Colorado-based employers know that when they onboard an employee one of the compliance related items that must be completed relates to the Employment Eligibility Verification form (Form I-9) and the Colorado Affirmation Form.  The Form I-9 is a federal requirement and the affirmation form is a state requirement, which many argued is somewhat duplicative of the Form I-9. Currently, Colorado’s Employment Verification Law (8-2-122, C.R.S.) requires both public and private employers who transact business in Colorado, and for employees hired on or after January 1, 2007, to complete the Colorado Affirmation Form within 20 days of hire as well as keep copies of documents presented for purposes of the Form I-9.

Effective August 10, 2016 Colorado employers will no longer need to complete the Colorado Affirmation Form thanks to passage of House Bill 16-1114 by Colorado’s legislature. The legislation was signed by Governor Hickenlooper on June 8, 2016.

To be clear, until August 10, 2016 Colorado based employers must continue to complete the Colorado Affirmation Form and maintain copies of documents presented with the Form I-9.

Yesterday I attended an interesting webinar regarding Fair Credit Reporting Act (FCRA) developments.  Susan Camp Stocks from the Consumer Financial Protection Bureau (CFPB) and Katherine Ripley White from the Federal Trade Commission (FTC) participated, along with my colleagues Bob Belair and Kevin Coy. The speakers covered a fair amount of ground on different FCRA issues, including the importance of furnishers of information having written policies and procedures.  However, I want to focus on what they said about the background screening industry.

FTC Comments

  • They are focusing on background screening and in particular the use of criminal history records in employment screening
  • Accuracy of the reports is essential
  • Red flags that background screeners should review/consider when reporting public records — different names or DOBs, multiple entries for the same offense, and the reporting of expunged cases
  • They are working with the Federal Interagency Reentry Council to address accuracy related issues in the criminal justice system
  • They will turn their attention to focus on tenant screening in the next year and it is likely that we will see revised guidance in this area

CFPB Comments

  • Among their policy priorities is consumer reporting
  • It appeared that there is a belief that there is weak oversight of public record providers and that they believe more audits of such providers should be conducted to address accuracy issues
  • Accuracy of the reports is very important to them and they spoke about the enforcement action against General Information Services and e-Backgroundchecks.com to illustrate the point

European Data Protection Supervisor (EDPS) Giovanni Buttarelli issued his formal opinion on the EU- US Privacy Shield, arguing that while it’s a step in the right direction, “robust improvements” are needed.  The EDPS is an independent advisor/institution and this opinion, along with its recommendations, is geared primarily to the European Commission.

A notable criticism is that Privacy Shield is based on the current EU Directive 95/46/EC, which will be superseded by the new and more robust EU data protection framework, the General Data Protection Regulation (GDPR), in May 2018.   This is problematic because, in his opinion, there isn’t consistency between the current and the future framework and data controllers could find themselves seeking to comply in an environment where that compliance model is changing.

Some additional points worth highlighting are that the EDPS believes more can be done with respect to data minimization and retention as well as automated processing of personal data.  Specifically, he recommends that:

  • The language regarding data minimization and retention should be strengthened to “clearly prohibit keeping personal data in a form which permits identification of data subjects for longer than necessary for the purposes for which the data were collected or further processed.” (See page 9)
  • Language regarding automated processing of personal data — especially when it impacts individuals “performance at work, creditworthiness, reliability, conduct, etc.” — should have greater safeguards and allow for human intervention on the part of the controller to express their “point of view and to contest the decision, and to obtain information about the logic underpinning the processing.”  (See pages 9 and 10)

The EDPS concludes by stating that he “welcomes the efforts shown by the parties to find a solution for transfers of personal data from the EU to the U.S. for commercial purposes under a system of self-certification.  However, robust improvements are needed in order to achieve a solid framework, stable in the long term.”

 

The Supreme Court has vacated the decision in Spokeo, Inc. v. Robins and remanded it to the Ninth Circuit.   Apparently, the Justices felt that the Ninth Circuit botched their legal analysis and is  sending it back for a “do over.”  Wait!  After biting my nails to stubs, sleepless nights, head scratching and countless conversations with colleagues about what Spokeo portends for the background screening industry and class action litigation, this is all we get!  I want a refund to this rodeo show.

Justice Alito wrote the majority opinion (6-2 decision with Justice Thomas filing a concurring opinion and Justices Ginsburg and Sotomayor filing a dissenting opinion).

