29
Boyd, supra note 10.
30
Boyd, supra note 10.
31
Fair Credit Reporting Act, 15 U.S.C. § 1681 (2010).
32
§ 1681.
27

5

Electronic copy available at: />

“assembling and evaluating” a consumer‟s credit, as well as other information gathered on a

consumer.33 It is the responsibility of CRAs to respect consumer privacy and ensure that they are
fair and impartial when gathering and reporting information to others.34 All “reasonable
procedures” must be used to assure the accuracy of the information reported.35
Information may be assembled on a consumer bearing on his credit, character, reputation,
personal reputation, and mode of living.36 This information may be used for employment
purposes in order to evaluate a consumer for employment, promotion, reassignment, or retention
as an employee.37 A CRA may provide an employer with a credit report containing information
about a prospective or current employee only if the employee is informed in writing that a
background check may be obtained for employment purposes.38 The employee must authorize
consent to the background check in writing.39 If the employee will be denied employment or
fired based on the information assembled, the employee must be provided with a copy of the
report and a document outlining the employee‟s rights under the FCRA.40 A CRA may report
information that includes up to seven years of adverse information.41 If a CRA willfully or
negligently violates the FCRA, it will be liable to an individual for damages.42

33

§ 1681(a)(3).
§ 1681(a)(4).
35
§ 1681e(a).
36
§ 1681a(d)(1).
37
§§ 1681a(d)(1)(B), 1681a(h).
38
§ 1681b(b)(2)(A)(i).
39
§ 1681b(b)(2)(A)(ii).
40

§§ 1681b(b)(3)(A)(i), 1681b(b)(3)(A)(ii).
41
§ 1681c(a)(5).
42
§ 1681n(a); § 1681o(a).
34

6

Electronic copy available at: />

B. Federal Court Cases Interpreting the FCRA
1. Appropriate Use of Consumer Report for Employment Purposes
Section 1681b(b)(2)(A)(i) provides that an employer may conduct a background check on
an employee for employment purposes if the request is made in writing “at any time before the
report is procured.”43 In Kelchner v. Sycamore Manor Health Center, the Third Circuit held that
the phrase “at any time before the report is procured” is unambiguous and clearly means a report
may be obtained at “any time during the employment relationship.” 44 This means that an
employer is authorized to acquire an individual‟s credit report based on a blanket one-time
authorization form.45 Additionally, no provision in the FCRA prohibits an employer from firing
or disciplining an employee who refuses to allow an employer to procure his credit report. 46
2. CRA‟s Liability for Inaccurate or Unverifiable Information
Many courts allow CRAs to use the “technically accurate” defense to avoid liability,
because there is no requirement of “maximum possible accuracy” under section 1681e(b).47
However, in Koropoulos v. Credit Bureau, Inc., the Court of Appeals for the District of
Colombia rejected the technically accurate defense.48 The court instead conducted a balancing
test to determine whether there was a 1681e(b) violation.49 The court weighed the possibility of
the information leaving a misleading impression on the recipient against the availability of
accurate information and the burden on the CRA to obtain this information.50


43

§ 1681b(b)(2)(A)(i).
Kelchner v. Sycamore Manor Health Ctr., 135 Fed. Appx. 499, 502 (3d Cir. 2005).
45
Id.
46
Id.
47
Neil Vanderwoude, The Fair Credit Reporting Act: Fair For Consumers, Fair For Credit Reporting Agencies, 39
Sw. L. Rev. 395, 401 (2009).
48
Vanderwoude, supra note 47.
49
Koropoulos v. Credit Bureau, Inc., 734 F.2d 37, 42 (D.C. Cir. 1984).
50
Id.
44

