On June 25, 2013, the FTC approved final orders that settle charges against 14 companies for falsely claiming to participate in the international privacy framework known as the U.S.-EU Safe Harbor, which allows U.S. companies to gather customer information in Europe and send it to the United States, beyond the EU’s legal jurisdiction, as long as certain criteria are met. Three of the companies were also charged with similar violations related to the U.S.-Swiss Safe Harbor. Under the settlements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or other self-regulated or standard-setting organization. Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program can check its certification at http://export.gov/safeharbor.
Last month, the 6th Circuit affirmed a lower court order granting summary judgment in favor of educational institution Kaplan (6th Cir. April. 9, 2014; No. 13-3408: EEOC v. Kaplan Higher Education Corp.) where the EEOC charged that Kaplan’s use of credit checks causes it to screen out more African-American applicants than white, creating a disparate impact in violation of Title VII of the Civil Rights Act. In granting summary judgment to Kaplan, the district court stated that “proof of disparate impact is usually statistical proof in the form of expert testimony, and here the EEOC relied solely on statistical data compiled by Kevin Murphy, a PhD in industrial and organizational psychology.” The court excluded Murphy’s testimony on grounds that it was unreliable, as the EEOC presented “no evidence” that Murphy’s methodology satisfied any of the factors that courts typically consider in determining reliability under Federal Rule of Evidence 702; and, as Murphy himself admitted, his sample was not representative of Kaplan’s applicant pool as a whole. The EEOC argued that the district court “erred” when it excluded Murphy’s testimony.
This case was decided on narrow grounds, based on its particular facts and circumstances. Accordingly, employers still should review their screening policies to ensure that credit and (criminal history) checks are consistent with Title VII as interpreted by the EEOC. Additionally, ten states (California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington) and several municipalities already have legislation that limits the use of credit reports for employment purposes
An auto parts company (CA USDC Case No. 2:14-cv-3470) and a hotel chain (CA USDC Case No. 3:14-cv-01089) are just the latest employers that have been slapped with class action lawsuits for alleged violations of the Fair Credit Reporting Act (the “FCRA”) charging willful non-compliance with the FCRA’s disclosure, authorization, and/or notice requirements. And the payouts in such lawsuits can be in the millions. Within the past three years, a national trucking company reached a settlement for $4.6 million, a national retail chain for $3 million and a national pizza maker for $2.5 million.
The FCRA allows an applicant or employee to bring a private right of action against an employer who negligently or willfully fails to comply with any of the FCRA’s requirements. Under the statute of limitations, an action must be brought by the earlier of (1) two years after the date of violation discovery by the plaintiff, or (2) five years after the date on which the violation occurred. The employer’s liability for negligent non-compliance is actual damages sustained by the applicant/employee, and reasonable attorneys’ fees and costs. A willful violation carries actual or statutory damages ranging between $100 and $1,000, punitive damages, and attorneys’ fees and costs.
Below are general FCRA compliance reminders to employers when procuring and using background check reports prepared by a consumer reporting agency (“CRA”):
- Provide disclosure to the applicant/employee in a standalone document that a consumer report may be obtained and used for employment purposes (language must be clear, with no superfluous information or liability waiver, and separate from the employment application);
- Provide to the applicant/employee a summary of rights under the FCRA and applicable state notices;
- Obtain the applicant/employee’s authorization for the consumer report;
- Before taking adverse action based on the report (1) provide a pre-adverse action notice to the applicant/employee along with a copy of the report, and notices of rights, if not given previously, (2) wait a reasonable period of time (at least 5 days) before taking the adverse action, and (3) after deciding to take the adverse action, provide a notice that contains the FCRA required information, such as the name, address, and telephone number of the CRA that provided the report.
On March 4, 2014, the Supreme Court in a split decision ruled that employees of private companies servicing public companies are covered by the whistleblower protections of Sarbanes Oxley Act of 2002 (“SOX”)
A recently filed class action NDC Ca. No. (4:14-cv-00592-DMR, 2-7-14) is a reminder to employers that under the Fair Credit Reporting Act (the “FCRA”) their disclosure and authorization form to the applicant/employee for obtaining a background check must be in a standalone document, and cannot contain confusing or extraneous information. The lawsuit alleges that the defendant employer used an invalid form to obtain consent to conduct background checks, that it relied on an authorization that was included alongside several other consent paragraphs in an online employment application, and that the consent form contained a release of liability related to obtaining the background check. Two published court decisions already ruled that including a liability waiver constitutes a technical violation under the FCRA. (WD Pa. 2013, No. 2:08-cv-01730-MRH, and Dist. Md., 2012, No. 8:11-cv-01823-DKC.)
