FCRA

Do you know about specialty consumer reports?

Credit reports are a part of life, whether applying for a credit card or purchasing a home. But what about specialty consumer reports?

Many people are unaware that dozens of other types of consumer reports exist, filled with information about medical and prescription history, for example, or insurance claims. Specialty consumer reports gather data from a wide variety of sources including information provided by consumers on applications (such as an apartment lease or a wireless phone contract) as well as public documents like criminal records and marriage licenses.

The reports provide information geared for a specific industry. A truck driving company might purchase reports that detail a job applicant’s driving record and motor vehicle insurance claims while an insurer will review a report with claims filed by a homeowner to check an individual’s historic use of insurance policies. Other niche reports provide data on loan balances, information about any bounced checks, and bank account history for lenders; another company tracks consumers’ product returns and will alert large retailers for fraud prevention purposes.

The Fair Credit Reporting Act (the “FCRA”) entitles consumers to one free report per year from any nationwide credit or specialty reporting agency (plus another free report if an adverse action has been taken, or the consumer disputes an item in the report that was corrected).

Recently, consumer rights group Consumer Action focused on the issue of specialty consumer reports in an “Insider’s Guide to Specialty Consumer Reports: A Guide to Obtaining, Understanding and Managing Your Information,” complete with a directory of furnishers. Staffers went through the process of requesting their own reports to help provide information for consumers about the types of reports available and their rights to request reports or correct errors.

Access the Consumer Action guide.

Read the directory of specialty consumer report furnishers.

May 8th, 2015|FCRA, Fraud|

Going global: international background checks

As the business world increasingly goes global, even small or medium-sized companies may have international outposts or employees located beyond the U.S. border. In addition, with security – both physical and digital – an important issue, employers want to know everything they can about their employees.

Many employers are turning to international background checks. But a criminal record or a credit report like those used in the United States can get lost in the translation.

First up: cultural norms. What may seem perfectly routine and acceptable in the United States may confuse or offend those in other countries. For example, things like credit checks and drug tests are virtually unheard of abroad and cultural differences may yield what might by American standards be unusual answers in a personality test. A second important consideration: the law. Just as the U.S. has the Fair Credit Reporting Act (FCRA) and other regulations setting the boundaries of background checks, foreign jurisdictions have their own laws of the land. The French Labor Code, for example, requires that its “works council” review employment screening procedures prior to an employer’s use.

One huge legal complication can be found in the area of privacy law. The European Union imposes restrictions on obtaining information about employees or applicants, the way in which such information can be used, and how the information can be shared or transmitted. To alleviate some of the liability concerns, the U.S. has entered into a Safe Harbor framework with the European Commission, which requires compliance with seven principles of data security. And while the EU leads the pack, other countries (like Australia, Canada, Hong Kong, and Japan) also pose challenges with their strict regulation of privacy.

Having an applicant sign a consent form to release information may be of little help as several EU countries also recognize a presumption against enforcement of such agreements on the basis that employees and applicants have limited bargaining power in the employment context. Alternatively, employers may have better luck by having applicants do the work themselves, providing their own background information to avoid implicating data privacy laws. Of course, this raises authentication and accuracy questions.

The collection of criminal information can also present logistical challenges. Many countries do not have an organized court system, and records, if available, may have to be searched on a regional or town-by-town basis, or at multiple agencies (like the police, the court venue and a government agency, for example). Certain countries offer what is known as a “police certificate” which will confirm the information about an applicant found in police records. Some countries, like Poland, have banned the collection of criminal records altogether; Spain prohibits the possession of records but an applicant could, in theory, show an employer his or her record.

If the screening is being conducted by a consumer reporting agency located in the United States, the FCRA requirements also come into play. International background checks are not impossible, but they do pose a number of legal and cultural risks that can be tackled with the right planning and professional assistance from an experienced background screening company.

February 23rd, 2015|Criminal Activity, Educational Series, Employment Decisions, Fraud|

Trend of suing employers for technical FCRA violations continues

The threat of a multi-million potential class action lawsuit alleging technical violations of the Fair Credit Reporting Act (FCRA) continues to haunt employers, even where the plaintiffs have alleged or proven no harm.

Pursuant to the statute, employers are required to “provide prior written notice before they can procure a consumer report about any employee or applicant for employment.” Just as important, 15 U.S.C. Section 1681b(b)(2)(A)(i) adds that the notice must be given “in a document that consists solely of the disclosure.”

Seeking to take advantage of the statutory damages available under the FCRA – from $100 up to $1,000 for a willful violation – plaintiffs have challenged employers’ use of a disclosure form that combined the written notice to procure a consumer report with other information or documents, such as an application form.

The trend to sue for FCRA technical violations was started by Singleton v. Domino’s Pizza, LLC in the U.S. District Court of Maryland (case no. 8:11-cv-01823-DKC) where the court ruled that inclusion of a liability release in the employer’s disclosure/authorization form violates the FCRA. Domino’s ended up reaching a settlement with the plaintiffs in 2013 for $2.5 million.