7

Electronic copy available at: />

3. Willful and Negligent Violations of the FCRA
Section 1681n(a) provides that a person is liable for damages caused to another if he
willfully fails to comply with the FCRA.51 A CRA willfully violates the FCRA when it
“knowingly and intentionally commit[s] an act in conscious disregard for the rights of others.” 52
In Saenz v. Trans Union, LLC, the court adopted the Third Circuit‟s mens rea requirement to
determine what level of intent a CRA must possess to prove it willfully failed to comply with the
statute.53 The Saenz court held that a CRA acts willfully when it consciously or recklessly

disregards the law.54 Willful has also been interpreted to mean “deliberate and purposeful.”55 A
showing of actual “malice or evil motive” is not a requirement for recovery under 1681n.56
Willful violations typically occur where a CRA intentionally misleads or conceals information
from an individual.57 However, the failure of a CRA to delete incorrect information after it has
been reported or the insertion of inaccurate information after it has been deleted does not give
rise to liability for a willful act.58
In addition, section 1681o(a) provides that a CRA is liable for damages to another if it
negligently fails to comply with the FCRA.59 In order to prevail against a CRA for negligence,
four elements must be proven: “(1) inaccurate information was included in a consumer's credit
report; (2) the inaccuracy was due to defendant's failure to follow reasonable procedures to

51

§ 1681n(a).
Pinner v. Schmidt, 805 F.2d 1258, 1263 (5th Cir. 1986).
53
Saenz v. Trans Union, LLC, 621 F. Supp. 2d 1074, 1086 (D. Or. 2007).
54
Id.
55
Casella v. Equifax Credit Info. Servs., 56 F.3d 469, 476 (2d Cir. 1995).
56
Bakker v. McKinnon, 152 F.3d 1007, 1013 (8th Cir. 1998).
57
Reed v. Experian Info. Solutions, Inc., 321 F. Supp. 2d 1109, 1116 (D. Minn. 2004).
58
Id.
59
§ 1681o(a).
52


8

Electronic copy available at: />

assure maximum possible accuracy; (3) the consumer suffered injury; and (4) the consumer's
injury was caused by the inclusion of the inaccurate entry.”60
In Thompson v. San Antonio Retail Merchants Association, the Fifth Circuit held that the
reasonable procedures made by a CRA to ensure the accuracy of the information it publishes is
judged based on what a reasonably prudent person would do under the circumstances. 61 The
failure of a CRA to maintain reasonable procedures under section 1681e(a) is an important
element that must be proven before a plaintiff can bring an action for negligence. A plaintiff
would have to show that a CRA used information about the plaintiff for an impermissible
purpose,62 or it must be shown that there was a systematic error.63 There is a systematic error
when the mistake occurs repeatedly.
Section 1681b(a) provides a list of permissible purposes of consumer reports.64 Included
as a permissible purpose for furnishing a third party with an individual‟s consumer report is if the
information will be used for employment purposes.65 If a CRA discloses information to a third
party for a permissible purpose, there will be no further discussion into whether the CRA‟s
procedures were reasonable.66 Therefore, a plaintiff should not attempt to bring an action about
the reasonableness of a CRA‟s procedures if their disclosure is for a permissible purpose as
outlined in section 1681b.67 Additionally, a CRA may also be able to avoid liability for an

60

Cortez v. Trans Union, LLC, 617 F.3d 688, 708 (3d Cir. 2010) (citing Philbin v. Trans Union Corp., 101 F.3d
957, 963 (3d Cir. 1996)).
61
Thompson v. San Antonio Retail Merchs. Ass‟n, 682 F.2d 509, 513 (5th Cir. 1982).
62

Id.
63
Ruth Desmond, Consumer Credit Reports and Privacy in the Employment Context: The Fair Credit Reporting Act
and the Equal Employment For All Act, 44 U.S.F. L. Rev. 907, 922 (2010).
64
§ 1681b(a)(1-6).
65
§ 1681b(a)(3)(B).
66
Washington v. CSC Credit Servs. Inc., 199 F.3d 263, 266 (5th Cir. 2000).
67
Id.

