+1.866.723.2287

+1.866.723.2287

Scherzer Blog

State laws restricting the use of criminal records gain momentum

By now, most employers are familiar with the EEOC’s April 2012 updated enforcement guidance on the use of arrest and conviction records for employment decisions under Title VII of the Civil Rights Act of 1964. And related state and local laws are quickly gaining momentum. More than 30 cities and at least 26 states now limit the type of criminal background information that employers can obtain or when they can request it.

Effective July 1, 2012, Indiana will join the roster of the restricting states. Its  SB 1033 will, in part, ban certain pre-employment inquiries, limit the types of criminal record information that employers and consumer reporting agencies (CRAs) can obtain from Indiana courts, and restrict criminal history information that CRAs can provide in background reports.

This law also provides that Indiana residents with restricted or sealed criminal records may legally state on an “application for employment or any other document” that they have not been adjudicated, arrested or convicted of the offense specified in these records. Covered employers (the term “employer” is not defined) will be prohibited from asking an “employee, contract employee, or applicant” about such records.

Limiting the scope that can be included in a background report, the law further prohibits courts from disclosing information pertaining to alleged infractions where the individual:

  • is not prosecuted or if the action is dismissed;
  • is adjudged not to have committed the infraction;
  • is adjudged to have committed the infraction and the adjudication is vacated; or
  • was convicted of the infraction and satisfied any judgment attendant to the infraction conviction more than five years ago.

Criminal history providers, such as CRAs, that obtain criminal history information from the state may only furnish information pertaining to criminal convictions, and are prohibited from including the following in background reports:

  • an infraction, an arrest or a charge that did not result in a conviction;
  • a record that has been expunged;
  • a record indicating a conviction of a Class D felony if the Class D felony conviction has been entered as or converted to a Class A misdemeanor conviction; and
  • a record that the criminal history provider knows is inaccurate.

Among other significant mandates, criminal history information obtained from the state by CRAs may not include any Indiana criminal record information in an assembled report unless the CRA updates the information to reflect changes to the official record occurring 60 days or more before the date the criminal history report is delivered.

|Employment Decisions|

Regulatory focus on corporate social responsibility

Corporate social responsibility (CSR) policies that promote good citizenship are being implemented or revised at a record pace. In response to concerns about labor exploitation in the developing world, many companies have joined the Ethical Trade Initiative (ETI), which has established corporate codes of practice implementing human rights, ethical labor practices and environmental protection standards. Many also have adopted the United Nations Global Compact “ten universally accepted principles in the areas of human rights, labor, environment and anti-corruption.”

High on the CSR priority list for SEC-listed companies that use conflict minerals “in the functionality of production” of a manufactured product is developing a compliance program that will meet the requirements of Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”). Due from the SEC within the next few weeks, the final rule will have a direct impact on reporting requirements for about half of all publicly traded companies in the United States, mandating them to disclose in 10-K, 20-F, and 40-F filings whether they manufacture products containing conflict minerals (specified as gold, wolframite, casserite, columbite-tantalite and their derivative metals, which include tin, tungsten, and tantalum, that are mined in the DCR or its adjoining countries). These metals are used in a broad array of products, including electronics, jewelry, tools, engines, medical equipment, chemicals, packaging, etc. And although the regulation technically applies to public companies only, it will have a significant bearing on any company anywhere in the world, public or private that is within the public company’s supply chain.

Under the rule as proposed, among other requirements, the affected SEC-listed companies must conduct certain due diligence, as outlined below.

  1. Determine if conflict minerals/metals are used to make their products.
  2. Determine if the metals originated in the DRC or in neighboring countries. If they did not, a report must be issued on how the metals’ origins were determined.
  3. If the metals were from DRC or adjoining countries, if the source is unknown or if it is from scrap or recycled sources, a supply chain due diligence to determine the source(s) must be performed and the results provided in an independently audited report.

The rule is expected to require the above-noted first and second steps regardless of the metals’ origin. The third step, i.e., the disclosure of the products manufactured and facilities where DRC materials may have been used, etc. must be completed only if the DRC is identified as a source or if the source cannot be determined. If applicable, in addition to specific annual report disclosures and the inclusion of a conflict minerals report as an exhibit, the companies will have to indicate on their websites whether or not they use conflict minerals in their products or in those contracted to be manufactured on their behalf.

