Monthly Archives:

FTC launches new resource for identity theft victims

The FTC has launched IdentityTheft.gov, a new resource that makes it easier for identity theft victims to report and recover from the crime. A Spanish version of the site is available at RobodeIdentidad.gov.

The new website provides an interactive checklist that explains the recovery process and helps victims understand the steps that should be taken upon learning that their identity has been stolen. It also provides sample letters and other helpful resources. In addition, the site offers specialized tips for specific forms of identity theft, including medical and tax-related, and contains advice for people who have been notified that their personal information was exposed in a data breach.

Identity theft has been the top consumer complaint reported to the FTC for the past 15 years, and in 2014, the Commission received more than 330,000 complaints from consumers who were victims.

Florida court allows FCRA suit against Whole Foods to move forward

Reinforcing the importance of complying with even the most technical FCRA requirements, a federal court in Florida allowed a former employee to move forward with his suit against Whole Foods Market Group.

In the putative class action, the plaintiff, who was terminated in June 2013 after the employer conducted a background check on plaintiff and other existing employees, charges that Whole Foods violated the FCRA, and specifically, points to the forms the plaintiff signed when he applied for employment. A “Disclosure Statement” provided: “By this document

[Whole Foods] discloses to you that a consumer report regarding your credit history, criminal history and other background information and/or an investigative consumer report containing information as to your character, general reputation, personal characteristics and/or mode of living may be obtained from personal interviews or other sources in connection with your application for any purpose at any time during your employment.”

The plaintiff was also given a “Consent and Release of Information” form, which stated: “I further understand and authorize [Whole Foods] or those authorized by them to procure a consumer report on me as part of a process of consideration as an employee … I release all parties from liability for any damages which may result from the disclosure of any information outlined herein.”

Although Whole Foods intended for the Disclosure Statement to satisfy Section 1681(b)(2)(A)(i) of the FCRA and each form was a separate single page document, the simultaneous presentation of the consent form rendered the disclosure meaningless, the plaintiff argued. Whole Foods knew that it was required to provide a stand-alone form, the plaintiff added, citing FCRA-related articles posted online by the third-party the company used to run the background checks.

The court agreed. “Based on the allegations, with all inferences drawn in favor of plaintiff, if both the disclosure and the consent forms combined and read as one document with the waiver and release included simultaneously with the disclosure, the complaint states a claim for relief,” the judge said, denying Whole Foods’ motion to dismiss the suit. The court also allowed the plaintiff’s contention that Whole Foods “willfully” violated the FCRA to move forward. Under the statute, reckless and knowing violations constitute willful violations, the court noted, and the plaintiff presented sufficient allegations that the defendant knew it was required to provide a stand-alone form separate from the employment application and yet failed to do so.

“The allegations that defendant had access to legal advice and guidance from the FTC yet it knew that its conduct was inconsistent with that guidance and the plain terms of the statute, are sufficient to withstand attack at this stage of the proceedings on a motion to dismiss,” the judge wrote.

The decision provides an important reminder to employers that class actions alleging technical violations of the FCRA, particularly Section 1681(b)(2)(A)(i), remain popular with plaintiffs with statutory damages from $100 to $1,000 for a willful violation available.

Whole Foods is facing an identical suit in California federal court while other companies have settled similar cases for significant amounts, such as the recent deal Publix Super Markets struck with a class in Tennessee federal court for $6.8 million, a $2.5 million payout by Domino’s Pizza, and a settlement agreement for $3 million between grocery chain Food Lion and job applicants.

Read the court order here.

U.S. Supreme Court case offers window into CFPB’s position on the FCRA

The U.S. Supreme Court has agreed to hear a closely followed case involving the Fair Credit Reporting Act (the “FCRA”) that will have great significance on privacy law. In connection with this case, the Consumer Financial Protection Bureau (CFPB) offered a glimpse of its stance on the FCRA in an amicus brief recently filed with the U.S. Supreme Court.

In 2012, the Bureau took over the enforcement reins of the FCRA from the Federal Trade Commission (FTC). Since then, the industry has watched for signs on how the Bureau would tackle its new job, with few clues. But in an amicus brief filed jointly with the Solicitor General in Spokeo v. Robins, the CFPB weighed in, taking a consumer-friendly position on the statute.

The dispute began when Robins claimed that Spokeo ran afoul of the FCRA. The spokeo.com site allows users to obtain information about other individuals like address, phone number, employment information, and economic data such as mortgage value and investments. Robins sued after finding incorrect information about himself on the site, alleging that Spokeo was a consumer reporting agency (CRA) under the FCRA and sold “consumer reports” but failed to comply with the various statutory requirements by neglecting to assure the maximum possible accuracy of the information reported on its site and failing to provide notice of statutory responsibilities to purchasers of its reports.