9

Electronic copy available at: />

inaccurate report by showing that it followed all reasonable procedures to ensure that the
information was correct.68 Many circuits leave the reasonableness question up to the jury.69
4. Invasion of privacy/discrimination
The use of credit reports for employment purposes is not a discriminatory employment
practice.70 Bringing an action under the FCRA can serve two purposes: 1) ensuring the accurate
reporting of information, and 2) protecting an individual from unlawful invasions of privacy.71
Section 1681h(e) provides that no action may be brought for invasion of privacy against a person
who supplies information to a CRA, unless it involves “false information furnished with malice
or willful intent to injure” a consumer.72 This provision means that if a company provides a CRA
with credit information about a consumer, the company is protected from invasion of privacy
claims unless it furnishes both false information and the information is given with “malicious or
willful intent to damage the consumer.”73
DISCUSSION

During the summer 2011, the Internet was buzzing after learning from an FTC letter that
CRAs may conduct background checks on potential and current employees via SNSs. The letter
stated:
The staff of the Federal Trade Commission‟s Division of Privacy and
Identity Protection has been investigating Social Intelligence
Corporation („Social Intelligence‟), an Internet and social media
68

Guimond v. Trans Union Credit Inf. Co., 45 F.3d 1329, 1333 (9th Cir. 1995).
Guimond, 45 F.3d at 1329 (“The reasonableness of the procedures and whether the agency followed them will
be jury questions in the overwhelming majority of cases.”); Cahlin v. General Motors Acceptance Corp. 936 F.2d
1151, 1156 (11th Cir. 1991) (“The agency can escape liability if it establishes that an inaccurate report was
generated by following reasonable procedures, which will be a jury question in the overwhelming majority of
cases.”); Dalton v. Capital Associated Indus. Inc., 257 F.3d 409, 416 (4th Cir. 2001) (“The issue of whether the
agency failed to follow „reasonable procedures‟ will be a “jury question[ ] in the overwhelming majority of cases.”).
70
Pettus v. TRW Consumer Credit Serv., 879 F. Supp 695, 698 (W.D. Tex. 1994).
71
Myers v. Bennet Law Officers, 238 F.3d 1068, 1074 (9th Cir. 2001).
72
§ 1681h(e).
73
Lofton-Taylor v. Verizon Wireless, 262 Fed. Appx. 999, 1002 (8th Cir. 2008).
69

10

Electronic copy available at: />

background screening service used by employers in pre-employment

background screening. The reports sold by Social Intelligence include
public information gathered from social networking sites. Our
investigation aimed to determine the company‟s compliance with the
Fair Credit Reporting Act („FCRA‟)….We have completed our
investigation and determined that no further action is warranted at this
time.74
After this statement, articles were published in newspapers, magazines, and online indicating that
the FTC had given CRAs the okay to proceed with conducting background checks on Facebook,
Twitter, and MySpace. So, what does this mean?
A. PRIVACY IS DEAD, AND CREDIT REPORTING AGENCIES ARE NOW A
PRINCIPAL TO MURDER
The company at the forefront of the social media background check practice is Social
Intelligence.75 Social Intelligence generates reports for employers with both negative and
positive information from SNSs.76 Information that would be reported as negative includes:
illegal activity such as drug use, racist remarks or participating in racist activities, and sexually
explicit videos or photos.77 Positive examples include donating time for charitable or volunteer
activities, participating in industry blogs, and receiving external awards or recognition.78 Social
Intelligence indicates on its website that it runs a new background check on employees each time

74

Letter from Maneesha Mithal, Assoc. Dir., Federal Trade Commission Division of Privacy and Identity
Protection, to Renee Jackson (May 9, 2011) (on file with the Federal Trade Commission) available at
/>75
Mithal, supra note 74.
76
Social Intelligence, (last visited Jan. 7, 2012).
77
Sean Charles, Social Intelligence: What It Is And Why It Matters, Social Media Sean (Oct. 16, 2011),
/>78

Charles, supra note 77.

