Read more about this in an article I wrote, published by FSR Magazine on April 18, 2017, which is intended to help leaders within the restaurant industry understand the employee onboarding process to avoid claims of unlawful discriminatory practices under the Immigration and Nationality Act.  The insights provided in the article are equally applicable to other industries and types of employers.

Click here to read the article.

 

In February I started writing a weekly compliance news flash which is published on Friday.  In April it dawns on me that I should provide this information to all my wonderful readers (thank you by the way). Clearly I was on the slow train on this one.  Regardless, here you go–this week’s compliance news flash which succinctly covers important issues related to employment background checks  and immigration compliance (i.e., Form I-9, E-Verify and Homeland Security workplace investigations).  Prior versions of the Compliance News Flash can be found by clicking here and here and here.  If you would like the news flash to appear in your inbox please send me an email and I will add you to my list — montserrat.miller@agg.com.

Happy reading.

Perk for members of NAPBS.  A colleague of mine is doing a webinar for members of NAPBS on the Foreign Corrupt Practices Act (FCPA).  Below is a summary of the webinar Mike Burke will be leading tomorrow (March 29) at 3 pm EST.

The Foreign Corrupt Practices Act (FCPA) impacts every U.S. business that has operations in other countries. Given the nature of the background screening industry, and the contacts between industry and government officials and regulators, U.S. background screeners need to pay particular attention to the FCPA’s compliance requirements. In this program, we will discuss the FCPA’s compliance requirements, the applicability to the background screening industry, and share some best practice tips for compliance.

If you are a member of NAPBS, click here to register.

Today’s fun fact – as an employer you cannot ask employees to provide a specific document or documents when completing section 2 of the Form I-9 (the Employment Eligibility Verification form).  Remember, all employers must complete a Form I-9 for new hires within three business days of hire.  Section 2 of the Form I-9 is where the employee must present the employer with documentary proof of identity and work authorization by selecting a document, or documents, from the Lists of Acceptable documents. Employers cannot tell employees what document(s) to present.  As an employer, your responsibility is to show the list to employees and have them select which document(s) they will present for section 2 completion.

Why is this a problem?  Because, when an employer requires certain documents from some individuals but not others this can lead to a claim of discrimination under the Immigration and Nationality Act (INA). Discrimination based on national origin or citizenship.  These types of claims are handled by the Department of Justice’s Immigrant and Employee Rights Section (IER), formerly known as the Office of Special Counsel for Immigration-Related Unfair Employment Practices.

To prove my point, the Department of Justice recently settled an immigration-related discrimination claim against a pizza restaurant franchisee with 31 locations in Florida for $140,000. Why? Well, the allegation was that the employer routinely requested that lawful permanent residents produce a specific document to prove their work authorization—their permanent resident card—while not asking the same of U.S. citizens. This is not acceptable.

And, as if paying a civil penalty of $140,000 isn’t enough, under the terms of the settlement, the pizzerias must “post notices informing workers about their rights under the INA’s antidiscrimination provision, train their human resources personnel, and be subject to departmental monitoring and reporting requirements.”  In addition to the civil penalties, factor in attorney’s fees for legal representation.

A quick refresher on completing section 2 of the Form I-9 for someone who checks in section 1 of the Form I-9 that they are a lawful permanent resident (aka “green card holder”). That employee may then, for purposes of completing section 2, present either a permanent resident card (a List A document) or a driver’s license and unrestricted Social Security Card (List B and List C documents). Just because they say they are a lawful permanent resident does not mean they must provide their permanent resident card.  An employer cannot tell that individual what specific document(s) to present. The Lists of Acceptable Documents are part of the Form I-9 which can be found on U.S. Citizenship and Immigration Services website.

We are almost to a point where all 50 states and the District of Columbia will have some form of data breach notification law on their books to protect residents’ personally identifying information (PII) in the event of a data breach.  The three holdout states are Alabama, New Mexico and South Dakota.  But that’s about to change in New Mexico.  The state legislature recently passed the Data Breach Notification Act (H.B. 15) and the legislation is awaiting Governor Susana Martinez’s signature.

