Judgment

Arrest record but no charges

Typically, an arrest record will show the date, arresting agency, and the subject’s name (and other identifiers such as DOB and address), without specifying the charge or charges. The reason for this is twofold: (1) until the district attorney (“DA”) files a criminal case, there are no charges; and (2) the charges filed by the DA may be different than the charges on which the arresting officer based the arrest. An “arrest” and “being charged with a crime” are different things (although obviously related).  An “arrest” means that a person is taken into custody because they have been accused either by a warrant or by probable cause of committing a crime. Once in custody, the prosecutor’s office will decide whether the person will be charged with a crime. The person will then be given a charging document (complaint or information) that will state what charges they are facing.

A record will never show that an arrest was “dropped.” At best, you can infer that no charges were filed after an arrest if there is no corresponding court case.

2021 UPDATE OF FCRA LITIGATION AND THE EFFECT ON EMPLOYMENT BACKGROUND SCREENING

Fair Credit Reporting Act (FCRA) lawsuits continue to rise with the number of complaints filed in federal courts showing a +5.3% increase in 2020 over 2019[1]. This continues a trend for FCRA litigation as it has consistently shown year-over-year growth since 2010. An issue that garners much attention in FCRA litigation is whether an employer’s disclosure and authorization forms violate the FCRA. Two federal appellate decisions address this issue and provide important guidance for employers on how to draft FCRA disclosure and authorization forms.

FCRA Disclosure and Authorization Forms

Employers that want to obtain a background check report about a job applicant or current employee must comply with the FCRA and provide to the individual a standalone document with a clear and conspicuous disclosure of the employer’s intention to do so, and obtain the individual’s authorization. By way of background, the principal appellate opinion on disclosure and authorization forms is the Ninth Circuit’s Gilberg v. California Check Cashing Stores, LLC, No. No. 17-16263 (January 2019). The Gilberg opinion made clear that any extraneous information in an FCRA disclosure form violates the FCRA’s requirement that the disclosure must be “in a document that consists solely of the disclosure” (the standalone requirement). The employer in Gilberg was found to have violated the standalone requirement by:

  1. Combining the authorization and disclosure into one document; and
  2. Including several state-related disclosures in the form.

Two important cases from 2020 that further addressed the requirements and limitations for the content of an FCRA disclosure form were issued by the Ninth Circuit in Walker v. Fred Meyer, Inc., No. 18-35592 (March 20, 2020) and Luna v. Hansen & Adkins Transport, Inc., No. 18-55804, (April 24, 2020).

In Walker v. Fred Meyer, the court indicated that background check disclosures may contain some concise explanatory language, but there is a limit to what is explanatory and what is unlawfully extraneous. Among other allegations, the plaintiff in Walker claimed that the FCRA disclosure violated the standalone requirement because, in addition to mentioning consumer reports, it also mentioned investigative consumer reports (a type of consumer report). The Ninth Circuit rejected this claim and ruled that mentioning investigative background checks in the disclosure does not violate the FCRA’s standalone requirement because investigative consumer reports are a subcategory or specific type of consumer report and as long as the investigative background check disclosures are limited to (1) disclosing that such reports may be obtained for employment purposes and (2) providing a very brief description of what that means.

The Ninth Circuit reviewed the employer’s disclosure in Walker in detail, which consisted of five paragraphs, and held that the first three paragraphs did not violate the standalone requirement, but that the last two paragraphs did because they may pull the individual’s attention away from their privacy rights protected by the FCRA. Here are the offending paragraphs in their entirety:

“You may inspect GIS’s files about you (in person, by mail, or by phone) by providing identification to GIS. If you do, GIS will provide you help to understand the files, including communication with trained personnel and an explanation of any codes. Another person may accompany you by providing identification.”

“If GIS obtains any information by interview, you have the right to obtain a complete and accurate disclosure of the scope and nature of the investigation performed.”

The plaintiff in Walker also claimed that the language of the employer’s authorization form, which was in a separate document was confusing and underscored the confusing and distracting nature of disclosure form, thus violating the FCRA’s standalone requirement. The Ninth Circuit rejected this argument because it found that the authorization form is not relevant to the FCRA disclosure form’s standalone requirement where the authorization is not included in the disclosure and is in a separate authorization form.

