Educational Series

Updated guide from the FTC: fighting identity theft with Red Flags Rule for businesses

On June 12, 2013, the Federal Trade Commission (the “FTC”) issued revised guidance designed to help businesses comply with the requirements of the Red Flags Rule, which protects consumers by requiring businesses to watch for and respond to warning signs or “red flags” of identity theft. The guidance outlines which businesses – financial institutions and some creditors – are covered by the Rule and what is required to protect consumers from identity theft.

The FTC enforces the Red Flags Rule with several other agencies. Its guide has tips for organizations under FTC jurisdiction to determine whether they need to design an identity theft prevention program, and can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

June 27th, 2013|Educational Series, Guidance|

Virginia takes workers’ privacy to a new level

Starting July 1, 2013, new Virginia Code §40.1-28.7:4 provides that “employers shall not, unless a listed exemption applies, be required to release, communicate, or distribute to a third-party, any current or former employee’s personal identifying information.”

In this context, “personal identifying information” is defined as a “home telephone number, mobile telephone number, e-mail address, shift times, or work schedule.”  Exceptions permitting the disclosure of such information include requirements of federal laws that supersede state statutes, court orders, judicial warrants or a subpoena in a civil or criminal case. Although there is no penalty, the statute establishes a public policy that endorses protection of the personal identifying information and could be used in a lawsuit against employers.

June 27th, 2013|Educational Series, Legislation|

CFPB’s database is now searchable by state and includes complaints about credit reporting

On May 31, 2013 the Consumer Financial Protection Bureau (“CFPB”) announced that its Consumer Complaint Database, now searchable by state, has been expanded to include credit reporting and money transfer complaints. In addition to these two new categories, the database, which can be accessed at http://www.consumerfinance.gov/complaintdatabase/, includes complaints relating to credit cards, mortgages, student loans, bank accounts and services, and consumer loans.

When submitting a complaint about credit reporting, consumers can select from five common issues, which are all searchable on the updated database: incorrect information on a credit report; problems with a credit reporting agency’s investigation; improper use of a credit report; not being able to get a credit report or credit score; and problems with credit monitoring or identity protection services.

June 20th, 2013|Educational Series|

FTC says data brokers willing to sell consumer information and disregard FCRA

On May 7, 2013, the Federal Trade Commission (the “FTC”) announced the results of its testing operation, revealing that 10 companies out of the 45 that the FTC approached seemed to be willing to sell consumer information without complying with the Fair Credit Reporting Act (“FCRA.”) The FTC reported that its staffers asked the companies about buying the information for purposes such as determining creditworthiness, suitability for employment or eligibility for insurance.

Six of the 10 companies appeared willing to sell consumer information for employment purposes, two for insurance decisions and two for pre-screened lists of consumers to use in making firm offers of credit. The data brokers were contacted again by the FTC, but this time in the form of letters, warning that their practices may violate the FCRA. The warning letters are part of an ongoing international effort spearheaded by the Global Privacy Law Enforcement Network, an informal group of consumer protection and privacy agencies. 

May 9th, 2013|Criminal Activity, Educational Series|

CFPB’s expanded complaint database goes live

The Consumer Financial Protection Bureau (the “CFPB”) announced that the nation’s largest database of federal consumer financial complaints is live and open for public viewing.

The CFPB’s recent launch significantly expands the Consumer Complaint Database from about 19,000 credit card complaints in 2012 to more than 90,000 complaints on mortgages, student loans, bank accounts and services, other consumer loans, and credit cards. It also includes product sub-categories, such as reverse mortgages, conventional fixed mortgages and adjustable mortgages, and home equity loans or lines of credit. Complaints are entered only after the company provides a response or after it has had the complaint for 15 days, whichever comes first. The CFPB states that while the allegations in the complaints are not verified, a commercial relationship between the consumer and the company is substantiated before the complaint is added to the database.