The holding — “because the Ninth Circuit failed to consider both aspects of the injury-in-fact requirement, its Article III standing analysis was incomplete.”  And this case is all about standing (not about “that bass”).  The central issue is whether Mr. Robins had standing to bring this claim for alleged violation of the Fair Credit Reporting Act (FCRA) if no concrete harm is suffered.  According to the Court, the Ninth Circuit’s analysis was “incomplete” because they did not “consider both aspects of the injury-in-fact requirement.”  What did the Ninth Circuit fail to consider in its injury-in-fact analysis?  Whether Robins suffered “‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.'” (Slip Opinion p. 7)

Concrete = meaning the injury must actually exist.

Particularized = an injury that affects the plaintiff in a personal and individual way.

Skipping ahead to the end and what this means for background screening companies.  A plaintiff such as Mr. Robins cannot satisfy Article III standing by alleging a “bare procedural violation” because such may not result in harm. (Slip Opinion p. 10) This is good news for all of us who filed Spokeo motions to stay proceedings based on this decision because we arguably can continue to do so since the Court appears to open the door to that by saying that a mere technical violation of the FCRA is not sufficient to establish standing.  In other words, plaintiffs who allege violations of the FCRA need to show concrete and particularized harm to bring a claim.

What’s next?  The Ninth Circuit has to review the case again.  Regardless of the outcome, it will likely be appealed to the Supreme Court again.  The question framed by the Court’s opinion is “whether the particular procedural violations alleged in this case entail a degree of risk sufficient to meet the concreteness requirement.”  (Slip Opinion p. 10)  Therefore, the Ninth Circuit must conduct a full analysis of the injury-in-fact requirements paying special attention to the concreteness prong as the Court indicates that the “particularized” element of the analysis has been satisfied by Mr. Robins.

The Federal Trade Commission (FTC) just issued guidance for companies providing employment screening services.   According to the FTC, they have “created new guidance for businesses aimed at giving employment background screening companies information on how to comply with the Fair Credit Reporting Act (FCRA).” The FTC is referring to it as an “FCRA brochure” … I guess like a travel brochure you would pick up at a travel agency.  Anyhow, click here to view the FTC’s blog posting on this subject.

As a practitioner in this area I don’t see anything particularly ground breaking or earth shattering about the FTC’s publication.  I think this publication will be most helpful for newer participants in the background screening industry.

My main takeaways for seasoned background screening firms is that the guidance provides insight into potentially what the FTC considers most important.  FTC — if you are reading this, everything about you and the FCRA is important.  Key points for background screeners to focus on with respect to their compliance programs:

  • Accuracy of the reports — use your identifiers and check your identifiers on the reports (including middle initials); don’t provide reports with multiple entries for the same offense; and for crying out loud don’t report expunged or sealed records.
  • Know your customer before furnishing consumer reports and get your section 604(b) certifications.
  • Provide the appropriate federal notices to users and subjects of the reports.
  • Have consumer dispute procedures in place to appropriately respond to disputes or file requests, conduct reasonable reinvestigations and provide notices to consumers about the results of any reinvestigation.  And finally, don’t make it difficult or challenging for a consumer to request their file or dispute a report.
  • When reporting public records that are likely to have an adverse effect on the consumer’s ability to obtain employment, either provide consumers with notice or follow “strict procedures” as per section 613 of the FCRA.

Above points shouldn’t come as a surprise to seasoned background screening firms.  If they do, or you are not familiar with any of these points, speak with an FCRA attorney to come up to speed on these rapido (that’s Spanish for “fast”).

Maryland requires consumer reporting agencies to register with the Office of the Commissioner of Financial Regulation if you “intend to conduct consumer credit reporting services in the State of Maryland.”

Last week I wrote about Rhode Island’s registration requirement (click here) for background screening companies … enter Maryland.

If you are a background screening company providing consumer reports on Maryland residents, please review COMAR 09.03.07 regarding the annual registration requirements for “consumer reporting agencies.”  The term “consumer reporting agency” is defined in Maryland Code, Commercial Law Article § 14-1201.  The scope of COMAR 09.03.07.01 is as follows, “This chapter governs certain registration requirements and business operations of consumer reporting agencies who collect credit information and furnish consumer reports on residents of this State. The provisions of this chapter are to promote accuracy in consumer reports.”  COMAR 09.03.07.03 requires, “A consumer reporting agency which issues consumer reports on residents of this State shall register with the Commissioner….”

As I said about Rhode Island, do not be lulled into complacency by use of the word “credit” as the definition of “consumer reporting agency” refers to an entity that “assembles or evaluates credit information and other information about consumers” for purposes of a consumer report.

Author’s note: COMAR 09.03.07.02 refers to § 14-1201(f) for the definition of “consumer reporting agency” but it appears that this term if currently defined in § 14-1201(e)(1).

Happy Registration!

Rhode Island has a quirky statute that arguably requires any consumer reporting agency who provides credit reports or information to state residents to register with the Department of State – Business Services Division.