Attorney General Eric Holder announced on January 9, 2014 that the Justice Department collected at least $8 billion in civil and criminal actions in the fiscal year ending Sept. 30, 2013. The statistics indicate that in FY 2013, approximately $5.9 billion was collected by the department’s litigating divisions and the U.S. Attorneys’ offices in individually and jointly handled civil actions. The largest civil collections were from affirmative civil enforcement cases, in which the United States recovered money lost to fraud or other misconduct and collected fines imposed on individuals and/or corporations for violations of federal health, safety, civil rights or environmental laws.
Recent enforcement efforts by the Equal Employment Opportunity Commission (the “EEOC”) combined with some local and state “ban-the-box” laws are causing trepidation among employers who must not only consider, but also apparently hire, applicants with a criminal history and unprofessional hairstyles.
The EEOC recently filed a lawsuit in Alabama alleging that an insurance claims company violated Title VII of the Civil Rights Act by discriminating against an African-American applicant because she wore dreadlocks. The EEOC’s position is that the company’s policy of requiring a professional/business look “focuses on the racial bias that may occur when specific hair constructs and styles are singled out for different treatment because they do not conform to normative standards for other races.”
The EEOC has also pushed its position that considering criminal convictions in hiring decisions can be racially discriminatory, issuing its well-publicized guidance and filing lawsuits against employers that use background checks. Based on EEOC’s logic, Massachusetts and Hawaii already have adopted “ban the box” laws that apply to both private and public employers, and on January 1, 2014, similar measures will take effect in Rhode Island and Minnesota. The cities of Buffalo, NY, Newark, NJ, Seattle, WA, and Philadelphia, PA, also have passed similar legislation affecting private employers. Many more states and municipalities have “ban-the-box” laws that apply only to public employers. (Generally, “ban-the-box” legislation calls for the removal of the criminal history box/question on the job application, and prohibits employers from asking about criminal records in the initial application process.)
Win or lose, the EEOC is unlikely to let up, and the trend of increased employment regulations will continue into 2014, according to legal commentators. Employers should review their policies and procedures at least annually to ensure that they meet EEOC’s guidelines, comply with all federal, state and local laws and regulations, are fair and consistent and aligned with the business model.
In August 2013, Illinois passed an amendment to its existing password protection law that lifts restrictions for financial services firms, enabling them to monitor their employees’ business-related social media communications. Effective January 1, 2014, the law will no longer apply when an employer requests access to a “professional account” to “monitor or retain employee communications as required under the state’s insurance or federal law or by a self-regulatory organization. The amendment also permits Illinois employers to seek access to a professional account when the employer has “a duty to screen applicants or employees prior to hiring.”
In August 2013, a Maryland federal judge dismissed without a trial a putative suit filed by the Equal Employment Opportunity Commission (the “EEOC”) against event-promoter Freeman for alleged discriminatory background screening practices. Calling the EEOC’s expert report “an egregious example of scientific dishonesty,” the court granted a summary judgment to Freeman based on its findings that the EEOC’s expert testimony was unreliable, and would not support a claim of disparate impact. According to the court’s opinion, the EEOC failed to establish an element of its case when it made no effort to analyze Freeman’s multi-step screening policies to identify the specific practices that caused the alleged disparate impact. The court went on to say: “By bringing actions of this nature, the EEOC has placed many employers in the ‘Hobson’s choice’ of ignoring criminal history and credit backgrounds, thus exposing themselves to potential liability for criminal and fraudulent acts committed by employees, or, on the other hand, incurring the wrath of the EEOC for having utilized information deemed fundamental by most employers.”
The EEOC most likely will appeal the decision, as it has done in another high-profile background check case in Ohio, where in January 2013 the court similarly ruled that the EEOC failed to prove disparate impact. Although these rulings represent a victory for the employer, the EEOC has not reversed its position, and is expected to continue its attempts to severely limit, if not eliminate, the use of criminal and credit checks by private employers.
On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.
In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.
The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes