+1.866.723.2287

BECOME A CLIENT
ORDER A REPORT

+1.866.723.2287

FTC settles with 14 companies that falsely claimed participation in Safe Harbor privacy framework

On June 25, 2013, the FTC approved final orders that settle charges against 14 companies for falsely claiming to participate in the international privacy framework known as the U.S.-EU Safe Harbor, which allows U.S. companies to gather customer information in Europe and send it to the United States, beyond the EU’s legal jurisdiction, as long as certain criteria are met. Three of the companies were also charged with similar violations related to the U.S.-Swiss Safe Harbor. Under the settlements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or other self-regulated or standard-setting organization. Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program can check its certification at http://export.gov/safeharbor.

Sixth Circuit affirms dismissal of EEOC’s suit regarding employment credit checks

Last month, the 6th Circuit affirmed a lower court order granting summary judgment in favor of educational institution Kaplan  (6th Cir. April. 9, 2014;  No. 13-3408:   EEOC v. Kaplan Higher Education Corp.) where the EEOC charged that Kaplan’s use of credit checks causes it to screen out more African-American applicants than white, creating a disparate impact in violation of Title VII of the Civil Rights Act. In granting summary judgment to Kaplan, the district court stated that “proof of disparate impact is usually statistical proof in the form of expert testimony, and here the EEOC relied solely on statistical data compiled by Kevin Murphy, a PhD in industrial and organizational psychology.” The court excluded Murphy’s testimony on grounds that it was unreliable, as the EEOC presented “no evidence” that Murphy’s methodology satisfied any of the factors that courts typically consider in determining reliability under Federal Rule of Evidence 702; and, as Murphy himself admitted, his sample was not representative of Kaplan’s applicant pool as a whole. The EEOC argued that the district court “erred” when it excluded Murphy’s testimony.

This case was decided on narrow grounds, based on its particular facts and circumstances. Accordingly, employers still should review their screening policies to ensure that credit and (criminal history) checks are consistent with Title VII as interpreted by the EEOC. Additionally, ten states (California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington) and several municipalities already have legislation that limits the use of credit reports for employment purposes

Class actions against employers for violations of the FCRA are increasing

An auto parts company (CA USDC Case No. 2:14-cv-3470) and a hotel chain (CA USDC Case No. 3:14-cv-01089) are just the latest employers that have been slapped with class action lawsuits for alleged violations of the Fair Credit Reporting Act (the “FCRA”) charging willful non-compliance with the FCRA’s disclosure, authorization, and/or notice requirements. And the payouts in such lawsuits can be in the millions. Within the past three years, a national trucking company reached a settlement for $4.6 million, a national retail chain for $3 million and a national pizza maker for $2.5 million.

The FCRA allows an applicant or employee to bring a private right of action against an employer who negligently or willfully fails to comply with any of the FCRA’s requirements. Under the statute of limitations, an action must be brought by the earlier of (1) two years after the date of violation discovery by the plaintiff, or (2) five years after the date on which the violation occurred. The employer’s liability for negligent non-compliance is actual damages sustained by the applicant/employee, and reasonable attorneys’ fees and costs. A willful violation carries actual or statutory damages ranging between $100 and $1,000, punitive damages, and attorneys’ fees and costs.

Below are general FCRA compliance reminders to employers when procuring and using background check reports prepared by a consumer reporting agency (“CRA”):

  • Provide disclosure to the applicant/employee in a standalone document that a consumer report may be obtained and used for employment purposes (language must be clear, with no superfluous information or liability waiver, and separate from the employment application);
  • Provide to the applicant/employee a summary of rights under the FCRA and applicable state notices;
  • Obtain the applicant/employee’s authorization for the consumer report;
  • Before taking adverse action based on the report (1) provide a pre-adverse action notice to the applicant/employee along with a copy of the report, and notices of rights, if not given previously, (2) wait a reasonable period of time (at least 5 days) before taking the adverse action, and (3) after deciding to take the adverse action, provide a notice that contains the FCRA required information, such as the name, address, and telephone number of the CRA that provided the report.

Supreme Court ruling extends SOX whistleblower protection to private contractors

On March 4, 2014, the Supreme Court in a split decision ruled that employees of private companies servicing public companies are covered by the whistleblower protections of Sarbanes Oxley Act of 2002 (“SOX”)

[U.S., No. 12-3, 3-4-14]. In this case, two employees of a private company contracted by a publicly-traded mutual fund alleged that they were terminated in retaliation for raising fraud issues about the fund. With this decision, the Supreme Court has expanded the universe of companies regulated by the SOX whistleblower provision from about 5,000 public companies to potentially millions of private ones, including the smallest of businesses. Employers of every size and type have to be prepared for potential SOX whistleblower retaliation claims if they are a contractor or subcontractor of a publicly traded company.

