ORDER A REPORT
SECURE FILE UPLOAD

About Mike Scherzer

This author has not yet filled in any details.
So far Mike Scherzer has created 389 blog entries.

CFPB publishes annual guide about consumer reporting agencies

Every year, the Consumer Financial Protection Bureau (the “CFPB”) updates and publishes a guide to consumer reporting companies, The guide includes information in connection with requesting a consumer report from the three largest nationwide consumer reporting companies and dozens of specialty reporting companies, tips regarding specialty reports, updated information about authentication of identity when requesting a consumer report, information on companies that provide free credit scores, and rights with respect to consumer reports.

The CFPB notes that in prior years, its guide referred to consumer reporting businesses as “agencies” or “bureaus,” and that these terms can be confusing because they may imply these businesses are government entities. They are not—these companies are private-sector, for-profit entities, and in this year’s guide, the CFPB refers to them as “companies” for better clarity.

February 23rd, 2016|Categories: Compliance Corner for Employment Decisions|Tags: , , |

What’s up with California’s new E-Verify law?

The new law, AB 622, which went into effect January 1, 2016, adds Labor Code section 2814 to strengthen current California prohibitions on employers’ use of E-Verify and other electronic employment eligibility verification systems.  Labor Code section 2811 (enacted in 2011) already prohibits private employers from using E-Verify or such other verification systems, unless required by federal law or as a condition of receiving federal funds.

The amended Labor Code section 2814 expands the definition of an unlawful employment practice to prohibit an employer or any other person or entity from using the E-Verify system at a time or in a manner not required by a specified federal law or not authorized by a federal agency memorandum of understanding to check the employment authorization status of an existing employee, or an applicant who has not received an offer of employment, except as required by federal law or as a condition of receiving federal funds. The new law also requires an employer that uses the E-Verify system to provide to the affected employee any notification issued by the Social Security Administration or the United States Department of Homeland Security containing information specific to his/her E-Verify case or any tentative non-confirmation notice. Employers will now face a civil penalty of $10,000 for each violation of these provisions.

  • Read the text of AB 622
  • Read guidance published by the U.S. Department of Homeland Security on conducting internal audits regarding Form I-9 compliance
February 23rd, 2016|Categories: Compliance Corner for Employment Decisions|Tags: , , , |

FTC files charges against operators of alleged high school diploma mills

The Federal Trade Commission (the “FTC”) filed complaints on February 10, 2016 against two operators of online “high schools” that claim to be legitimate but allegedly are diploma mills, charging anywhere from $135 to $349 for a worthless certificate.

Complaints in both cases filed by the FTC in the U.S. District Court for the District of Arizona charge that the operators bought several website names designed to appear like legitimate online high schools and used deceptive metatags with terms such as “GED” and “GED online” to bring the bogus sites higher in search rankings. Once consumers got to the sites, messages popped up implying that the diplomas offered were equivalent to an actual high school diploma.

According to the FTC’s documents, the “courses” amounted to four untimed and unmonitored multiple-choice tests, requiring that students answer 70% of each test correctly. For some “high schools,” when students failed to meet that standard, they were redirected to the test once more, and this time, the correct answers were highlighted so that the students could change their answers.  Other “high schools” provided students with an online “study guide” that also highlighted the correct answer for students to select when taking the test.

Upon completing the tests, the FTC’s documents charge that consumers were directed to a set of menus to evaluate their “life experiences,” where selecting that he/she knows how to “balance

[a] checkbook” translates as credit for accounting coursework.  If a consumer says they “listen to music occasionally,” he/she may be given credit for a music appreciation course.

The FTC’s complaints in both cases point to numerous consumers who sought to use the diplomas to get jobs, apply for college and even join the military, only to find out that their diplomas were not recognized.

February 23rd, 2016|Categories: Commercial Transactions Due Diligence|Tags: , |

Uber settles class-action for $28.5 million for misleading claims about drivers’ background checks

On February 12, 2016, Uber agreed to settle a consolidated class-action filed in the U.S. District Court for the Northern District of California (Philliben v. Uber Technologies, Inc. and Mena v. Uber Technologies, Inc.) by paying $28.5 million to approximately 25 million riders and promising to avoid using certain language in safety-related advertising, as well as the term “safe ride fee.”

In their complaint filed in 2014, the plaintiffs alleged that Uber’s claim of conducting “industry-leading background checks” for which they paid a “safe ride fee” of $1 to $2 on top of each fare, was false and misleading. According to the complaint, Uber does not and has never had an “industry-leading background check process.” To the contrary, the complaint stated that background screening by Uber does not involve fingerprint identification and, therefore, cannot ensure that the information obtained from a background check actually pertains to the driver that submitted the information. By contrast, most taxi regulators in United States require drivers to undergo criminal background screening, using fingerprint identification, and typically employing a technology called “Live Scan.”  Going forward, Uber said it will rename the “safe ride fee” as a “booking fee” which will be used to cover safety and additional future operational costs.

If the judge approves the settlement, members of the class who rode in an Uber vehicle in the United States between January 1, 2013 and January 31, 2016 will be eligible to receive a portion of the settlement.  If that pot is divided evenly among Uber’s 25 million passengers, after attorneys’ fees, each will get around $1.

Read the consolidated class-action complaint here.

February 23rd, 2016|Categories: Compliance Corner for Employment Decisions|Tags: , , |

Province of Ontario passes the Police Record Checks Reform Act

On December 1, 2015, Ontario passed the Police Record Checks Reform Act, 2015 (the “Act”) which has significant implications regarding criminal record checks. The Act establishes comprehensive standards governing the type of information that can be disclosed by police in response to record check inquiries, and is intended to remove unnecessary barriers to employment, licensing, holding office, applying to educational programs and participating in volunteer activities. Its main objective is to prevent the inappropriate disclosure of non-conviction and non-criminal records, such as information obtained from street checks or “carding,” as well as mental health information.  

Possibly the most significant requirement under the Act is that the individual must review the requested information and then consent to its disclosure. In the event that potentially inappropriate non-conviction information is included in a record, the Act provides that the individual may request a reconsideration of the disclosure. As a result, employers who conduct employment criminal record checks will now only be able to obtain the results if the applicant/employee has consented to the disclosure. 

December 22nd, 2015|Categories: Compliance Corner for Employment Decisions|Tags: , , |

New US-EU Safe Harbor agreement may be around the corner

Various sources report that US and EU representatives met on December 17, 2015 to hash out an agreement that would replace the recently invalidated Safe Harbor privacy framework. The two governments aim to have a replacement framework in place by January, says EU Justice Commissioner Vera Jourová. One of the main goals of the new program is to allow EU citizens’ grievances to be filed directly with their national privacy regulator.

As reported in our client alert and blogs, in October 2015, judges from the European Court of Justice issued a judgment striking down a 15-year old agreement, known as the Safe Harbor framework, which allowed US and European organizations to freely move personal data between the two regions as long as the US ensured an adequate level of data protection at the company and certified that it would abide by the seven EU data privacy principles regarding notice, choice, onward transfer, security, data integrity, access, and enforcement.  The invalidation ruling impacted nearly 4,000 businesses that relied on the Safe Harbor framework to transfer data between the US and Europe and requires all businesses to revaluate their compliance with European data privacy and security standards.

December 22nd, 2015|Categories: Commercial Transactions Due Diligence|Tags: , |

Right to be Forgotten movement gains backers in the U.S.

Seeking to expand recognition of the Right to be Forgotten to the United States, a consumer group has filed a petition with the Federal Trade Commission (the “FTC”) requesting that Google be required to remove links upon request.

Last year, the European Court of Justice ordered Google to remove links about the financial history of a Spanish attorney, finding that the links to stories about his debts were “inadequate, irrelevant or no longer relevant, or excessive,” establishing the Right to be Forgotten (“RTBF”). Over the last 12 months, Google has received 274,462 removal requests and evaluated 997,008 URLs for removal from its search results.

In the hopes of bringing the RTBF to the United States, Consumer Watchdog recently filed a petition with the FTC. The group argued that by providing the ability to request removal of links to European consumers in Europe, Google engaged in unfair and deceptive practices in violation of the Federal Trade Commission Act. Not offering Americans the right to request removal – while providing it to millions of users across Europe – is unfair, the group argued to the FTC. And Google’s claims in its privacy policy that “

[p]rotecting the privacy and security” of customer information “is a top priority,” are deceptive because the company limits protections by denying the RTBF, the consumer group added.