Of course, this Dodd-Frank provision is not the only regulatory effort that addresses the elimination of child and forced labor, slavery, and human trafficking within supply chains. Public pressures over these atrocities have led to related policymaking within U.S. local and state governments, and around the world. For example, in 2011, California enacted SB 861 which requires issuers that do business with the state to fulfill the public reporting obligations outlined in the upcoming SEC rules. Issuers that fail to meet these obligations will be prohibited from seeking procurement contracts with the state. In Maryland, a similar “conflict minerals” law under SB 551 will become effective October 1, 2012. Rhode Island and Massachusetts are considering parallel legislation.

Other U.S. efforts include California’s SB 657, known as the California Transparency in Supply Chains Act, which effective January 1, 2012, mandates retail sellers and manufacturers doing business in California with annual gross receipts exceeding $100 million to conspicuously and clearly disclose their efforts and policies for ensuring that their supply chains are free from human trafficking and slavery. On a municipal level, the City of Pittsburgh calls on companies from all sectors to favor in their electronics purchasing decisions products that have been verified as being free of conflict minerals. And among several major worldwide endeavors, is the European Commission’s support of the United Nations and Organization for Economic and Cooperation Development (OECD) due diligence guidelines and recommendations for responsible supply chain management.

Strong corporate responsibility policies are here to stay. A 2011 U.S. State Department press release urges companies to “…begin to exercise due diligence immediately in order to ensure a viable and conflict free supply chain…”

|Dodd-Frank|

“Misspelling to defraud,” a case study from our files

The subject’s biography provided along with our client’s request for due diligence in connection with a private equity funding transaction was ridden with misspellings. And it did not say much, apart from boasts of professional accomplishments and financial success, and the subject’s self-description of being a “people-person who likes to travel.” But even with the biography’s vague statements and typos, our research quickly found that the subject’s company, which contained a transposed letter in its name, was affiliated with a Mexican multi-level marketing operation whose executives were recently arrested or are wanted by authorities for setting up allegedly fake websites whereby they defrauded investors for millions of dollars. As our research continued, we located media reports and online documents which indicated that the fraud spanned across three continents, and involved at least four other entities closely held by the subject, whose names were not listed in the biography. And according to various government sources, there is also mounting evidence of money laundering. Our client, although somewhat surprised by our findings, immediately halted the funding transaction.

|Business Transactions, Fraud|

Business identity theft: a crime that often goes unreported

According to the Federal Trade Commission (FTC) data from its Consumer Sentinel Network (CSN), an online database of consumer complaints available only to law enforcement, identity theft was the top consumer complaint in 2011, accounting for 17% or 287,232 complaints of the 1.8 million received; 990,242 of these cases involved fraud.

There are no reliable federal or state statistics that specifically track business identity theft, but various studies suggest that businesses do not report the crime because of the stigma attached to it. The company’s credibility and trust of its clients may never recover if they admit to being a victim.

Business identity theft comes in many forms. Posing as a look-alike or sound-alike business, and impersonating owners, officers or employees to illegally get cash, credit, and loans, is just one example. Thieves typically steal a business’ identity by gaining access to its bank accounts and credit cards, or by stealing sensitive company information, such as its tax identification number (TIN) and the owners’ personal information. Elaine Marshall, North Carolina’s Secretary of State, sees an increasing number of cases involving falsified documents. Marshall says that “the easiest targets are dissolved corporations, because whoever ran those defunct businesses usually no longer pays attention. Somebody comes 20 years later and reinstates it, and it looks like it’s a 40-year-old corporation. And if it was in good standing financially when it was dissolved, then

[the thief] will capitalize on that good standing.”

Indeed businesses have become easy targets for identity theft. Almost anyone can obtain a business’ tax identification number. A merchant’s basic financial information, including bank account numbers, may be known to hundreds of its customers and suppliers. Data access can be exploited by employees and insider theft, and fraud is often difficult to detect, especially when carried out by trusted employees. Many businesses do not review their own credit information for fraud and may be lax in shredding or disposing of documents. Although more businesses are conducting background checks on employees and suppliers, only a few ensure the integrity of their commercial shredding contractors and even fewer conduct background checks on in-house or contracted cleaning staff. And many companies are simply complacent in data security.