According to the CFPB, the database now has more than one million data points covering approximately 450 companies, and includes information such as the type of complaint, date of submission, consumer’s ZIP code, and the company’s name. The database also provides information about the actions taken on the complaint, i.e., whether the company’s response was timely, how the company responded, and whether the consumer disputed the response.

To file a complaint with the CFPB, consumers can:>

  • File online at www.consumerfinance.gov/Complaint;
  • Call 1-855-411-CFPB (2372) or TTY/TDD phone number at 1-855-729-CFPB (2372);
  • Fax to: (855) 237-2392; or
  • Mail to: Consumer Financial Protection Bureau, P.O. Box 4503, Iowa City, IA 52244.
    • May 9th, 2013|Educational Series|

    Most service providers are not subject to Red Flags Rule

    The Federal Trade Commission (the “FTC”) interim final rule which became effective February 11, 2013 confirms that most service providers are not subject to the Red Flags Rule. The rule clarifies the meaning of “creditor” ensuring that its definition is consistent with the revised definition of that term in the amended Fair Credit Reporting Act (the “FCRA”). A “creditor” must develop and implement a written identity theft prevention program premised on identifying “red flags” of identity theft only if in the ordinary course of business, the “creditor” regularly: 1) obtains or uses consumer reports in connection with a credit transaction; 2) furnishes information to consumer reporting agencies in connection with a credit transaction; or 3) advances funds to or on behalf of a person, in certain cases.

    However, any entity collecting consumer data must remain vigilant in how it collects, uses and safeguards that data. The FTC may pursue enforcement actions under the FTC Act when a company does not take reasonable privacy protection measures scaled to the risk level of their business practices.

    March 29th, 2013|Educational Series, Legislation|

    Congress questions legality of “The Work Number” operated by Equifax

    Seven members of Congress wrote a letter last month to Equifax asking for more information about its employment verification subsidiary, The Work Number, which according to a statement made by Jackie Speier (D-California), “appears to have operated under the radar, with little public awareness of the vast trove of

    [payroll and other] sensitive data it was gathering.”  Speier asserted that “Equifax needs to explain exactly how it is using this data, and provide evidence that The Work Number does not pose a threat to the privacy of 190 million Americans.”

    While companies say that they sign up with The Work Number because it gives them a convenient way to outsource employment verifications, the seven members of Congress are disturbed by the fact that “… this massive database appears to generate revenue using consumers’ sensitive personal information for profit.”

    March 29th, 2013|Educational Series|

    Revamped Form 1-9 makes its debut

    On March 8, 2013, the U.S. Citizenship and Immigration Services (the “USCIS”) announced that its newly revised Form I-9 is to be used immediately. Notably, as indicated in the Federal Register, the USCIS granted companies until May 7, 2013 to implement the new form, which purportedly has been designed to minimize completion errors. This 60-day grace period allows employers time to adjust their human resource processes, and modify their software. The USCIS has also updated its “Handbook for Employers – Guidance for Completing the Form I-9” (3.8.13 version) to correspond to the new form, and is holding webinars to educate companies in the form’s usage.

    The USCIS noted that employers do not need to complete the new form for employees for whom they already have a proper Form I–9 on file, unless re-verification applies. Unnecessary verification may violate the anti-discrimination provision of section 274B of the INA, 8 U.S.C. 1324b, which is enforced by the DOJ’s Office of Special Counsel for Immigration Related Unfair Employment Practices.