Consumer Watchdog listed several examples of U.S. citizens who have been harmed without the RTBF in this country, ranging from a guidance counselor who was fired after photos of her as a lingerie model from 20 years prior surfaced online to a woman whose mug shot appeared online after she was arrested defending herself against an abusive boyfriend. The group also told the FTC that Google already removes certain types of links from search results in this country (such as revenge porn), meaning it has the capability to remove other links as well.

“As clearly demonstrated by its willingness to remove links to certain information when requested in the United States, Google could easily offer the RTBF or the Right To Relevancy request option to Americans,” Consumer Watchdog wrote. “It unfairly and deceptively opts not to do so.”

The RTBF doesn’t implicate First Amendment concerns or constitute censorship, the group said, because the content remains on the Internet. The right “simply allows a person to request that links from their name to data that is inadequate, irrelevant, no longer relevant, or excessive be removed from search results,” according to the petition. “Americans deserve the same ability to make such a privacy-protecting request and have it honored.”

Further, the right isn’t automatic. “Removal won’t always happen, but the balance Google has found between privacy and the public’s right to know demonstrates Google can make the RTBF or Right To Relevancy work in the United States,” Consumer Watchdog concluded.

Meanwhile, the issue of expanding the RTBF has also come up in Europe. In July, a French regulatory authority ordered Google to remove all the links from its search pages including Google.com in the U.S. – not just the European pages. Google refused to comply and filed an appeal of the order. “We believe that no one country should have the authority to control what content someone in a second country can access,” Google’s global privacy counsel Peter Fleischer wrote on the company’s blog.

Read Consumer Watchdog’s petition to the FTC.

September 23rd, 2015|Categories: Commercial Transactions Due Diligence|Tags: , |

FTC launches new resource for identity theft victims

The FTC has launched IdentityTheft.gov, a new resource that makes it easier for identity theft victims to report and recover from the crime. A Spanish version of the site is available at RobodeIdentidad.gov.

The new website provides an interactive checklist that explains the recovery process and helps victims understand the steps that should be taken upon learning that their identity has been stolen. It also provides sample letters and other helpful resources. In addition, the site offers specialized tips for specific forms of identity theft, including medical and tax-related, and contains advice for people who have been notified that their personal information was exposed in a data breach.

Identity theft has been the top consumer complaint reported to the FTC for the past 15 years, and in 2014, the Commission received more than 330,000 complaints from consumers who were victims.

June 12th, 2015|Categories: Commercial Transactions Due Diligence|Tags: , |

New law limits credit checks for New York City employers

New York City has joined the growing list of employers placing limits on credit checks. On April 16, the City Council overwhelmingly voted in favor of a bill prohibiting the use of credit checks in most employment situations. Mayor Bill De Blasio signed the legislation on May 6, amending the city’s Human Rights Law to make the use of credit history for hiring and other employment purposes, with certain exceptions, an unlawful discriminatory practice. Set to take effect on September 3, 2015, the law will have a sizable impact on employers in New York City. A review of current policies and procedures to determine if any exceptions apply is key, while employers with a statewide presence should consider whether to continue credit checks in other locations where they remain legal.

As defined by the law, “consumer credit history” means an individual’s credit worthiness, credit standing, credit capacity, or payment history, as indicated by: (a) a consumer credit report; (b) credit score; or (c) information an employer obtains directly from the individual regarding (1) details about credit accounts, including the individual’s number of credit accounts, late or missed payments, charged-off debts, items in collections, credit limit, prior credit report inquiries, or (2) bankruptcies, judgments or liens. The law further provides that “a consumer credit report shall include any written or other communication of any information by a consumer reporting agency that bears on a consumer’s creditworthiness, credit standing, credit capacity or credit history.”

Importantly, employers are prohibited not just from the request or use of credit history for applicants, but also from using credit history as a factor in employment decisions for current employees in “compensation, or the terms, conditions or privileges of employment.”

