FCRA

Mini FCRA update: Georgia enacts new law, California law mired in uncertainty

Enacted in 1970, the Fair Credit Reporting Act (FCRA) provides federal regulation of consumer reporting agencies that provide consumer reports to third parties.

In the 45 years since the FCRA took effect, several states have passed their own version of the statute to provide additional protections for consumers. Colloquially referred to as “mini” FCRAs, the laws can be found in Arizona, California, Maine, Massachusetts, Minnesota, New Jersey, New York, Oklahoma, and Washington.

Joining the group: Georgia, where House Bill 328 took effect on July 1. The new law applies to consumer reporting agencies (CRAs) that “conduct business” within the state, defined as those entities that “provide information to any individual, partnership, corporation, association, or any other group however organized that is domiciled within this state or whose principal place of business” is located within Georgia’s borders.

A CRA encompasses any person or entity “which, for monetary fees or dues or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.”

For its part, a consumer report broadly includes “any written, oral, or other communication of any information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for purposes of credit, insurance, or employment.”

As it closely tracks the federal FCRA, Georgia’s law provides that a CRA that furnishes consumer reports for employment purposes in compliance with the federal statute will be in compliance with the state version.

While Georgia’s new law already took effect, other states have struggled with application of their mini FCRAs.

For example, in 2013, a federal court judge California ruled that one of the state’s two FCRA corrollaries, the Investigative Consumer Reporting Agencies Act (ICRAA), was unconstitutionally vague in Roe v. LexisNexis Risk Solutions, Inc. The case involved an anonymous plaintiff who sued when she failed to obtain employment.  She argued she didn’t get the job as a result of an allegedly inaccurate background check furnished by the defendant to her prospective employer in violation of both the FCRA and the ICRAA.

The defendant argued that the ICRAA was unconstitutionally vague as applied and the court agreed. In addition to the FCRA and the ICRAA, California had previously enacted the Consumer Credit Reporting Agencies Act (CCRAA), a law that governs consumer credit checks. The interplay between the CCRAA and ICRAA resulted in confusion for covered entities, the court found, as criminal background information about consumers was regulated by both laws, leaving companies uncertain about which statute’s requirements actually applied.

Although the plaintiff appealed the decision to the Ninth Circuit Court of Appeals, the federal appellate panel dismissed the appeal for procedural reasons; on remand, the federal district court later dismissed the case with prejudice in December 2013. However, the opinion in Roe remains valid law in the state, leaving a shadow of uncertainty hanging over the ICRAA.

Read Georgia’s House Bill 328.

Read Roe v. LexisNexis Risk Solutions, Inc.

September 23rd, 2015|Categories: Employment Decisions|Tags: , , |

California’s marijuana laws present challenges for employers

Even for those not partaking in marijuana, the various California laws regulating its use can be confusing – particularly for employers.

The trend in state legislatures to permit the recreational and/or medicinal use of marijuana began with California’s Compassionate Use Act in 1996, which allowed state residents to use the drug for medical purposes and decriminalized possession of less than 28 grams. Complicating the matter, however: marijuana use remains prohibited by federal law.

With limited use of marijuana legal in the state, how can employers find out about a worker’s use of the drug or limit it without running afoul of state law?

Employers have two options, either try to get their hands on historical information, such as criminal convictions, or seek out current input via drug testing.

Criminal history related to drugs in many instances is off-limits for employers. Job applicants cannot be required to disclose an arrest that did not result in a conviction or participation in a pretrial or post-trial diversion program. Any criminal history that has been expunged, sealed, or dismissed will be unavailable as are marijuana-related convictions dating back more than two years.

While California has not banned the box for private employers, local jurisdictions such as San Francisco have, requiring employers to wait until after a live interview or determining that an applicant meets the qualifications for the position before inquiring into criminal history. Background checks – whether performed in-house or by a third party – require compliance with federal law (the Fair Credit and Reporting Act (FCRA) as well as California’s counterpart, the Investigative Consumer Reporting Agencies Act (although the legality of the state statute is unclear, see story below for more detail). And such investigations into applicants’ history are a current target for the Equal Employment Opportunity Commission – which has filed multiple lawsuits (https://www.scherzer.com/eeoc-loses-again-in-challenge-to-background-checks/) against employers alleging their background checks constitute disparate impact discrimination against protected groups like African-Americans – and a popular basis for class actions. Recent cases have settled with multi-million awards, including a $2.5 million payout by Domino’s Pizza and a $6.8 million deal between Publix Super Markets and a class of applicants alleging the company violated the FCRA.

