Skip to content
Customer Login Careers
Customer Login Careers
icon-world

Stay Informed with Our Latest Updates

Discover our latest offers and insights today!

Learn More
CI Checked Background Screening Articles

What Your Candidates Post When They Think No One's Watching

December 19, 2025

From a compliance webinar CI hosted in December 2025.

 

Here's a stat that might make you squirm: 85% of employers admit they've Googled a candidate before making a hire. If you're in that majority, you're not alone - but you might be exposing your organization to significant legal liability without even realizing it.

The good news? You don't have to stop learning about your candidates through social media. You just need to do it the right way. Welcome to the wild west of background screening - and we're here to bring some law and order.

The Compliance Gap That's Costing Organizations


According to CareerBuilder research, 73% of employers have admitted to checking a candidate's social media informally. But here's the kicker: only 15% have compliant policies in place.

That gap isn't just a statistic - it's a lawsuit waiting to happen.

When you or someone in your organization conducts informal social media searches, you're technically not producing a consumer report, so the Fair Credit Reporting Act (FCRA) doesn't directly apply. "Great," you might think, "fewer regulations to worry about." But that logic is dangerously flawed.

The moment you start scrolling through someone's Facebook profile, you're opening yourself up to Title VII discrimination claims, ADA violations, and a patchwork of state employment laws that vary wildly depending on where you operate.

The Bias Problem You Can't Unsee


Let's get real for a moment. You're human. When you scroll through a candidate's social media and see they're pregnant, in a same-sex relationship, practicing a particular religion, or have a visible disability - that information enters your brain. And whether you intend to or not, that information can influence your hiring decision.

This isn't a character flaw; it's human nature. But it creates a massive liability problem.

"The biggest thing is that, from a perception standpoint, what you're doing is creating a bias," explains Jaime Frankos, a social media screening expert. "And that bias that you're implementing - because, let's be real, we're human, we see things, we have our own opinions and judgments - but creating that bias is really setting you up, from a legal standpoint, not in a good way. Having a third-party vendor so that you can have a consistent process and take that bias out, and not have that on the shoulders of your hiring managers, is a good thing."

Someone could turn around and say, "You didn't hire me because of my age or my religion," and they could be right. That's not a defensible position when you've been conducting your own informal social media investigations.

What the Law Says


The FCRA was written in 1970 - way before Facebook, before Twitter became X, before MySpace traumatized an entire generation with Top 8 drama. But the FTC has made it crystal clear: social media screening conducted by background check companies falls under FCRA.

"The FTC has made it very clear that social media screening conducted by background check companies falls under the FCRA. And what does that mean? That means when you have your social media screening as part of your background check, FCRA rules apply - so you have to ensure that the applicant was given a disclosure that states that background screening is going to be performed, and that includes social media. Then you have to make sure that you have written authorization, and then adverse action potentially applies if you're going to be making an adverse hiring decision," says CIChecked's VP of Client Solutions, Michelle Nichols.

State-Specific Landmines


If you operate in New York, California, or several other states, federal compliance is just the beginning.

New York Labor Law protects employees' off-duty, lawful recreational activities and political activities. This means you can't refuse to hire someone in New York because they smoke off-duty, there are pictures of them drinking alcohol, or they have political opinions you dislike - as long as these activities are lawful and off-duty.

California is even more stringent with its Labor Code, protecting off-duty conduct and behavior while prohibiting employers from interfering with political activities. Add in state-specific cannabis protections, biometric privacy laws, and social media password laws, and you've got a complex web of regulations that's nearly impossible for one person to track.

What Compliant Social Media Screening Looks Like


So what can you legally look for? Here's what FCRA-compliant social media screening involves:

Public posts only. No asking for usernames or passwords. Every social media platform allows users to set their own privacy settings - if their accounts are private, that content stays private.

Seven-year lookback maximum. FCRA limits how far back you can search. Some organizations choose to look back only three years, depending on their needs.

Behavioral risk categories. Professional screening tools use behavior classifiers that flag content related to profanity, self-harm, threats, violence, drugs, and other risk indicators - across original posts, likes, reposts, and reshares.

Protected class information removed. Licensed investigators review reports and remove protected class information before you see it, so you can make hiring decisions based on legitimate concerns without inadvertently discriminating.

"For social media background checks, you are always following FCRA compliance rules," Jaime added. "And what that means for social media is, from a public post standpoint, we are only looking at public posts. You're never asking anybody for a username or a password for their social media platforms. On every social media platform, the individual user can make their own privacy settings their own, but if they are public accounts, then you can obviously scan those social media posts. For FCRA compliance, you only go back for 7 years of public posts."

The "It Depends" Factor: Context Over Content


When we asked HR professionals which scenarios they'd consider red flags - posts about alcohol, political opinions, or complaints about current employers - the answer (50%) was "it depends."

That's actually the right answer.

Someone enjoying a glass of wine at dinner isn't a red flag for most positions. But if that person is applying to work at an addiction recovery center? That's a different conversation - and one a criminal background check won't surface.

This is why context matters more than content. Your social media screening policy should be specific to your organization's needs, industry requirements, and the roles you're hiring for.

Jaime added, "It's the character of the individual outside of what's on the resume. You also have the ability to add specific keywords if your organization is looking for very specific things. Examples of that could be even the name of your organization. If I'm out there saying, 'I hate ABC Company,' well, that's not going to normally get picked up. It might get picked up for disparaging, but if you had the name of the company in there, obviously that would be an exact match."

The ROI Question: Proactive vs. Reactive


Budget constraints topped our poll (67%) as the biggest barrier to implementing social media screening. So let's talk ROI. The real question isn't "what does social media screening cost?" It's "do you want to be proactive or reactive?"

If you're going to be reactive, you're going to spend far more money trying to figure out what just went wrong than if you were proactive from the beginning.

Consider schools, for example. Jaime mentioned:

"If you have roles that are forward-facing - teachers, coaches, anybody that's dealing with a vulnerable population - you absolutely should be doing social media screening. I will emphasize schools, because I see it all the time. Parents will find things out about administration, about teachers on their social media platforms, because if you think parents aren't looking at those teachers' social media platforms, you're crazy. And they will find something, and all it takes is for them to call the school, call the superintendent, and say, 'Why wasn't this screened?' It should not be whether or not what's the ROI - it should be part of your budget line items."

Social media screening shouldn't be a question of ROI; it should be a budget line item. It's a proactive measure to ensure you're getting a complete overview of every candidate.

The Technology Advantage


Back in the day, social media screening meant having someone manually scroll through years of Facebook posts - a process that could take days or weeks depending on how active the user was.

Today's AI-powered screening can analyze seven years of public posts across multiple platforms and deliver results in 48 hours or less. But here's what sets compliant screening apart: human investigators still review every report.

AI is excellent at data gathering and initial analysis, but it's not perfect. Human eyes ensure proper identity verification (confirming you're looking at the right person's profiles), catch false positives, and apply the nuanced judgment that regulatory compliance requires.

The result? A report that includes word clouds showing language patterns, behavioral risk classifications, screenshots with timestamps, and clear identity verification - all with protected class information removed.

Michelle added, "With social media screening, I still strongly believe you have to have human in the loop. You need to have human eyes on these actual reports - from an identity resolution standpoint, to make sure that we're actively identifying the right people to the right handles, but also then reviewing the report to see if there's any false positives from the AI. I'm a big, big proponent of AI, but AI is not perfect, so I don't think it should ever replace anything. I think it should just be used as a tool."

Building Your Social Media Screening Policy


If you're going to make hiring decisions based on social media screening, you need a documented policy in place. This applies not just to incoming candidates but to your current workforce as well.

Your policy should address:

Which positions require screening? Start with roles working with vulnerable populations, forward-facing positions, or leadership roles. Many organizations begin with a subset of positions and expand from there.

What you're looking for. Define your behavioral risk categories and any industry-specific keywords or concerns.

How you'll communicate it. Be transparent with candidates - consider adding information to your careers page and including it in your background check disclosure.

How decisions will be made. Document your decision-making process, especially if you're in a state like New York that requires individualized assessments.

What Candidates Expect


Here's something that might surprise you: candidates - especially recent college graduates - largely expect social media screening.

The under-35 demographic has grown up with social media and understands that employers will look. Some are even proactively requesting their own social media background checks before entering the job market to identify potential issues.

Transparency isn't just legally smart; it's what candidates expect in 2025.

Jaime included real-world examples, "We've seen quite a big uptick in a demographic - an age demographic, especially of recent college grads, probably all the way up to age 30, 35 - that they pretty much, to be honest, expect a social media screen is going to be done on them. So much so that sometimes I even get direct phone calls from, say - this actually happened 2 weeks ago - a college kid that's like, 'I'm about to graduate, will you do a social media background check so that when future employers are looking at me, is there anything that I'm not seeing that would potentially catch me off guard?' So in terms of actual transparency, absolutely be up front, but I don't think anybody is gonna be surprised if you were to say, we're gonna also do a social media check."

Three Key Takeaways


  1. The risk isn't screening - it's not screening compliantly. If 85% of us are already Googling candidates, the question isn't whether to look at social media. It's how to do it without exposing your organization to liability.

  2. Context matters more than content. Build a policy specific to your organization and industry. What's irrelevant for one role might be critical for another.

  3. Implementation is easier than you think. Modern technology has dramatically reduced both the cost and turnaround time for compliant social media screening. You might be pleasantly surprised.

Ready to Screen Smarter?


Stop guessing what's on your applicants' social media profiles. Start screening compliantly with a partner who combines cutting-edge technology with licensed investigator oversight.

Learn more about CIChecked's Eagle View social media screening or contact us to discuss your organization's specific needs.

This article is based on CIChecked's webinar "Social Media Screening for the Risk-Averse Organization," featuring insights from Michelle Nichols (VP of Client Solutions, CIChecked) and social media screening industry expert Jaime Frankos.

CIChecked is a certified woman-owned, licensed private investigative agency specializing in pre-employment background investigations since 2004. Ranked #7 in HRO Today's Baker's Dozen for Customer Satisfaction and Quality of Service.