In Luna v. Hansen, the plaintiff claimed that the FCRA’s physical standalone requirement for hard-copy forms was a temporal one, i.e., the disclosure form should be presented to the individual separate from all other employment-related forms. The plaintiff in Luna had received one packet containing all forms. The Ninth Circuit rejected this argument and held that as long as the background check disclosure itself is in a standalone form, it can be presented with and at the same time as other employment documents.

Key Takeaways

Given the steady uptick in FCRA litigation, it is advisable for employers to review their FCRA disclosure and authorization forms on at least a yearly basis, or whenever important appellate opinions are issued, to ensure compliance with the FCRA. The attached forms from the Gilberg and Walker opinions provide clear examples of what to avoid in FCRA disclosure forms. In general, the guidance provided in the above-referenced opinions indicate that:

  • background check disclosure forms may contain some concise explanatory language, but there is a limit to what is explanatory and what is unlawfully extraneous;
  • background check disclosure forms may be presented at the same time as other materials, including application materials, as long as the background check disclosures are on a separate form; and
  • language in a separate authorization form has no impact on the disclosure form’s compliance with the FCRA standalone requirement.


Disclaimer: This communication is for general informational purposes only and does not constitute legal advice. No recipient should act, or refrain from acting, based on any information provided here without advice from a qualified attorney licensed in the applicable jurisdiction.


Client Alert: EU Court of Justice Invalidates the EU-US Privacy Shield

An important and unexpected ruling was handed down by the Court of Justice of the European Union (CJEU) on July 16, 2020, in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”) that invalidates the EU-U.S. Privacy Shield (“Privacy Shield”) arrangement. Since 2016, the Privacy Shield provided U.S. companies with a mechanism to comply with the General Data Protection Regulation (GDPR) requirements when transferring personal data from the European Union to the U.S.

What this means

Now companies that subscribed to the Privacy Shield must find another GDPR-compliant solution for the transfer of data. The European Data Protection Board indicated in its July 23, 2020 FAQs that it will not be providing a grace period as the authorities had done for the EU-U.S. Safe Harbor (“Safe Harbor”) framework following the “Schrems I” decision.

Notably, the CJEU’s decision expressly stated that the standard contractual clauses (SCCs) previously promulgated by the European Commission (EC) are still a valid tool for data transfers from the EU to the United States. The SCCs are sets of contractual terms and conditions that the controller and the processor of the data both execute to comply with GDPR’s requirements.  However, the CJEU’s decision does not give blanket approval to the SCCs–the decision acknowledged that future challenges to SCCs are permissible by the local data enforcement agency for any EU-member state. For example, an EU-member state might prohibit or suspend exports of personal data from its country under SCCs, if the member state concludes that the SCCs are not or cannot be complied with in the recipient third country (such as the U.S.) because of the member state’s local legal requirements.

The CJEU did not directly reference binding corporate rules (‘BCRs’) which are used for intragroup data transfers and require prior approval of the competent data protection authority. For now, this means that BCRs remain a valid transfer mechanism under the GDPR as BCRs are of a similar nature to  SCCs (both are considered an “appropriate safeguard” pursuant to Article 46 GDPR).

For some situations, an alternative is to look to the narrow derogations under Article 49 of the GDPR, such as to perform a contract or base the transfer on the subject’s explicit consent.  

What happens next

When the adequacy of the Safe Harbor was invalidated by the CJEU in 2015, the U.S. Department of Commerce (DOC) and the EC had already been negotiating for an updated trans-Atlantic program for many months. With Schrems II, and although the DOC and EC have indicated that lines of communication are open, the discussions are not nearly as advanced. And the issues cited by the CJEU in Schrems II may require some form of legislative and not merely an administrative action to address. As such, the process to revamp the Privacy Shield is unlikely to be concluded any time soon.  

The DOC, in a press release in response to the CJEU’s decision, and later in its updated Privacy Shield FAQs, stated that it will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification and maintaining the participants’ list. The DOC emphasized that the CJEU’s decision “does not relieve participating organizations of their Privacy Shield obligations.”

The UK’s Data Enforcement Agency also issued a statement advising companies to continue using the Privacy Shield until new guidance becomes available but added that companies “do not start using the Privacy Shield during this period.”

Stay tuned for more regulatory guidance and other developments in the next few weeks.


Disclaimer: This is not legal advice. The resources and information provided here are for educational purposes only. Consult your own counsel if you have legal questions related to your specific practices and compliance with applicable laws.