Drug tests can be viable option for employers. Once a job offer has been made, an employer may require an applicant to pass a drug test as a condition of employment (as long as all potential employees are subject to the same requirement). After a worker has been hired, drug tests may be used if an employer has a reasonable suspicion that the employee is under the influence. Certain jobs – such as those in the transportation industry like truck drivers – may permit such testing more freely. If a test comes back positive, employers do have the discretion to discipline, terminate, or choose not to hire an applicant even if the individual legally holds a medical marijuana card issued by the state. In addition, despite the requirements under the Americans With Disabilities Act and California state law to provide reasonable accommodations to employees considered disabled, neither federal nor state law requires employers to permit marijuana use as such an accommodation.

September 23rd, 2015|Categories: Criminal Activity, Employment Decisions|Tags: , , |

Revised FCRA Summary of Rights form released

Did you know that a revised version of the Fair Credit Reporting Act (the “FCRA”) Summary of Rights form was released a few months ago?

If the answer is “no,” don’t worry. The form was not published in the Federal Register and appeared under the radar without an announcement.

The FCRA mandates that employers are required to provide a disclosure and obtain written authorization from any applicant or employee prior to conducting a background check. If the employer decides to take an “adverse action” against the applicant or employee based on the results of the background check, the employer must provide the individual with a copy of the background check and the Summary of Rights form under the FCRA.

The revised form does not require a lot of adjustments for employers. Some of the government addresses found on the last page were changed and all references to Maine’s laws were removed. Earlier this year, the state repealed its mini-FCRA to adopt the federal FCRA.

View the new Summary of Rights form.

September 23rd, 2015|Categories: Employment Decisions|Tags: , , |

Florida court allows FCRA suit against Whole Foods to move forward

Reinforcing the importance of complying with even the most technical FCRA requirements, a federal court in Florida allowed a former employee to move forward with his suit against Whole Foods Market Group.

In the putative class action, the plaintiff, who was terminated in June 2013 after the employer conducted a background check on plaintiff and other existing employees, charges that Whole Foods violated the FCRA, and specifically, points to the forms the plaintiff signed when he applied for employment. A “Disclosure Statement” provided: “By this document

[Whole Foods] discloses to you that a consumer report regarding your credit history, criminal history and other background information and/or an investigative consumer report containing information as to your character, general reputation, personal characteristics and/or mode of living may be obtained from personal interviews or other sources in connection with your application for any purpose at any time during your employment.”

The plaintiff was also given a “Consent and Release of Information” form, which stated: “I further understand and authorize [Whole Foods] or those authorized by them to procure a consumer report on me as part of a process of consideration as an employee … I release all parties from liability for any damages which may result from the disclosure of any information outlined herein.”

Although Whole Foods intended for the Disclosure Statement to satisfy Section 1681(b)(2)(A)(i) of the FCRA and each form was a separate single page document, the simultaneous presentation of the consent form rendered the disclosure meaningless, the plaintiff argued. Whole Foods knew that it was required to provide a stand-alone form, the plaintiff added, citing FCRA-related articles posted online by the third-party the company used to run the background checks.

The court agreed. “Based on the allegations, with all inferences drawn in favor of plaintiff, if both the disclosure and the consent forms combined and read as one document with the waiver and release included simultaneously with the disclosure, the complaint states a claim for relief,” the judge said, denying Whole Foods’ motion to dismiss the suit. The court also allowed the plaintiff’s contention that Whole Foods “willfully” violated the FCRA to move forward. Under the statute, reckless and knowing violations constitute willful violations, the court noted, and the plaintiff presented sufficient allegations that the defendant knew it was required to provide a stand-alone form separate from the employment application and yet failed to do so.

