Maryland requires consumer reporting agencies to register with the Office of the Commissioner of Financial Regulation if you “intend to conduct consumer credit reporting services in the State of Maryland.”
Last week I wrote about Rhode Island’s registration requirement (click here) for background screening companies … enter Maryland.
If you are a background screening company providing consumer reports on Maryland residents, please review COMAR 09.03.07 regarding the annual registration requirements for “consumer reporting agencies.” The term “consumer reporting agency” is defined in Maryland Code, Commercial Law Article § 14-1201. The scope of COMAR 09.03.07.01 is as follows, “This chapter governs certain registration requirements and business operations of consumer reporting agencies who collect credit information and furnish consumer reports on residents of this State. The provisions of this chapter are to promote accuracy in consumer reports.” COMAR 09.03.07.03 requires, “A consumer reporting agency which issues consumer reports on residents of this State shall register with the Commissioner….”
As I said about Rhode Island, do not be lulled into complacency by use of the word “credit” as the definition of “consumer reporting agency” refers to an entity that “assembles or evaluates credit information and other information about consumers” for purposes of a consumer report.
Author’s note: COMAR 09.03.07.02 refers to § 14-1201(f) for the definition of “consumer reporting agency” but it appears that this term if currently defined in § 14-1201(e)(1).
Rhode Island has a quirky statute that arguably requires any consumer reporting agency who provides credit reports or information to state residents to register with the Department of State – Business Services Division.
I strongly encourage all background screening companies doing business in Rhode Island to work with their legal counsel to determine if they should register. Do not be mislead by use of the term “credit bureau” in the statute.
Title 6, Chapter 6-13.1-24 requires “Any credit bureau doing business in this state shall immediately register in the office of the secretary of state….” The definitions section (section 6-13.1-20) defines a credit bureau similar to the language in section 603(f) of the Fair Credit Reporting Act. Which is why, arguably, any background screening company doing business in Rhode Island which includes providing credit reports or information should consider whether to register with the state.
From personal experience we know that there is at least one serial plaintiff in Rhode Island who has filed a number of claims against companies alleging they failed to register with the state. While the statutory penalties may not seem significant, the cost of defending such a claim, which could lead to litigation or arbitration, should be considered.
Click here to view the Registration of a Credit Bureau form.
I am happy to discuss this with background screening companies considering whether to register.
Nineteen companies joined President Obama as founding companies of the White House’s Fair Chance Business Pledge. According to the White House Fact Sheet, “The pledge represents a call-to-action for all members of the private sector to improve their communities by eliminating barriers for those with a criminal record and creating a pathway for a second chance.”
Companies signing the pledge include: American Airlines, Busboys and Poets, The Coca-Cola Company, Facebook, Georgia Pacific, Google, Greyston Bakery, The Hershey Company, The Johns Hopkins Hospital and Health System, Koch Industries, Libra Group, PepsiCo, Prudential, Starbucks, Uber, Under Amour/Plank Industries, Unilever and Xerox.
Those signing the pledge are agreeing to:
- “Voicing strong support for economic opportunity for all, including the approximately 70 million Americans who have some form of a criminal record.
- Demonstrating an ongoing commitment to take action to reduce barriers to a fair shot at a second chance, including practices like “banning the box” by delaying criminal history questions until later in the hiring process; ensuring that information regarding an applicant’s criminal record is considered in proper context; and engaging in hiring practices that do not unnecessarily place jobs out of reach for those with criminal records.
- Setting an example for their peers. Today’s announcement is only the beginning. Later this year, the Obama Administration will release a second round of pledges, with a goal of mobilizing more companies and organizations to join the Fair Chance Business Pledge.”
This is part of a larger initiative by the President targeting reforms to the criminal justice system and re-entry of ex-offenders into society. A rule is expected this year from the Office of Personnel Management regarding federal employment and removal of the criminal history question on job applications. In essence, a federal Ban the Box measure.
The city of Austin in Texas is the latest major city to pass a Ban the Box ordinance which affects private employers. Ordinance No. 20160324-019 was approved on March 24, 2016 by a vote of 8 – 2.