Ninth Circuit Defines “Standalone, Clear and Conspicuous” Disclosure for Obtaining Employment-Purpose Background Checks

On January 29, 2019, the U.S. Court of Appeals for the Ninth Circuit in Gilberg v. California Check Cashing Stores, LLC instructed employers about the importance of complying with background check disclosure requirements found in the Fair Credit Reporting Act (FCRA).

Pursuant to the federal statute, employers who want to obtain a consumer report (commonly referred to as a background check report) on a job candidate must provide to the candidate a “clear and conspicuous disclosure” about the report in a document that consists “solely of the disclosure.” 15 U.S.C. § 1681b(b)(2)(A).

But when Desiree Gilberg applied for a job with CheckSmart Financial, she received something different. First Gilberg completed a three-page form containing an employment application, a math screening and an employment history verification. She then signed a separate form entitled, “Disclosure Regarding Background Investigation.”

The one-page form included the required FCRA disclosure as well as mandated state disclosures for California, Maine, Minnesota, New York, Oklahoma, Oregon and Washington.

Gilberg worked for CheckSmart for five months before voluntarily leaving the job. She then filed a putative class action against the company, alleging that it failed to make proper disclosures as set forth in both the FCRA and California’s Investigative Consumer Reporting Agencies Act (ICRAA).

A district court sided with the employer and dismissed the case. The judge agreed with CheckSmart that its disclosure form complied with both statutes. Gilberg appealed to the Ninth Circuit. She argued that the standalone requirement didn’t permit the combination of state and federal disclosures as CheckSmart had tried.

Considering the issue, the Ninth Circuit recalled a 2017 decision in Syed v. M-I, LLC. In that case, which also involved the standalone requirement, the federal appellate panel held that a prospective employer violated the FCRA when it included a liability waiver in the same document as the mandated disclosure. The statute means what it says, the court emphasized: the required disclosure must be in a document that “consist

[s] ‘solely’ of the disclosure.”

In an effort to distinguish its disclosure from that in the Syed case, CheckSmart told the court that the additional information in its form actually furthered the FCRA’s purpose.

“We disagree,” the court wrote. “Syed’s holding and statutory analysis were not limited to liability waivers; Syed considered the standalone requirement with regard to any surplusage. Syed grounded its analysis of the liability waiver in its statutory analysis of the word ‘solely,’ noting that FCRA should not be read to have implied exceptions, especially when the exception – in that case, a liability waiver – was contrary to FCRA’s purpose. Syed also cautioned ‘against finding additional, implied exceptions’ simply because Congress had created one exception. Consistent with Syed, we decline CheckSmart’s invitation to create an implied exception here.”

Plain meaning trumps purpose, the Ninth Circuit said, rejecting the employer’s contention that its disclosure form was consistent with the intent of the FCRA. Since the surplus language included disclosures required by various state laws that were inapplicable to Gilberg, the court was unable to understand how the CheckSmart form comported with the purpose of the federal statute.

“Because the presence of this extraneous information is as likely to confuse as it is to inform, it does not further FCRA’s purpose,” the court declared.

“Syed holds that the standalone requirement forecloses implicit exceptions,” the panel wrote. “The statute’s one express exception does not apply here, and CheckSmart’s disclosure contains extraneous and irrelevant information beyond what FCRA itself requires. The disclosure, therefore, violates FCRA’s standalone document requirement. Even if congressional purpose were relevant, much of the surplusage in CheckSmart’s disclosure form does not effectuate the purposes of the FCRA.”

In addition to ruling that the district court erred in concluding that the employer’s disclosure form satisfied the FCRA’s standalone document requirement, the Ninth Circuit also held that CheckSmart’s disclosure form was not “clear and conspicuous” under either FCRA or ICRAA.

The court grudgingly found the form to be “conspicuous” (despite characterizing the font as “inadvisably” small and cramped) but held it was not “clear.” The disclosure contained language a reasonable person would not understand, the court said, and its content would confuse a reader with the combination of federal and state disclosures.

As “CheckSmart’s disclosure form was not both clear and conspicuous, the district erred in granting CheckSmart’s motion for summary judgment with regard to the FCRA and ICRAA ‘clear and conspicuous’ requirements,” the panel wrote. The Ninth Circuit reversed dismissal of Gilberg’s complaint and remanded the case to the California district court. (As of this writing, there is a petition for rehearing and rehearing en banc pending before the 9th Circuit.)