“The allegations that defendant had access to legal advice and guidance from the FTC yet it knew that its conduct was inconsistent with that guidance and the plain terms of the statute, are sufficient to withstand attack at this stage of the proceedings on a motion to dismiss,” the judge wrote.

The decision provides an important reminder to employers that class actions alleging technical violations of the FCRA, particularly Section 1681(b)(2)(A)(i), remain popular with plaintiffs with statutory damages from $100 to $1,000 for a willful violation available.

Whole Foods is facing an identical suit in California federal court while other companies have settled similar cases for significant amounts, such as the recent deal Publix Super Markets struck with a class in Tennessee federal court for $6.8 million, a $2.5 million payout by Domino’s Pizza, and a settlement agreement for $3 million between grocery chain Food Lion and job applicants.

Read the court order here.

June 12th, 2015|Categories: Employment Decisions|Tags: , |

U.S. Supreme Court case offers window into CFPB’s position on the FCRA

The U.S. Supreme Court has agreed to hear a closely followed case involving the Fair Credit Reporting Act (the “FCRA”) that will have great significance on privacy law. In connection with this case, the Consumer Financial Protection Bureau (CFPB) offered a glimpse of its stance on the FCRA in an amicus brief recently filed with the U.S. Supreme Court.

In 2012, the Bureau took over the enforcement reins of the FCRA from the Federal Trade Commission (FTC). Since then, the industry has watched for signs on how the Bureau would tackle its new job, with few clues. But in an amicus brief filed jointly with the Solicitor General in Spokeo v. Robins, the CFPB weighed in, taking a consumer-friendly position on the statute.

The dispute began when Robins claimed that Spokeo ran afoul of the FCRA. The spokeo.com site allows users to obtain information about other individuals like address, phone number, employment information, and economic data such as mortgage value and investments. Robins sued after finding incorrect information about himself on the site, alleging that Spokeo was a consumer reporting agency (CRA) under the FCRA and sold “consumer reports” but failed to comply with the various statutory requirements by neglecting to assure the maximum possible accuracy of the information reported on its site and failing to provide notice of statutory responsibilities to purchasers of its reports.

Relying on Section 1681n of the FCRA, which grants consumers a cause of action against an entity that negligently or willfully violates “any requirement imposed

[under the FCRA] with respect to [that] consumer,” Robins filed a putative class action. A federal district court dismissed the suit for a lack of standing but the Ninth Circuit Court of Appeals reversed. The federal appellate panel held that Robins sufficiently alleged an injury in fact because Congress created a right of action to enforce a statutory provision, demonstrating intent to create a statutory right.

Spokeo petitioned the U.S. Supreme Court to take the case. The CFPB filed the amicus brief, siding with the plaintiff and arguing that the justices should deny the writ of certiorari. The Bureau argued to the Court that the statutorily created cause of action found in the FCRA satisfied the injury required for Article III standing. While recognizing that Congress does not have unlimited power to define the class of plaintiffs who may sue in federal court, the CFPB said the legislature “may grant individuals statutory rights that, when violated, confer standing, and the clear language of the FCRA did just that.”

“FCRA thus grants an individual consumer a statutory entitlement to be free from a CRA’s actual dissemination of inaccurate information about him when the CRA fails to employ ‘reasonable procedures’ to assure the information’s accuracy,” according to the CFPB’s brief. A CRA’s willful failure to follow reasonable procedures to ensure that an accurate report about a consumer is disseminated violates a ‘requirement imposed under [FCRA] with respect to [that] consumer.’ It is also a concrete and particularized injury to the consumer because it involves the actual, specific, and non-abstract act of disseminating information about the particular consumer.” This reading – recognizing a legally protected interest in consumer privacy – “is particularly salient in modern-day society given the proliferation of large databases and the ease and rapidity with which information about individuals can be transmitted and retransmitted across the Internet,” the CFPB added, as “public dissemination of inaccurate personal information about the plaintiff is a form of ‘concrete harm’ that courts have traditionally acted to redress, whether or not the plaintiff can prove some further consequential injury.”

Read the CFPB’s amicus brief in Spokeo v. Robins here.