The Internet carries the highest perpetration of criminal theft and fraud. Since 2002, the FBI has recorded an 84% increase in the number of computer intrusion investigations. Cyber thieves use the web to obtain goods, services, and money while exploiting time-lags in discovery and investigation. They also prowl for valuable non-ID specific business data including confidential e-mails, customer and marketing data, bid and pricing sheets, and trade-secrets. In the financial services sector, the vast majority of transactions, including credit cards and debit cards, and even mortgage funding, occur online in virtual anonymity without the risks associated with in-person transactions. Because such identity theft crimes take place in cyber-space, police often must coordinate with other state, federal, or international agencies. And even when jurisdictional issues are resolved, often only high-profile offenders actually face criminal prosecution.

In this complex and dangerous environment, a proactive approach to preventing business identity theft is critical, and should include:

  • Security policies based on the highest reasonably assessed risk, including limiting the number of persons with a valid need to access sensitive information;
  • Corporate governance which advocates strong security planning;
  • System audits and tests to ensure detection of inappropriate usage and other vulnerabilities;
  • Background checks of all employees, key vendors, and contractors including document shredding entities, cleaning personnel, etc.;
  • Annual reviews of Secretary of State and other public filings;
  • Annual or more frequent reviews of Dun & Bradstreet reports, and if applicable, small business reports with Equifax, Experian and TransUnion;
  • Practice of excluding sensitive personal or business information in public filings;
  • Shredding or destroying business records as applicable;
  • Securing paper documents in locked cabinets in restricted areas;
  • Using privacy screens with smart phones, laptops, etc., when accessing sensitive information while traveling; and
  • Obtaining business insurance that covers potential business identity theft losses.

There are many online information and action resources for identity theft. The FTC provides comprehensive guidelines for prevention and recovery from identity theft, along with complaint forms. The Identity Theft Resource Center also contains excellent reference materials, including links to state and local agencies, as do the Privacy Rights Clearinghouse and the National Consumers League. 

|Criminal Activity, Fraud|

Overview of identity theft related crime laws

Below is an overview of federal laws in connection with identity theft crimes.

  • The Identity Theft and Assumption Deterrence Act (the “ITADA”)

The ITADA, passed in 1998, makes identity theft a distinct crime from wire fraud, covers theft of data (as well as documents), and encompasses businesses and persons that seek access to personal records through banks, state and federal agencies, or insurance companies. The ITADA mandates significant fines and imprisonment even for first offenders. The federal criminal jurisdiction requires an underlying felony (such as fraud or conspiracy) and involvement of an “identification document” that: (a) is purportedly issued by the United States, (b) is used or intended to defraud the United States, (c) is sent through the mail, or (d) is used in a manner that affects interstate or foreign commerce.

  • The Fair and Accurate Credit Transactions Act (the “FACTA”)

The FACTA was established as a national detection system to deter fraud resulting from identity theft in its early stages with or without subsequent law enforcement investigation. The FACTA, among other rights, allows victims to alert all three major credit rating agencies of suspected criminal use of their financial data or accounts affecting a credit rating. The FACTA created the rights to “free” annual credit reports, and requirements that mortgage lenders provide actual FICO credit scores (not just credit account data) if that score is used to determine interest rates for a housing loan. The FACTA also mandates that merchants show only the last five digits of credit card numbers on receipts. The FACTA further is responsible for developing a system to “red flag” suspicious requests for consumer data, and allows military personnel to “freeze” credit files when they are deployed overseas.

Under the FACTA, consumer “red flags” include fraud alerts from a reporting business that has identified a data breach, unusual patterns in credit usage, suspicious documentation, credit usage after long periods of inactivity, known mail drop addresses, and other anomalies.

The FACTA also requires employers to shred documents containing employee data; any business that supplies or facilitates consumer credit must secure or destroy consumer information. This “disposal rule” requires reasonable and appropriate destruction of all information derived from a consumer credit report, prior to its disposal. Failure to comply with destruction requirements (i.e. shredding) carries penalties of up to $2,500 per violation. There is an implied obligation within the FACTA disposal rule to conduct due diligence for hiring or contracting data disposal personnel, which includes reference checking, physical inspection of licenses or certificates, and audits.

