Class actions against employers for violations of the FCRA are increasing

An auto parts company (CA USDC Case No. 2:14-cv-3470) and a hotel chain (CA USDC Case No. 3:14-cv-01089) are just the latest employers that have been slapped with class action lawsuits for alleged violations of the Fair Credit Reporting Act (the “FCRA”) charging willful non-compliance with the FCRA’s disclosure, authorization, and/or notice requirements. And the payouts in such lawsuits can be in the millions. Within the past three years, a national trucking company reached a settlement for $4.6 million, a national retail chain for $3 million and a national pizza maker for $2.5 million.

The FCRA allows an applicant or employee to bring a private right of action against an employer who negligently or willfully fails to comply with any of the FCRA’s requirements. Under the statute of limitations, an action must be brought by the earlier of (1) two years after the date of violation discovery by the plaintiff, or (2) five years after the date on which the violation occurred. The employer’s liability for negligent non-compliance is actual damages sustained by the applicant/employee, and reasonable attorneys’ fees and costs. A willful violation carries actual or statutory damages ranging between $100 and $1,000, punitive damages, and attorneys’ fees and costs.

Below are general FCRA compliance reminders to employers when procuring and using background check reports prepared by a consumer reporting agency (“CRA”):

  • Provide disclosure to the applicant/employee in a standalone document that a consumer report may be obtained and used for employment purposes (language must be clear, with no superfluous information or liability waiver, and separate from the employment application);
  • Provide to the applicant/employee a summary of rights under the FCRA and applicable state notices;
  • Obtain the applicant/employee’s authorization for the consumer report;
  • Before taking adverse action based on the report (1) provide a pre-adverse action notice to the applicant/employee along with a copy of the report, and notices of rights, if not given previously, (2) wait a reasonable period of time (at least 5 days) before taking the adverse action, and (3) after deciding to take the adverse action, provide a notice that contains the FCRA required information, such as the name, address, and telephone number of the CRA that provided the report.
May 14th, 2014|Employment Decisions, Judgment, Lawsuit|

Supreme Court ruling extends SOX whistleblower protection to private contractors

On March 4, 2014, the Supreme Court in a split decision ruled that employees of private companies servicing public companies are covered by the whistleblower protections of Sarbanes Oxley Act of 2002 (“SOX”) [U.S., No. 12-3, 3-4-14]. In this case, two employees of a private company contracted by a publicly-traded mutual fund alleged that they were terminated in retaliation for raising fraud issues about the fund. With this decision, the Supreme Court has expanded the universe of companies regulated by the SOX whistleblower provision from about 5,000 public companies to potentially millions of private ones, including the smallest of businesses. Employers of every size and type have to be prepared for potential SOX whistleblower retaliation claims if they are a contractor or subcontractor of a publicly traded company.

March 29th, 2014|Educational Series, Fraud, Judgment|

Another lawsuit reminds employers about FCRA disclosure/authorization requirements

A recently filed class action NDC Ca. No. (4:14-cv-00592-DMR, 2-7-14) is a reminder to employers that under the Fair Credit Reporting Act (the “FCRA”) their disclosure and authorization form to the applicant/employee for obtaining a background check must be in a standalone document, and cannot contain confusing or extraneous information. The lawsuit alleges that the defendant employer used an invalid form to obtain consent to conduct background checks, that it relied on an authorization that was included alongside several other consent paragraphs in an online employment application, and that the consent form contained a release of liability related to obtaining the background check. Two published court decisions already ruled that including a liability waiver constitutes a technical violation under the FCRA. (WD Pa. 2013, No. 2:08-cv-01730-MRH, and Dist. Md., 2012, No. 8:11-cv-01823-DKC.)

