FCRA

Class actions against employers for violations of the FCRA are increasing

An auto parts company (CA USDC Case No. 2:14-cv-3470) and a hotel chain (CA USDC Case No. 3:14-cv-01089) are just the latest employers that have been slapped with class action lawsuits for alleged violations of the Fair Credit Reporting Act (the “FCRA”) charging willful non-compliance with the FCRA’s disclosure, authorization, and/or notice requirements. And the payouts in such lawsuits can be in the millions. Within the past three years, a national trucking company reached a settlement for $4.6 million, a national retail chain for $3 million and a national pizza maker for $2.5 million.

The FCRA allows an applicant or employee to bring a private right of action against an employer who negligently or willfully fails to comply with any of the FCRA’s requirements. Under the statute of limitations, an action must be brought by the earlier of (1) two years after the date of violation discovery by the plaintiff, or (2) five years after the date on which the violation occurred. The employer’s liability for negligent non-compliance is actual damages sustained by the applicant/employee, and reasonable attorneys’ fees and costs. A willful violation carries actual or statutory damages ranging between $100 and $1,000, punitive damages, and attorneys’ fees and costs.

Below are general FCRA compliance reminders to employers when procuring and using background check reports prepared by a consumer reporting agency (“CRA”):

  • Provide disclosure to the applicant/employee in a standalone document that a consumer report may be obtained and used for employment purposes (language must be clear, with no superfluous information or liability waiver, and separate from the employment application);
  • Provide to the applicant/employee a summary of rights under the FCRA and applicable state notices;
  • Obtain the applicant/employee’s authorization for the consumer report;
  • Before taking adverse action based on the report (1) provide a pre-adverse action notice to the applicant/employee along with a copy of the report, and notices of rights, if not given previously, (2) wait a reasonable period of time (at least 5 days) before taking the adverse action, and (3) after deciding to take the adverse action, provide a notice that contains the FCRA required information, such as the name, address, and telephone number of the CRA that provided the report.
May 14th, 2014|Categories: Employment Decisions|Tags: , , |

Another lawsuit reminds employers about FCRA disclosure/authorization requirements

A recently filed class action NDC Ca. No. (4:14-cv-00592-DMR, 2-7-14) is a reminder to employers that under the Fair Credit Reporting Act (the “FCRA”) their disclosure and authorization form to the applicant/employee for obtaining a background check must be in a standalone document, and cannot contain confusing or extraneous information. The lawsuit alleges that the defendant employer used an invalid form to obtain consent to conduct background checks, that it relied on an authorization that was included alongside several other consent paragraphs in an online employment application, and that the consent form contained a release of liability related to obtaining the background check. Two published court decisions already ruled that including a liability waiver constitutes a technical violation under the FCRA. (WD Pa. 2013, No. 2:08-cv-01730-MRH, and Dist. Md., 2012, No. 8:11-cv-01823-DKC.)

March 28th, 2014|Categories: Employment Decisions|Tags: |

Proposed Regulation A rules have bad actor disqualification similar to Rule 506(d)

On December 2, 2013, the U.S. District Court for the Western District of Pennsylvania ruled that a combined disclosure and authorization form that contained a liability waiver which the employer gave to a group of former job applicants violates the Fair Credit Reporting Act (the “FCRA.”) The court determined that a significant portion of the 1,800 individuals in this class action are entitled to willful damages under the FCRA and could each receive the greater of his/her actual damages or $1,000 plus attorneys’ fees.

This is a second published decision to hold that liability waivers invalidate the disclosure requirements under the FCRA. The first ruling rendered in January 2012 in the U.S. District Court in Maryland found that “both the statutory text and FTC advisory opinions indicate that an employer violates the FCRA by including a liability release in a disclosure document.” Thus far, only the U.S. District Court for the Western District of North Carolina disagreed, deciding in August 2012 that the liability waiver included in the defendant employer’s combined disclosure and authorization form was kept sufficiently distinct from the disclosure language so as not to render it ineffective.    

