Background checks for employment screening purposes may contain different information.  Most common would be the use of criminal history information, but there are times when an employer requests that their background screening vendor also provide credit history information for a job applicant or employee.

Employers who request credit history information be included in background investigations must, in addition to complying with the requriements of the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), be aware of state restrictions on the use of credit information for employment screening purposes.  States like Illinois, California and Maryland (and others) restrict the use of credit by employers, as do cities such as New York City and Philadelphia.  Generally, these laws restrict the use of credit unless there is a basis for the use of credit history information tied to the position for which a job applicant has applied.

A recent case in Illinois highlights the struggles employers face in those states where there are restrictions.

In a lawsuit against Neiman Marcus, a job applicant alleged that the retailer discriminated against her when it ran a credit check for a position as a sales associate.  Mind you, the plaintiff did apparently have a credit history to report (e.g., judgments, collections) but she alleged that Neiman Marcus violated the Illinois Employee Credit Privacy Act (820 ILCS 70/1 et seq.) and that the job-based exemption they claimed did not exempt them from the requirements of the law.

Neiman Marcus argued that as a sales associate the plaintiff would have access to credit card applications which contained sensitive personal information and accordingly the credit check was acceptable as a “bona fide occupational requirement of a particular position.”  Neiman Marcus also argued that they were exempt from the Employee Credit Privacy Act due to access to cash and signatory power.  The lower court agreed Neiman Marcus acted appropriately when it ran a credit check, but the state appellate court said not so fast.  (Ohle v. The Neiman Marcus Group, Case No. 1-14-1994, Illinois Court of Appeals, First District, Second Division, Sept. 27, 2016)

Illinois law synopsis — the legislative intent behind the Employee Credit Privacy Act is that it “prohibits employers from inquiring about or using an employee’s or prospective employee’s credit history as a basis for employment.”   The law lists several industry specific exemptions for, for instance, banking and financial industry positions or law enforcement positions. And it also states that where a “bona fide occupational requirement” for a particular position exists (and the law lists specific examples) then the employer would be exempt from the law’s requirements as well.

The bottom line is that if you are in a state which restricts the use of credit for employment screening purposes and you in fact request credit history from your background screening vendor, you need to be aware of not only state restrictions but also local restrictions regarding its use.

Keeping tabs on the revised Form I-9 that U.S. Citizenship and Immigration Services (USCIS) is due to release, USCIS updated its website to provide important dates.  I previously wrote about the revised Form I-9 here and how it has been cleared for publication.

This week USCIS posted on its website that they must release the revised Form I-9 by November 22, 2016 and that employers may continue to use the current version of the Form I-9 until January 21, 2017.  The current version of the Form I-9 has a revision date of 03/08/2013 N.

Recap — we still don’t have the revised Form I-9 but for now and until January 21, 2017, employer should continue to use the current version of the Form I-9 available on USCIS’s website.

For those employers anxiously awaiting the “new” Form I-9 (the Employment Eligibility Verification Form) the wait continues but we are getting closer.  On August 25th the Office of Management and Budget (OMB) cleared the revised Form I-9.  For now, employers should continue to use the Form I-9 on U.S. Citizenship and Immigration Services (USCIS) website with the expiration date of 3/31/16 listed on the top right hand corner. Per information on the USCIS website, employers are to continue using this version of the Form I-9 until the new and revised version is posted.  Remember, all U.S. based employers must complete a Form I-9 for any new hire within three business days of hire.

When will the new and revised Form I-9 be available to the public?  Later this year.  According to the OMB clearance notice, USCIS has 90 days from August 25th to post the new version of the Form I-9 (along with the instructions on completing the form) on its website.  Employers are provided a 150 day grace period to continue using the current version of the Form I-9.

The new and revised Form I-9 will feature some new bells and whistles, including for instance more instructions, a requirement to confirm whether a preparer or translator was used to complete the Form I-9, a QR code presumably to be used by Immigration and Customs Enforcement during audits, and some “smart” features to assist in completing the Form I-9 but only if completing it in PDF format.

Stay tuned….

After a battle of motions between the parties, on August 9th a Wisconsin federal judge dismissed a proposed class action for alleged violations under the Fair Credit Reporting Act (FCRA) against Cory Groshek. Why is this important?  Well, some of you may be familiar with Mr. Groshek as he is a noted (some may say serial) plaintiff who has filed multiple lawsuits and/or sent demand letters to employers alleging violations of the FCRA. 

It appears that Mr. Groshek’s master plan was to apply for employment and get to the point where the hiring entity would provide him with the FCRA required disclosure and authorization as part of the background check/investigation.  From there, the alleged FCRA violations began either in the form of a lawsuit or a demand letter. Our firm handled one such demand letter by Mr. Groshek.