Also taking a strict reading of the statutory language, the Western District Court of Pennsylvania ruled in 2013 in Reardon v. Closetmaid Corporation (case no. 2:0S-cv-01730) that an employer could be liable for the combination of a disclosure/authorization with a liability waiver, and granted summary judgment in favor of the roughly 1,800 job applicants.

In a more recent example, a class of applicants sued Publix Super Markets in the U.S. District Court for the Middle District of Tennessee (case no. 3:14-cv-00720) also based on a violation of the sole disclosure requirement and release of liability. With Domino’s and Closetmaid’s payouts looming over its head and a class of 90,000, Publix agreed to settle the claims for $6.8 million earlier last year.

Although these companies opted not to fight the suits on their merits, a defendant in a case filed in the U.S. District Court for the Eastern District of California (case no. 1:14-742-WBS-BAM) did and won dismissal in October 2014. Syed v. M-I LLC involved identical claims but the judge reached a contrary decision, finding that the FCRA text was not as clear-cut as the plaintiff claimed. Immediately following the subsection mandating the sole disclosure of the employer’s intent to procure a consumer report is a provision that states that the consumer’s authorization is to “be made on the document referred to in clause (i)” – “that is, the same document as the disclosure,” the court noted, and “…thus, the statute itself suggests that the term ‘solely’ is more flexible than at first it may appear…”

The Syed decision is the second one that may give hope to employers facing similar suits. (There are at least six class actions pending.) But the obvious answer for companies looking to avoid the problem entirely is simple: use a standalone disclosure/authorization form that is separate from any other information or documents.

January 29th, 2015|Employment Decisions, Lawsuit|

Class action charges LinkedIn with violations of FCRA

According to a new putative class action filed in California federal court, social networking site LinkedIn runs afoul of the Fair Credit Reporting Act (FCRA).

The plaintiffs claim that LinkedIn’s reference search functionality allows prospective employers, among others, to obtain reports on job applicants with profiles on the site. LinkedIn’s dissemination of “Reference Reports” – that are created based on a user’s profile and connections to form a list of former supervisors and co-workers as possible references – are available for users who pay a monthly or annual subscription fee.

“LinkedIn has created a marketplace in consumer employment information, where it sells employment information, that may or may not be accurate, and that is has obtained in part from unwitting members, and without complying with the FCRA,” according to the complaint, which noted the site has more than 300 million members and one million jobs listed.

The Reference Reports bring LinkedIn within the purview of the FCRA, and yet the company fails to comply with a host of statutory requirements, according to the complaint.

Specifically, the complaint alleges that the site violates Section 1581(b) by furnishing consumer reports for employment purposes without obtaining the certifications required by the statute or a summary of the consumer’s rights and also does not maintain any of the procedures required by Section 1681e(a) to limit the furnishing of consumer reports to the limited purposes of the statute. In addition, Section 1681e(b) mandates that all consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information, Section 1681e(d) requires that a user notice be provided to individuals when a report is provided about them, and Section 1681b states that reports can only be provided after an inquiry to ensure the report is used for a “permissible purpose.” None of these statutory requirements were met by LinkedIn, the suit alleges.

“[A]ny potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained,” Sweet and the other plaintiffs claim. “Such secrecy in dealing in consumer information directly contradicts the express purposes of the FCRA.”

The main plaintiff alleges that she located a job opening on the site and submitted her resume through LinkedIn. She received a notification from the site that the general manager of the employer had viewed her profile and she was offered the job after an interview. The general manager declined the plaintiff’s offer to provide a list of references but later called back to rescind the offer, telling her that he had checked some of her references and changed his mind.

The plaintiffs seek to certify a nationwide class of LinkedIn users who had a Reference Report run on them as well as a subclass of users who applied for employment via the site and had a Report generated by a potential employer. As for remedies, the putative class requests actual, statutory, and punitive damages, as well as attorney’s fees and costs.

To read the complaint in Sweet v. LinkedIn Corporation, click here.

December 3rd, 2014|Employment Decisions, Lawsuit|

Background screening of independent contractors

The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?

The answer: it depends.

While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)

The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.

Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.

In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.

The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.

However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”

To read the Allison Letter, click here.

To read the Solomon Letter, click here.

December 3rd, 2014|Employment Decisions|

Class action for unauthorized disclosure of PHI is a new twist under FCRA

A recent class-action is seeking damages for the unauthorized disclosure of personal health information (“PHI”) under the Fair Credit Reporting Act (the “FCRA”). The plaintiffs claim that the defendant hospital allowed the unauthorized access of confidential records of the putative class members, including PHI, held by a third-party records vendor without their knowledge or consent and without sufficient security. Among other claims, the plaintiffs allege that the hospital violated the FCRA by failing to implement adequate safeguards to protect their personally identifiable information and PHI from a data breach suffered by the third-party vendors. The plaintiffs argue that the hospital was a CRA that created “consumer reports” containing sensitive information including names, dates of birth, Social Security numbers, billing information and confidential health records, and disseminated this information to medical service providers affiliated with the defendant, and that the defendant allowed employees of the vendor and others to gain unrestricted access to their personally identifiable information and PHI, which was allegedly misused and intentionally disclosed to third-parties for profit.