When initially introduced, the proposal featured no exceptions to the ban on credit checks. But over the course of the past year, limited exceptions were added to the bill. As enacted, the legislation permits the use of credit checks for prospective employees of broker-dealers who must register with the Financial Industry Regulatory Authority (FINRA) as well as for police officers and other public officials in a position involving a “high degree of public trust.” Additional exceptions allow a review of credit history when required by state or federal law or regulations; for positions when an employee must possess a security clearance or has “regular access” to intelligence or national security information; for non-clerical positions with access to “trade secrets;” for computer security positions when the employee’s duties include the ability to modify digital security systems; and for employees with signing authority over third-party funds or assets greater than $10,000 or fiduciary responsibility to an employer with the authority to enter into financial agreements of $10,000 or more.

The law permits individuals to file a complaint of discrimination with the New York City Commission on Human Rights within a one-year period or a complaint in court, with a three-year statute of limitations. Remedies include back pay, reinstatement, compensatory and punitive damages, and attorney’s fees and costs.

New York City joins 12 other jurisdictions that have prohibited credit checks in employment-related decisions, including the city of Chicago as well as California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont, and Washington.

Read the New York City legislation here.

June 12th, 2015|Categories: Compliance Corner for Employment Decisions|Tags: , , , |

Financial regulators focus on vendor due diligence

In the wake of the economic crisis, financial institutions have faced a wave of new rules and regulations. From the Dodd-Frank Wall Street Reform and Consumer Protection Act to regulators stepping up their enforcement efforts, regulated entities must ensure compliance with a host of new requirements.

The rules and heightened oversight go beyond banks themselves, and are increasingly focused on their third-party vendors. In many cases, vendors are not allowed to work with regulated entities unless they can demonstrate their compliance with various data security and privacy requirements.

Last year, New York’s Department of Financial Services (the “DFS”) sent letters to banks nationwide expressing concern about the state of their cybersecurity practices with regard to third-parties. DFS Superintendent Benjamin Lawsky requested that recipients disclose “any policies and procedures governing relationships with third-party service providers” as well as “any due diligence processes used to evaluate” all types of providers, including accountants and law firms. “It is abundantly clear that, in many respects, a firm’s level of cybersecurity is only as good as the cybersecurity of its vendors,” Lawsky wrote.

In “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” the Securities and Exchange Commission (the “SEC”) and the Department of Justice (the “DOJ”) state that the agencies “assess whether the company has informed third-parties of its compliance program and commitment to ethical and lawful business practices, and where appropriate, whether it has sought assurance from third-parties, through certifications and otherwise, of reciprocal commitments.” To avoid regulatory action, the SEC and DOJ also suggest that regulated banks and financial institutions consider providing training to vendors.

The Office of the Comptroller of the Currency (the “OCC”) released new guidance in October 2013, advising banks to take a “life cycle” approach to managing third-party relationships (such as security providers, affiliates, consultants, joint ventures, and payment processors) from planning and due diligence to ongoing monitoring and termination.

When conducting due diligence – commensurate with the level of risk and complexity presented by the relationship – financial institutions should not rely on prior knowledge or experience of the third-party, the OCC said. Instead, they must conduct an “objective, in-depth assessment of the third-party’s ability to perform the activity in compliance with applicable laws and regulations and in a safe and sound manner” including a review of the third-party’s financial conditions (like any pending litigation or audited financial statements), reference checks, and evaluation of the entity’s legal and regulatory compliance.

Contracts should specify compliance with the regulations of relevant law, such as the Gramm-Leach-Bliley Act, the OCC added, and provide the financial institution with the power to conduct compliance reviews of the third-party.

Not to be outdone, the Consumer Financial Protection Bureau (the “CFPB”) followed up in January 2015 with the latest addition to its loosely-sewn patchwork of vendor management best practices and requirements. Compliance Bulletin 2015-01 which, among other directives, puts CFPB-supervised entities on notice that they may not invoke non-disclosure agreements to avoid complying with requests from the CFPB to produce a third-party’s confidential information.

For nonbanks and service providers still coming up-to-speed on the CFPB’s supervision and enforcement, confidentiality obligations, audit rights, vendor training responsibilities, and remedies for vendor breaches are among the more thorny agreement provisions that may need to be enhanced in light of developing trends.

Read OCC Bulletin 2013-29.

Read the SEC’s and DOJ’s “A Resource Guide to the U.S. Foreign Corrupt Practices Act“.

May 8th, 2015|Categories: Commercial Transactions Due Diligence|Tags: , , |
© 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
Go to Top