The Supreme Court has vacated the decision in Spokeo, Inc. v. Robins and remanded it to the Ninth Circuit. Apparently, the Justices felt that the Ninth Circuit botched their legal analysis and is sending it back for a “do over.” Wait! After biting my nails to stubs, sleepless nights, head scratching and countless conversations with colleagues about what Spokeo portends for the background screening industry and class action litigation, this is all we get! I want a refund to this rodeo show.
Justice Alito wrote the majority opinion (6-2 decision with Justice Thomas filing a concurring opinion and Justices Ginsburg and Sotomayor filing a dissenting opinion).
The holding — “because the Ninth Circuit failed to consider both aspects of the injury-in-fact requirement, its Article III standing analysis was incomplete.” And this case is all about standing (not about “that bass”). The central issue is whether Mr. Robins had standing to bring this claim for alleged violation of the Fair Credit Reporting Act (FCRA) if no concrete harm is suffered. According to the Court, the Ninth Circuit’s analysis was “incomplete” because they did not “consider both aspects of the injury-in-fact requirement.” What did the Ninth Circuit fail to consider in its injury-in-fact analysis? Whether Robins suffered “‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.'” (Slip Opinion p. 7)
Concrete = meaning the injury must actually exist.
Particularized = an injury that affects the plaintiff in a personal and individual way.
Skipping ahead to the end and what this means for background screening companies. A plaintiff such as Mr. Robins cannot satisfy Article III standing by alleging a “bare procedural violation” because such may not result in harm. (Slip Opinion p. 10) This is good news for all of us who filed Spokeo motions to stay proceedings based on this decision because we arguably can continue to do so since the Court appears to open the door to that by saying that a mere technical violation of the FCRA is not sufficient to establish standing. In other words, plaintiffs who allege violations of the FCRA need to show concrete and particularized harm to bring a claim.
What’s next? The Ninth Circuit has to review the case again. Regardless of the outcome, it will likely be appealed to the Supreme Court again. The question framed by the Court’s opinion is “whether the particular procedural violations alleged in this case entail a degree of risk sufficient to meet the concreteness requirement.” (Slip Opinion p. 10) Therefore, the Ninth Circuit must conduct a full analysis of the injury-in-fact requirements paying special attention to the concreteness prong as the Court indicates that the “particularized” element of the analysis has been satisfied by Mr. Robins.
The Federal Trade Commission (FTC) just issued guidance for companies providing employment screening services. According to the FTC, they have “created new guidance for businesses aimed at giving employment background screening companies information on how to comply with the Fair Credit Reporting Act (FCRA).” The FTC is referring to it as an “FCRA brochure” … I guess like a travel brochure you would pick up at a travel agency. Anyhow, click here to view the FTC’s blog posting on this subject.
As a practitioner in this area I don’t see anything particularly ground breaking or earth shattering about the FTC’s publication. I think this publication will be most helpful for newer participants in the background screening industry.
My main takeaways for seasoned background screening firms is that the guidance provides insight into potentially what the FTC considers most important. FTC — if you are reading this, everything about you and the FCRA is important. Key points for background screeners to focus on with respect to their compliance programs:
- Accuracy of the reports — use your identifiers and check your identifiers on the reports (including middle initials); don’t provide reports with multiple entries for the same offense; and for crying out loud don’t report expunged or sealed records.
- Know your customer before furnishing consumer reports and get your section 604(b) certifications.
- Provide the appropriate federal notices to users and subjects of the reports.
- Have consumer dispute procedures in place to appropriately respond to disputes or file requests, conduct reasonable reinvestigations and provide notices to consumers about the results of any reinvestigation. And finally, don’t make it difficult or challenging for a consumer to request their file or dispute a report.
- When reporting public records that are likely to have an adverse effect on the consumer’s ability to obtain employment, either provide consumers with notice or follow “strict procedures” as per section 613 of the FCRA.
Above points shouldn’t come as a surprise to seasoned background screening firms. If they do, or you are not familiar with any of these points, speak with an FCRA attorney to come up to speed on these rapido (that’s Spanish for “fast”).
Maryland requires consumer reporting agencies to register with the Office of the Commissioner of Financial Regulation if you “intend to conduct consumer credit reporting services in the State of Maryland.”
Last week I wrote about Rhode Island’s registration requirement (click here) for background screening companies … enter Maryland.
