by Anne Lyne September-15-2015 in Employment Law

Broad ranging and invasive employment vetting practices are often common in other jurisdictions and employers establishing in Ireland are often surprised to find such practices to be subject to legal constraints in this jurisdiction.

There is no specific mechanism for carrying out a criminal check on an employee in Ireland. Certain jobs have a legal requirement that Garda vetting is obtained before taking up the position, such as those working with children or vulnerable adults. There is a regime in place in those job application processes that must be followed and if an employer has engaged an employee that has not been vetted this can result in criminal sanctions for the organisation and its officers.

Employer options for vetting suitability

It had been the practice of some employers to make use of the subject access request facility available under the Data Protection Acts whereby individuals would be asked to submit a request to An Garda Síochána for a record of information held on them, if any. The job seeker would then be required to provide the results of the subject access request to the employer as part of the application process. This practice of forced access requests now constitutes an offence under the Data Protection Acts, as a result of regulations enacted in July 2014.

Given that this avenue has now been closed off, employers can still look to have candidates provide a self-declaration of any prior criminal convictions. However, the Office of the Data Protection Commissioner has produced guidance on background checks in employment and notes that in such cases the employer should only ask and then take into consideration convictions that are relevant to the particular role on offer – a ban on driving for a bus driver position, for example.

Additionally, employers have increasingly begun to turn to social media as a way of looking into prospective employees’ “suitability” prior to making an offer of employment. While material posted on public social media profiles may be regarded as fair game by employers, the Data Protection Commissioner has noted that although information that is in the public domain does not give rise to data protection concerns per se, nevertheless an individual should be provided with any information gleaned from social media profiles and given an opportunity to comment on it. In order to respect privacy, it may also be advisable to distinguish between professional social media sites such as LinkedIn and sites designed primarily for personal use such as Facebook. Bearing in mind that the Employment Equality Acts protect employees at the recruitment stage, basing selection decisions on material uncovered from a perusal of personal social media profiles may leave an employer open to claims of discrimination.

Balancing privacy with candidate due diligence

The primary theme running through the Commissioner’s guidance on background checks is transparency, both in terms of letting candidates know what checks you intend to carry out, and in turn giving them the opportunity to comment on any material uncovered. Similarly, proportionality is important. Information sought should be relevant to the role on offer, and the process should not be treated as a fishing expedition. Finally, candidates should never be asked to login to a site while being viewed by the employer “shoulder surfing” or hand over login details for social media accounts. Even though this practice is said to be becoming increasingly common in the U.S., it would represent a clear breach of a candidate’s data protection rights in Ireland.

A version of this article was published in the Sunday Business Post on Sunday 13 September 2015

Back to Full News