 

  • The Fair Credit Reporting Act (the “FCRA”)

The FCRA requires consumer reporting agencies (CRAs) to adopt reasonable procedures to maintain and report consumer data with confidentiality, accuracy, relevancy, and reasonable security. CRAs must ensure “reasonable procedures to assure maximum possible accuracy of the information concerning the subject of the report.”

Victims may sue for willful or negligent failure to verify the accuracy of disputed information or correct inaccurate information resulting from a stolen identity. Consumers who report errors or fraudulent transactions are entitled to a “reasonable investigation” and an expectation that errors will be corrected and reported back promptly. The statute provides for attorney’s fees and punitive damages for willful violations. Under the FCRA, identity theft victims may authorize law enforcement agencies to obtain their credit reports and other records without obtaining a subpoena and at no personal cost. The FCRA imposes a two-year statute of limitations that begins when an inaccurate disclosure or report is filed, not when the consumer actually becomes aware of inaccuracies.

The FCRA also includes a “disposal rule” requiring any business that has access to or which utilizes consumer reporting information to dispose of this sensitive information properly.  The FCRA’s disposal rule is broader than FACTA’s in that it targets any company that complies, sells or purchases reports containing private personal or medical information. This includes employment agencies, banks, private investigators, landlords, auto dealers, insurance agents and others. The FCRA disposal rule applies to any information, in any format, and mandates that the disposal method must render the documents or information unreadable and incapable of being reconstructed.

  • The Gramm-Leach-Bliley Act (the “GLBA”)

The GLBA directs eight federal regulatory agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule to ensure that financial institutions prevent unauthorized disclosure of consumer financial information, including fraudulent access, by implementing appropriate policies, procedures and controls. Also known as the Financial Services Modernization Act of 1999, the GLBA defines financial institutions as a “business significantly engaged in providing financial services or products for personal, family, or household use.” The GLBA is relevant to traditional banks and credit unions, and also includes check-cashing and payday loan services, non-bank lenders, real estate appraisers, tax preparers, debt collectors, financial advisors, and insurance agents and brokers.

  • The Right to Financial Privacy Act (the “RFPA”)

The RFPA falls under the ambit of the FDIC and targets industrial loan companies, trust companies, savings associations, credit unions and consumer finance institutions. The RFPA creates statutory Fourth Amendment protection for personal bank records by providing that ‘no government authority

[state or federal] may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and the customer authorizes access; there is an appropriate administrative subpoena or summons; there is a qualified search warrant; there is an appropriate judicial subpoena, or there is a written request from an authorized government authority.

The RFPA prohibits banks and other covered entities from requiring customers to release financial records as a condition of doing business, and mandates banks to provide customers with access to records of all disclosures made to third parties.

  • The Health Insurance Portability and Accountability Act (the “HIPAA”)

The HIPAA, which is administered by the U.S. Department of Health and Human Services (HHS), establishes nationwide security standards for electronic health care information. This ‘security rule’ requires all covered entities to be compliant with specific administrative, technical, and physical security standards and procedures for electronic data. HIPAA rules apply not only to doctors, clinics, hospitals, pharmacies, and laboratories, but may also apply to certain collection agencies, health insurers, and lawyers, and also to any businesses that maintain self-insured employee health care plans.

In addition to federal laws, each state has its own law regarding identity theft or impersonation. Twenty-nine states, Guam, Puerto Rico and the District of Columbia have specific restitution provisions for identity theft. Five states—Iowa, Kansas, Kentucky, Michigan and Tennessee—have forfeiture provisions for identity theft crimes. Eleven states—Arkansas, Delaware, Iowa, Maryland, Mississippi, Montana, Nevada, New Mexico, Ohio, Oklahoma and Virginia—have created identity theft passport programs to help victims from continuing identity theft.

Thirty-four states have introduced or have pending legislation regarding identity theft during the 2012 legislative session, including Louisiana which enacted its Business Identity Theft Prevention Act. For more information on state laws, visit the website of National Council of State Legislatures.

|Criminal Activity, Fraud|

Diploma mill ordered to pay $22.7 million to 30,000 scam victims

On August 31, 2012, Belford High School, Belford University and several of their co-conspirators were ordered to pay $22.7 million to a class of more than 30,000 U.S. residents who were duped into purchasing fake high school diplomas from Belford. The defendants were also ordered to forfeit the websites used to perpetrate the scam, including www.belfordhighscool.com, www.belfordhighschool.org, www.belforduniversity.org, and www.belforduniversity.com.