If you are a background screening company providing consumer reports on Maryland residents, please review COMAR 09.03.07 regarding the annual registration requirements for “consumer reporting agencies.” The term “consumer reporting agency” is defined in Maryland Code, Commercial Law Article § 14-1201. The scope of COMAR 09.03.07.01 is as follows, “This chapter governs certain registration requirements and business operations of consumer reporting agencies who collect credit information and furnish consumer reports on residents of this State. The provisions of this chapter are to promote accuracy in consumer reports.” COMAR 09.03.07.03 requires, “A consumer reporting agency which issues consumer reports on residents of this State shall register with the Commissioner….”
As I said about Rhode Island, do not be lulled into complacency by use of the word “credit” as the definition of “consumer reporting agency” refers to an entity that “assembles or evaluates credit information and other information about consumers” for purposes of a consumer report.
Author’s note: COMAR 09.03.07.02 refers to § 14-1201(f) for the definition of “consumer reporting agency” but it appears that this term if currently defined in § 14-1201(e)(1).
Rhode Island has a quirky statute that arguably requires any consumer reporting agency who provides credit reports or information to state residents to register with the Department of State – Business Services Division.
I strongly encourage all background screening companies doing business in Rhode Island to work with their legal counsel to determine if they should register. Do not be mislead by use of the term “credit bureau” in the statute.
Title 6, Chapter 6-13.1-24 requires “Any credit bureau doing business in this state shall immediately register in the office of the secretary of state….” The definitions section (section 6-13.1-20) defines a credit bureau similar to the language in section 603(f) of the Fair Credit Reporting Act. Which is why, arguably, any background screening company doing business in Rhode Island which includes providing credit reports or information should consider whether to register with the state.
From personal experience we know that there is at least one serial plaintiff in Rhode Island who has filed a number of claims against companies alleging they failed to register with the state. While the statutory penalties may not seem significant, the cost of defending such a claim, which could lead to litigation or arbitration, should be considered.
Click here to view the Registration of a Credit Bureau form.
I am happy to discuss this with background screening companies considering whether to register.
Nineteen companies joined President Obama as founding companies of the White House’s Fair Chance Business Pledge. According to the White House Fact Sheet, “The pledge represents a call-to-action for all members of the private sector to improve their communities by eliminating barriers for those with a criminal record and creating a pathway for a second chance.”
Companies signing the pledge include: American Airlines, Busboys and Poets, The Coca-Cola Company, Facebook, Georgia Pacific, Google, Greyston Bakery, The Hershey Company, The Johns Hopkins Hospital and Health System, Koch Industries, Libra Group, PepsiCo, Prudential, Starbucks, Uber, Under Amour/Plank Industries, Unilever and Xerox.
Those signing the pledge are agreeing to:
- “Voicing strong support for economic opportunity for all, including the approximately 70 million Americans who have some form of a criminal record.
- Demonstrating an ongoing commitment to take action to reduce barriers to a fair shot at a second chance, including practices like “banning the box” by delaying criminal history questions until later in the hiring process; ensuring that information regarding an applicant’s criminal record is considered in proper context; and engaging in hiring practices that do not unnecessarily place jobs out of reach for those with criminal records.
- Setting an example for their peers. Today’s announcement is only the beginning. Later this year, the Obama Administration will release a second round of pledges, with a goal of mobilizing more companies and organizations to join the Fair Chance Business Pledge.”
This is part of a larger initiative by the President targeting reforms to the criminal justice system and re-entry of ex-offenders into society. A rule is expected this year from the Office of Personnel Management regarding federal employment and removal of the criminal history question on job applications. In essence, a federal Ban the Box measure.
The city of Austin in Texas is the latest major city to pass a Ban the Box ordinance which affects private employers. Ordinance No. 20160324-019 was approved on March 24, 2016 by a vote of 8 – 2.
What this means for private employers in Austin:
- An employer may not solicit or consider criminal history information about a job applicant until after a conditional offer of employment.
- An employer may not take adverse action against an applicant unless an individualized assessment has been conducted and a determination made that the individual is unsuitable for the job based on that individualized assessment.
- An individualized assessment must include, at a minimum, consideration of the following factors (a) the nature and gravity of any offenses in the applicant’s criminal history; (b) the length of time since the offense and completion of the sentence; and (c) the nature and duties of the job for which the applicant applied. Note that these are the Green factors described in the EEOC’s 2012 enforcement guidance on the use of criminal history records.
- The employer must advise the applicant of the adverse action based on criminal history information in writing.
- The ordinance does not apply to a job for which a federal, state or local law, or compliance with legally mandated insurance or bond requirements, disqualifies the applicant based on their criminal history.
- Violations of the ordinance will be enforced by the Austin Equal Employment/Fair Housing Office. Employers may be issued a warning for a first violation, followed by a civil penalty of up to $500.
