After a battle of motions between the parties, on August 9th a Wisconsin federal judge dismissed a proposed class action for alleged violations under the Fair Credit Reporting Act (FCRA) against Cory Groshek. Why is this important?  Well, some of you may be familiar with Mr. Groshek as he is a noted (some may say serial) plaintiff who has filed multiple lawsuits and/or sent demand letters to employers alleging violations of the FCRA. 

It appears that Mr. Groshek’s master plan was to apply for employment and get to the point where the hiring entity would provide him with the FCRA required disclosure and authorization as part of the background check/investigation.  From there, the alleged FCRA violations began either in the form of a lawsuit or a demand letter. Our firm handled one such demand letter by Mr. Groshek.

Same thing happened in the instant case, Mr. Groshek alleged “that he applied for employment with the defendant, and that in the course of considering his application, the defendant obtained a consumer report on him ‘without first providing [him] a clear and conspicuous written disclosure, in a document consisting solely of the disclosure, that a consumer report may be obtained for employment purposes.'” (Decision and Order at 4).  Here though, the judge put the brakes on this case noting that nowhere in plaintiff’s complaint did he allege any concrete harm suffered as a result of the alleged violation. The court also stated that while allegations of a statutory violation satisfy the particularized injury prong of the injury-in-fact requirement for standing discussed in Spokeo, that in and of itself does not satisfy the concreteness requirement. (Decision and Order at 5).  One damaging statement by Mr. Groshek that the court noted is that during a deposition, when he was asked by defense counsel if he was aware of anything that might entitle him to actual damages he stated, “‘I do not know of any actual damages that I am claiming nor do I believe I’ve ever actually claimed actual damages….'” (Decision and Order at 6).

In the instant case the court granted Time Warner’s motion to dismiss the case, stating that the complaint is dismissed for lack of subject matter jurisdiction.

Ironically, Mr. Groshek requested that the court “seal various portions of his desposition transcipts, supplemental answers to discovery, and any other document that might make mention of any settlement agreement between him and ‘another party.'” (Decision and Order at 7).  I’m thinking that’s because he has brought similar claims under the FCRA against at least 40 companies and his master plan may be unraveling.  The court denied his request stating, “…plaintiff’s argument [to seal records] ignores the fact that he came to the court–a public forum–and instituted this lawsuit. He sued the defendant on a cause of action for which he has sued a number of other companies, and yet he argues that those other suits are irrelevant to this one. In essence, he indicates that while he wants to be able to file suit against the defendant in federal court, he wants to prevent the defendant from enquiring into similar suits that he has filed against other companies for the same alleged conduct. That is not an appropriate basis for the court to seal documents from public view.”  (Decision and Order at 9-10).

Cory Groshek v. Time Warner Cable, Inc., case number 2:15-cv-00157, in the U.S. District Court for the Eastern District of Wisconsin.

Colorado-based employers know that when they onboard an employee one of the compliance related items that must be completed relates to the Employment Eligibility Verification form (Form I-9) and the Colorado Affirmation Form.  The Form I-9 is a federal requirement and the affirmation form is a state requirement, which many argued is somewhat duplicative of the Form I-9. Currently, Colorado’s Employment Verification Law (8-2-122, C.R.S.) requires both public and private employers who transact business in Colorado, and for employees hired on or after January 1, 2007, to complete the Colorado Affirmation Form within 20 days of hire as well as keep copies of documents presented for purposes of the Form I-9.

Effective August 10, 2016 Colorado employers will no longer need to complete the Colorado Affirmation Form thanks to passage of House Bill 16-1114 by Colorado’s legislature. The legislation was signed by Governor Hickenlooper on June 8, 2016.

To be clear, until August 10, 2016 Colorado based employers must continue to complete the Colorado Affirmation Form and maintain copies of documents presented with the Form I-9.