11

Electronic copy available at: />

it is requested.79 Although Social Intelligence must store the information for seven years, as
required by the FCRA, it provides that this old information is not reused.80
As Social Intelligence and other CRAs attempt to comply with the FCRA while gathering
information from SNSs, questions arise regarding the accuracy of the information reported as
well as when can CRAs be liable for negligent reporting. The two hypotheticals mentioned
earlier both include instances where a mere glance at a picture or profile page may not reveal the
truth. A potential employee‟s career may lie in the hands of the subjective judgment of someone
hired by a CRA to conduct research. If prospective employee one misses out on his opportunity
to become a truck driver because a picture on Facebook appears to paint his as a drunk driver or
prospective employee two is not hired at a firm because her Twitter account contains racist
statements, what can be done?
1. When Is a CRA Liable for Inaccurate Reporting?
The purpose of the FCRA is to protect consumers; however, the FCRA may not be as
helpful in the employment context.81 A 2004 report found that twenty-five percent of credit
reports surveyed included serious errors that could result in the denial of credit or employment.82
Seventy-nine percent of the credit reports surveyed included either serious errors or other
mistakes of some kind.83 Few cases have provided relief to consumers for inaccurate reporting,
but in Koropoulos v. Credit Bureau, Inc. the U.S. Court of Appeals for the District of Columbia

79

Social Intelligence, Does Social Intelligence store information about job applicants that can potentially be used
against them on future job hunts, (last visited Jan. 7, 2012).
80

Social Intelligence, supra note 79.
81
Ruth Desmond, Consumer Credit Reports and Privacy in the Employment Context: The Fair Credit Reporting Act
and the Equal Employment For All Act, 44 U.S.F. L. Rev. 907, 916 (2010).
82
ALISON CASSADY & EDMUND MIERZWINSKI, MISTAKES DO HAPPEN: A LOOK AT ERRORS IN CONSUMER CREDIT
REPORTS 4 (Nat‟l Assoc. of State PIRGs ed. 2004).
83
Cassady, supra note 82.

12

Electronic copy available at: />

rejected the technically accurate defense courts had previously followed.84 In Koropoulos, the
plaintiff defaulted on his loan, but eventually paid it off.85 The CRA charged it off as bad debt,86
and because of this, the plaintiff was denied credit several times.87 The court held that if
information contained in a report leaves a misleading impression on the recipient, the
information is inaccurate.88 The court weighed the possibility of leaving a misleading impression
against the availability of accurate information and the burden on the CRA to obtain this
information.
Applying the balancing test identified in Koropoulos to the two hypotheticals previously
presented, it is difficult to discern whether a CRA may be liable to prospective employees one
and two for inaccurate reporting under 1681e(b). First, if a CRA reported to an employer that
prospective employee one was a drunk driver based on the picture posted on Facebook, this
report would be technically accurate, in accordance with the standard required in most circuits.
However, the facts of the hypothetical indicate that prospective employee one was the designated
driver and had not been drinking. A simple snap of a camera by a drunk friend playing around
has created a deceiving image. If prospective employee one requests that the CRA remove the
information and the CRA does not, it is reporting inaccurate information. This information will

leave a misleading impression on the employer. However, it is difficult to balance the weight of
the misleading impression against the burden on the CRA to obtain accurate information because
this is not the usual check of a person‟s credit, criminal, or employment history. A social media
background check cannot be verified as easily as information from a basic background check.
84

See Koropoulos v. Credit Bureau, Inc. 734 F.2d 37, 42 (D.C. Cir. 1984).
See id.
86
A debt is charged off when the account is treated “as a loss or expense because payment is unlikely.” BLACK‟S
LAW DICTIONARY 266 (9th ed. 2009).
87
See Koropoulos, 734 F.2d at 38-39.
88
See id at 47.
85

13

Electronic copy available at: />

For example, a CRA can easily call a merchant or creditor to determine whether information
contained on a person‟s credit report is accurate. In this instance, the burden on the CRA would
be small. So balancing the misleading impression versus the actual truth surrounding the picture
and considering the burden on CRAs to obtain this information, it is possible that a court may
rule either way on whether a CRA is liable under 1681e(b) for reporting inaccurate information.
The same is true for the second hypothetical. If a CRA reported that prospective
employee two was a racist based on the postings on her Twitter account, this would be
technically accurate. However, if prospective employee two reports the inaccuracy to the CRA
and it fails to correct the information, then the balancing test applies. The facts in the

hypothetical indicate that prospective employee two had not accessed her Twitter page in months
and that someone hacked into her account. This indicates that prospective employee two did not
make the racist remarks. An employer reviewing the information provided by the CRA would be
misled into believing that prospective employee two is really a racist. Therefore, it would appear
that the misleading information may outweigh the fact that the information is technically
accurate. The problem arises when assessing the burden on the CRA. How will courts evaluate
the burden on CRAs to obtain accurate information when they are using sites where people are
known to exaggerate and lie to gather information to report back to employers? This author
suggests when applying this test to social media background checks, courts should consider only
the possibility of leaving a misleading impression versus the accuracy of the information.
Including the burden requirement may result in employees never being able to prevail, because
CRAs will always be able to show that it would be difficult to find information to prove the
accuracy of the information reported.

