(Washington, DC) – Senator Richard Blumenthal (D-CT) and Senator Al Franken (D-MN) recently wrote to the CEO and President of Social Intelligence Corporation, Max Drucker, pressing the firm on concerns that their business practices relating to personal privacy were unfairly detrimental to prospective employees. Social Intelligence Corporation is an online provider of employment screening and monitoring services that pulls information about job-seekers from various social media sites such as Facebook and Flickr.
In the letter, Blumenthal and Franken write, “According to sample background reports published in the media, information is collected from applicants’ profiles on social networking sites like Facebook and LinkedIn, personal websites, and other online information sources that Social Intelligence Corporation matches to applicants. We are concerned that there are numerous scenarios under which a job applicant could be unfairly harmed by the information your company provides to an employer. We are also concerned that your company’s business practices may in some cases violate the law.”
In the letter, the Senators ask that Social Intelligence Corporation answer several detailed questions relating to concerns that the company is collecting inaccurate information about consumers, infringing on intellectual property laws, and violating the terms of service agreements of websites from which they collect data.
The full text of the letter follows:
Social Intelligence Corporation?
735 State Street, Suite 600?
Santa Barbara, CA 93101
Dear Mr. Drucker:
We are writing to request information about the business practices of Social Intelligence Corporation as they relate to personal privacy. We are concerned that your company’s collection of online and social media information about job applicants and distribution of that information to potential employers may contain inaccurate information, invade consumers’ right to privacy online, violate the terms of service agreements of the websites from which your company culls data, and infringe upon intellectual property rights.
Your company bills itself as “a background screening service that enables employers to navigate the complicated landscape of social media with clear, consistent, and insightful results.” According to sample background reports published in the media, information is collected from applicants’ profiles on social networking sites like Facebook and LinkedIn, personal websites, and other online information sources that Social Intelligence Corporation matches to applicants. We are concerned that there are numerous scenarios under which a job applicant could be unfairly harmed by the information your company provides to an employer. We are also concerned that your company’s business practices may in some cases violate the law.
We therefore request that you answer the following questions:
Accuracy of Information
1. How does your company determine the accuracy of the information it provides to employers?
2. Does your company have procedures in place for applicants to dispute information contained in the reports your company produces? If so, what are these procedures?
3. Is your company able to differentiate among applicants with common names? How?
4. Is your company able to determine whether information it finds on a website is parody, defamatory, or otherwise false? How?
5. Does your company accord less weight to certain sources of information that may be inaccurate, such as community-edited websites like Wikipedia?
6. Search engines like Google often provide archived versions of websites; these cached web pages may contain false information that was later updated. Search engines also provide “mirrors” of websites, like Wikipedia or blog articles; these mirrored pages may be archives of inaccurate information that has since been corrected. Is your company able to determine whether information it is providing is derived from an archived version of an inaccurate website? How?
Consumers’ Right to Online Privacy
1. Does your company require the consent of a job applicant before conducting a background check on the applicant? If so, who requests the applicant’s consent: your company, or the potential employer? Based on your experience with employers, does an applicant’s refusal to consent to a background check by your company damage his or her eligibility for a job?
2. Does your company specify to employers and/or job applicants where it searches for information—e.g., Facebook, Google, Twitter?
3. Is the information that your company collects from social media websites like Facebook limited to information that can be seen by everyone, or does your company endeavor to access restricted information, for example by creating a Facebook profile with the same city and/or alma mater of an applicant, in an attempt to see information restricted by geographical or university network? Has your company ever endeavored to access a user’s restricted information by joining the user’s network of “friends” on sites like Facebook?
4. Companies like Google and Facebook have faced scrutiny in the past for making public portions of their users’ information that the users had set as private, often without the consent of users. This has resulted in previously private information, such as pictures, being made publicly available against the wishes of the users. Users are then required to opt out of sharing information they had previously thought to be private. Does your company include such information in its reports?
5. If your company conducts multiple background checks on an applicant, to what extent does it reuse information it has collected in previous checks? If your company were to gain access to private information in a manner contemplated in the previous question, and found that it no longer had access to such information in a subsequent search, would it include the previously accessed information in subsequent reports?
Terms of Service and Intellectual Property Violations
1. The reports that your company prepares for employers contain screenshots of the sources of the information your company compiles. One publicly available report contains pictures of a user’s Facebook profile, LinkedIn profile, blog posts for a previous employer, and personal websites. These websites are typically governed by terms of service agreements that prohibit the collection, dissemination, or sale of users’ content without the consent of the user and/or the website. LinkedIn’s user agreement, for example, states that one may not “rent, lease, loan, trade, sell/re-sell access to LinkedIn or any information therein, or the equivalent, in whole or in part.” Your company’s business model seems to necessitate violating these agreements. Does your company operate in compliance with the agreements found on sites whose content your company compiles and sells? If so, how?
2. More troubling than the apparent disregard of these websites’ terms of service are what appear to be significant violations of users’ intellectual property rights to control the use of the content that your company collects and sells. Your company includes pictures in its background reports; example reports have included a picture depicting the subject holding a gun to illustrate alleged “potentially violent behavior.” These pictures, taken from sites like Flickr and Picasa, are often licensed by the owner for a narrow set of uses, such as noncommercial use only or a prohibition on derivative works. Does your company obtain permission from the owners of these pictures to use, sell, or modify them?
We look forward to your prompt response.
Senator Richard Blumenthal Senator Al Franken
# # #