For employers, the Ninth Circuit opinion could not be more clear: ensure that the FCRA disclosure form provided to job candidates contains no extraneous or surplus language. The decision also provides an important reminder about keeping disclosures forms clear and conspicuous in order to comply with both federal and state laws.

Pursuant to the federal statute, employers who want to obtain a consumer report (commonly referred to as a background check report) on a job candidate must provide to the candidate a “clear and conspicuous disclosure” about the report in a document that consists “solely of the disclosure.” 15 U.S.C. § 1681b(b)(2)(A).

But when Desiree Gilberg applied for a job with CheckSmart Financial, she received something different. First Gilberg completed a three-page form containing an employment application, a math screening and an employment history verification. She then signed a separate form entitled, “Disclosure Regarding Background Investigation.”

The one-page form included the required FCRA disclosure as well as mandated state disclosures for California, Maine, Minnesota, New York, Oklahoma, Oregon and Washington.

Gilberg worked for CheckSmart for five months before voluntarily leaving the job. She then filed a putative class action against the company, alleging that it failed to make proper disclosures as set forth in both the FCRA and California’s Investigative Consumer Reporting Agencies Act (ICRAA).

A district court sided with the employer and dismissed the case. The judge agreed with CheckSmart that its disclosure form complied with both statutes. Gilberg appealed to the Ninth Circuit. She argued that the standalone requirement didn’t permit the combination of state and federal disclosures as CheckSmart had tried.

Considering the issue, the Ninth Circuit recalled a 2017 decision in Syed v. M-I, LLC. In that case, which also involved the standalone requirement, the federal appellate panel held that a prospective employer violated the FCRA when it included a liability waiver in the same document as the mandated disclosure. The statute means what it says, the court emphasized: the required disclosure must be in a document that “consist[s] ‘solely’ of the disclosure.”

In an effort to distinguish its disclosure from that in the Syed case, CheckSmart told the court that the additional information in its form actually furthered the FCRA’s purpose.

“We disagree,” the court wrote. “Syed’s holding and statutory analysis were not limited to liability waivers; Syed considered the standalone requirement with regard to any surplusage. Syed grounded its analysis of the liability waiver in its statutory analysis of the word ‘solely,’ noting that FCRA should not be read to have implied exceptions, especially when the exception – in that case, a liability waiver – was contrary to FCRA’s purpose. Syed also cautioned ‘against finding additional, implied exceptions’ simply because Congress had created one exception. Consistent with Syed, we decline CheckSmart’s invitation to create an implied exception here.”

Plain meaning trumps purpose, the Ninth Circuit said, rejecting the employer’s contention that its disclosure form was consistent with the intent of the FCRA. Since the surplus language included disclosures required by various state laws that were inapplicable to Gilberg, the court was unable to understand how the CheckSmart form comported with the purpose of the federal statute.

“Because the presence of this extraneous information is as likely to confuse as it is to inform, it does not further FCRA’s purpose,” the court declared.

“Syed holds that the standalone requirement forecloses implicit exceptions,” the panel wrote. “The statute’s one express exception does not apply here, and CheckSmart’s disclosure contains extraneous and irrelevant information beyond what FCRA itself requires. The disclosure therefore violates FCRA’s standalone document requirement. Even if congressional purpose were relevant, much of the surplusage in CheckSmart’s disclosure form does not effectuate the purposes of the FCRA.”

In addition to ruling that the district court erred in concluding that the employer’s disclosure form satisfied the FCRA’s standalone document requirement, the Ninth Circuit also held that CheckSmart’s disclosure form was not “clear and conspicuous” under either FCRA or ICRAA.

The court grudgingly found the form to be “conspicuous” (despite characterizing the font as “inadvisably” small and cramped) but held it was not “clear.” The disclosure contained language a reasonable person would not understand, the court said, and its content would confuse a reader with the combination of federal and state disclosures.

As “CheckSmart’s disclosure form was not both clear and conspicuous, the district erred in granting CheckSmart’s motion for summary judgment with regard to the FCRA and ICRAA ‘clear and conspicuous’ requirements,” the panel wrote. The Ninth Circuit reversed dismissal of Gilberg’s complaint and remanded the case to the California district court. (As of this writing, there is a petition for rehearing and rehearing en banc pending before the 9th Circuit.)

For employers, the Ninth Circuit opinion could not be more clear: ensure that the FCRA disclosure form provided to job candidates contains no extraneous or surplus language. The decision also provides an important reminder about keeping disclosures forms clear and conspicuous in order to comply with both federal and state laws.