14

Electronic copy available at: />

Thus, although it has been found that a possible one in four credit reports contain serious
errors,89 employees who have become victims to the inaccurate reporting must overcome the
technically accurate defense in order to hold a CRA liable. If a prospective employee can avoid
the technically accurate defense and have the balancing test applied instead, he may be able to
recover damages for inaccurate reporting. It is still to be determined how courts will view the
burden on CRAs to obtain accurate information.
2. When is a CRA Liable for Negligence or Failing to Follow Reasonable Procedures?
In Stevenson v. TRW, Inc., the court found TRW liable for negligence.90 In this case, the
plaintiff notified TRW about inaccurate information contained on his credit report. 91 After
believing that his report was corrected, he noticed that inaccurate information either remained on
his report or was reentered after it was deleted.92 The court held that TRW acted negligently
because the steps it took to reinvestigate the plaintiff‟s dispute were unreasonably long and TRW

failed to promptly delete inaccurate or unverifiable information from his report. 93 In Philbin v.
Trans Union Corp., the Third Circuit set out four elements to determine whether a CRA was
negligent in gathering or reporting information.94
First, it must be determined if inaccurate information was reported in a consumer‟s credit
report.95 In hypothetical one, the first element would be satisfied because prospective employee
one had not been drinking. If a CRA reported that prospective employee one was a drunk driver,
this information would be inaccurate.

89

Cassady, supra note 82.
See Stevenson v. TRW, Inc. 987 F.2d 288, 298 (5th Cir. 1993).
91
See id. at 291.
92
See id. at 291.
93
See id. at 298.
94
Philbin v. Trans Union Corp., 101 F.3d 957, 963 (3d Cir. 1996).
95
Id. at 963.
90

15

Electronic copy available at: />

Second, the inaccuracy must be due to the CRA‟s failure to follow reasonable
procedures.96 Courts have ruled different ways on whether a CRA has failed to follow reasonable

procedures. In Boris v. Choicepoint Services, the court found that a CRA did not follow
reasonable procedures by failing to clarify misleading information contained in its report. 97 Boris
notified Choicepoint regarding inaccurate information about prior insurance claims in her claims
report.98 After the original mistakes were corrected, more inaccurate information appeared on her
report.99
In hypothetical one, any information reported by a CRA claiming that prospective
employee one is a drunk driver would be misleading. Similar to the Boris case where information
concerning the plaintiff‟s prior insurance claims was inaccurate, information indicating that
prospective employee one is a drunk driver would be inaccurate. If the CRA fails to correct this
information after requests to do so, the CRA could be in violation of section 1681e(b) for failing
to follow reasonable procedures. However, because the FTC has set “minimal requirements for
the „reasonable procedures‟ standard,” a CRA will be liable only if an employee can show there
were “systematic errors.”100 Thus, even if a CRA generated an error themselves, prospective
employee one may not be able to recover if that error does not rise to the level of a systematic
error.101
Additionally, the plaintiff must show that he was injured and this injury was the result of
the inclusion of the inaccurate information.102 These two elements could easily be satisfied

96

Id.
See Boris v. Choicepoint Servs., 249 F. Supp. 2d 851, 862 (W.D. Ky. 2003).
98
See id. at 855.
99
See id. at 855.
100
Desmond, supra note 81, at 922.
101
Desmond, supra note 81, at 922.