Yesterday I attended an interesting webinar regarding Fair Credit Reporting Act (FCRA) developments.  Susan Camp Stocks from the Consumer Financial Protection Bureau (CFPB) and Katherine Ripley White from the Federal Trade Commission (FTC) participated, along with my colleagues Bob Belair and Kevin Coy. The speakers covered a fair amount of ground on different FCRA issues, including the importance of furnishers of information having written policies and procedures.  However, I want to focus on what they said about the background screening industry.

FTC Comments

  • They are focusing on background screening and in particular the use of criminal history records in employment screening
  • Accuracy of the reports is essential
  • Red flags that background screeners should review/consider when reporting public records — different names or DOBs, multiple entries for the same offense, and the reporting of expunged cases
  • They are working with the Federal Interagency Reentry Council to address accuracy related issues in the criminal justice system
  • They will turn their attention to focus on tenant screening in the next year and it is likely that we will see revised guidance in this area

CFPB Comments

  • Among their policy priorities is consumer reporting
  • It appeared that there is a belief that there is weak oversight of public record providers and that they believe more audits of such providers should be conducted to address accuracy issues
  • Accuracy of the reports is very important to them and they spoke about the enforcement action against General Information Services and e-Backgroundchecks.com to illustrate the point

European Data Protection Supervisor (EDPS) Giovanni Buttarelli issued his formal opinion on the EU- US Privacy Shield, arguing that while it’s a step in the right direction, “robust improvements” are needed.  The EDPS is an independent advisor/institution and this opinion, along with its recommendations, is geared primarily to the European Commission.

A notable criticism is that Privacy Shield is based on the current EU Directive 95/46/EC, which will be superseded by the new and more robust EU data protection framework, the General Data Protection Regulation (GDPR), in May 2018.   This is problematic because, in his opinion, there isn’t consistency between the current and the future framework and data controllers could find themselves seeking to comply in an environment where that compliance model is changing.

Some additional points worth highlighting are that the EDPS believes more can be done with respect to data minimization and retention as well as automated processing of personal data.  Specifically, he recommends that:

  • The language regarding data minimization and retention should be strengthened to “clearly prohibit keeping personal data in a form which permits identification of data subjects for longer than necessary for the purposes for which the data were collected or further processed.” (See page 9)
  • Language regarding automated processing of personal data — especially when it impacts individuals “performance at work, creditworthiness, reliability, conduct, etc.” — should have greater safeguards and allow for human intervention on the part of the controller to express their “point of view and to contest the decision, and to obtain information about the logic underpinning the processing.”  (See pages 9 and 10)

The EDPS concludes by stating that he “welcomes the efforts shown by the parties to find a solution for transfers of personal data from the EU to the U.S. for commercial purposes under a system of self-certification.  However, robust improvements are needed in order to achieve a solid framework, stable in the long term.”

 

The Supreme Court has vacated the decision in Spokeo, Inc. v. Robins and remanded it to the Ninth Circuit.   Apparently, the Justices felt that the Ninth Circuit botched their legal analysis and is  sending it back for a “do over.”  Wait!  After biting my nails to stubs, sleepless nights, head scratching and countless conversations with colleagues about what Spokeo portends for the background screening industry and class action litigation, this is all we get!  I want a refund to this rodeo show.

Justice Alito wrote the majority opinion (6-2 decision with Justice Thomas filing a concurring opinion and Justices Ginsburg and Sotomayor filing a dissenting opinion).

The holding — “because the Ninth Circuit failed to consider both aspects of the injury-in-fact requirement, its Article III standing analysis was incomplete.”  And this case is all about standing (not about “that bass”).  The central issue is whether Mr. Robins had standing to bring this claim for alleged violation of the Fair Credit Reporting Act (FCRA) if no concrete harm is suffered.  According to the Court, the Ninth Circuit’s analysis was “incomplete” because they did not “consider both aspects of the injury-in-fact requirement.”  What did the Ninth Circuit fail to consider in its injury-in-fact analysis?  Whether Robins suffered “‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.'” (Slip Opinion p. 7)

Concrete = meaning the injury must actually exist.

Particularized = an injury that affects the plaintiff in a personal and individual way.