The lawsuit, filed on November 5, 2009, charged that Belford High School is an Internet scam that defrauded students of their money by offering them a supposedly “valid” and “accredited” high school diploma. As affirmed by the judgment, the school is a fake and the diplomas are not valid. The lawsuit also alleged that the two accrediting agencies by which Belford claimed to be accredited – International Accreditation Agency for Online Universities and the Universal Council for Online Education Accreditation – are not legitimate accrediting agencies.

Notably, we came across Belford University in 2010 when a bachelor’s degree from the “school” was listed on an employment application by a candidate for a professional level position with one of our clients. Click here to read the 2010 blog.

 

|Criminal Activity, Fraud, Lawsuit|

Vermont is the latest state to restrict credit reports in employment decisions

Effective July 1, 2012, Vermont will be the eighth state to regulate the use of credit-related information for employment purposes. Although similar in many ways to laws already enacted in California, Connecticut, Hawaii, Illinois, Maryland, Oregon and Washington, Vermont’s requirements under Act No. 154 exceed those of other state laws as they prohibit even exempt employers from using an applicant or employee’s credit history as the “sole factor” in employment decisions. Additionally, Vermont exempt employers who take adverse action based in part on a credit history must return the report to the individual or destroy it altogether. Neither the Fair Credit Reporting Act (FCRA) nor any of the other similar state laws imposes such a requirement.

Generally, the Act prohibits employers from inquiring into an applicant’s or employee’s credit report or credit history, and further bans employers from discriminating against or making employment decisions (e.g. hire, fire, alter the compensation or any other term or employment condition) based on a credit report or credit history. Notably, credit history in this context includes credit information obtained from any third party that reflects or pertains to an applicant’s or employee’s “borrowing or repaying behavior, financial condition or ability to meet financial obligations,” even if that information is not contained in a “credit report.”

The trend in restricting credit report use for employment purposes will continue as several other states and the federal government are considering comparable legislation. Soon to follow most likely will be New Jersey. In May 31, 2012, the Senate approved S455 that would prohibit employers from seeking credit checks on employees or applicants under most circumstances. A parallel bill (A2840) was introduced by the Assembly on May 11, 2012, and a similar bill (A704) in December 2011.

|Employment Decisions, Legislation|

Highlights of ACFE’s 2012 report on occupational fraud

The Association of Certified Fraud Examiners (ACFE) recently released its Report to the Nations on Occupational Fraud and Abuse – 2012 Global Fraud Study. The ACFE states that the Report is based on data from 94 countries compiled from studies of 1,388 occupational fraud cases that occurred between January 2010 and December 2011, and were investigated by certified fraud examiners. The ACFE conducts global occupational fraud studies every two years. According to the Report, a typical organization loses 5% of its revenues to fraud each year, which translates to more than $3.5 trillion if applied to the estimated 2011 Gross World Product. As in its prior studies, the Report shows that the industries most commonly affected by occupational fraud are banking and financial services, government and public administration, and manufacturing. Small organizations suffered the largest median losses. The Report indicates that asset misappropriation continued to be the most frequently committed fraud, yet least costly, with a median loss of $120,000, while financial statement fraud remained the least frequent but the most costly, with a median loss of $1,000,000. Below are the Report’s findings about the fraud perpetrators:

  • Perpetrators with higher authority levels tend to cause much larger losses. The median loss among frauds committed by owner/executive was $573,000, by managers it was $180,000, and by employees, $60,000.
  • Vast majority (77%) of all frauds were committed by individuals working in one of six departments: accounting, operations, sales, executive/upper management, customer service or purchasing.
  • In 81% of cases, the fraudster displayed one or more behavioral red flags that are often associated with fraudulent conduct: living beyond means (36%), financial difficulties (27%), close association with vendors or customers (19%) and excessive control issues (18%).
  • Approximately 87% of the fraudsters had never been charged or convicted of a fraud-related crime, and 84% had never been punished or terminated for fraud-related conduct.