What this means for private employers in Austin:
- An employer may not solicit or consider criminal history information about a job applicant until after a conditional offer of employment.
- An employer may not take adverse action against an applicant unless an individualized assessment has been conducted and a determination made that the individual is unsuitable for the job based on that individualized assessment.
- An individualized assessment must include, at a minimum, consideration of the following factors (a) the nature and gravity of any offenses in the applicant’s criminal history; (b) the length of time since the offense and completion of the sentence; and (c) the nature and duties of the job for which the applicant applied. Note that these are the Green factors described in the EEOC’s 2012 enforcement guidance on the use of criminal history records.
- The employer must advise the applicant of the adverse action based on criminal history information in writing.
- The ordinance does not apply to a job for which a federal, state or local law, or compliance with legally mandated insurance or bond requirements, disqualifies the applicant based on their criminal history.
- Violations of the ordinance will be enforced by the Austin Equal Employment/Fair Housing Office. Employers may be issued a warning for a first violation, followed by a civil penalty of up to $500.
- The effective date of the ordinance was April 4, 2016.
The current version of the Employment Eligibility Verification form (Form I-9) expires today. I’ve previously posted on my blog here on this topic. Below notice is from U.S. Citizenship and Immigration Services (USCIS) regarding what to do in light of this expiration date. Presently, the revised version of the Form I-9 is the subject of a 30 day notice and comment period, following an earlier 60 day notice and comment period. If you would like to see the “revised” Form I-9 click here . Hopefully the revised Form I-9 will be available in May. Note that it will still be a two page document but there are some formatting changes which USCIS hopes will make the form easier to complete.
“Until further notice, employers should continue using Form I-9, Employment Eligibility Verification. This current version of the form continues to be effective even after the Office of Management and Budget control number expiration date of March 31, 2016, has passed. USCIS will provide updated information about the new version of Form I-9 as it becomes available.
Employers must complete Form I-9 for all newly hired employees to verify their identity and authorization to work in the U.S. To learn more about Form I-9 visit I-9 Central.”
Employers all know that whenever they onboard a new employee they must complete the Employment Eligibility Verification form (Form I-9) issued by U.S. Citizenship and Immigration Services (USCIS). And that this form must be completed within three business days of hire. But do you know that this form expires at the end of this month? As Bill the Cat would say, ACK!
For more on this and what employers can do, click here to read what our friends at Equifax have to say on this topic.
And stay tuned to this blog for additional updates on the Form I-9.
Philadelphia’s Ban the Box has been on the books since 2011. However, it was recently amended and certain changes went into effect yesterday (3/14/16). Here are the basics about the Fair Criminal Records Screening Standards Ordinance (pay special attention to those items in bold/italics):
- It is illegal (i.e., an unlawful discriminatory practice) in Philadelphia for employers to ask about criminal backgrounds during the job application process. Employers must wait until they have provided the job candidate with a conditional offer of employment.
- The ordinance now applies to employers with 1+ employees (previously it was 10+ employees).
- Permits employers to consider criminal convictions only within seven (7) years from the date of application.
- Employers are prohibited from asking at any time about arrests or criminal accusations which did not lead to a conviction.
- Employers must conduct an individualized assessment.
- Employers must post the poster issued by the Philadelphia Commission on Human Relations (PCHR) in a conspicuous place for job candidates to see (e.g., a company website or on the premises).
- Complaints can be filed within 300 days of an “unlawful act” with the PCHR and could ultimately be filed in court. In other words, there is a private right of action which can be enforced in court.
- Employers can reject a job candidate based on your criminal record only if the person poses an unacceptable risk to the business or to other people. If a job candidate is rejected, the employer must send the decision to the job candidate in writing with a copy of the background report used to make the decision AND must afford the job candidate ten (10) business days to give an explanation of their record, proof that it is wrong, or proof of rehabilitation. So the question here is — does an employer send this notice during the FCRA required pre-adverse action phase (when they haven’t technically “rejected” the job candidate) or wait until the FCRA required adverse action step (but then the employer has to wait another 10 days).
For the text of the ordinance click here.