    March 29th, 2013|Educational Series, Employment Decisions|

    13 Things to Know About Investing

    The Securities & Exchange Commission (the “SEC”) recently released an educational bulletin to help investors make informed financial decisions and avoid common scams. Its 13 points include:

    1. Check the investment professional’s background.
      Details about experience and qualifications are available through the Investment Adviser Public Disclosure website and FINRA BrokerCheck.
    2. Be mindful of fees associated with buying, owning, and selling an investment product.
      Expenses vary from product to product, and even small differences in these costs can translate into large differences in earnings over time. An investment with high costs must perform better than a low-cost investment to generate the same returns.
    3. Diversification can help reduce the overall risk of an investment portfolio.
      By picking the right mix, you may be able to limit losses and reduce the fluctuations of investment returns without sacrificing too much in potential gains. Some investors find that it is easier to achieve diversification through ownership of mutual funds or exchange-traded funds rather than through ownership of individual stocks or bonds.
    4. Paying off high-interest debt may be the best “investment” strategy.
      Few investments pay off as well as, or with less risk than, eliminating high-interest debt on credit cards or other loans.
    5. Promises of high returns, with little or no associated risk, are classic warning signs of fraud.
      Every investment carries some degree of risk and the potential for greater returns comes with greater risk. Ignore the so-called “can’t miss” investment opportunities or those promising guaranteed returns or, better yet, report them to the SEC.
    6. Any offer or sale of securities must be either registered with the SEC or exempt from registration.
      Otherwise, it is illegal. Registration is important because it provides investors with access to key information about the company’s management, products, services, and finances.
    7. Do not invest in a company about which little or no information is publicly available.
      Always check whether an offering is registered with the SEC by using the SEC’s EDGAR database or contacting the SEC’s toll-free investor assistance line at (800) 732-0330.
    8. Investing heavily in shares of any individual stock can be risky.
      In particular, think twice before investing heavily in shares of your employer’s stock. If the value declines significantly, or the company goes bankrupt, you may lose money and there’s a chance you might lose your job, too.
    9. Active trading and some other common investing behaviors actually undermine investment performance.
      According to researchers, other common investing mistakes include focusing on past performance, favoring investments from your own country, region, state or company, and holding on to losing investments for too long and selling winning investments too soon.
    10. Con-artists are experts at the art of persuasion, often using a variety of influence tactics tailored to the vulnerabilities of their victims.
      Common tactics include phantom riches (dangling the prospect of wealth, enticing with something you want but can’t have), source credibility (trying to build credibility by claiming to be with a reputable firm or to have a special credential or experience), social consensus (leading you to believe that other savvy investors have already invested), reciprocity (offering to do a small favor for you in return for a big favor) and scarcity (creating a false sense of urgency by claiming limited supply).
    11. Some investments provide tax advantages.
      For example, employer-sponsored retirement plans and individual retirement accounts generally provide tax advantages for retirement savings, and 529 college savings plans also offer tax benefits.
    12. Mutual funds, like other investments, are not guaranteed or insured by the FDIC or any other government agency.
      This is true even if you buy through a bank and the fund carries the bank’s name.
    13. The key to avoiding investment fraud is using independent information to evaluate financial opportunities.
      Many investors may have avoided trouble and losses if they had asked questions from the start and verified the answers with sources outside of their family, community, or group. Whether checking the background of an investment professional, researching an investment, or learning about new products or scams, unbiased information is a significant advantage for investing wisely. 
    February 13th, 2013|Educational Series, Fraud|

    FTC’s civil rights testimony recaps FCRA obligations and aggressive enforcement

    On December 7, 2012, the Federal Trade Commission (the “FTC”), submitted its written testimony to the U.S. Civil Rights Commission on the use of criminal background checks in employment decisions. The Commission intends to apply the testimony in reviewing the EEOC’s guidance that an employer’s use of an individual’s criminal history in making employment decisions may, in some instances, violate the prohibition against employment discrimination under Title VII of the Civil Rights Act of 1964. The EEOC suggests that minorities are disproportionately likely to have criminal records, which means that when employers use criminal background reports, minorities are possibly affected more than other groups.

    Notably, in its testimony, the FTC, which shares the authority for enforcing the Fair Credit Reporting Act (“FCRA”) with other federal agencies, including the Consumer Financial Protection Bureau (“CFPB”) does not say anything substantial about civil rights.

