Class action charges LinkedIn with violations of FCRA
According to a new putative class action filed in California federal court, social networking site LinkedIn runs afoul of the Fair Credit Reporting Act (FCRA).
The plaintiffs claim that LinkedIn’s reference search functionality allows prospective employers, among others, to obtain reports on job applicants with profiles on the site. LinkedIn’s dissemination of “Reference Reports” – that are created based on a user’s profile and connections to form a list of former supervisors and co-workers as possible references – are available for users who pay a monthly or annual subscription fee.
“LinkedIn has created a marketplace in consumer employment information, where it sells employment information, that may or may not be accurate, and that is has obtained in part from unwitting members, and without complying with the FCRA,” according to the complaint, which noted the site has more than 300 million members and one million jobs listed.
The Reference Reports bring LinkedIn within the purview of the FCRA, and yet the company fails to comply with a host of statutory requirements, according to the complaint.
Specifically, the complaint alleges that the site violates Section 1581(b) by furnishing consumer reports for employment purposes without obtaining the certifications required by the statute or a summary of the consumer’s rights and also does not maintain any of the procedures required by Section 1681e(a) to limit the furnishing of consumer reports to the limited purposes of the statute. In addition, Section 1681e(b) mandates that all consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information, Section 1681e(d) requires that a user notice be provided to individuals when a report is provided about them, and Section 1681b states that reports can only be provided after an inquiry to ensure the report is used for a “permissible purpose.” None of these statutory requirements were met by LinkedIn, the suit alleges.
“[A]ny potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained,” Sweet and the other plaintiffs claim. “Such secrecy in dealing in consumer information directly contradicts the express purposes of the FCRA.”
The main plaintiff alleges that she located a job opening on the site and submitted her resume through LinkedIn. She received a notification from the site that the general manager of the employer had viewed her profile and she was offered the job after an interview. The general manager declined the plaintiff’s offer to provide a list of references but later called back to rescind the offer, telling her that he had checked some of her references and changed his mind.
The plaintiffs seek to certify a nationwide class of LinkedIn users who had a Reference Report run on them as well as a subclass of users who applied for employment via the site and had a Report generated by a potential employer. As for remedies, the putative class requests actual, statutory, and punitive damages, as well as attorney’s fees and costs.
To read the complaint in Sweet v. LinkedIn Corporation, click here.
SEC considers background check rule proposed by FINRA
Financial institutions could face expanded obligations to conduct background screening of applicants for registration pursuant to a rule proposed by the Financial Industry Regulatory Authority (FINRA) to the Securities and Exchange Commission (SEC).
As currently drafted, the National Association of Securities Dealers (NASD) Rule 3010(e), the Responsibility of Member to Investigate Applicants for Registration, provides that a firm “must ascertain by investigation the good character, business reputation, qualifications and experience of an applicant before the firm applies to register that applicant with FINRA,” the regulator explained.
Seeking to “streamline and clarify members’ obligations relating to background investigation, which will, in turn, improve members’ compliance efforts,” FINRA proposed the addition of background checks to the Rule for the SEC’s consideration.
The change would mandate that firms verify the accuracy and completeness of the information in an applicant’s Form U4 (Uniform Application for Securities Industry Registration or Transfer) for first-time applicants as well as transfers. Written procedures for conducting the background check – including a public records search – must also be established.
While the rule is prospective, FINRA announced that it would take a look at currently registered representatives. The financial regulator intends to begin its efforts with a search of all publicly available criminal records for the roughly 630,000 registered individuals who have not been fingerprinted within the last five years; going forward, FINRA will periodically review public records “to ascertain the accuracy and completeness of the information available to investors, regulators and firms,” the agency said.
To read the Federal Register notice: click here.
Background screening of independent contractors
The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?
The answer: it depends.
While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)
The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.
Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.
In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.
The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.
However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”
To read the Allison Letter, click here.
To read the Solomon Letter, click here.
California expands privacy protections for state residents
A perennial trendsetter with regard to data security and privacy, California has updated its state law with tweaks that expand the scope of the privacy protections for state residents.
A.B. 1710 made three changes to existing law that go into effect January 1, 2015: first, businesses that maintain “personal information” about California residents must “implement and maintain appropriate and reasonable security procedures and practices” to protect the data from “unauthorized access, destruction, use, modification, or disclosure.” Personal information is defined to include an individual’s first name or first initial and last name, Social Security number, driver’s license number, as well as medical and financial account information.
Second, if a person or business was “the source” of a data breach and offers to provide identity theft prevention and mitigation services to affected individuals, the business must offer the services at no cost for at least 12 months. Some controversy has swirled around this provision, with debate on whether the language actually requires businesses to provide one year of free identity theft protection and mitigation services or if the law simply requires that if the services are offered, they last for 12 months and are provided gratis. Additional guidance may be forthcoming.
Finally, the new legislation prohibits a business from “selling, offering for sale, or advertising for sale” Social Security numbers. Limited exceptions were noted in the bill, including “if the release
The law’s scope reaches well beyond the borders of California, as it applies to businesses that maintain any personal information about a state resident. Companies would be well advised to familiarize themselves with the new requirements.
To read AB 1710, click here.