For more on Philadelphia’s Ban the Box click here.
For a complete list of changes to Philadelphia’s Ban the Box click here.
The full text of the EU-U.S. Privacy Shield (“Privacy Shield”) framework is now available. Privacy Shield was “designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.” (See Fact Sheet)
Below is a non-exhaustive list of “quick facts” about Privacy Shield:
- It remains a voluntary self-certification program, similar to the now defunct Safe Harbor program.
- Applications for certification are not currently being accepted. The Department of Commerce will begin accepting applications for certification pending the European Commission’s adequacy determination. This approval process is underway. No word yet on the cost of self-certification.
- The Privacy Shield Principles are anchored on the following concepts: notice; choice; accountability for onward transfer; security, data integrity and purpose limitation; access; recourse, enforcement and liability. In addition, there is a section entitled “Supplemental Principles” which covers topics such as sensitive data and human resources data.
- Individuals may bring a complaint directly to a Privacy Shield participant and the participant must respond to the individual within 45 days.
- Privacy Shield participants must also commit to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
- Expect greater involvement of the Department of Commerce as well as Federal Trade Commission with respect to oversight, supervision and enforcement.
- Privacy Shield participants must include certain information on their websites related to the program (e.g., access and correction rights, whether personal information is disclosed to public authorities, and information about the independent recourse mechanism).
For more information, read the AGG Alert by my colleagues Kevin Coy and Gene Burd.
The Affordable Care Act provides grants to states to implement background check programs for prospective long-term-care employees in settings such as nursing facilities, home health agencies and hospices. The grant program, known as the National Background Check Program (NBCP), is intended to ensure that long-term-care employees undergo a minimum level of screening to protect patients. Three types of background checks are required by the NBCP: (1) a search of State-based abuse and neglect registries and databases; (2) a check of State criminal history records, and (3) a fingerprint-based check of FBI criminal history records. However, according to a recent Department of Health and Human Services Office of Inspector General (OIG) report, the NBCP has a long way to go before it is fully viable. (National Background Check Program for Long-Term-Care Employees: Interim Report, January 2016)
This is just as well considering that the third type of check – a fingerprint-based check by FBI records – is not, in this author’s opinion the panacea that many believe it to be. Name-based checks, when done using multiple identifiers, can be more accurate. Moreover, information in the FBI’s database is limited and does not always contain final disposition information. But fingerprint-based checks and the FBI are for another article. In the meantime, what are steps that long-term-care facilities and providers can take to protect themselves, their workforce and their patients. It is important to note that the guidance provided in this article is applicable across-the-board, to all employers in the United States who conduct background checks and not limited to long-term-care facilities and providers.
Regardless of whether a facility or organization is mandated to conduct certain background checks on employees, or is conducting such checks for due diligence purposes, it is important to understand the basics behind ensuring a legally compliant background screening program. The following bullet points will address the basics and some key elements of a complaint background screening program.
- First, if your organization works with a third-party background screening company and they provide you with your background check reports, you are covered by the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) in addition to analog state consumer protection statutes. As the “end-user” of “consumer reports” provided by a “consumer reporting agency” you have certain responsibilities under the FCRA. Failure to follow these responsibilities can lead to private litigation for violations of the FCRA and state laws, especially when we consider a very active plaintiff’s bar bringing claims against primarily end-users of consumer reports (i.e., employers) but also consumer reporting agencies (i.e., background screening companies).
- Second, employers have an obligation to provide certain disclosures to job applicants when conducting a background check for employment purposes. A key disclosure is frequently called the “Disclosure and Authorization” notice. This notice is required by the FCRA to inform the job applicant that a background check will be conducted for employment purposes, among other things. Not providing a legally sufficient or defensible notice advising the job candidate of the fact that a background check will be conducted in a document that is “clear and conspicuous” and in a stand-alone format is the subject of significant amount of litigation around the country.
- Third, still on the topic of the above notice and the content therein. Although the FCRA does not specify the exact content of the notice, the courts have stated that including extraneous information in it, such as a release of liability, a waiver of rights under the FCRA or language about the employment itself can cause the notice to be legally deficient.