Independent contractors and the FCRA

Must employers provide the protections required by the Fair Credit Reporting Act (FCRA) to prospective independent contractors? 

Not according to a new decision from an Iowa court (see Smith v. Mutual of Omaha Insurance Company, No. 4:17-cv-00443 (S.D. Iowa Oct. 4, 2018)) which grappled with the question in the context of a lawsuit filed by an individual against an insurance company where he applied to contract as a salesperson but was rejected because of a falsely reported felony in his background check. The plaintiff accused the insurance company of violating the FCRA by failing to provide him with the statutorily required prior notice that the background check resulted in his not being hired.    

The insurance company asked the court to dismiss the lawsuit, claiming that the FCRA only requires such notice when an applicant seeks to be hired as an employee, and not as an independent contractor. Since the plaintiff applied for an independent contractor position, he was not entitled to the protections of the statute, the insurance company argued. 

The plaintiff countered that he was applying to be an employee of the insurance company and that it was too early to dismiss the case, as further discovery was needed. In the alternative, he argued that the FCRA should still govern his relationship even as an independent contractor.

In ruling on the FCRA issue, Judge John Jarvey began with the language of the law. The FCRA is a broad statute, Judge Jarvey said, and some of its most stringent protections apply when a background check is being obtained “for employment purposes.” 

The definitions section of the FCRA, at 15 U.S.C. § 1681a(h), states that “

[t]he term ‘employment purposes’ when used in connection with a consumer report means a report used for the purpose of evaluating a consumer for employment, promotion, reassignment or retention as an employee.” This text “makes clear that the pre-adverse action notice requirement only applies when a consumer report is used for employment purposes,” Judge Jarvey wrote. “The meaning of ‘employment purposes’ is specifically defined in the statute, and it is defined as being ‘used for the purpose of evaluating a consumer for employment, promotion, reassignment or retention as an employee.’”  District courts in Ohio and Wisconsin have reached the same conclusion, Judge Jarvey noted, citing the decisions for support. 

Notably, the Federal Trade Commission (FTC) in its 2011 staff report entitled “40 Years of Experience with the Fair Credit Reporting Act” provided a seemingly contrasting interpretation. The FTC stated that “the term ‘employment purposes’ is interpreted liberally to effectuate the broad remedial purpose of the FCRA and may apply to situations where an entity uses individuals who are not technically employees to perform duties. Thus, it includes a trucking company that obtains consumer reports on individual drivers who own and operate their own equipment; a title insurance company that obtains consumer reports on individuals with whom it frequently enters into contracts to sell its insurance, examine title, and close real property transactions; or a nonprofit organization staffed in whole or in part by volunteers.” 

The FTC’s view can be reconciled with that of Judge Jarvey’s by taking the approach that the applicability of FCRA’s requirements depends on the facts and circumstances of the particular relationship, rather than the formal designation of someone as an independent contractor. 

Given the still remaining disputed issue of whether or not the plaintiff would have been an employee or an independent contractor for the insurance company, the court ordered limited discovery on the issue and declined to dismiss the suit. 

All judgments and tax liens to be removed from consumer credit reports

As reported last year, Equifax, Experian and TransUnion (the “NCRAs”) implemented enhanced standards for the collection and timely updating of public record data as part of the requirements of the National Consumer Assistance Plan (the “NCAP”) and accordingly, effective July 1, 2017, removed all civil judgments and the majority of tax liens from their databases.

The NCRAs are now going a step further to comply with the NCAP’s standards and to resolve pending litigation by removing all tax liens from consumer credit reports effective April 16, 2018. Bankruptcy records will continue to be reported.

Florida court allows FCRA suit against Whole Foods to move forward

Reinforcing the importance of complying with even the most technical FCRA requirements, a federal court in Florida allowed a former employee to move forward with his suit against Whole Foods Market Group.

In the putative class action, the plaintiff, who was terminated in June 2013 after the employer conducted a background check on plaintiff and other existing employees, charges that Whole Foods violated the FCRA, and specifically, points to the forms the plaintiff signed when he applied for employment. A “Disclosure Statement” provided: “By this document

[Whole Foods] discloses to you that a consumer report regarding your credit history, criminal history and other background information and/or an investigative consumer report containing information as to your character, general reputation, personal characteristics and/or mode of living may be obtained from personal interviews or other sources in connection with your application for any purpose at any time during your employment.”

