Naked pictures? Drunken celebrations? Sexist comments? A click of a button and all evidence of your “Weekend at Bernie’s” can disappear. Job seekers know to scrub clean their Facebook pages before they connect with potential employers, to remove all trace of their off-color on-line life. But here in Ohio you can’t delete your way out of the mess you created through social media. Employers can legally ask employees and recruits to surrender their social media passwords, and thanks to Facebook’s newly expanded access program, the result is a stunningly deep portal into private messages, deleted posts, photographs and everything you ever posted on your Facebook wall.

Where does an employer’s right to screen applicants and monitor employee behavior end and personal privacy begin? It’s a murky line drawn so far by only six states — and Ohio isn’t one of them. After failing to win support for Senate Bill 351 in 2012, Ohio Senator Charleta Tavares will this month reintroduce her proposal to make it illegal for an employer to require an employee or potential employee to surrender their social media passwords. Tavares argues that employers should not be able to access personal thoughts and messages that employees never intended to be broadly distributed.

Tavares’ legislation would not restrict employers from inspecting the social media that is readily available to an applicant’s network of friends, and can legitimately help employers determine if a prospective employee would be a good organizational fit. Employers, for example, could still inspect your Facebook page, but they would do so without the personal password that gives them expanded access to your history and hidden files.

As we have noted in the past, whether such legislation really is necessary, however, is subject to debate. Few employers need — think law enforcement, finance and child care industries that require more in-depth screening — or want to delve deeply into their applicants’ or employees’ personal lives, but employers and recruiters rightfully argue that social media is a valid screening method that can reveal both negatives and positives about potential hires. A recruit who is not on LinkedIn and has no professional social media presence can appear to be not relevant. Your social media profile can paint a flattering picture of your volunteer efforts, your professional affiliations and your networking capabilities. Conversely it can expose your poor grammar and your lack of judgment. What exactly were you thinking when you posted that picture of yourself, half-naked, with a beer bottle in one hand, a joint in the other, wearing a ball-cap that says “Female Body Inspector?” We’ve all seen such pictures.

Beyond the hiring process, however, employers should know that a wealth of information is available to them if they obtain that magic password for other purposes, particularly during discovery in matters involving disputes with current or former employees. Employers can use social media to great advantage in such cases. It is difficult to sustain a claim for disabling injuries, for example, when the employer displays recent photographs of your weight-lifting workout at the gym. One manager who denied a personal relationship with a subordinate happily posted romantic pictures and glowing descriptions of their encounters.

By obtaining the personal password of a volunteer, a recent test of the new Facebook access program provided an astounding amount of personal information, hidden files, private conversations, and remarkably every item ever posted on the user’s Facebook wall dating back to her original sign-on date in 2008. In a printed format (with small font) the wall posts were nearly one thousand pages long. Surprisingly, even the private conversations the volunteer typed into pop-up message boxes, directed at individuals, were recorded and stored and resulted in 200 printed pages of “private” conversations. Every photograph the volunteer ever posted, every person the volunteer had deleted from her friend list, and all files the volunteer thought to be “hidden” were readily available. Specific devices used by the volunteer to log-on, the time spent on Facebook, and a list of every ad viewed by the volunteer over the past five years were also accessible. It is a stunning amount of information that can provide undisputable evidence, particularly in the labor and employment context.

A recent survey by Jobvite, a company that provides applicant tracking software, shows that 92% of employers are using or planning to use social networks as a recruiting tool this year. reports roughly 40% of employers are using social media as a screening tool, but there are no statistics that show how many employers require social media passwords to be surrendered.

Employers can establish a clear process that allows for legitimate inspection of a prospective employee’s social media profile — without asking for personal passwords. A successful social media review process is one that minimizes the employer’s chance for a charge of discrimination while allowing the employer to determine whether an applicant possesses reviewable, legal characteristics that make the applicant a good or bad fit for the company. You might wonder why the concern for a charge of discrimination comes in to play. Well, by just scanning an applicant’s social medial profile, an employer can uncover a lot of information, and some of it is unlawful information for an employer to use or consider in the hiring process. This information includes an applicant’s race, age, religious affiliation, national origin, gender, veteran status, pregnancy status, genetic information, sexual orientation (in some states and localities), and gender identify (some states and localities).

Successful policies usually include the following:

  1. Layout Search Criteria: A standard written search policy that defines for the employer and the applicant what social medial sites will be searched and what information reviewed; e.g., engaging in hate speech, discriminatory conduct, criminal activity.
  2. Put a Wall Between Reviewer and Ultimate Decision Maker: A two-tiered approach that provides for an initial screening of the social media before information is presented to the person who will make the actual hiring decisions. In turn, the reviewer will forward on to the ultimate decision maker only the information about the applicant that hit the employer’s defined search criteria. This ensures that the person who makes the ultimate employment decision has never actually viewed the applicant’s social media profile. This eliminates even the appearance that the applicant was hired or rejected on the basis of inadvertent access to legally protected information.
  3. Document, Document, Document: You have a strict policy in place. Now prove it. Keep uniform records about what disqualifying information was obtained through the social media sites for use in the event a lawsuit ensues.
  4. Stay True To Your Policy: Again, you have a strict policy in place — abide by it. Do not attempt to circumvent an applicant’s privacy settings to collect more information about the applicant. This includes creating a false profile to gain access to the applicant’s information or impersonating a “friend” for the same reason.

With proper guidance your social media policies can reflect the culture of your company, and will enhance — not ensnare — your workforce.