Relying on Section 1681n of the FCRA, which grants consumers a cause of action against an entity that negligently or willfully violates “any requirement imposed

[under the FCRA] with respect to [that] consumer,” Robins filed a putative class action. A federal district court dismissed the suit for a lack of standing but the Ninth Circuit Court of Appeals reversed. The federal appellate panel held that Robins sufficiently alleged an injury in fact because Congress created a right of action to enforce a statutory provision, demonstrating intent to create a statutory right.

Spokeo petitioned the U.S. Supreme Court to take the case. The CFPB filed the amicus brief, siding with the plaintiff and arguing that the justices should deny the writ of certiorari. The Bureau argued to the Court that the statutorily created cause of action found in the FCRA satisfied the injury required for Article III standing. While recognizing that Congress does not have unlimited power to define the class of plaintiffs who may sue in federal court, the CFPB said the legislature “may grant individuals statutory rights that, when violated, confer standing, and the clear language of the FCRA did just that.”

“FCRA thus grants an individual consumer a statutory entitlement to be free from a CRA’s actual dissemination of inaccurate information about him when the CRA fails to employ ‘reasonable procedures’ to assure the information’s accuracy,” according to the CFPB’s brief. A CRA’s willful failure to follow reasonable procedures to ensure that an accurate report about a consumer is disseminated violates a ‘requirement imposed under [FCRA] with respect to [that] consumer.’ It is also a concrete and particularized injury to the consumer because it involves the actual, specific, and non-abstract act of disseminating information about the particular consumer.” This reading – recognizing a legally protected interest in consumer privacy – “is particularly salient in modern-day society given the proliferation of large databases and the ease and rapidity with which information about individuals can be transmitted and retransmitted across the Internet,” the CFPB added, as “public dissemination of inaccurate personal information about the plaintiff is a form of ‘concrete harm’ that courts have traditionally acted to redress, whether or not the plaintiff can prove some further consequential injury.”

Read the CFPB’s amicus brief in Spokeo v. Robins here.

Read the opinion of the U.S. Court of Appeals for the Ninth Circuit here.

 

New law limits credit checks for New York City employers

New York City has joined the growing list of employers placing limits on credit checks. On April 16, the City Council overwhelmingly voted in favor of a bill prohibiting the use of credit checks in most employment situations. Mayor Bill De Blasio signed the legislation on May 6, amending the city’s Human Rights Law to make the use of credit history for hiring and other employment purposes, with certain exceptions, an unlawful discriminatory practice. Set to take effect on September 3, 2015, the law will have a sizable impact on employers in New York City. A review of current policies and procedures to determine if any exceptions apply is key, while employers with a statewide presence should consider whether to continue credit checks in other locations where they remain legal.

As defined by the law, “consumer credit history” means an individual’s credit worthiness, credit standing, credit capacity, or payment history, as indicated by: (a) a consumer credit report; (b) credit score; or (c) information an employer obtains directly from the individual regarding (1) details about credit accounts, including the individual’s number of credit accounts, late or missed payments, charged-off debts, items in collections, credit limit, prior credit report inquiries, or (2) bankruptcies, judgments or liens. The law further provides that “a consumer credit report shall include any written or other communication of any information by a consumer reporting agency that bears on a consumer’s creditworthiness, credit standing, credit capacity or credit history.”

Importantly, employers are prohibited not just from the request or use of credit history for applicants, but also from using credit history as a factor in employment decisions for current employees in “compensation, or the terms, conditions or privileges of employment.”

When initially introduced, the proposal featured no exceptions to the ban on credit checks. But over the course of the past year, limited exceptions were added to the bill. As enacted, the legislation permits the use of credit checks for prospective employees of broker-dealers who must register with the Financial Industry Regulatory Authority (FINRA) as well as for police officers and other public officials in a position involving a “high degree of public trust.” Additional exceptions allow a review of credit history when required by state or federal law or regulations; for positions when an employee must possess a security clearance or has “regular access” to intelligence or national security information; for non-clerical positions with access to “trade secrets;” for computer security positions when the employee’s duties include the ability to modify digital security systems; and for employees with signing authority over third-party funds or assets greater than $10,000 or fiduciary responsibility to an employer with the authority to enter into financial agreements of $10,000 or more.

The law permits individuals to file a complaint of discrimination with the New York City Commission on Human Rights within a one-year period or a complaint in court, with a three-year statute of limitations. Remedies include back pay, reinstatement, compensatory and punitive damages, and attorney’s fees and costs.

New York City joins 12 other jurisdictions that have prohibited credit checks in employment-related decisions, including the city of Chicago as well as California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont, and Washington.

Read the New York City legislation here.

Go to Top