Some highlights of the legislation:

  • A “security breach” is defined as the “unauthorized acquisition of unencrypted computerized data, or of encrypted computerized data and the confidential process or key used to decrypt the encrypted computerized data, that compromises the security, confidentiality or integrity of personal identifying information maintained by a person.”
  • It requires the proper disposal of PII when records containing such are “no longer reasonably needed for business purposes.”
  • It requires that any person that owns or maintains PII of New Mexico residents must “implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal identifying information from unauthorized access, destruction, use, modification or disclosure.”
  • In the event of a security breach, notification must be provided within 45 days.  However, New Mexico will be a “risk of harm” state, meaning that notice will not be required if the incident does not “give rise to a significant risk of identity theft or fraud.”
  • The notification letter must include specific content, including (but not limited to) the types of PII compromised, date of the breach, a general description of the breach, contact information for the three major credit bureaus, and “advice that directs the recipient to review personal account statements and credit reports, as applicable, to detect errors resulting from the security breach.”
  • Notice is required to be provided to the state attorney general and the three major credit bureaus if the breach affects more than 1,000 New Mexico residents.

 

 

Please join me next week for a discussion about what employers need to be aware of regarding pre-employment background checks to ensure you have compliant background screening policies and procedures in place. Some of the topics I will discuss include the Fair Credit Reporting Act, state law regarding restrictions on the use of credit information for employment screening purposes, the EEOC’s guidance on the use of criminal history records, and Fair Chance Hiring laws (aka Ban the Box ordinances).

The webinar is hosted by ClearStar.  Please register by clicking here.

Details: The free webinar is Wednesday, March 15, 2017 from 2:00 PM – 3:00 PM EDT.

Are you an employer that conducts pre-employment background checks for new hires, or maybe background checks for existing employees for promotion, reassignment or retention purposes?  Ever randomly wonder if you can use that report and information in it for a purpose other than employment screening?  The short answer is, no.

The FTC recently posted on its blog how to use information in such consumer reports and the fact that an employer or other “user” of consumer reports cannot “double dip.” Meaning, if you receive a “consumer report” (aka a background check report) from a background screening company for employment screening purposes, you cannot use it for a different purpose. If you engage the services of a background screening company make sure to read the Notice to Users of Consumer Reports: Obligations of Users Under the FCRA, which explains employers obligations under the law.  Your background screener should provide you with a copy of this notice.

An employer’s obligations include:

  • Having a “permissible purpose” to request a consumer report from a background screening company — for hiring, promotion, retention or reassignment, the “permissible purpose” is employment. Your background screening vendor should ask you to certify your permissible purpose prior to furnishing a report, which is why you may see language about this in the contract as well as other language related to the parties obligations under the Fair Credit Reporting Act (FCRA) (15 U.S.C. § 1681 et seq.).
  • Providing certain disclosures to the job applicant or employee (i) prior to requesting a background check; (ii) when information contained in the report may affect eligibility for employment; and (iii) if an adverse action is going to be taken as a result of information in the report.
  • Providing notice regarding the background investigation and securing the job applicant or employee’s written consent.
  • Properly dispose of these reports, including by burning, pulverizing, shredding or electronically purging the information — for more on proper disposal of reports click here.

Note section III in the Notice to Users of Consumer Reports: Obligations of Users Under the FCRA as it specifically addresses the use of background check reports for employment purposes.  The FCRA imposes additional requirements when employers use reports for employment screening purposes.

A series of recent class action complaints against employers leads me to write about what employers can do to mitigate risk with respect to their background screening program.

I’m talking about pre-employment background checks when an employer uses the services of a third-party background screening company. Under the Fair Credit Reporting Act (FCRA) (15 U.S.C. § 1681 et seq.) employers have two critical responsibilities when using the services of a third-party background screening firm to request background checks on prospective employees.