Skipping ahead to the end and what this means for background screening companies.  A plaintiff such as Mr. Robins cannot satisfy Article III standing by alleging a “bare procedural violation” because such may not result in harm. (Slip Opinion p. 10) This is good news for all of us who filed Spokeo motions to stay proceedings based on this decision because we arguably can continue to do so since the Court appears to open the door to that by saying that a mere technical violation of the FCRA is not sufficient to establish standing.  In other words, plaintiffs who allege violations of the FCRA need to show concrete and particularized harm to bring a claim.

What’s next?  The Ninth Circuit has to review the case again.  Regardless of the outcome, it will likely be appealed to the Supreme Court again.  The question framed by the Court’s opinion is “whether the particular procedural violations alleged in this case entail a degree of risk sufficient to meet the concreteness requirement.”  (Slip Opinion p. 10)  Therefore, the Ninth Circuit must conduct a full analysis of the injury-in-fact requirements paying special attention to the concreteness prong as the Court indicates that the “particularized” element of the analysis has been satisfied by Mr. Robins.

The Federal Trade Commission (FTC) just issued guidance for companies providing employment screening services.   According to the FTC, they have “created new guidance for businesses aimed at giving employment background screening companies information on how to comply with the Fair Credit Reporting Act (FCRA).” The FTC is referring to it as an “FCRA brochure” … I guess like a travel brochure you would pick up at a travel agency.  Anyhow, click here to view the FTC’s blog posting on this subject.

As a practitioner in this area I don’t see anything particularly ground breaking or earth shattering about the FTC’s publication.  I think this publication will be most helpful for newer participants in the background screening industry.

My main takeaways for seasoned background screening firms is that the guidance provides insight into potentially what the FTC considers most important.  FTC — if you are reading this, everything about you and the FCRA is important.  Key points for background screeners to focus on with respect to their compliance programs:

  • Accuracy of the reports — use your identifiers and check your identifiers on the reports (including middle initials); don’t provide reports with multiple entries for the same offense; and for crying out loud don’t report expunged or sealed records.
  • Know your customer before furnishing consumer reports and get your section 604(b) certifications.
  • Provide the appropriate federal notices to users and subjects of the reports.
  • Have consumer dispute procedures in place to appropriately respond to disputes or file requests, conduct reasonable reinvestigations and provide notices to consumers about the results of any reinvestigation.  And finally, don’t make it difficult or challenging for a consumer to request their file or dispute a report.
  • When reporting public records that are likely to have an adverse effect on the consumer’s ability to obtain employment, either provide consumers with notice or follow “strict procedures” as per section 613 of the FCRA.

Above points shouldn’t come as a surprise to seasoned background screening firms.  If they do, or you are not familiar with any of these points, speak with an FCRA attorney to come up to speed on these rapido (that’s Spanish for “fast”).

Maryland requires consumer reporting agencies to register with the Office of the Commissioner of Financial Regulation if you “intend to conduct consumer credit reporting services in the State of Maryland.”

Last week I wrote about Rhode Island’s registration requirement (click here) for background screening companies … enter Maryland.

If you are a background screening company providing consumer reports on Maryland residents, please review COMAR 09.03.07 regarding the annual registration requirements for “consumer reporting agencies.”  The term “consumer reporting agency” is defined in Maryland Code, Commercial Law Article § 14-1201.  The scope of COMAR 09.03.07.01 is as follows, “This chapter governs certain registration requirements and business operations of consumer reporting agencies who collect credit information and furnish consumer reports on residents of this State. The provisions of this chapter are to promote accuracy in consumer reports.”  COMAR 09.03.07.03 requires, “A consumer reporting agency which issues consumer reports on residents of this State shall register with the Commissioner….”

As I said about Rhode Island, do not be lulled into complacency by use of the word “credit” as the definition of “consumer reporting agency” refers to an entity that “assembles or evaluates credit information and other information about consumers” for purposes of a consumer report.

Author’s note: COMAR 09.03.07.02 refers to § 14-1201(f) for the definition of “consumer reporting agency” but it appears that this term if currently defined in § 14-1201(e)(1).