102
Philbin v. Trans Union Corp., 101 F.3d 957, 963 (3d Cir. 1996).
97

16

Electronic copy available at: />

because prospective employee one can show that he was denied employment due to the credit
report provided to the employer. Therefore, prospective employee one could have a claim against
a CRA for negligence only if he can overcome the reasonable procedure standard.
Prospective employee two could also possibly have a claim for negligence, only if she
can overcome the reasonable procedure requirement. Information stating that prospective
employee two is a racist would be inaccurate because she did not post the comments. Second, if
the CRA fails to correct the misleading information and it becomes a systematic error, it may be
in violation of section 1681e(b) for its failure to follow reasonable procedures. Third, prospective
employee two would be injured financially and possibly emotionally because of the denial of the
opportunity to advance her career. Finally, the inaccurate information provided to the employer
would be the cause of prospective employee two being denied employment.
The difficulty in applying the reasonable procedure standard to employment-related
issues has to do with urgency and necessity. Many jobseekers or current employees may not have
the money or the time to make continuous requests to a CRA that inaccurate information be
corrected. A lack of income resulting in unpaid bills or hungry children cannot wait for a
systematic error to occur in order to prove negligent compliance with the FCRA. Therefore, the
likelihood of a prospective or current employee being able to prove a CRA failed to follow
reasonable procedures may be slim.
B. PRIVACY IS DEAD, AND EMPLOYERS ARE ALSO A CO-CONSPIRATOR IN THE
INVASION OF PRIVACY
It is no secret that employers use SNSs to screen prospective employees before offering
them a position. The New York Times reports that seventy-five percent of companies require job


17

Electronic copy available at: />

recruiters to conduct research on job candidates.103 Additionally, seventy percent of recruiters
denied candidates employment because of information found online.104 To avoid discrimination
charges and other legal risks, many employers use CRAs to generate reports on employees. 105
Because employees must be informed in writing that a background check may be obtained for
employment purposes,106 the employer should provide an area where the employee can consent
to the social media background check. Jobseekers and current employees must be provided with
notice, consent, access, and enforcement, areas where the FCRA does not provide much
protection for employees.107 Thus, employees and employers must take steps to protect
themselves.
1. Employees Should Always Read All Employment Documents
Before prospective employees one and two sign employment documents, they should
read them carefully. GameStation conducted a recent survey to determine how many of its
customers read the terms and conditions of their online sales before signing them.108 The
company placed a provision in the contract called the “Immortal Soul Clause” that legally
obligated its customers to provide GameStation with their souls.109 Eighty-eight percent of
customers did not read the terms and conditions before signing the contract. 110 The clause was
added to demonstrate that few people read contracts before signing them.111 Prospective
employees should take the time to read any documents required to be signed prior to or during

103

Jennifer Preston, Social Media History Becomes a New Job Hurdle, N.Y. TIMES, July 21, 2011, at B4.
Preston, supra note 103.
105
Social Intelligence, supra note 76.

106
§ 1681b.
107
Desmond, supra note 81, at 923.
108
Joe Martin, GameStation: “We own your soul”, Bit-Gamer (April 15, 2010), />109
Martin, supra note 108.
110
Martin, supra note 108.
111
Martin, supra note 108.
104

18

Electronic copy available at: />

their employment. Because employers must include a provision in their employment documents
to inform employees that a background check will be conducted,112 employees should check with
human resources personnel to verify where the background information will be taken from.
Taking these steps will allow potential employees to prevent CRAs or human resources
personnel from gathering background information on SNSs. It can also put employees on notice
and give them time to delete harmful information from their page or ensure that their profile is
not available to the general public.
Employees should also be aware that if they do sign an employment document containing
a provision stating that a background check will be conducted, they are giving their employer
authorization to obtain a report any time during the employment relationship.113 Employers may
lawfully check a current employee‟s background five, ten, or even twenty years after being hired
based on a blanket one-time authorization form signed during the hiring process.114 The FCRA
provides little protection for employees who refuse to allow an employer to procure his credit

report.115 Here again, the difficulty in applying the FCRA to employment-related issues is
present. While employees should be careful about what they sign, this caution could result in
adverse action against them in which the FCRA may not provide a remedy. Adding social media
background checks to this situation will only help increase the likelihood of prospective and
current employees being harmed at the hands of employers.
2. Employers May Be Liable If They Do Check SNSs or If They Do Not
“The employer who acts on false positive information suffers the investment cost of
breached trust in a new employee; the employer who acts on false negative information may
112