March 28th, 2014|Judgment, Lawsuit|

Justice Department collected more than $8 billion in civil and criminal cases in 2013

Attorney General Eric Holder announced on January 9, 2014 that the Justice Department collected at least $8 billion in civil and criminal actions in the fiscal year ending Sept. 30, 2013. The statistics indicate that in FY 2013, approximately $5.9 billion was collected by the department’s litigating divisions and the U.S. Attorneys’ offices in individually and jointly handled civil actions. The largest civil collections were from affirmative civil enforcement cases, in which the United States recovered money lost to fraud or other misconduct and collected fines imposed on individuals and/or corporations for violations of federal health, safety, civil rights or environmental laws.

January 23rd, 2014|Judgment|

From hair styles to criminal records, increased employment regulations to continue

Recent enforcement efforts by the Equal Employment Opportunity Commission (the “EEOC”) combined with some local and state “ban-the-box” laws are causing trepidation among employers who must not only consider, but also apparently hire, applicants with a criminal history and unprofessional hairstyles.

The EEOC recently filed a lawsuit in Alabama alleging that an insurance claims company violated Title VII of the Civil Rights Act by discriminating against an African-American applicant because she wore dreadlocks. The EEOC’s position is that the company’s policy of requiring a professional/business look “focuses on the racial bias that may occur when specific hair constructs and styles are singled out for different treatment because they do not conform to normative standards for other races.”

The EEOC has also pushed its position that considering criminal convictions in hiring decisions can be racially discriminatory, issuing its well-publicized guidance and filing lawsuits against employers that use background checks. Based on EEOC’s logic, Massachusetts and Hawaii already have adopted “ban the box” laws that apply to both private and public employers, and on January 1, 2014, similar measures will take effect in Rhode Island and Minnesota. The cities of Buffalo, NY, Newark, NJ, Seattle, WA, and Philadelphia, PA, also have passed similar legislation affecting private employers. Many more states and municipalities have “ban-the-box” laws that apply only to public employers. (Generally, “ban-the-box” legislation calls for the removal of the criminal history box/question on the job application, and prohibits employers from asking about criminal records in the initial application process.)

Win or lose, the EEOC is unlikely to let up, and the trend of increased employment regulations will continue into 2014, according to legal commentators. Employers should review their policies and procedures at least annually to ensure that they meet EEOC’s guidelines, comply with all federal, state and local laws and regulations, are fair and consistent and aligned with the business model.

December 9th, 2013|Employment Decisions, Judgment|

Illinois amends its password protection law to exclude financial services firms

In August 2013, Illinois passed an amendment to its existing password protection law that lifts restrictions for financial services firms, enabling them to monitor their employees’ business-related social media communications. Effective January 1, 2014, the law will no longer apply when an employer requests access to a “professional account” to “monitor or retain employee communications as required under the state’s insurance or federal law or by a self-regulatory organization. The amendment also permits Illinois employers to seek access to a professional account when the employer has “a duty to screen applicants or employees prior to hiring.”

September 12th, 2013|Judgment|

EEOC fails to prove disparate impact in another case involving background checks

In August 2013, a Maryland federal judge dismissed without a trial a putative suit filed by the Equal Employment Opportunity Commission (the “EEOC”) against event-promoter Freeman for alleged discriminatory background screening practices. Calling the EEOC’s expert report “an egregious example of scientific dishonesty,” the court granted a summary judgment to Freeman based on its findings that the EEOC’s expert testimony was unreliable, and would not support a claim of disparate impact. According to the court’s opinion, the EEOC failed to establish an element of its case when it made no effort to analyze Freeman’s multi-step screening policies to identify the specific practices that caused the alleged disparate impact. The court went on to say: “By bringing actions of this nature, the EEOC has placed many employers in the ‘Hobson’s choice’ of ignoring criminal history and credit backgrounds, thus exposing themselves to potential liability for criminal and fraudulent acts committed by employees, or, on the other hand, incurring the wrath of the EEOC for having utilized information deemed fundamental by most employers.”