Another lawsuit reminds employers about FCRA disclosure/authorization requirements

A recently filed class action NDC Ca. No. (4:14-cv-00592-DMR, 2-7-14) is a reminder to employers that under the Fair Credit Reporting Act (the “FCRA”) their disclosure and authorization form to the applicant/employee for obtaining a background check must be in a standalone document, and cannot contain confusing or extraneous information. The lawsuit alleges that the defendant employer used an invalid form to obtain consent to conduct background checks, that it relied on an authorization that was included alongside several other consent paragraphs in an online employment application, and that the consent form contained a release of liability related to obtaining the background check. Two published court decisions already ruled that including a liability waiver constitutes a technical violation under the FCRA. (WD Pa. 2013, No. 2:08-cv-01730-MRH, and Dist. Md., 2012, No. 8:11-cv-01823-DKC.)

Justice Department collected more than $8 billion in civil and criminal cases in 2013

Attorney General Eric Holder announced on January 9, 2014 that the Justice Department collected at least $8 billion in civil and criminal actions in the fiscal year ending Sept. 30, 2013. The statistics indicate that in FY 2013, approximately $5.9 billion was collected by the department’s litigating divisions and the U.S. Attorneys’ offices in individually and jointly handled civil actions. The largest civil collections were from affirmative civil enforcement cases, in which the United States recovered money lost to fraud or other misconduct and collected fines imposed on individuals and/or corporations for violations of federal health, safety, civil rights or environmental laws.

From hair styles to criminal records, increased employment regulations to continue

Recent enforcement efforts by the Equal Employment Opportunity Commission (the “EEOC”) combined with some local and state “ban-the-box” laws are causing trepidation among employers who must not only consider, but also apparently hire, applicants with a criminal history and unprofessional hairstyles.

The EEOC recently filed a lawsuit in Alabama alleging that an insurance claims company violated Title VII of the Civil Rights Act by discriminating against an African-American applicant because she wore dreadlocks. The EEOC’s position is that the company’s policy of requiring a professional/business look “focuses on the racial bias that may occur when specific hair constructs and styles are singled out for different treatment because they do not conform to normative standards for other races.”

The EEOC has also pushed its position that considering criminal convictions in hiring decisions can be racially discriminatory, issuing its well-publicized guidance and filing lawsuits against employers that use background checks. Based on EEOC’s logic, Massachusetts and Hawaii already have adopted “ban the box” laws that apply to both private and public employers, and on January 1, 2014, similar measures will take effect in Rhode Island and Minnesota. The cities of Buffalo, NY, Newark, NJ, Seattle, WA, and Philadelphia, PA, also have passed similar legislation affecting private employers. Many more states and municipalities have “ban-the-box” laws that apply only to public employers. (Generally, “ban-the-box” legislation calls for the removal of the criminal history box/question on the job application, and prohibits employers from asking about criminal records in the initial application process.)

Win or lose, the EEOC is unlikely to let up, and the trend of increased employment regulations will continue into 2014, according to legal commentators. Employers should review their policies and procedures at least annually to ensure that they meet EEOC’s guidelines, comply with all federal, state and local laws and regulations, are fair and consistent and aligned with the business model.

Illinois amends its password protection law to exclude financial services firms

In August 2013, Illinois passed an amendment to its existing password protection law that lifts restrictions for financial services firms, enabling them to monitor their employees’ business-related social media communications. Effective January 1, 2014, the law will no longer apply when an employer requests access to a “professional account” to “monitor or retain employee communications as required under the state’s insurance or federal law or by a self-regulatory organization. The amendment also permits Illinois employers to seek access to a professional account when the employer has “a duty to screen applicants or employees prior to hiring.”

EEOC fails to prove disparate impact in another case involving background checks

In August 2013, a Maryland federal judge dismissed without a trial a putative suit filed by the Equal Employment Opportunity Commission (the “EEOC”) against event-promoter Freeman for alleged discriminatory background screening practices. Calling the EEOC’s expert report “an egregious example of scientific dishonesty,” the court granted a summary judgment to Freeman based on its findings that the EEOC’s expert testimony was unreliable, and would not support a claim of disparate impact. According to the court’s opinion, the EEOC failed to establish an element of its case when it made no effort to analyze Freeman’s multi-step screening policies to identify the specific practices that caused the alleged disparate impact. The court went on to say: “By bringing actions of this nature, the EEOC has placed many employers in the ‘Hobson’s choice’ of ignoring criminal history and credit backgrounds, thus exposing themselves to potential liability for criminal and fraudulent acts committed by employees, or, on the other hand, incurring the wrath of the EEOC for having utilized information deemed fundamental by most employers.”

The EEOC most likely will appeal the decision, as it has done in another high-profile background check case in Ohio, where in January 2013 the court similarly ruled  that the EEOC failed to prove disparate impact. Although these rulings represent a victory for the employer, the EEOC has not reversed its position, and is expected to continue its attempts to severely limit, if not eliminate, the use of criminal and credit checks by private employers.

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes

[such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

Go to Top