- The effective date of the ordinance was April 4, 2016.
The current version of the Employment Eligibility Verification form (Form I-9) expires today. I’ve previously posted on my blog here on this topic. Below notice is from U.S. Citizenship and Immigration Services (USCIS) regarding what to do in light of this expiration date. Presently, the revised version of the Form I-9 is the subject of a 30 day notice and comment period, following an earlier 60 day notice and comment period. If you would like to see the “revised” Form I-9 click here . Hopefully the revised Form I-9 will be available in May. Note that it will still be a two page document but there are some formatting changes which USCIS hopes will make the form easier to complete.
“Until further notice, employers should continue using Form I-9, Employment Eligibility Verification. This current version of the form continues to be effective even after the Office of Management and Budget control number expiration date of March 31, 2016, has passed. USCIS will provide updated information about the new version of Form I-9 as it becomes available.
Employers must complete Form I-9 for all newly hired employees to verify their identity and authorization to work in the U.S. To learn more about Form I-9 visit I-9 Central.”
Employers all know that whenever they onboard a new employee they must complete the Employment Eligibility Verification form (Form I-9) issued by U.S. Citizenship and Immigration Services (USCIS). And that this form must be completed within three business days of hire. But do you know that this form expires at the end of this month? As Bill the Cat would say, ACK!
For more on this and what employers can do, click here to read what our friends at Equifax have to say on this topic.
And stay tuned to this blog for additional updates on the Form I-9.
Philadelphia’s Ban the Box has been on the books since 2011. However, it was recently amended and certain changes went into effect yesterday (3/14/16). Here are the basics about the Fair Criminal Records Screening Standards Ordinance (pay special attention to those items in bold/italics):
- It is illegal (i.e., an unlawful discriminatory practice) in Philadelphia for employers to ask about criminal backgrounds during the job application process. Employers must wait until they have provided the job candidate with a conditional offer of employment.
- The ordinance now applies to employers with 1+ employees (previously it was 10+ employees).
- Permits employers to consider criminal convictions only within seven (7) years from the date of application.
- Employers are prohibited from asking at any time about arrests or criminal accusations which did not lead to a conviction.
- Employers must conduct an individualized assessment.
- Employers must post the poster issued by the Philadelphia Commission on Human Relations (PCHR) in a conspicuous place for job candidates to see (e.g., a company website or on the premises).
- Complaints can be filed within 300 days of an “unlawful act” with the PCHR and could ultimately be filed in court. In other words, there is a private right of action which can be enforced in court.
- Employers can reject a job candidate based on your criminal record only if the person poses an unacceptable risk to the business or to other people. If a job candidate is rejected, the employer must send the decision to the job candidate in writing with a copy of the background report used to make the decision AND must afford the job candidate ten (10) business days to give an explanation of their record, proof that it is wrong, or proof of rehabilitation. So the question here is — does an employer send this notice during the FCRA required pre-adverse action phase (when they haven’t technically “rejected” the job candidate) or wait until the FCRA required adverse action step (but then the employer has to wait another 10 days).
For the text of the ordinance click here.
For more on Philadelphia’s Ban the Box click here.
For a complete list of changes to Philadelphia’s Ban the Box click here.
The full text of the EU-U.S. Privacy Shield (“Privacy Shield”) framework is now available. Privacy Shield was “designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.” (See Fact Sheet)
Below is a non-exhaustive list of “quick facts” about Privacy Shield:
- It remains a voluntary self-certification program, similar to the now defunct Safe Harbor program.
- Applications for certification are not currently being accepted. The Department of Commerce will begin accepting applications for certification pending the European Commission’s adequacy determination. This approval process is underway. No word yet on the cost of self-certification.
- The Privacy Shield Principles are anchored on the following concepts: notice; choice; accountability for onward transfer; security, data integrity and purpose limitation; access; recourse, enforcement and liability. In addition, there is a section entitled “Supplemental Principles” which covers topics such as sensitive data and human resources data.
- Individuals may bring a complaint directly to a Privacy Shield participant and the participant must respond to the individual within 45 days.
- Privacy Shield participants must also commit to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
- Expect greater involvement of the Department of Commerce as well as Federal Trade Commission with respect to oversight, supervision and enforcement.
- Privacy Shield participants must include certain information on their websites related to the program (e.g., access and correction rights, whether personal information is disclosed to public authorities, and information about the independent recourse mechanism).
For more information, read the AGG Alert by my colleagues Kevin Coy and Gene Burd.