Opening a can of worms; checking Facebook by a prospective employer

On Thursday I was asked by an employer whether it is lawful (in his words is it OK?) to take a look at an applicant’s Facebook profile as part of a pre-employment check. He said that he had been told that it was a breach of the privacy legislation. That of course is nonsense, since the Privacy Act has a an express exception in it to the effect that it does not cover employment records, which has been interpreted to include records which legitimately come into existence as part of the recruitment process.
Nevertheless, the point is a fair one in a wider employment law context. There are virtually no limits upon what can be included in a pre-employment audit of an applicant, provide of course that the means used are lawful. It would not be lawful to record an applicant’s private activities if to so do constituted a breach of the Surveillance Devices Act, but I do not imagine that any prospective employer would stoop to such levels in any event.
However the real question is what can an employer do with any information lawfully obtained?
For example, the general protections provisions of the Fair Work Act apply to adverse action for exercising a workplace right against a prospective employee (Fair Work Act 2009 sub-sec 341(3)) and it is also unlawful to take adverse action against a prospective employee on any of the discrimination grounds prescribed by sec 351, namely age, disability, sexual preference, religious or political opinion and so forth.
Accordingly, a prospective employer needs to be very much on guard to ensure that recruitment tools are properly managed; and a useful starting point is that the warning signs should go up in the case of any checks undertaken without the employee’s full knowledge.