Thailand Law Journal 2012 Fall Issue 1 Volume 15

On one hand, recruiter organizations can use peripheral information provided in SNSs to draw a quick character picture of a job candidate. This helps organizations make an assumption about the personality of job candidates, to predict how they would work in the organization and to determine whether he/she fits in the organization (Rynes & Barber, 1991, Braddy et al., 2003). But on the other hand, information in SNSs could contribute a negative consequence, as this can affect the employment decision (Brandenburg, 2008). This statement was confirmed by a number of surveys. CareerBuilder.com reported 63% of employers rejected job candidates because of information founded in SNSs (CareerBuilder, 2006). And Global Interviewing Perceptions Survey indicated that 52% of global employers believed the information in SNSs impact their hiring decision (Peacock, 2009).

This negative consequence leads to a discussion whether it is legal to run online background checks without the permission of the person being screened and whether this complies with an ethical manner a business organization should have.The next sections will discuss this legal issue.

2. Legal issue related to online background check
Making an accurate hiring decision is extremely important for most employers. The cost associated with making a poor hiring decision could be enormous (Calva-sina et al., 2008). Therefore organizations perform necessary tasks to protect themselves by mitigating risks through due diligence and exercising a distinguished degree of care when evaluating job candidates. Information provided in social networking sites are widely used by organizations as a screening tool for job applicants. But this could be seen as infringement on personal right to privacy. More details about the right to privacy and the use of social media in employment background check will be explained in the following sections.

2.1 The right to privacy
The right to privacy has been recognized for several decades. Great philosophers, such as, Aristotle and John Locke have mentioned the right to privacy in their works (DeCew, 1997). However, the universal definition of privacy does not exist (Miller & Weckert, 2000). But there is a general belief that there is a natural right to have some information about oneself kept from others. Individuals have a natural right to be left alone and can control over knowledge about oneself (Introna & Pouloudi, 1999). The right to privacy has a close relation to human dignity, and in many countries it is regulated as a fundamental right in the constitution. For example, the Human Rights Act 1998 of the UK provides a person with the right to have one's private life respected (Jeffery, 2002). As well, the European Convention on Human Rights assures the right to personal privacy in Article 8 (Vigneau, 2002). As individuals' right to privacy are guaranteed in several ways, the users of social network sites have the option to carry out their privacy setting.

2.2 Privacy Setting in Facebook Facebook provides privacy setting, in which users can control exactly who can access their profiles by including or excluding certain friends as well as who can search for them and how they can be contacted (Brandenburg, 2008)Facebook has granted privacy policy as followed:

"Facebook is about sharing information with others - friends and people in your networks - while providing you with controls that restrict other third parties from accessing your information. We allow you to choose the information you provide to friends and networks through Facebook. Our network architecture and your privacy settings allow you to make informed choices about who has access to your information. We do not provide contact information to third party marketers without your permission. We share your information with third parties only in limited circumstances where we believe such sharing is 1) reasonably necessary to offer the service, 2) legally required or, 3) permitted by you" (Facebook, 2011).

This privacy policy seems encompassing at the first glance. However, many users simply do not activate their privacy setting and even if they do, there is no 100% guarantee that this privacy setting can limit or block others from viewing their profile (Brandenburg, 2008). Third parties such as hiring organizations or employers can access job applicants' Facebook profiles in a variety of ways as followed.

2.3 Hiring organizations' access to Facebook profiles
The easiest way is an organization or HR professional signs up for an account and views the applicants' profile directly, if the profile has no access restriction. The organization can also use their current employees' Facebook account to search applicant's profiles, if they are in the same network, such as, the same school, college or hometown. Some organizations even hire current students who can access their peers' profile and effectively circumvent any privacy settings that a job candidate has set up to keep away the unwanted person from accessing their profiles. Possibly, organizations may access Facebook profiles by hacking into Facebook database. This seems complicated, but it may not be a hard task for many IT - specialists at most
companies. By hacking, organizations would have access to any profiles they wish. It is also possible for a hiring organization to collect applicants' information through indirect means. For example, when an applicant's profile is restricted with privacy setting, organizations can access the profiles from applicant's Facebook friends, as some of these may not be well protected. Organizations can see what kind of friends an applicant has and eventually make an assumption about the personality of the job
applicants.

These examples show that there are various ways in which hiring organization can access applicants Facebook profile and make decisions about applicants' character, which could have an impact on hiring decision. In order to determine whether the matter of fact that an unauthorized use of information provided in social network sited by organizations for hiring purposes constitute an invasion of privacy, it depends mostly on a reasonable expectation of privacy (Waldman, 2001). The next sections will provide extensive details about the expectation of privacy, which is the vital factor to determine whether individual's right to privacy is protected. Moreover, it will give an overview on workplace privacy orientation and laws in different countries.

3. Expectation of privacy
The expectation of privacy is a legal test which is crucial in defining the scope of the applicability of the privacy protections. Individuals receive no Fourth Amend ment protection unless they can demonstrate that they have a reasonable expectation of privacy in the place that was searched or the property that was seized (US Constitution, 2011). There are two types of expectation of privacy; a subjective expectation of privacy which is an opinion of a person that a certain location or situation is private; and an objective, legitimate or reasonable expectation of privacy which is an expectation of privacy generally recognized by societies. As Facebook provides the users the control over the accessibility of information shared, and users can use privacy setting to block the unwanted person from viewing their information, it is likely to be that Facebook users believe their information posted in SNSs is secured. So they have expectation of privacy (Brandenburg, 2008). However, it is debatable whether this is a reasonable expectation of privacy. There is uncertainty whether a person retains a right to privacy and a reasonable expectation to privacy when he/she originally intended to keep the information private or share only to some specific persons, but the unintended recipients also got this information. Or in another case, when a person intends to disclose the information to specific third parties, whether this means the person waives his/ her reasonable expectation of privacy; once the information is provided to some, it possibly means that it is accessible by all. The following court decisions provide the answer to these questions

In the Multimedia WMAZ, Inc. v. Kubach case, in which Mr. Kubach, an HIV positive man agreed to be a guest for a report about HIV, but only under the condition that his identity was kept private and his image distorted to render it unrecognizable.Unfortunately, the distorted did not work and Mr. Kubach was recognised by television viewers above all his community. He sued a television station, but the television station claimed that the plaintiff (Mr. Kubach) had no reasonable expectation to privacy as to the fact that he was HIV positive because he has disclosed this informa-tion to family members, some friends and members of HIV supporting group; many people were aware of that fact. But the court determined that the plaintiff retained reasonable expectation of privacy, stating the plaintiff has expressed his illness to some, because they cared about him and because they also had AIDS. And although Mr.Kubach did not tell his family and friends to keep this information confidential, it is to understand that Kubach's illness was not something they would discuss indiscriminately (Multimedia WMAZ Inc. v. Kubach, 443 S.E. 2d 491, Georgia Court Appeals 1994).