Employers must do the following in order to comply with the FCRA when requesting a background check:

  1. Employers must provide prospective employees a clear and conspicuous disclosure regarding the fact that you will conduct a background check AND you must get the individual’s written authorization to conduct such. This is typically called the disclosure and authorization notice and it must be in a stand-alone document. The FCRA requires that when an employer requests a background check (aka a “consumer report”) for employment purposes they must provide “a clear an conspicuous disclosure” in writing “before the report is procured or caused to be procured, in a document that consists solely of the disclosure” and “the consumer has authorized in writing….” (15 U.S.C. § 1681b(b)(2)(A)(i)-(ii))
  2. Employers must follow the adverse action process, which is potentially a two-step process. The first step is typically referred to as the “pre-adverse action step” and you cannot send a final “no hire” letter until you complete this step. So, hypothetically speaking, after completing step 1 above you receive the results of a background check from your background screening vendor. The report indicates a criminal history or some other adverse item of information.  Based on this information, you may decide not to hire the individual.  Now what?  Before you take any final adverse action you must first provide the individual with a copy of the report you are reviewing and a summary of their rights as prescribed by the Consumer Financial Protection Bureau.  This allows the prospective employee to review the report and alert you if any information contained therein is inaccurate or incomplete and also to act on that incorrect or incomplete information with the background screening company. You should wait at least five business days before taking any final adverse action although realize that in some states and cities, Fair Chance laws and ordinances (aka Ban the Box laws and ordinances) may impose greater time periods. For more about Ban the Box, click here.

At a minimum, employers must follow above two steps to comply with the FCRA.  Depending on what state or city you are in there may be additional requirements, but these are the basics when doing pre-employment background checks on prospective employees.

Which brings me to the class action litigation and a sampling of the cases brought against employers for alleged non-compliance with the FCRA related to steps 1 and/or 2 described above.

  • Class action complaint filed against an airline catering and provisioning company (Case No. 2:17-cv-1298) for allegedly not following the pre-adverse action process.
  • Class action complaint filed against a major retail pharmacy chain (Case No. 5:17-cv-6019) for not providing the proper disclosure that a background check would be conducted and failure to follow the pre-adverse action process.
  • Class action complaint filed against a plasma provider (Case No. 5:17-cv-6018) for not following the pre-adverse action process.

There is a very active plaintiff’s bar filing complaints against both employers and background screening companies for alleged violations of the FCRA.  They do not discriminate based on type of employer or size of your business.  You’ve been warned.

But not all is lost as these are curable compliance issues. You start by reviewing your background screening program–your policies and procedures–with counsel versed in the FCRA and state consumer protection laws and guidance that govern background screening. You need to go step by step through the hiring process to understand where you may have deficiencies and need to shore up your compliance. For instance–if, as an employer, you utilize an adjudication matrix or screening standards to automatically classify individuals as “ineligible” for hire and automatically proceed to send a no hire letter we should talk about your background screening program and whether it complies with the requirements of the FCRA.  Or, your FCRA disclosure and authorization has a lot of “extraneous language” such as a release of liability language, we should talk.  Willful violations of the FCRA are eligible for statutory damages of $100 to $1,000/violation, plus punitive damages and attorney’s fees.

We would be happy to talk to you about your background screening program. Please contact Montserrat Miller at Arnall Golden Gregory at montserrat.miller@agg.com or 202-677-4038 for assistance.

On February 28 at 3:00 pm EST, I (check out my bio) will be speaking on a free webinar hosted by Hire Image called, Hiring and Maintaining a Legal Workforce: What’s New in 2017.

I will be talking about what’s new in 2017 relative to hiring and maintaining a legal workforce. I will cover immigration compliance-related topics such as the President’s Executive Orders—and proposed orders—and the impact they could have on American employers and your workforce.  I will also talk about mandatory E-Verify, increased raids by Immigration and Customs Enforcement (ICE), increased civil penalties for noncompliance with the Form I-9 requirements, and what to expect and how to prepare your organization for an ICE worksite enforcement operation.

This webinar is approved for 1 HR (General) recertification credit hour toward California, GPHR, HRBP, HRMP, PHR and SPHR through HRCI, and is valid for 1 PDC for the SHRM-CPSM or SHRM-SCPSM.

Click here to register.