Happy Registration!

Rhode Island has a quirky statute that arguably requires any consumer reporting agency who provides credit reports or information to state residents to register with the Department of State – Business Services Division.

I strongly encourage all background screening companies doing business in Rhode Island to work with their legal counsel to determine if they should register.  Do not be mislead by use of the term “credit bureau” in the statute.

Title 6, Chapter 6-13.1-24 requires “Any credit bureau doing business in this state shall immediately register in the office of the secretary of state….”  The definitions section (section 6-13.1-20) defines a credit bureau similar to the language in section 603(f) of the Fair Credit Reporting Act.  Which is why, arguably, any background screening company doing business in Rhode Island which includes providing credit reports or information should consider whether to register with the state.

From personal experience we know that there is at least one serial plaintiff in Rhode Island who has filed a number of claims against companies alleging they failed to register with the state.  While the statutory penalties may not seem significant, the cost of defending such a claim, which could lead to litigation or arbitration, should be considered.

Click here to view the Registration of a Credit Bureau form.

I am happy to discuss this with background screening companies considering whether to register.

 

Nineteen companies joined President Obama as founding companies of the White House’s Fair Chance Business Pledge.  According to the White House Fact Sheet, “The pledge represents a call-to-action for all members of the private sector to improve their communities by eliminating barriers for those with a criminal record and creating a pathway for a second chance.”

Companies signing the pledge include: American Airlines, Busboys and Poets, The Coca-Cola Company, Facebook, Georgia Pacific, Google, Greyston Bakery, The Hershey Company, The Johns Hopkins Hospital and Health System, Koch Industries, Libra Group, PepsiCo, Prudential, Starbucks, Uber, Under Amour/Plank Industries, Unilever and Xerox.

Those signing the pledge are agreeing to:

  • “Voicing strong support for economic opportunity for all, including the approximately 70 million Americans who have some form of a criminal record.
  • Demonstrating an ongoing commitment to take action to reduce barriers to a fair shot at a second chance, including practices like “banning the box” by delaying criminal history questions until later in the hiring process; ensuring that information regarding an applicant’s criminal record is considered in proper context; and engaging in hiring practices that do not unnecessarily place jobs out of reach for those with criminal records.
  • Setting an example for their peers. Today’s announcement is only the beginning. Later this year, the Obama Administration will release a second round of pledges, with a goal of mobilizing more companies and organizations to join the Fair Chance Business Pledge.”

This is part of a larger initiative by the President targeting reforms to the criminal justice system and re-entry of ex-offenders into society.  A rule is expected this year from the Office of Personnel Management regarding federal employment and removal of the criminal history question on job applications.  In essence, a federal Ban the Box measure.

The city of Austin in Texas is the latest major city to pass a Ban the Box ordinance which affects private employers.  Ordinance No. 20160324-019 was approved on March 24, 2016 by a vote of 8 – 2.

What this means for private employers in Austin:

  • An employer may not solicit or consider criminal history information about a job applicant until after a conditional offer of employment.
  • An employer may not take adverse action against an applicant unless an individualized assessment has been conducted and a determination made that the individual is unsuitable for the job based on that individualized assessment.
    • An individualized assessment must include, at a minimum, consideration of the following factors (a) the nature and gravity of any offenses in the applicant’s criminal history; (b) the length of time since the offense and completion of the sentence; and (c) the nature and duties of the job for which the applicant applied.  Note that these are the Green factors described in the EEOC’s 2012 enforcement guidance on the use of criminal history records.
  • The employer must advise the applicant of the adverse action based on criminal history information in writing.
  • The ordinance does not apply to a job for which a federal, state or local law, or compliance with legally mandated insurance or bond requirements, disqualifies the applicant based on their criminal history.
  • Violations of the ordinance will be enforced by the Austin Equal Employment/Fair Housing Office.  Employers may be issued a warning for a first violation, followed by a civil penalty of up to $500.
  • The effective date of the ordinance was April 4, 2016.