§ 1681b.
Kelchner v. Sycamore Manor Health Ctr., 135 Fed. Appx. 499, 502 (3d Cir. 2005).
114
Id.
115
Id.
113

19

Electronic copy available at: />

never know the nature and extent of the lost opportunity.”116 Social media has placed employers
in a difficult position. Legal consequences such as “negligent hiring, harassment claims,
discrimination claims, and other legal issues” may await employers who do check SNSs or those
who fail to check SNSs before hiring an employee.117 A negligent hiring claim may arise where
an employer fails to check SNSs before hiring an employee, or fails to act on information
revealed on SNSs about an employee.118 For example, let us assume that the picture of
prospective employee one drinking and driving is accurate. If a truck company hires prospective
employee one after discovering this information on Facebook and he injures someone because he

was drinking on the job, the employer could be liable to the third party for negligent hiring. 119 A
law firm could be liable for negligent hiring if it hires prospective employee two when it was
aware of her comments on Twitter and she fails to adequately represent a client because of his
race. Thus, it appears that checking SNSs to do background checks on employees is an
advantage for employers. However, discrimination claims may arise if adverse action is taken
due to negative information found on SNSs.120
An employer may be sued for discrimination if it makes a decision to hire or not hire a
prospective employee based on the candidate‟s “sex, sexual orientation, age, or race”121 These are
areas protected under federal law.122 The FCRA is one of the federal statutes that attempts to
protect employees from discriminatory practices by requiring employers to provide employees

116

Virginia G. Maurer & Robert E. Thomas, Getting Credit Where Credit is Due: Proposed Changes in the Fair
Credit Reporting Act, 34 Am. Bus. L.J. 607, 622 (1997).
117
Arthur Yermash, Employer Legal Issues For Online Social Networking, LEGAL BRIEF, (Aug. 2010),
/>118
Yermash, supra note 117.
119
Yermash, supra note 117.
120
Yermash, supra note 117.
121
Yermash, supra note 117.
122
Yermash, supra note 117.

20


Electronic copy available at: />

with proper notice before gathering information from SNSs.123 Despite this attempt to protect
employees, the notice requirement in the area of employment may have little effect because
employees may fear that not consenting to the background check could cost them their jobs.124
An employer could also be liable for a willful violation under 1681n(a) for violating
equal opportunity laws, failing to notify prospective or current employees that they will be
subject to a background check, or failing to notify an employee that adverse action was taken as
a result of information found on his report.125 Furthermore, by conducting their own social media
background checks, or having a CRA do so, employers risk invading a prospective employee‟s
privacy. Credit reports disclose intimate, and often incomplete, information that compels
employers to draw “misleading conclusions about a person‟s history and behavior.” 126 Social
media background checks will only provide a false impression of an employee‟s morals or
motive.127 Employers could misinterpret the information because they are unaware of the context
or implications of the situation.128 The information listed on a person‟s profile page may not
adequately reflect the true facts or the overall picture. Moreover, invasions of privacy may occur
where an employer has an individual befriend a job candidate whose profile is not open to the
public.
C. PRIVACY IS DEAD, AND SOCIAL NETWORKING SITES ARE GUILTY OF FIRST
DEGREE MURDER
There is no word on whether SNSs must comply with the FCRA or if it is providing
CRAs with information on employees. A recent Forbes article suggests that Facebook is not

123

§§ 1681b(b)(3)c(A)(i), 1681b(b)(3)(A)(ii).
Desmond, supra note 81, at 916.
125
Desmond, supra note 81, at 923.
126

See Desmond, supra note 81, at 911.
127
See Desmond, supra note 81, at 912.
128
See Desmond, supra note 81.
124