September 19th, 2014|Judgment|

Class actions against employers for violations of the FCRA are increasing

An auto parts company (CA USDC Case No. 2:14-cv-3470) and a hotel chain (CA USDC Case No. 3:14-cv-01089) are just the latest employers that have been slapped with class action lawsuits for alleged violations of the Fair Credit Reporting Act (the “FCRA”) charging willful non-compliance with the FCRA’s disclosure, authorization, and/or notice requirements. And the payouts in such lawsuits can be in the millions. Within the past three years, a national trucking company reached a settlement for $4.6 million, a national retail chain for $3 million and a national pizza maker for $2.5 million.

The FCRA allows an applicant or employee to bring a private right of action against an employer who negligently or willfully fails to comply with any of the FCRA’s requirements. Under the statute of limitations, an action must be brought by the earlier of (1) two years after the date of violation discovery by the plaintiff, or (2) five years after the date on which the violation occurred. The employer’s liability for negligent non-compliance is actual damages sustained by the applicant/employee, and reasonable attorneys’ fees and costs. A willful violation carries actual or statutory damages ranging between $100 and $1,000, punitive damages, and attorneys’ fees and costs.

Below are general FCRA compliance reminders to employers when procuring and using background check reports prepared by a consumer reporting agency (“CRA”):

Provide disclosure to the applicant/employee in a standalone document that a consumer report may be obtained and used for employment purposes (language must be clear, with no superfluous information or liability waiver, and separate from the employment application);
Provide to the applicant/employee a summary of rights under the FCRA and applicable state notices;
Obtain the applicant/employee’s authorization for the consumer report;
Before taking adverse action based on the report (1) provide a pre-adverse action notice to the applicant/employee along with a copy of the report, and notices of rights, if not given previously, (2) wait a reasonable period of time (at least 5 days) before taking the adverse action, and (3) after deciding to take the adverse action, provide a notice that contains the FCRA required information, such as the name, address, and telephone number of the CRA that provided the report.

May 14th, 2014|Employment Decisions, Judgment, Lawsuit|

Another lawsuit reminds employers about FCRA disclosure/authorization requirements

A recently filed class action NDC Ca. No. (4:14-cv-00592-DMR, 2-7-14) is a reminder to employers that under the Fair Credit Reporting Act (the “FCRA”) their disclosure and authorization form to the applicant/employee for obtaining a background check must be in a standalone document, and cannot contain confusing or extraneous information. The lawsuit alleges that the defendant employer used an invalid form to obtain consent to conduct background checks, that it relied on an authorization that was included alongside several other consent paragraphs in an online employment application, and that the consent form contained a release of liability related to obtaining the background check. Two published court decisions already ruled that including a liability waiver constitutes a technical violation under the FCRA. (WD Pa. 2013, No. 2:08-cv-01730-MRH, and Dist. Md., 2012, No. 8:11-cv-01823-DKC.)

March 28th, 2014|Judgment, Lawsuit|

Proposed Regulation A rules have bad actor disqualification similar to Rule 506(d)

On December 2, 2013, the U.S. District Court for the Western District of Pennsylvania ruled that a combined disclosure and authorization form that contained a liability waiver which the employer gave to a group of former job applicants violates the Fair Credit Reporting Act (the “FCRA.”) The court determined that a significant portion of the 1,800 individuals in this class action are entitled to willful damages under the FCRA and could each receive the greater of his/her actual damages or $1,000 plus attorneys’ fees.

This is a second published decision to hold that liability waivers invalidate the disclosure requirements under the FCRA. The first ruling rendered in January 2012 in the U.S. District Court in Maryland found that “both the statutory text and FTC advisory opinions indicate that an employer violates the FCRA by including a liability release in a disclosure document.” Thus far, only the U.S. District Court for the Western District of North Carolina disagreed, deciding in August 2012 that the liability waiver included in the defendant employer’s combined disclosure and authorization form was kept sufficiently distinct from the disclosure language so as not to render it ineffective.

January 17th, 2014|Dodd-Frank, Employment Decisions|

Proposed federal bill bans credit checks in employment decisions

Introduced by Senator Elizabeth Warren (D-Mass) on December 17, 2013, the “Equal Employment for All Act” (S. 1837), would amend the Fair Credit Reporting Act to prohibit employers from requiring or suggesting that applicants disclose their credit history, from procuring a consumer or investigative report, and from disqualifying employees based on a poor credit rating, or information on a consumer’s creditworthiness, standing or capacity. Positions that require a national security clearance or “when otherwise required by law” are exempt from the prohibition. Ten states (California, Colorado, Connecticut, Hawaii, Illinois, Maryland, Nevada, Oregon, Vermont and Washington) already have enacted legislation that limits the use of credit reports for employment purposes.

January 17th, 2014|Employment Decisions, Legislation|

Previous 234 Next