The plaintiff was also given a “Consent and Release of Information” form, which stated: “I further understand and authorize [Whole Foods] or those authorized by them to procure a consumer report on me as part of a process of consideration as an employee … I release all parties from liability for any damages which may result from the disclosure of any information outlined herein.”

Although Whole Foods intended for the Disclosure Statement to satisfy Section 1681(b)(2)(A)(i) of the FCRA and each form was a separate single page document, the simultaneous presentation of the consent form rendered the disclosure meaningless, the plaintiff argued. Whole Foods knew that it was required to provide a stand-alone form, the plaintiff added, citing FCRA-related articles posted online by the third-party the company used to run the background checks.

The court agreed. “Based on the allegations, with all inferences drawn in favor of plaintiff, if both the disclosure and the consent forms combined and read as one document with the waiver and release included simultaneously with the disclosure, the complaint states a claim for relief,” the judge said, denying Whole Foods’ motion to dismiss the suit. The court also allowed the plaintiff’s contention that Whole Foods “willfully” violated the FCRA to move forward. Under the statute, reckless and knowing violations constitute willful violations, the court noted, and the plaintiff presented sufficient allegations that the defendant knew it was required to provide a stand-alone form separate from the employment application and yet failed to do so.

“The allegations that defendant had access to legal advice and guidance from the FTC yet it knew that its conduct was inconsistent with that guidance and the plain terms of the statute, are sufficient to withstand attack at this stage of the proceedings on a motion to dismiss,” the judge wrote.

The decision provides an important reminder to employers that class actions alleging technical violations of the FCRA, particularly Section 1681(b)(2)(A)(i), remain popular with plaintiffs with statutory damages from $100 to $1,000 for a willful violation available.

Whole Foods is facing an identical suit in California federal court while other companies have settled similar cases for significant amounts, such as the recent deal Publix Super Markets struck with a class in Tennessee federal court for $6.8 million, a $2.5 million payout by Domino’s Pizza, and a settlement agreement for $3 million between grocery chain Food Lion and job applicants.

Read the court order here.

U.S. Supreme Court case offers window into CFPB’s position on the FCRA

The U.S. Supreme Court has agreed to hear a closely followed case involving the Fair Credit Reporting Act (the “FCRA”) that will have great significance on privacy law. In connection with this case, the Consumer Financial Protection Bureau (CFPB) offered a glimpse of its stance on the FCRA in an amicus brief recently filed with the U.S. Supreme Court.

In 2012, the Bureau took over the enforcement reins of the FCRA from the Federal Trade Commission (FTC). Since then, the industry has watched for signs on how the Bureau would tackle its new job, with few clues. But in an amicus brief filed jointly with the Solicitor General in Spokeo v. Robins, the CFPB weighed in, taking a consumer-friendly position on the statute.

The dispute began when Robins claimed that Spokeo ran afoul of the FCRA. The spokeo.com site allows users to obtain information about other individuals like address, phone number, employment information, and economic data such as mortgage value and investments. Robins sued after finding incorrect information about himself on the site, alleging that Spokeo was a consumer reporting agency (CRA) under the FCRA and sold “consumer reports” but failed to comply with the various statutory requirements by neglecting to assure the maximum possible accuracy of the information reported on its site and failing to provide notice of statutory responsibilities to purchasers of its reports.

Relying on Section 1681n of the FCRA, which grants consumers a cause of action against an entity that negligently or willfully violates “any requirement imposed

[under the FCRA] with respect to [that] consumer,” Robins filed a putative class action. A federal district court dismissed the suit for a lack of standing but the Ninth Circuit Court of Appeals reversed. The federal appellate panel held that Robins sufficiently alleged an injury in fact because Congress created a right of action to enforce a statutory provision, demonstrating intent to create a statutory right.

Spokeo petitioned the U.S. Supreme Court to take the case. The CFPB filed the amicus brief, siding with the plaintiff and arguing that the justices should deny the writ of certiorari. The Bureau argued to the Court that the statutorily created cause of action found in the FCRA satisfied the injury required for Article III standing. While recognizing that Congress does not have unlimited power to define the class of plaintiffs who may sue in federal court, the CFPB said the legislature “may grant individuals statutory rights that, when violated, confer standing, and the clear language of the FCRA did just that.”