January 17th, 2014|Categories: Commercial Transactions Due Diligence|Tags: , , |

Proposed federal bill bans credit checks in employment decisions

Introduced by Senator Elizabeth Warren (D-Mass) on December 17, 2013, the “Equal Employment for All Act” (S. 1837), would amend the Fair Credit Reporting Act to prohibit employers from requiring or suggesting that applicants disclose their credit history, from procuring a consumer or investigative report, and from disqualifying employees based on a poor credit rating, or information on a consumer’s creditworthiness, standing or capacity. Positions that require a national security clearance or “when otherwise required by law” are exempt from the prohibition. Ten states (California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington) already have enacted legislation that limits the use of credit reports for employment purposes.

January 17th, 2014|Categories: Employment Decisions, Legislation|Tags: , |

FTC says data brokers willing to sell consumer information and disregard FCRA

On May 7, 2013, the Federal Trade Commission (the “FTC”) announced the results of its testing operation, revealing that 10 companies out of the 45 that the FTC approached seemed to be willing to sell consumer information without complying with the Fair Credit Reporting Act (“FCRA.”) The FTC reported that its staffers asked the companies about buying the information for purposes such as determining creditworthiness, suitability for employment or eligibility for insurance.

Six of the 10 companies appeared willing to sell consumer information for employment purposes, two for insurance decisions and two for pre-screened lists of consumers to use in making firm offers of credit. The data brokers were contacted again by the FTC, but this time in the form of letters, warning that their practices may violate the FCRA. The warning letters are part of an ongoing international effort spearheaded by the Global Privacy Law Enforcement Network, an informal group of consumer protection and privacy agencies. 

May 9th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

Most service providers are not subject to Red Flags Rule

The Federal Trade Commission (the “FTC”) interim final rule which became effective February 11, 2013 confirms that most service providers are not subject to the Red Flags Rule. The rule clarifies the meaning of “creditor” ensuring that its definition is consistent with the revised definition of that term in the amended Fair Credit Reporting Act (the “FCRA”). A “creditor” must develop and implement a written identity theft prevention program premised on identifying “red flags” of identity theft only if in the ordinary course of business, the “creditor” regularly: 1) obtains or uses consumer reports in connection with a credit transaction; 2) furnishes information to consumer reporting agencies in connection with a credit transaction; or 3) advances funds to or on behalf of a person, in certain cases.

However, any entity collecting consumer data must remain vigilant in how it collects, uses and safeguards that data. The FTC may pursue enforcement actions under the FTC Act when a company does not take reasonable privacy protection measures scaled to the risk level of their business practices.

March 29th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

CFPB’s takeover of FCRA enforcement requires new notices by January 1, 2013

In July 2012, the newly-created Consumer Financial Protection Bureau (“CFPB”) under the Dodd-Frank Wall Street Reform and Consumer Protection Act assumed rulemaking and enforcement authority of the Fair Credit Reporting Act (“FCRA”) from the Federal Trade Commission (“FTC”).

Although more changes are likely to come, beginning January 1, 2013, businesses, including employers, and consumer reporting agencies, will be required to provide a new version of the “Summary of Rights” form to individuals before taking any adverse action based on the contents of a consumer report. Notably, the adverse action process that must be followed under the FCRA has not changed; the revisions are generally stylistic and substitute “CFPB” for references to the FTC. There is also an updated and expanded list of contacts included at the end of the form.

To download the PDF versions of the updated Summary of Rights, and forms regarding the obligations of users and furnishers of consumer reports, click on the links below.

Summary of Rights under the FCRA.pdf

Obligations of Users of Consumer Reports under the FCRA.pdf

Obligations of Furnishers of Consumer Reports.pdf

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

FTC’s civil rights testimony recaps FCRA obligations and aggressive enforcement

On December 7, 2012, the Federal Trade Commission (the “FTC”), submitted its written testimony to the U.S. Civil Rights Commission on the use of criminal background checks in employment decisions. The Commission intends to apply the testimony in reviewing the EEOC’s guidance that an employer’s use of an individual’s criminal history in making employment decisions may, in some instances, violate the prohibition against employment discrimination under Title VII of the Civil Rights Act of 1964. The EEOC suggests that minorities are disproportionately likely to have criminal records, which means that when employers use criminal background reports, minorities are possibly affected more than other groups.