- Fourth, organizations must secure a job candidate’s written authorization for the background check to be conducted by a background screening vendor.
- Fifth, whenever an organization reviews the background check report for purposes of determining employment eligibility, the FCRA requires that organization to follow certain steps if information in the report will be used “in whole or in part” to take adverse action against the subject of the report. This is called the “adverse action” process and it is a two-step process.
- The first step is triggered when an organization reviews information in the report and makes the initial determination that the individual may be excluded from employment based on information in the report. This triggers what is known as the pre-adverse action step which requires the organization provide the job applicant with a copy of the report and a federal notice called “A Summary of Your Rights Under the Fair Credit Reporting Act.” Then, as a general rule, the organization should wait at least five (5) business days to allow the individual to review the report and challenge any inaccuracy or incomplete information in the report with both the organization and the background screening company. Sometimes, the reports do include inaccuracies and the FCRA is set up to allow individuals to address such inaccuracies through a consumer dispute process.
- If, after a reasonable period of time (e.g., five business days) the organization determines it will not hire the individual due to information in the report, the second step is triggered. This is known as the adverse action step, and it requires that the job applicant be provided with a letter with specific content, as per the FCRA.
To be clear, above points are intended to provide a basic or general overview of what is required when conducting a background check using a background screening company and the focus is on the FCRA. Drafting or reviewing of corporate policies and procedures, as well as the forms/notices legally required is something that should be done with the assistance of legal counsel. It is also important to note that there are other factors an organization must consider as part of its background screening program. Organizations need to be mindful of “Ban the Box” laws in their states and local jurisdictions and know whether they can “ask the question” on the job application about criminal history. Also, whenever an employer uses criminal history information to screen a candidate they must be aware of guidance by the Equal Employment Opportunity Commission on the use of criminal history information for employment purposes. (Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964, Number 915.002, April 2012) Finally, they must factor in state restrictions on the use of credit in the employment context.
To close the loop on the OIG report mentioned in the first paragraph. The OIG found that, four years into the grant program, the 25 states receiving grants reported varying levels of program implementation. In the six states that submitted sufficient data to calculate the percentage of prospective employees who were disqualified because of a background check, 3% of prospective employees were disqualified from employment. The OIG recommended that the Centers for Medicare & Medicaid Services continue to work with participating states to fully implement their programs and to improve required reporting.
In California, individuals now have a private right of action to bring a claim against an employer who uses the E-Verify program for pre-screening purposes. They also have a private right of action if an employer does not provide them with the required notices as part of the Further Action Notice (FAN) or Tentative Notice Confirmation (TNC) process. These are now considered unlawful employment practices under California’s Labor Code.
E-Verify is the electronic employment eligibility verification program maintained by U.S. Citizenship and Immigration Services (USCIS). It complements the Form I-9, as the employer needs to input information from the Form I-9 into the E-Verify system when creating a case to determine employment eligibility.
Currently, an employer using E-Verify cannot use the program to pre-screen employees to determine if they are employment authorized prior to hiring them. Check pages 8 and 82 of the E-Verify User Manual which states that “Pre-screening [is] the prohibited practice of creating a case in E-Verify before a job offer has been accepted.” In addition, an employer using the E-Verify system must provide any notices generated as a result of a FAN or TNC to the individual. To read more about employers obligation to provide E-Verify generated notices such as the TNC, read the E-Verify Memorandum of Understanding or on USCIS’ website.
Back to California and AB-622 Employment: E-Verify system: unlawful business practices. The law added Section 2814 to the California Labor Code. AB-622 was signed by the Governor in October of last year. In California, what now constitutes an unlawful employment practice has been expanded to include pre-screening of job candidates through use of the E-Verify system and not providing E-Verify generated notices specific to an individual’s E-Verify case. This means that individuals now have a private right of action, which they can enforce in state court. And it can result in a civil penalty up to $10,000 for each violation for the employer who is found to have engaged in an unlawful employment practice.
Bottom line — do not use the E-Verify system to pre-screen job candidates prior to hiring them and make sure you provide them with any of the notices generated by the E-Verify system, such as the TNC.