Victoria’s Privacy Commissioner David Watts has warned public service bosses to steer clear of the legal risks associated with profiling job candidates via their social media accounts.

In a memo to agencies, Watts cautioned that without explicit upfront notification of their intention to suss out job hunters’ online profiles, government recruiters could find themselves on the wrong side of the state’s Privacy Act.
Even though most of the information recruiters would be able to access online is publicly available, Watts said there are still “a number of risks associated with relying on social media to screen potential employees” especially once that content enters government hands.
For example, scooping up troves of data about a prospective employee from the web puts recruitment officers at risk of inadvertently handling false or inaccurate content that could be out of date or posted by third parties.
Storing this sort of information would place an agency at risk of breaching section three of the state’s privacy rules, which demands data on an individual must be kept “accurate, complete and up to date”.
Indiscriminate collection by an organisation also runs the risk of picking up and storing pieces of data that can’t be justified as “necessary to fulfill[an agency's] functions” under the first section of the Act, more so than more traditional background checks.
“For example a prospective employer would normally ask for references about a job candidate’s work habits but not about their marital status. With social media checks they can quickly lose control over the quantity and nature of information they collect about an individual,” Watts said.
Posts, interactions and photos of third parties that might show up on a candidate’s social media account are also likely to fail the relevance test posed by information privacy principle one - potentially putting the organisation collecting those details in hot water.
“If an employer chooses to conduct a social media search, employers should be upfront by providing notice about this and allow candidates to clarify any contentious results,” Watts advised.
The Victorian Privacy and Data Protection Act only applies to organisations within the state government, however its provisions align broadly with the Commonwealth Privacy Act governing business and non-profit organisations turning over more than $3 million a year.