21

Electronic copy available at: />

involved in the practice.129 The article stated that Facebook sent Social Intelligence a cease and
desist letter that said that Social Intelligence‟s practices may violate Facebook‟s terms of
service.130 If SNSs such as Facebook must comply with the FCRA, a claim for invasion of
privacy may be brought under this Act. However, current cases involving invasions of privacy by
Facebook are being brought under the Federal Wiretap Act. 131 In re Facebook involved a class
action brought against Facebook for allegedly transmitting its users‟ personal information to
third-party advertisers without consent.132 The Baton Rouge, Louisiana, class action involves
allegations that Facebook violated federal wiretap laws “by collecting information on users‟
Internet habits.”133
If prospective employees one and two were somehow under the impression that the SNSs
were leaking information to CRAs or employment personnel, they could bring a claim against
the SNSs under the FCRA, the Federal Wiretap Act, or any other relevant federal law. The claim
against Facebook in In re Facebook was unsuccessful because the court found that the plaintiffs
failed to show that Facebook intentionally provided information to the third party.134 Currently, it
appears that a claim for invasion of privacy against a SNS may have to come under the Wiretap
Act because there is no proof that SNSs are participating in the social media background check
practice.

129


Kashmir Hill, Senators Worried Job Seekers „Unfairly Harmed‟ By Social Media Background Checks, FORBES,
September 20, 2011, />130
Hill, supra note 129.
131
In re Facebook Privacy Litig., 2011 WL 2039995, at *1; Lodge, supra note 25, at A1.
132
In re Facebook Privacy Litig., 2011 WL 2039995, at *1.
133
Lodge, supra note 25, at A1.
134
In re Facebook Privacy Litig., 2011 WL 2039995, at *5.

22

Electronic copy available at: />

D. PRIVACY IS DEAD, AND EMPLOYEES MAY CONTRIBUTE TO THE INVASION OF
THEIR OWN PRIVACY
Although individuals have different “privacy tolerance,” users of SNSs still have the urge
to know what others are doing.135 Users are also obsessed with informing others of their current
activities or thoughts. This urge blindly leads users into contributing to the invasion of their own
privacy. While the FCRA fails to fully protect employees in the area of notice, the requirements
placed on employers and CRAs should at least warn employees to clean up their profile pages.
SNSs give users the personal option of establishing their own privacy settings.136 Users should
take advantage of this option. Any problems associated with the social media background check
practice can be easily cured by employees taking preventative measures to avoid having to prove
that a CRA or employer failed to comply with the FCRA.
The options available to users to avoid the burden of proving inaccurate or negligent
reporting are quite obvious. One option is to take down all questionable pictures or posts to

prevent mixed interpretation of what these items may mean. Second, users could set their privacy
settings to where only their friends can see their profiles. This would prevent outsiders from
viewing any information posted. Finally, users could temporarily or permanently take down their
profiles. It may be a good idea to temporarily take the page down, at least while searching for a
job. It is important to note that the only option that may allow full protection from invasions of
privacy is permanently taking the page down. However, this may be an extreme measure for
some, and there is no guarantee that the page is permanently deleted. Prospective and current

135

ERIK QUALMAN, SOCIALNOMICS: HOW SOCIAL MEDIA TRANSFORMS THE WAY WE LIVE AND DO BUSINESS 5
(John Wiley & Sons, Inc. 2009).
136
Qualman, supra note 135.

23

Electronic copy available at: />

employees must always keep in mind that it takes the stroke of pen one time to give employers
authority to access their account any time during the employment relationship.137
CONCLUSION
Social media background checks are flawed. These flaws are enhanced because the use of
the FCRA for employment-related issues in general has not been worked out. It is hard to
determine what information is true, exaggerated, or a total lie. How can a person‟s future depend
on a flawed method that is based on the subjective judgment of CRA employees? Too much
discretion has been placed in the hands of these employees. Although the court system can be
used to remedy violations of the FCRA, the damage has already been done. The prospective
employee has already been deprived of income to support his family or the opportunity to
advance his career. Maybe the FTC should reconsider allowing social media background checks.

Even “[p]rivacy-protective senators Al Franken and Dick Blimenthal” have expressed their
dissatisfaction with the practice.138 If privacy was not dead before, the smoking gun held by
social media has definitely killed it now.139

137

Kelchner v. Sycamore Manor Health Ctr., 135 Fed. Appx. 499, 502 (3d Cir. 2005).
Hill, supra note 128.
139
Bard, supra note 1.
138

24

Electronic copy available at: />