The Report further notes that the most frequent method of detection continued to be by tip, which occurred in 43.3% of the cases, followed by management review and then by internal audit detection. For entities with fraud hotlines, the likelihood that the fraud would be found by tip was 50.1% whereas for entities without a fraud hotline, that likelihood decreased to 35%, according to the Report. Overall, the median duration of a fraud before being discovered remained consistent with the ACFE’s 2010 study, at 18 months. Nearly half of victim organizations do not recover any losses suffered from a fraud.

The Report confirms that the nature and threat of occupational fraud is universal. Though its research noted some regional differences in the methods used to commit fraud – as well as organizational approaches to preventing and detecting it – many trends and characteristics are similar regardless of where the fraud occurred. The Report recommends that management should continually assess the organization’s specific risks and establish or revise compliance and fraud prevention programs accordingly.

|Criminal Activity, Fraud|

What’s the practical meaning of EEOC’s new criminal records guidance?

On April 25, 2012, the U.S. Equal Employment Opportunity Commission (“EEOC”) approved new enforcement guidance regarding the use of arrest and conviction records in employment decisions. The guidance builds on longstanding court decisions and requirements that the EEOC issued over twenty years ago, focusing on employment discrimination based on race and national origin.

In brief, the new guidance’s position is more aggressive, affirming that employers cannot automatically disqualify applicants with criminal records, and that their screening policies need to be consistent and structured for “individual assessment.” The guidance’s main points state that:

  • An arrest record does not establish that criminal conduct has occurred, and an exclusion based on an arrest, in itself, is not job related and consistent with a business necessity. However, an employer may make an employment decision based on the conduct underlying an arrest if such conduct makes the individual unfit for the particular position.
  • A conviction record will usually serve as sufficient evidence that a person engaged in a particular conduct. In certain circumstances, however, there may be reasons not to rely on the conviction record alone when making an employment decision.
  • A violation may occur when an employer treats criminal history information disparately for different applicants or employees, based on their race or national origin (disparate treatment liability). An employer’s neutral policy (e.g., excluding applicants from employment based on certain criminal conduct) also may disproportionately impact protected-class individuals and may violate the law if not job related and consistent with a business necessity (disparate impact liability)

The EEOC specifies two circumstances in which employers will meet the “job related and consistent with a business necessity” defense:

  • The employer validates the criminal conduct exclusion for the particular position under the Uniform Guidelines on Employee Selection Procedures (i.e., if there is data or analysis about criminal conduct as being related to subsequent work performance or conduct;) or
  • The employer develops a targeted screen considering at a minimum the nature of the crime, the time elapsed, and the particular job. The employer’s policy then provides an opportunity for an individualized assessment for those individuals identified by the screen to determine if the policy, as applied, is job related and consistent with a business necessity.

The guidance further asserts that although Title VII does not require individualized assessment in all circumstances, the use of a screen that does not include such assessment is more likely to violate its provisions. As an example of individualized assessment process, the EEOC recommends providing the applicants an opportunity to explain why they should not be denied a position due to the criminal record. The guidance also specifies the following factors that employers should assess:

  • Facts or circumstances surrounding the offense or conduct;
  • Number of charges of which the individual was convicted;
  • Older age at the time of conviction, or release from prison;
  • Evidence that the individual performed the same type of work, post-conviction, with the same or different employer, with no known incidents of criminal conduct;
  • Length and consistency of employment before and after the offense or conduct;
  • Rehabilitation efforts, e.g., education/training;
  • Employment or character references and any other information regarding fitness for the particular position; and
  • Whether the individual is bonded under a federal, state, or local bonding program.

The guidance recognizes that some employers are subject to federal statutory and/or regulatory requirements that prohibit them from hiring individuals with criminal records for certain positions. The EEOC notes that its new guidance does not preempt such federal guidelines, and explains that employers may be subject to a claim under Title VII if they scrutinize individuals to a higher degree than required under applicable federal requirements.

As in its previous version, the EEOC’s new guidance is not meant to be a deterrent to conducting background checks. But it should serve as a reminder that hiring policies and practices must be structured in compliance with the law.  

|Employment Decisions|

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes

[such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

|Judgment|
© 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
Go to Top