Fair Credit Reporting Act

The Federal Trade Commission (“FTC”) recently issued guidance discussing certain disclosure and authorization requirements that employers must satisfy prior to obtaining background screening reports for prospective employees.  If your company obtains background information to screen prospective employees, now is a good time to make sure you are complying with the Fair Credit Reporting Act (“FCRA”).

Under the FCRA, background screening reports are either “consumer reports” or “investigative consumer reports” when they are used for employment purposes and include information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living. Notably, the definition of “consumer report” also includes oral or other communications, and is not limited to written communications.

If your business uses background screening reports to assist with hiring decisions, remember, the FCRA requires the following steps:

  1. Prior to obtaining a background screening report about a prospective employee, employers must inform the person that they plan to get the report, and obtain the individual’s written permission allowing the employer to do so.
  2. If the background screening report discloses information that may cause the employer to not hire the prospective employee, the employer must notify the individual of the report’s findings and provide them with a copy of the report. The employer must then give the prospective employee a sufficient amount of time to review the report so they can contest any findings that might be incorrect. Although the law is silent on what constitutes “sufficient time,” the FTC has generally found that five business days satisfies this requirement.
  3. If the employer eventually chooses not to hire the prospective employee based in whole or in part on information provided in the background screening report, the employer must give notice to the prospective employee that says they were not hired due at least in part to the result of the background screening report.

One of the biggest sources of litigation with respect to background check reports recently has been over the disclosure and authorization requirements. The disclosure must be in a clear and conspicuous format that prospective employees will understand. Employers must also get the prospective employee’s written permission prior to getting a background screening report. Per the FCRA, employers may either separate the disclosure and authorization or combine the two into a single document.

The disclosure must be in a stand-alone format, meaning it cannot be in an employment application or a part of a lengthy onboarding packet. Employers can include some minor additional information in the disclosure, such as a brief description of the nature of consumer reports, but only if such information does not confuse or detract prospective employees from the substance of the disclosure.

The FTC guidance provides some examples of the types of provisions that should not be in a disclosure or authorization request:

  • Employers should not include language that purports to release them from liability for conducting, getting, or using a background screening report.
  • Employers should not include a certification by the prospective employee that all information in his or her job application is accurate.
  • Employers should remove any language that purports to require prospective employees to acknowledge that the employer’s hiring decisions are based on legitimate non-discriminatory reasons.
  • Employers should remove overly broad authorizations that allow the release of information that the FCRA does not allow to be included in a background screen report – for example, bankruptcies that are more than 10 years old.

According to the FTC guidance, a disclosure statement (including a combined disclosure and authorization) containing complex legal jargon, additional acknowledgements, or waivers of liability makes it more difficult for prospective employees to understand the main purpose of such documents. Additionally, including other acknowledgements or releases of liability is beyond the scope of what the FCRA permits in the disclosure statement, and the inclusion of such provisions may cause employers to run afoul of the statute. If employers have additional waivers, authorizations, or disclosures that they wish to give to prospective employees, they should present them in a separate document rather than in the FCRA disclosure and authorization.

Failure to comply with the FCRA is not without consequences. Indeed, employers who do not act in accordance with the FCRA are subject to civil penalties under the statute. Willful non-compliance may result in damages up to $1000, court determined punitive damages, and the recovery of costs and reasonable attorney’s fees in successful actions to enforce liability.  The FCRA also contemplates negligent noncompliance.  Employers who are negligently non-compliant with the FCRA can be liable for any actual damages sustained by the consumer, as well as the recovery of costs and reasonable attorney’s fees in successful actions to enforce liability.

Employers who conduct background screenings on potential employees should be mindful of the FTC’s continued enforcement efforts with respect to the FCRA.

Our colleagues Brian W. Steinbach and Judah L. Rosenblatt, at Epstein Becker Green, have a post on the Heath Employment and Labor blog that will be of interest to many of our readers in the technology industry: “Mayor Signs District of Columbia Ban on Most Employment Credit Inquiries.”

Following is an excerpt:

On February 15, 2017, Mayor Muriel Bowser signed the “Fair Credit in Employment Amendment Act of 2016” (“Act”) (D.C. Act A21-0673) previously passed by the D.C. Council. The Act amends the Human Rights Act of 1977 to add “credit information” as a trait protected from discrimination and makes it a discriminatory practice for most employers to directly or indirectly require, request, suggest, or cause an employee (prospective or current) to submit credit information, or use, accept, refer to, or inquire into an employee’s credit information. …

Read the full post here.

With the ever-increasing amount of information available on social media, employers should remember to exercise caution when utilizing social media as a part of their Human Resources/ Recruitment related activities.  As we have discussed in a prior blog post, “Should Employers and Facebook Be Friends?” we live in a digital-age, and how people choose to define themselves is often readily showcased on social networking sites.  Whether – and how – employers choose to interact with the online presence of their workforce will continue to develop as the relevant legal standards try to catch up.

A recent federal court filing in the Northern District of California against LinkedIn Corp. provides yet another example of the growing interaction between online personas and real-world employment law implications.  There, in Sweet, et al v. LinkedIn Corp., the plaintiffs sought to expand the application of the Fair Credit Reporting Act (“FCRA”) by alleging that LinkedIn’s practice of providing “reference reports” to members that subscribe to LinkedIn’s program for a fee, brought LinkedIn within the coverage of the FCRA as a Credit Reporting Agency (“CRA”).  Briefly, the FCRA (and relevant state statutes like it) imposes specific requirements on an employer when working with “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.” In other words, there are rules – such as providing requisite disclosures and obtaining prior authorization – that apply when an employer engages a CRA to perform background checks, reference checks and related inquiries.

In the lawsuit, the plaintiffs alleged that LinkedIn was a CRA – and that these various rules should apply – because LinkedIn collected and distributed consumer information to third parties and the resulting reference reports “bear on a consumer’s character, general reputation, mode of living, or personal characteristics, and/or other factors listed in 15 U.S.C. § 1681a(d).”  Further, according to the complaint, LinkedIn violated the FCRA because it should have provided FCRA compliant disclosure and followed the reporting obligations applicable to CRAs.

LinkedIn, which is touted as the “world’s largest professional network,” does not portray itself as a CRA and moved to dismiss the complaint.  LinkedIn argued that the plaintiffs’ interpretation of the statute was too broad and, moreover, was inconsistent with the facts.  A federal judge agreed and dismissed the complaint (although the plaintiffs have the opportunity to file another complaint).  The Court ruled that these reference searches could not be considered “consumer reports” under the law – and LinkedIn was not acting as a CRA – because, in part, the plaintiffs had voluntarily provided their information to LinkedIn with the intention of it being published online.  (The FCRA excludes from the definition of a consumer report a report that contains “information solely as to transactions or experiences between the consumer and the person making the report.”) The Court also noted that the allegations suggested that LinkedIn “gathers the information about the employment histories of the subjects of the Reference Searches not to make consumer reports but to ‘carry out consumers’ information-sharing objectives.’”

The LinkedIn case should still serve as a reminder of several important and interrelated trends.  First, as it concerns the FCRA, the statute is broadly worded to cover “any written, oral or other communication of any information by a consumer reporting agency . . .” and the equally expansive definition of a CRA can apply in numerous situations that extend beyond the traditional notion of a consumer reporting agency.  If applicable, the requirements of the FCRA must be followed.  Second, employers need to continue to be mindful of the fact that their online activity can have real-world employment law implications.  Third, as the law governing traditional employment law continues to evolve in response to online developments, the challenges to that activity will evolve as well.

As these trends continue to develop, it is important to confer with legal representation to ensure compliance.