Please click here to read the AGG Alert my colleague, Kevin Coy, prepared on the new EU US Privacy Shield arrangement.
It appears that the European Commission and U.S. Department of Commerce have reached a deal on a new transatlantic safe harbor data transfer agreement.
My colleague Kevin Coy listened in to a press conference on the new deal, held by European Union (EU) officials, and here is a preliminary overview of what we can expect.
First, “Safe Harbor” appears to be out as a name, and “EU/US Privacy Shield” is in. Perhaps they had Captain Marvel on their minds.
Other points from the EU press conference:
- EU Commissioners blessed the deal today, but the official EU approval process is still necessary.
- The Justice Minister has advised the Chairwoman of the Article 29 working party of the agreement and will be briefing the Data Protection Authories (DPAs) tomorrow in person at their ongoing meeting in Brussels.
- It will take a few weeks for the EU to prepare an adequacy opinion on the new deal and for the U.S. Department of Commerce to finalize things on the US side.
- The EU Justice Commissioner estimates that it may take 3 months for the EU approval process to be completed.
- There will be annual reviews of the new framework, beginning next year.
- The US has made “binding” commitments about surveillance of EU citizens and an ombudsman is being established at the State Department to address national security complaints.
- There will be several avenues for handling disputes about company processing of personal data, with a binding arbitration process as a mechanism of last resort to ensure that all complaints are resolved.
- The Department of Commerce will have an enhanced role with respect to oversight and participating companies will be subject to regular reviews by Commerce.
- There will be increased transparency in the new program.
- Companies that fail to meet their obligations will face sanctions and can be removed from the program.
- There are enhanced onward transfer restrictions on transfers from participating companies to other parties.
The on-going discussion about what is permissible in a disclosure and authorization notice (hereinafter “notice”) for Fair Credit Reporting Act (FCRA) purposes continues. In a recent federal district court case in the Northern District of Court of California (Thomas Lagos v. The Leland Stanford Junior University, 5:15-cv-04524) the judge dismissed Defendant’s motion to dismiss on the grounds that the state disclosures included with the notice could potentially mean it is not a “clear and conspicuous disclosure.”
Under the FCRA employers have an obligation to provide the job applicant with a “clear and conspicuous” written notice, in a stand-alone document, explaining to the job applicant that a background check will be conducted for employment screening purposes. Thereafter the employer must secure the job applicant’s written authorization for said background check. (15 U.S.C. § 1681b(2)(A)) Separately, several states require that certain notices be provided by the employer with respect to a pre-employment screening background check to advise residents of additional rights. For instance, California, Minnesota, Oklahoma and New York.
Plaintiff’s bar has been attacking the validity of the Notices employers provide on the grounds that they are not a “clear and conspicuous disclosure” and in a stand-alone document under the FCRA. This hinges on the argument that certain language in the Notice is extraneous, and the courts have held that in certain situations some language in the Notice can be extraneous, such as release of liability language.
This case is currently stayed pending the Supreme Court’s decision in Spokeo v. Robins. However, earlier in the proceedings the judge refused to grant Defendant’s motion to dismiss stating that the Plaintiff alleged facts sufficient to state a facially plausible claim for relief. Stanford’s notice included seven state law notices informing applicants of additional rights under state law. It also included a sentence related to the offer of employment. The judge stated that the state disclosures combined with this one sentence “plausibly” violated section 1681b(b)(2)(A)(i)’s requirement for the notice to be in a document consisting “solely of the disclosure” because they are not “‘closely related'” to the FCRA disclosure. The judge stated that “it therefore is unclear how the state law notices contribute to the disclosure required by the FCRA.” (Order Denying Motion to Dismiss, p. 4)
Stanford’s notice included the following in this order: the Consumer Disclosure and Authorization Form (separate page); Additional State Law Notices (CA, ME, MA, MN, NJ, NY, WA) (on two, separate pages); Authorization of Background Investigation (separate page); A Summary of Your Rights Under the Fair Credit Reporting Act; California summary of rights; New Jersey summary of rights; New York Article 23-A; Washington summary of rights.
Happy New Year! New year and new blog name — Workforce Compliance Insights.
On December 15, the Office of Personnel Management (OPM) published in the Federal Register a notice listing its priorities. Under “Suitability” on page 77883 of the Federal Register, OPM states that they will be “proposing modifications to its rules to better ensure that applicants from all segments of society, including those with prior criminal histories, receive a fair opportunity to compete for Federal employment.” Specifically, the proposed changes would prohibit federal employers from collecting criminal background information “until the best qualified candidates are referred to a hiring manager.” According to the announcement, “OPM would be providing a mechanism for requesting exceptions when there are legitimate, specific job-related, reasons why agencies may need to disqualify candidates with certain types of adverse history from particular types of positions.”
The proposed rule is in response to President Obama’s recently announced “Rehabilitation and Reintegration for the Formerly Incarcerated” initiatives that call on the U.S. Congress and federal agencies “to pass meaningful criminal justice reform.” One of President Obama’s long-term initiatives is for the U.S. Congress to pass a national “ban the box” law for federal hiring which would prohibit asking job applicants about criminal history on the job application. In the meantime, President Obama is calling on OPM to modify its requirements related to background checks and the collection of criminal history information.
This blog is created with content straight from the National Association of Professional Background Screeners (NAPBS) and a Member Advisory which all background screening companies should read. The Member Advisory was posted last week and below are the key excerpts.
“First, we have noticed an increased number of full file disclosure requests being sent to and received by consumer reporting agencies. Many of these requests come directly from legal counsel. This is a good time to review your procedure in responding to file disclosure requests. Further, if you receive a request for a full file disclosure, particularly if it comes directly from the consumer’s legal counsel, exercise caution and consult with legal counsel prior to responding.