I strongly encourage all background screening companies doing business in Rhode Island to work with their legal counsel to determine if they should register.  Do not be mislead by use of the term “credit bureau” in the statute.

Title 6, Chapter 6-13.1-24 requires “Any credit bureau doing business in this state shall immediately register in the office of the secretary of state….”  The definitions section (section 6-13.1-20) defines a credit bureau similar to the language in section 603(f) of the Fair Credit Reporting Act.  Which is why, arguably, any background screening company doing business in Rhode Island which includes providing credit reports or information should consider whether to register with the state.

From personal experience we know that there is at least one serial plaintiff in Rhode Island who has filed a number of claims against companies alleging they failed to register with the state.  While the statutory penalties may not seem significant, the cost of defending such a claim, which could lead to litigation or arbitration, should be considered.

Click here to view the Registration of a Credit Bureau form.

I am happy to discuss this with background screening companies considering whether to register.

 

Nineteen companies joined President Obama as founding companies of the White House’s Fair Chance Business Pledge.  According to the White House Fact Sheet, “The pledge represents a call-to-action for all members of the private sector to improve their communities by eliminating barriers for those with a criminal record and creating a pathway for a second chance.”

Companies signing the pledge include: American Airlines, Busboys and Poets, The Coca-Cola Company, Facebook, Georgia Pacific, Google, Greyston Bakery, The Hershey Company, The Johns Hopkins Hospital and Health System, Koch Industries, Libra Group, PepsiCo, Prudential, Starbucks, Uber, Under Amour/Plank Industries, Unilever and Xerox.

Those signing the pledge are agreeing to:

  • “Voicing strong support for economic opportunity for all, including the approximately 70 million Americans who have some form of a criminal record.
  • Demonstrating an ongoing commitment to take action to reduce barriers to a fair shot at a second chance, including practices like “banning the box” by delaying criminal history questions until later in the hiring process; ensuring that information regarding an applicant’s criminal record is considered in proper context; and engaging in hiring practices that do not unnecessarily place jobs out of reach for those with criminal records.
  • Setting an example for their peers. Today’s announcement is only the beginning. Later this year, the Obama Administration will release a second round of pledges, with a goal of mobilizing more companies and organizations to join the Fair Chance Business Pledge.”

This is part of a larger initiative by the President targeting reforms to the criminal justice system and re-entry of ex-offenders into society.  A rule is expected this year from the Office of Personnel Management regarding federal employment and removal of the criminal history question on job applications.  In essence, a federal Ban the Box measure.

The city of Austin in Texas is the latest major city to pass a Ban the Box ordinance which affects private employers.  Ordinance No. 20160324-019 was approved on March 24, 2016 by a vote of 8 – 2.

What this means for private employers in Austin:

  • An employer may not solicit or consider criminal history information about a job applicant until after a conditional offer of employment.
  • An employer may not take adverse action against an applicant unless an individualized assessment has been conducted and a determination made that the individual is unsuitable for the job based on that individualized assessment.
    • An individualized assessment must include, at a minimum, consideration of the following factors (a) the nature and gravity of any offenses in the applicant’s criminal history; (b) the length of time since the offense and completion of the sentence; and (c) the nature and duties of the job for which the applicant applied.  Note that these are the Green factors described in the EEOC’s 2012 enforcement guidance on the use of criminal history records.
  • The employer must advise the applicant of the adverse action based on criminal history information in writing.
  • The ordinance does not apply to a job for which a federal, state or local law, or compliance with legally mandated insurance or bond requirements, disqualifies the applicant based on their criminal history.
  • Violations of the ordinance will be enforced by the Austin Equal Employment/Fair Housing Office.  Employers may be issued a warning for a first violation, followed by a civil penalty of up to $500.
  • The effective date of the ordinance was April 4, 2016.

 

The current version of the Employment Eligibility Verification form (Form I-9) expires today.  I’ve previously posted on my blog here on this topic.  Below notice is from U.S. Citizenship and Immigration Services (USCIS) regarding what to do in light of this expiration date.  Presently, the revised version of the Form I-9 is the subject of a 30 day notice and comment period, following an earlier 60 day notice and comment period.  If you would like to see the “revised” Form I-9 click here .  Hopefully the revised Form I-9 will be available in May.  Note that it will still be a two page document but there are some formatting changes which USCIS hopes will make the form easier to complete.

USCIS Notice:

“Until further notice, employers should continue using Form I-9, Employment Eligibility Verification. This current version of the form continues to be effective even after the Office of Management and Budget control number expiration date of March 31, 2016, has passed. USCIS will provide updated information about the new version of Form I-9 as it becomes available. 

Employers must complete Form I-9 for all newly hired employees to verify their identity and authorization to work in the U.S. To learn more about Form I-9 visit I-9 Central.”