Cyber-vetting Guidelines

About 80% of employers search and track the online activities of candidates in a practice often referred to as cyber-vetting. How is this done? Why is it done? How should you do it? Where is it going?

The typical conception we have about cyber-vetting is that employers are doing it to find “dirt” on candidates. This concept is often associated with the state of mind of those in the background checking industries, who wish to avoid a bad hire. So consequently, employers will check to see if a candidate has a criminal background, drug use, false claims on academic achievements, etc. What Cyber-vetting now offers is the ability to examine a candidate’s public persona and reputation by tracking their online behavior. Employers use it to see if candidates will potentially pose as an embarrassment to the organization because of rude or socially unacceptable photos, statements, or anything negatively associated with them. This practice is often considered “due diligence” on the part of the employer.

Because cyber-vetting is often done without the candidate’s knowledge and has the potential to provide employers with access to data that can lead to discrimination (i.e. age, sex, race, religion, etc.), it is seen as a questionable practice. Yet the feedback from employers that use it is quite clear: the risk of a discrimination case is a risk worth taking to avoid a bad hire.

We know that even if HR does not perform cyber-vetting, or admit to doing so, hiring managers will. So as Appel mentions, the point is not to assist employers on how to avoid cyber-vetting, but rather give guidelines on how to perform it successfully. There are in fact three simple guidelines to follow in order to make sure you are not misled by false online identities or feedback, and that you do not cross the line by making it a source of discrimination.

The three guidelines are:

  1. Make sure you inform the candidate that you are going to perform cyber-vetting. You can even ask the candidate to provide information (i.e. emails, websites, aliases, etc.) on where to find them online.
  2. If you find compromising data, make sure to validate it first, as it may not truly belong to the candidate. If time does not permit for such verification, just know you are at risk of having the false information negatively impact your organization.
  3. Make sure any collective intelligence solution you use has a fraud protection algorithm.

By guest contributor, Yves Lermusi
CEO, Checkster
Exerpted from the white paper, Cyber-vetting: What can go wrong? Where is it going?