Notably, in its testimony, the FTC, which shares the authority for enforcing the Fair Credit Reporting Act (“FCRA”) with other federal agencies, including the Consumer Financial Protection Bureau (“CFPB”) does not say anything substantial about civil rights.

The testimony does, however, provide a good recap of the legal rights and obligations prescribed by the FCRA when consumer reports are used for employment purposes, and highlights the FTC’s law enforcement efforts in this area. As its starting point, the testimony reminds that the FCRA imposes several requirements on consumer reporting agencies (“CRAs”) that provide consumer reports to employers, which include ensuring that the employer is in fact using the report for a permissible purpose. In the employment context, permissible purposes are limited to “employment, promotion, reassignment, or retention.” Thus, employers may only obtain a consumer report about applicants or employees, and may not simply use their status as employers to get information about competitors, opposing parties in litigation, or anyone else. Relatedly, under the permissible purpose requirement, CRAs must have reasonable procedures in place to ensure that the consumer report users are who they claim.

The CRAs also must comply with certain procedural requirements, such as giving all users of consumer reports a notice that informs them of their duties under the FCRA. The CRAs must obtain certifications from the employer that: (1) it is in compliance with the FCRA; and (2) it will not use consumer report information in violation of any federal or state equal employment opportunity laws or regulations.

Further, the FCRA mandates that CRAs follow “reasonable procedures to assure maximum possible accuracy of the information

[15 U.S.C. § 1681e(b)].” It does not establish, however, a requirement of absolute accuracy and does not require that the CRAs guarantee that the reports are error-free.

If a CRA provides a report that has negative information about an applicant or employee that is based on public records — for example, tax liens, outstanding judgments, or criminal convictions — that CRA either has to notify the applicant or employee directly that it has provided the information to the employer, or has to adopt strict procedures to ensure that the information is complete and up to date [15 U.S.C. § 1681k(a)(1)-(2)]. Regardless of whether a CRA opts to provide the notice or adopt strict procedures, FCRA § 1681e(b), as noted above, requires CRAs to have “reasonable procedures to assure maximum possible accuracy.”]

The FCRA also places specific obligations upon employers to provide certain disclosures to the applicants or employees, and obtain their written authorization before using consumer reports. If an employer intends to take an adverse action based either in whole or in part on the information in a consumer report, such as denying a job application, reassigning or terminating an employee, or denying a promotion, the employer must provide the applicant or employee with a pre-adverse action notice before taking the action. The pre-adverse action notice must include a copy of the consumer report on which the employer is relying and a summary of rights under the FCRA. The form, which recently was reissued by the CFPB, describes the consumers’ rights under the FCRA, including the right to obtain copies of their consumer reports and dispute information.

Once the employer has taken the adverse action, it must give the applicant or employee a notice that the action was based on information in the consumer report.  This adverse action notice must include the name, address, and phone number of the CRA that supplied the report, and must inform the applicant or employee of his or her right to dispute the accuracy or completeness of any information in the report, and the right to obtain a free report from the CRA upon request within 60 days. Even though a consumer has the right to dispute errors, the CRAs and furnishers of information to the CRAs typically are allowed thirty days to investigate the consumer’s dispute, and the information may not be corrected in time to affect the consumer’s consideration for a particular job.

The FTC points out that it has pursued an aggressive law enforcement program to ensure that CRAs, furnishers, and consumer report users (including employers) comply with their responsibilities under the FCRA, providing details of recent lawsuits for FCRA violations that resulted in civil penalties against CRAs ranging from $800,000 to $2.6 million. Its recent actions against employers included charges against railroad contractors for failing to provide pre-adverse action and adverse action notices to employees who were fired and job applicants who were rejected based on information in their consumer reports. Under negotiated settlement orders, the companies were required to pay penalties in the amount of $1,000 per violation, and are subject to specific injunctive, record-keeping, and reporting requirements to ensure compliance with the FCRA.

The FTC’s enforcement actions and the latest wave of class action lawsuits enforce that FCRA compliance must be a priority for employers, CRAs and furnishers of information alike.