Read the opinion of the U.S. Court of Appeals for the Ninth Circuit here.

 

June 12th, 2015|Categories: Employment Decisions|Tags: , |

Do you know about specialty consumer reports?

Credit reports are a part of life, whether applying for a credit card or purchasing a home. But what about specialty consumer reports?

Many people are unaware that dozens of other types of consumer reports exist, filled with information about medical and prescription history, for example, or insurance claims. Specialty consumer reports gather data from a wide variety of sources including information provided by consumers on applications (such as an apartment lease or a wireless phone contract) as well as public documents like criminal records and marriage licenses.

The reports provide information geared for a specific industry. A truck driving company might purchase reports that detail a job applicant’s driving record and motor vehicle insurance claims while an insurer will review a report with claims filed by a homeowner to check an individual’s historic use of insurance policies. Other niche reports provide data on loan balances, information about any bounced checks, and bank account history for lenders; another company tracks consumers’ product returns and will alert large retailers for fraud prevention purposes.

The Fair Credit Reporting Act (the “FCRA”) entitles consumers to one free report per year from any nationwide credit or specialty reporting agency (plus another free report if an adverse action has been taken, or the consumer disputes an item in the report that was corrected).

Recently, consumer rights group Consumer Action focused on the issue of specialty consumer reports in an “Insider’s Guide to Specialty Consumer Reports: A Guide to Obtaining, Understanding and Managing Your Information,” complete with a directory of furnishers. Staffers went through the process of requesting their own reports to help provide information for consumers about the types of reports available and their rights to request reports or correct errors.

Access the Consumer Action guide.

Read the directory of specialty consumer report furnishers.

May 8th, 2015|Categories: Employment Decisions|Tags: , |

Trend of suing employers for technical FCRA violations continues

The threat of a multi-million potential class action lawsuit alleging technical violations of the Fair Credit Reporting Act (FCRA) continues to haunt employers, even where the plaintiffs have alleged or proven no harm.

Pursuant to the statute, employers are required to “provide prior written notice before they can procure a consumer report about any employee or applicant for employment.” Just as important, 15 U.S.C. Section 1681b(b)(2)(A)(i) adds that the notice must be given “in a document that consists solely of the disclosure.”

Seeking to take advantage of the statutory damages available under the FCRA – from $100 up to $1,000 for a willful violation – plaintiffs have challenged employers’ use of a disclosure form that combined the written notice to procure a consumer report with other information or documents, such as an application form.

The trend to sue for FCRA technical violations was started by Singleton v. Domino’s Pizza, LLC in the U.S. District Court of Maryland (case no. 8:11-cv-01823-DKC) where the court ruled that inclusion of a liability release in the employer’s disclosure/authorization form violates the FCRA. Domino’s ended up reaching a settlement with the plaintiffs in 2013 for $2.5 million.

Also taking a strict reading of the statutory language, the Western District Court of Pennsylvania ruled in 2013 in Reardon v. Closetmaid Corporation (case no. 2:0S-cv-01730) that an employer could be liable for the combination of a disclosure/authorization with a liability waiver, and granted summary judgment in favor of the roughly 1,800 job applicants.

In a more recent example, a class of applicants sued Publix Super Markets in the U.S. District Court for the Middle District of Tennessee (case no. 3:14-cv-00720) also based on a violation of the sole disclosure requirement and release of liability. With Domino’s and Closetmaid’s payouts looming over its head and a class of 90,000, Publix agreed to settle the claims for $6.8 million earlier last year.

Although these companies opted not to fight the suits on their merits, a defendant in a case filed in the U.S. District Court for the Eastern District of California (case no. 1:14-742-WBS-BAM) did and won dismissal in October 2014. Syed v. M-I LLC involved identical claims but the judge reached a contrary decision, finding that the FCRA text was not as clear-cut as the plaintiff claimed. Immediately following the subsection mandating the sole disclosure of the employer’s intent to procure a consumer report is a provision that states that the consumer’s authorization is to “be made on the document referred to in clause (i)” – “that is, the same document as the disclosure,” the court noted, and “…thus, the statute itself suggests that the term ‘solely’ is more flexible than at first it may appear…”

The Syed decision is the second one that may give hope to employers facing similar suits. (There are at least six class actions pending.) But the obvious answer for companies looking to avoid the problem entirely is simple: use a standalone disclosure/authorization form that is separate from any other information or documents.