Second, NAPBS leadership met with a few members of the Federal Trade Commission last month in follow-up to our earlier meeting at the conclusion of the 2015 NAPBS Advocacy Day….[the FTC shared] with NAPBS that their primary area of focus currently is on “matching criteria.” Based on this feedback and confirmed area of focus for the FTC, NAPBS members would be well advised to review their policies/procedures related to matching a record’s identifiers to the subject of the report and to consult with legal counsel on same.
Finally, last week NAPBS became aware that a person joined the Association earlier this year and attended our annual conference in Austin, Texas, in an effort to obtain negative information pertaining to the screening profession. This new member proceeded to publish notes from the conference and slide decks on his website….”
On the last point, the website is The Expunged Record. Click here to read the notes about the NAPBS conference.
If I don’t blog again before then, Merry Christmas, Happy New Year, Happy Holidays!
For all you E-Verify nerds (like me) out there, here is the latest on the status of the E-Verify program. The program is obviously operational and not going away, so don’t stop using it if you are. But in a technicality, since E-Verify is not a permanent program at this time, it requires periodic “reauthorizations” by Congress. The current reauthorization, which is provided through a continuing resolution, ends tonight. The Congress is about to approve another continuing resolution to keep the federal government open and that will include the E-Verify program. The latest continuing resolution will likely be until December 22. At which point, the hope is that the 2,009 page omnibus bill will have been signed by POTUS (President of the United States). Stay with me. Once the omnibus is signed, it includes language to reauthorize the E-Verify program administered by U.S. Citizenship and Immigration Services until…drum roll….September 30, 2016.
Below is the language which makes this a reality, found on page 707 of the current omnibus text:
To comply with the National Archives and Records Administration’s retention and disposal schedule, on January 1st of each year, U.S. Citizenship and Immigration Services (USCIS) is required to dispose of E-Verify transaction records more than 10 years old.
Important — this means that if you have been participating in the electronic employment eligibility program called E-Verify for more than 10 years, you need to download your company’s Historic Records Report before December 31, 2015. This report will include all E-Verify transaction records for cases more than 10 years old. Employers will not be able to access in E-Verify cases created prior to December 31, 2005 after January 1st.
Takeaway — if you were using E-Verify on or before December 31, 2005 you need to download the Historic Records Report for transaction records older than 10 years and maintain with your I-9 and E-Verify records. This will be your only proof from the system that the cases were created in the system.
Happy post-Thanksgiving! News flash for the background screening industry as well as users of background checks in California. The California Supreme Court has agreed to consider whether the Investigative Consumer Reporting Agencies Act (ICRAA) is unconstitutionally vague when applied to employee background checks because of its overlap with another California law, the Consumer Credit Reporting Agencies Act (CCRAA).
The California Supreme Court will review a decision by the Second Appellate District Court which held that ICRAA is not unconstitutionally vague.
Quick overview of California law. The ICRAA relates to non-credit related investigative consumer reports. An “investigative consumer report” under California law is a report which includes information on a consumer’s character, general reputation, personal characteristics, or mode of living. Contrast that with the CCRAA, which relates to “consumer credit reports,” including reports bearing on a consumer’s credit worthiness, credit standing or credit capacity. Now think of both of these reports in the employment screening context and consider that the ICRAA includes an additional authorization requirement not found in the CCRAA. The argument has been that there is overlap and confusion about which law applies when information in the report can potentially relate to both character information as well as creditworthiness information. The ICRAA covers character information and the CCRAA covers creditworthiness information.
Back to the case that the California Supreme Court will review. That is Connor v. First Student, case number S229428. The case involves bus drivers and investigative consumer reports under the ICRAA (aka background checks), with the bus drivers alleging that First Student did not obtain their prior written consent as required under the ICRAA, but not the CCRAA. Plaintiffs are seeking $10,000 statutory penalties per violation. At issue is the constitutionality of the ICRAA, and thanks to Connor there is a split in the California courts on this point. In a 2007 case, Ortiz v. Lyon Management Group, the court found that the ICRAA is unconstitutionally vague because one couldn’t determine whether unlawful detainer information constitutes “character” information covered by the ICRAA or “creditworthiness” information governed by the CCRAA. Most recently, the Court of Appeal of the Second Appellate District stated that they disagreed with Ortiz and that “there is nothing in either the ICRAA or the CCRAA that precludes application of both acts to information that relates to both character and creditworthiness. Therefore, we conclude the ICRAA is not unconstitutionally vague….” (Opinion p. 3)
Please join us for a complimentary webinar on the European Court of Justice’s decision that transfers of personal data from the European Union (EU) to the United States are unlawful under the Safe Harbor program. This webinar is for any company that transfers personal data from the EU to the United States and is considering alternative options in order to facilitate such transfers.
The webinar is Thursday, November 12th at 1:30 pm EST. It will be conducted by Arnall Golden Gregory LLP, in partnership with Employment Background Investigations.
Click here to register and I hope you’ll join us.
Here’s a free webinar that will snap you out of your deep despair over the fact that it is now dark at 5:02 pm.
- Minimize the risk associated with background screening of applicants and current employees;
- Be aware of new state laws that are increasing restrictions on employers;
- Know what you need to do in light of recent EEOC activities that could signal major changes to come in the background screening process.
This activity has been approved for 1 HR (General) recertification credit hour toward California, GPHR, HRBP, HRMP, PHR and SPHR recertification through the HR Certification Institute.
Click here to register. The webinar is November 17th at 3 pm EST.