“FCRA thus grants an individual consumer a statutory entitlement to be free from a CRA’s actual dissemination of inaccurate information about him when the CRA fails to employ ‘reasonable procedures’ to assure the information’s accuracy,” according to the CFPB’s brief. A CRA’s willful failure to follow reasonable procedures to ensure that an accurate report about a consumer is disseminated violates a ‘requirement imposed under [FCRA] with respect to [that] consumer.’ It is also a concrete and particularized injury to the consumer because it involves the actual, specific, and non-abstract act of disseminating information about the particular consumer.” This reading – recognizing a legally protected interest in consumer privacy – “is particularly salient in modern-day society given the proliferation of large databases and the ease and rapidity with which information about individuals can be transmitted and retransmitted across the Internet,” the CFPB added, as “public dissemination of inaccurate personal information about the plaintiff is a form of ‘concrete harm’ that courts have traditionally acted to redress, whether or not the plaintiff can prove some further consequential injury.”

Read the CFPB’s amicus brief in Spokeo v. Robins here.

Read the opinion of the U.S. Court of Appeals for the Ninth Circuit here.

 

No number, no lawsuit

Tossing a lawsuit alleging religious discrimination, the Sixth U.S. Circuit Court of Appeals found that an applicant could not sue after refusing to provide his Social Security number to a prospective employer. The plaintiff, an applicant for a position with an energy company, claimed that he had no number because he “disclaimed and disavowed it” on account of his sincerely held religious beliefs.

The company’s refusal to hire the plaintiff violated Title VII and Ohio state law, the complaint charged, requesting both injunctive relief in the form of a job and monetary damages. A federal district court judge dismissed the lawsuit, and the federal appellate panel affirmed.

Courts considering the issue apply a two-step analysis, the Sixth Circuit explained. First, the court determines whether the plaintiff established a “prima facie case of religious discrimination,” which requires proof that the plaintiff “(1) holds a sincere religious belief that conflicts with an employment requirement; (2) has informed the employer about the conflicts; and (3) was discharged or disciplined for failing to comply with the conflicting employment requirement.” If the plaintiff manages to establish a prima facie case, the burden shifts to the employer to show it could not “reasonably accommodate” the religious beliefs without “undue hardship.”

This suit failed under the first step, the panel said, because the Internal Revenue Code mandates that employers collect and provide the Social Security numbers of their employees. Because the company’s collection of the plaintiff’s number was a “requirement imposed by law” and not an “employment requirement,” the court had no need to consider the sincerity of the plaintiff’s beliefs.

The panel also noted that every other federal appellate court to consider the issue has concluded “that Title VII does not require an employer to reasonably accommodate an employee’s religious beliefs if such accommodation would violate a federal statute,” citing decisions from the Fourth, Eighth, Ninth, and Tenth Circuits, as well as federal district courts in Michigan and Virginia.

All of the courts have arrived “at the same, sensible conclusion: ‘

[A]n employer is not liable under Title VII when accommodating an employee’s religious beliefs would require the employer to violate federal … law,” the Sixth Circuit wrote. “This conclusion is consistent with Title VII’s text, which says nothing that might license an employer to disregard other federal statutes in the name of reasonably accommodating an employee’s religious practices.”

For employers, the decision provides even greater peace of mind. With five federal appellate courts in agreement that a religious discrimination claim will not stand against an employer that complies with federal requirements to collect an applicant’s Social Security number, companies do not have to worry about the merits of a Title VII lawsuit under such circumstances.

Read the opinion.

Class action for unauthorized disclosure of PHI is a new twist under FCRA

A recent class-action is seeking damages for the unauthorized disclosure of personal health information (“PHI”) under the Fair Credit Reporting Act (the “FCRA”). The plaintiffs claim that the defendant hospital allowed the unauthorized access of confidential records of the putative class members, including PHI, held by a third-party records vendor without their knowledge or consent and without sufficient security. Among other claims, the plaintiffs allege that the hospital violated the FCRA by failing to implement adequate safeguards to protect their personally identifiable information and PHI from a data breach suffered by the third-party vendors. The plaintiffs argue that the hospital was a CRA that created “consumer reports” containing sensitive information including names, dates of birth, Social Security numbers, billing information and confidential health records, and disseminated this information to medical service providers affiliated with the defendant, and that the defendant allowed employees of the vendor and others to gain unrestricted access to their personally identifiable information and PHI, which was allegedly misused and intentionally disclosed to third-parties for profit.

Go to Top