January 29th, 2015|Categories: Employment Decisions|Tags: , , |

Class action charges LinkedIn with violations of FCRA

According to a new putative class action filed in California federal court, social networking site LinkedIn runs afoul of the Fair Credit Reporting Act (FCRA).

The plaintiffs claim that LinkedIn’s reference search functionality allows prospective employers, among others, to obtain reports on job applicants with profiles on the site. LinkedIn’s dissemination of “Reference Reports” – that are created based on a user’s profile and connections to form a list of former supervisors and co-workers as possible references – are available for users who pay a monthly or annual subscription fee.

“LinkedIn has created a marketplace in consumer employment information, where it sells employment information, that may or may not be accurate, and that is has obtained in part from unwitting members, and without complying with the FCRA,” according to the complaint, which noted the site has more than 300 million members and one million jobs listed.

The Reference Reports bring LinkedIn within the purview of the FCRA, and yet the company fails to comply with a host of statutory requirements, according to the complaint.

Specifically, the complaint alleges that the site violates Section 1581(b) by furnishing consumer reports for employment purposes without obtaining the certifications required by the statute or a summary of the consumer’s rights and also does not maintain any of the procedures required by Section 1681e(a) to limit the furnishing of consumer reports to the limited purposes of the statute. In addition, Section 1681e(b) mandates that all consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information, Section 1681e(d) requires that a user notice be provided to individuals when a report is provided about them, and Section 1681b states that reports can only be provided after an inquiry to ensure the report is used for a “permissible purpose.” None of these statutory requirements were met by LinkedIn, the suit alleges.

“[A]ny potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained,” Sweet and the other plaintiffs claim. “Such secrecy in dealing in consumer information directly contradicts the express purposes of the FCRA.”

The main plaintiff alleges that she located a job opening on the site and submitted her resume through LinkedIn. She received a notification from the site that the general manager of the employer had viewed her profile and she was offered the job after an interview. The general manager declined the plaintiff’s offer to provide a list of references but later called back to rescind the offer, telling her that he had checked some of her references and changed his mind.

The plaintiffs seek to certify a nationwide class of LinkedIn users who had a Reference Report run on them as well as a subclass of users who applied for employment via the site and had a Report generated by a potential employer. As for remedies, the putative class requests actual, statutory, and punitive damages, as well as attorney’s fees and costs.

To read the complaint in Sweet v. LinkedIn Corporation, click here.

December 3rd, 2014|Categories: Employment Decisions|Tags: , , |

Background screening of independent contractors

The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?

The answer: it depends.

While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)

The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.

Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.

In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.

The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.

However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”

To read the Allison Letter, click here.

To read the Solomon Letter, click here.

December 3rd, 2014|Categories: Commercial Transactions Due Diligence|Tags: , , , |

Class action for unauthorized disclosure of PHI is a new twist under FCRA

A recent class-action is seeking damages for the unauthorized disclosure of personal health information (“PHI”) under the Fair Credit Reporting Act (the “FCRA”). The plaintiffs claim that the defendant hospital allowed the unauthorized access of confidential records of the putative class members, including PHI, held by a third-party records vendor without their knowledge or consent and without sufficient security. Among other claims, the plaintiffs allege that the hospital violated the FCRA by failing to implement adequate safeguards to protect their personally identifiable information and PHI from a data breach suffered by the third-party vendors. The plaintiffs argue that the hospital was a CRA that created “consumer reports” containing sensitive information including names, dates of birth, Social Security numbers, billing information and confidential health records, and disseminated this information to medical service providers affiliated with the defendant, and that the defendant allowed employees of the vendor and others to gain unrestricted access to their personally identifiable information and PHI, which was allegedly misused and intentionally disclosed to third-parties for profit.

September 19th, 2014|Categories: Employment Decisions|Tags: |
© 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
Go to Top