The EEOC most likely will appeal the decision, as it has done in another high-profile background check case in Ohio, where in January 2013 the court similarly ruled  that the EEOC failed to prove disparate impact. Although these rulings represent a victory for the employer, the EEOC has not reversed its position, and is expected to continue its attempts to severely limit, if not eliminate, the use of criminal and credit checks by private employers.

September 12th, 2013|Employment Decisions, Judgment|

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes [such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

May 21st, 2012|Judgment|

Mobile apps may violate Fair Credit Reporting Act

On February 6, 2012, the Federal Trade Commission (FTC) issued warning letters to the marketers of six mobile applications that provide background screening apps that they may be violating the Fair Credit Reporting Act (FCRA.) The FTC said that if the background reports are being used for employment or other FCRA purposes, then the marketers and their clients must comply with the FCRA.

According to the warning letters, the FTC has not made a determination whether the companies indeed are violating the FCRA, but encourages them to review their apps, and their related policies and procedures. The FCRA is designed to protect the privacy of consumer report information and ensure that the information provided by consumer reporting agencies is accurate. Consumer reports are communications that include information about an individual’s character, reputation, or personal characteristics, and are used or expected to be used for purposes such as employment, housing or credit.

Under the FCRA, entities/operations that assemble or evaluate information to provide to third parties qualify as consumer reporting agencies (CRAs.) Mobile apps that supply such information also may qualify as CRAs under the Act. CRAs must take reasonable measures to ensure the user of each report has a ‘permissible purpose’ to use the report, take reasonable steps to ensure the maximum possible accuracy of the information conveyed in the report, and provide users of its reports with information about their obligations under the FCRA. In employment-purpose consumer reports, for example, CRAs must provide employers with information regarding their obligation to give notice to employees and applicants of any adverse action taken on the basis of a consumer report.

February 7th, 2012|Judgment|

Federal Sentencing Guidelines: a lure to organizational compliance

About 20 years ago, the United States Sentencing Commission (USSC) enacted the Federal Sentencing Guidelines (FSGs) for organizations with the intent to govern the sentencing of companies convicted of federal crimes. The FSGs, which have been amended several times, hold that organizations can act only through agents and, under federal criminal law, generally are vicariously liable for offenses committed by their agents.

A proactive approach to prevent, detect and report illegal and unethical activities can substantially reduce fines and punishment, in some cases up to 95% according to a commentary by the USSC. The USSC specifies that the two factors that mitigate an organization’s ultimate punishment are “the existence of an effective compliance and ethics program, and self-reporting, cooperation, or acceptance of responsibility.” In contrast, the absence of solid compliance mechanisms can increase fines and punishment, as verdict determination is based on “the organization’s involvement in or tolerance of criminal activity, its prior history, violation of an order, and obstruction of justice.”

The compliance incentives provided by the FSGs and the proliferation of new regulations mandate a cultural imperative for ethical and law-abiding conduct by all companies, large and small. High-level attention, leadership and sufficient resources must be dedicated to meet the strict requirements of a compliance program defined by the USSC as “effective.” In its manual, the USSC emphasizes the necessity of strong due diligence to prevent and detect criminal conduct. Among its guidelines, a provision in Chapter 8 notes that:

“The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.”

Comprehensive background investigations, whether for employment purposes, evaluation of prospective clients, existing relationships and third-parties, or for other business transactions, are essential for compelling due diligence which actualizes a masterful compliance strategy. Although various committees and officials are calling for a complete review of the FSGs which the 2005 landmark case U.S. vs. Booker held as discretionary rather than mandatory, well-developed compliance programs are here to stay.

Scherzer International is on the forefront of the quick-changing regulations regime with a portfolio of background investigation products designed to facilitate purposeful risk management and compliance protocols. Visit us often at www.scherzer.com as we continuously analyze and test new elements and incorporate them into our products if they have proven value. And stay tuned for a Dodd-Frank regulations product which we will introduce within the next few months.

November 29th, 2011|Criminal Activity, Educational Series, Judgment|