8 min read

The Legal Dangers Of Backdoor Reference Checks

Hiring the right person is a difficult task. You want to know if a candidate is truly capable or if they just interview well. Sometimes, you might see a familiar company name on their CV. You might feel tempted to call an old contact at that company for an "off the record" chat. This process is commonly known as backdoor reference checks. While it seems like a quick way to get the truth, this practice carries significant legal risks for Australian employers.

Informal checks bypass standard protocols. They often happen without the candidate's knowledge. This lack of transparency can lead to breaches of privacy legislation and expose your company to legal action. This article breaks down the dangers of checking references without permission and explains how to stay compliant.

Key Takeaways

Consent is Mandatory: Under Australian law, you generally need permission to collect personal information about a candidate.
Privacy Risks: Informal checks often violate the Privacy Act 1988.
Legal Liability: Employers can face defamation or discrimination claims based on "off the record" conversations.
Better Alternatives: Formal, consented processes protect your business and the candidate.

What Are Informal References?

An informal or "backdoor" reference check happens when a recruiter or hiring manager seeks feedback on a candidate from someone the candidate did not nominate. This usually occurs outside of the formal recruitment process.

Common examples include:

Calling a former colleague you know personally to ask about the candidate's performance.
Reaching out to a mutual connection on LinkedIn without telling the candidate.
Asking industry peers for "the dirt" or rumors about an applicant.

Many employers believe this helps them verify a candidate's claims. However, it removes the candidate's right to control who provides their information. This loss of control is where the legal trouble begins.

Australian Privacy Laws And Candidate Consent

In Australia, the handling of personal information is governed by the Privacy Act 1988. This includes the Australian Privacy Principles (APPs). When you conduct a reference check, you are collecting "personal information" and potentially "sensitive information" about an individual.

The Role of Consent

According to the APPs, an organization must usually solicit personal information directly from the individual unless it is unreasonable or impracticable to do so. If you collect information from a third party (like a former boss), you typically need the candidate's consent.

If you perform backdoor reference checks, you likely fail to meet these standards:

Lack of Notification: The candidate does not know you are collecting this data.
Lack of Consent: You have not asked for permission to speak to that specific person.
Data Accuracy: Informal chats often rely on memory or opinion rather than documented facts.

Violating Australian privacy laws can lead to complaints filed with the Office of the Australian Information Commissioner (OAIC). This can result in investigations, penalties, and damage to your employer brand.

Defamation In Hiring And Reputation Damage

Another serious risk involves defamation in hiring. Defamation occurs when false information is shared that harms a person's reputation.

In a formal reference check, the referee usually has "qualified privilege". This is a legal defense that protects them if they give an honest negative reference, provided it is not malicious. However, this defense is harder to maintain in an informal setting.

Risks in Informal Conversations

When people speak "off the record," they tend to be looser with their language. A former boss might say something like:

"They were a nightmare to work with."
"I heard they stole clients."
"They are lazy."

If these statements are untrue and cause you to reject the candidate, the candidate may have grounds to sue the referee for defamation. If your organization acted on this information, you could be drawn into the legal dispute. You must stick to facts and documented performance metrics to lower this risk.

Discrimination And HR Compliance Issues

Informal checks are a breeding ground for unconscious bias. Formal processes are designed to strip away irrelevant details and focus on job capability. Informal chats often veer into personal territory.

A referee might casually mention:

The candidate's family plans or pregnancy status.
Union membership or political views.
Medical history or workers' compensation claims.

The Fair Work Act

Under the Fair Work Act 2009, it is illegal to take adverse action against a prospective employee based on protected attributes. If a candidate discovers you rejected them because of information gained in a backdoor check regarding their personal life, you could face a discrimination claim.

Maintaining strict HR compliance means asking only job-related questions. Informal chats rarely stick to a script, making it hard to prove that your hiring decision was fair and unbiased.

Why Automated Systems Are Safer

To protect your business, you should move away from phone calls to random contacts. A structured, transparent process is the only way to minimize legal exposure.

Modern hiring teams use technology to handle this sensitive stage. Using automated reference checking software allows you to request consent, track responses, and keep a digital audit trail of every interaction. These platforms create a secure environment where referees verify their identity and answer specific, job-relevant questions.

Benefits of a Formal Process

Documented Consent: The candidate explicitly agrees to the check.
Standardized Questions: Every referee answers the same questions, reducing bias.
Audit Trails: You have a record of exactly what was said and when.
Fraud Detection: Digital tools can flag suspicious IP addresses or referee details.

Switching to a formal system provides peace of mind. It allows you to gather the insights you need without crossing legal boundaries.

Frequently Asked Questions

Is it ever legal to do a backdoor check?

It is risky. While not explicitly "illegal" in the criminal sense, it often breaches civil privacy laws and employment standards. You expose your company to civil litigation and privacy complaints.

What if the candidate lied on their resume?

If you suspect a lie, ask the candidate for evidence or more references. You can also conduct formal background checks (like police or education checks) with their consent. Do not take matters into your own hands by calling undisclosed people.

Can I ask a candidate to provide more referees?

Yes. If the references provided are not suitable or you need more information, you should ask the candidate to supply additional contacts. This keeps the process transparent and consensual.

Does the Privacy Act apply to small businesses?

Generally, the Privacy Act applies to businesses with an annual turnover of more than $3 million. However, small businesses that trade in personal information are also covered. Regardless of size, following privacy principles is best practice to avoid defamation and common law claims.

Final Thoughts on Compliant Hiring

Recruitment is about balancing risk and reward. While you need to verify a candidate's background, the method you use matters. Relying on secret phone calls and rumors is a strategy from the past that carries too much danger in the current legal landscape.

You must respect the candidate's right to privacy. By using transparent methods and authorized channels, you protect your organization from legal fallout. A fair, open process builds trust with future employees and keeps your company reputation intact. Stick to the rules, obtain consent, and make hiring decisions based on verified facts rather than hearsay.

‍