January 7th, 2013|Categories: Commercial Transactions Due Diligence|Tags: , |

No shortcuts to assuring maximum possible accuracy under the FCRA

When Congress formulated the Fair Credit Reporting Act (“FCRA”) more than 30 years ago, it noted that the law was enacted in order to protect consumers against “the trend toward…the establishment of all sorts of computerized data banks

[that placed a consumer] in great danger of having his life and character reduced to impersonal ‘blips’ and key punch holes in a stolid and unthinking machine which can literally ruin his reputation without cause [116 Cong. Rec. 36570].” This intent has been clearly supported by the amendments that followed allowing greater and more effective protection. But despite the leaps and bounds in legislation, much controversy still exists about the level of protection that this law provides to consumers.  And confusion abounds about the compliance requirements for consumer reporting agencies (“CRAs”) on whom the FCRA places “grave” compliance obligations. “There is a need to insure that consumer reporting agencies exercise their ‘grave’ responsibilities with fairness, impartiality, and a respect for the consumer’s right to privacy [15 U.S.C. § 1681(a)(4) (2006)].”

The FCRA mandates that “[w]henever a consumer reporting agency prepares a consumer report it shall follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates [15 U.S.C. § 1681e(b)].” So what does this mean? Courts have taken two positions in interpreting the language of this section. The “consumer-friendly” version holds CRAs liable for reports that are technically accurate, but may be misleading or incomplete. (Koropoulos v. Credit Bureau, Inc., 734 F.2d 37, 40; D.C. Cir. 1984: “Congress did not limit the Act’s mandate to reasonable procedures to assure only technical accuracy; to the contrary, the Act requires reasonable procedures to assure maximum accuracy.”) The “business friendly” interpretation requires only technical accuracy in the CRA’s reporting.  [Todd v. Associated Credit Bureau Servs., Inc., 451 F. Supp. 447, 449 (E.D. Pa. 1977)].

While this case law is helpful in understanding the CRA’s liability under the statute, there is no doubt that a comprehensive guidance on the methodology to assure maximum accuracy is still much needed especially in view of the proliferation of the so-called “national databases” in the recent years. But despite the lack of clear guidance, a reputable CRA knows that “to assure” means “to earnestly inform or tell positively; state with confidence.” And reporting a record that was identified by name only or relying solely on private database record information in an employment background check does not pass the reasonable procedures test by any standard.

In an Internet marketplace that touts instant results, a CRA’s practice of sending searchers to the courthouse, pulling dozens of cases, and reviewing legal documents to ascertain correct subject identification and record information may be counterintuitive for many employers. And it takes time and money to assure the most accurate and up-to-date results. On the other hand, in a world of over a million people, is a quick and cheap database background search of any real value?

January 7th, 2013|Categories: Employment Decisions|Tags: |

Agencies jointly support that FCRA Section 1681c does not violate first amendment

On May 3, 2012, the Federal Trade Commission (FTC) joined the Department of Justice (DOJ) and the Consumer Financial Protection Bureau (CFPB) in filing a memorandum brief in support of the constitutionality of the Fair Credit Reporting Act (FCRA), established in 1970 to protect credit report information privacy and to ensure that the information supplied by consumer reporting agencies (CRAs) is as accurate as possible.

In the case of Shamara T. King vs. General Information Services, Inc. (GIS), the CRAs address a provision of the FCRA that balances the Act’s dual purposes, i.e., to protect consumers from privacy invasions caused by the disclosure of sensitive information and to ensure a sufficient flow of information to allow the CRAs to fulfill their vital role.) The provision, Section 1681c, bars CRAs from disclosing arrest records or other adverse information that is more than seven years old, in most cases.

The agencies brief refutes GIS’s argument that this FCRA protection is an unconstitutional restriction of free speech, pointing out that the recent U.S. Supreme Court case law that GIS cites to support its argument, Sorrell v. IMS Health Inc., “does not change the settled First Amendment standards that apply to commercial speech, nor does it suggest that restrictions on the dissemination of data for commercial purposes

[such as those by CRAs] must satisfy stricter standards.” Therefore, the brief concludes, the court should not invalidate the FCRA provision, as it “directly advances the government’s substantial interest in protecting individuals’ privacy” while also accommodating the interest of businesses. The case is pending.

May 21st, 2012|Categories: Commercial Transactions Due Diligence|Tags: , , , |
© 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
Go to Top