    The testimony does, however, provide a good recap of the legal rights and obligations prescribed by the FCRA when consumer reports are used for employment purposes, and highlights the FTC’s law enforcement efforts in this area. As its starting point, the testimony reminds that the FCRA imposes several requirements on consumer reporting agencies (“CRAs”) that provide consumer reports to employers, which include ensuring that the employer is in fact using the report for a permissible purpose. In the employment context, permissible purposes are limited to “employment, promotion, reassignment, or retention.” Thus, employers may only obtain a consumer report about applicants or employees, and may not simply use their status as employers to get information about competitors, opposing parties in litigation, or anyone else. Relatedly, under the permissible purpose requirement, CRAs must have reasonable procedures in place to ensure that the consumer report users are who they claim.

    The CRAs also must comply with certain procedural requirements, such as giving all users of consumer reports a notice that informs them of their duties under the FCRA. The CRAs must obtain certifications from the employer that: (1) it is in compliance with the FCRA; and (2) it will not use consumer report information in violation of any federal or state equal employment opportunity laws or regulations.

    Further, the FCRA mandates that CRAs follow “reasonable procedures to assure maximum possible accuracy of the information

    [15 U.S.C. § 1681e(b)].” It does not establish, however, a requirement of absolute accuracy and does not require that the CRAs guarantee that the reports are error-free.

    If a CRA provides a report that has negative information about an applicant or employee that is based on public records — for example, tax liens, outstanding judgments, or criminal convictions — that CRA either has to notify the applicant or employee directly that it has provided the information to the employer, or has to adopt strict procedures to ensure that the information is complete and up to date [15 U.S.C. § 1681k(a)(1)-(2)]. Regardless of whether a CRA opts to provide the notice or adopt strict procedures, FCRA § 1681e(b), as noted above, requires CRAs to have “reasonable procedures to assure maximum possible accuracy.”]

    The FCRA also places specific obligations upon employers to provide certain disclosures to the applicants or employees, and obtain their written authorization before using consumer reports. If an employer intends to take an adverse action based either in whole or in part on the information in a consumer report, such as denying a job application, reassigning or terminating an employee, or denying a promotion, the employer must provide the applicant or employee with a pre-adverse action notice before taking the action. The pre-adverse action notice must include a copy of the consumer report on which the employer is relying and a summary of rights under the FCRA. The form, which recently was reissued by the CFPB, describes the consumers’ rights under the FCRA, including the right to obtain copies of their consumer reports and dispute information.

    Once the employer has taken the adverse action, it must give the applicant or employee a notice that the action was based on information in the consumer report.  This adverse action notice must include the name, address, and phone number of the CRA that supplied the report, and must inform the applicant or employee of his or her right to dispute the accuracy or completeness of any information in the report, and the right to obtain a free report from the CRA upon request within 60 days. Even though a consumer has the right to dispute errors, the CRAs and furnishers of information to the CRAs typically are allowed thirty days to investigate the consumer’s dispute, and the information may not be corrected in time to affect the consumer’s consideration for a particular job.

    The FTC points out that it has pursued an aggressive law enforcement program to ensure that CRAs, furnishers, and consumer report users (including employers) comply with their responsibilities under the FCRA, providing details of recent lawsuits for FCRA violations that resulted in civil penalties against CRAs ranging from $800,000 to $2.6 million. Its recent actions against employers included charges against railroad contractors for failing to provide pre-adverse action and adverse action notices to employees who were fired and job applicants who were rejected based on information in their consumer reports. Under negotiated settlement orders, the companies were required to pay penalties in the amount of $1,000 per violation, and are subject to specific injunctive, record-keeping, and reporting requirements to ensure compliance with the FCRA.

    The FTC’s enforcement actions and the latest wave of class action lawsuits enforce that FCRA compliance must be a priority for employers, CRAs and furnishers of information alike.

    January 7th, 2013|Educational Series, Legislation|
    © 2012- SCHERZER INTERNATIONAL | ALL RIGHTS RESERVED
    Go to Top