Same thing happened in the instant case, Mr. Groshek alleged “that he applied for employment with the defendant, and that in the course of considering his application, the defendant obtained a consumer report on him ‘without first providing [him] a clear and conspicuous written disclosure, in a document consisting solely of the disclosure, that a consumer report may be obtained for employment purposes.'” (Decision and Order at 4).  Here though, the judge put the brakes on this case noting that nowhere in plaintiff’s complaint did he allege any concrete harm suffered as a result of the alleged violation. The court also stated that while allegations of a statutory violation satisfy the particularized injury prong of the injury-in-fact requirement for standing discussed in Spokeo, that in and of itself does not satisfy the concreteness requirement. (Decision and Order at 5).  One damaging statement by Mr. Groshek that the court noted is that during a deposition, when he was asked by defense counsel if he was aware of anything that might entitle him to actual damages he stated, “‘I do not know of any actual damages that I am claiming nor do I believe I’ve ever actually claimed actual damages….'” (Decision and Order at 6).

In the instant case the court granted Time Warner’s motion to dismiss the case, stating that the complaint is dismissed for lack of subject matter jurisdiction.

Ironically, Mr. Groshek requested that the court “seal various portions of his desposition transcipts, supplemental answers to discovery, and any other document that might make mention of any settlement agreement between him and ‘another party.'” (Decision and Order at 7).  I’m thinking that’s because he has brought similar claims under the FCRA against at least 40 companies and his master plan may be unraveling.  The court denied his request stating, “…plaintiff’s argument [to seal records] ignores the fact that he came to the court–a public forum–and instituted this lawsuit. He sued the defendant on a cause of action for which he has sued a number of other companies, and yet he argues that those other suits are irrelevant to this one. In essence, he indicates that while he wants to be able to file suit against the defendant in federal court, he wants to prevent the defendant from enquiring into similar suits that he has filed against other companies for the same alleged conduct. That is not an appropriate basis for the court to seal documents from public view.”  (Decision and Order at 9-10).

Cory Groshek v. Time Warner Cable, Inc., case number 2:15-cv-00157, in the U.S. District Court for the Eastern District of Wisconsin.

Colorado-based employers know that when they onboard an employee one of the compliance related items that must be completed relates to the Employment Eligibility Verification form (Form I-9) and the Colorado Affirmation Form.  The Form I-9 is a federal requirement and the affirmation form is a state requirement, which many argued is somewhat duplicative of the Form I-9. Currently, Colorado’s Employment Verification Law (8-2-122, C.R.S.) requires both public and private employers who transact business in Colorado, and for employees hired on or after January 1, 2007, to complete the Colorado Affirmation Form within 20 days of hire as well as keep copies of documents presented for purposes of the Form I-9.

Effective August 10, 2016 Colorado employers will no longer need to complete the Colorado Affirmation Form thanks to passage of House Bill 16-1114 by Colorado’s legislature. The legislation was signed by Governor Hickenlooper on June 8, 2016.

To be clear, until August 10, 2016 Colorado based employers must continue to complete the Colorado Affirmation Form and maintain copies of documents presented with the Form I-9.

Yesterday I attended an interesting webinar regarding Fair Credit Reporting Act (FCRA) developments.  Susan Camp Stocks from the Consumer Financial Protection Bureau (CFPB) and Katherine Ripley White from the Federal Trade Commission (FTC) participated, along with my colleagues Bob Belair and Kevin Coy. The speakers covered a fair amount of ground on different FCRA issues, including the importance of furnishers of information having written policies and procedures.  However, I want to focus on what they said about the background screening industry.

FTC Comments

  • They are focusing on background screening and in particular the use of criminal history records in employment screening
  • Accuracy of the reports is essential
  • Red flags that background screeners should review/consider when reporting public records — different names or DOBs, multiple entries for the same offense, and the reporting of expunged cases
  • They are working with the Federal Interagency Reentry Council to address accuracy related issues in the criminal justice system
  • They will turn their attention to focus on tenant screening in the next year and it is likely that we will see revised guidance in this area

CFPB Comments

  • Among their policy priorities is consumer reporting
  • It appeared that there is a belief that there is weak oversight of public record providers and that they believe more audits of such providers should be conducted to address accuracy issues
  • Accuracy of the reports is very important to them and they spoke about the enforcement action against General Information Services and to illustrate the point

European Data Protection Supervisor (EDPS) Giovanni Buttarelli issued his formal opinion on the EU- US Privacy Shield, arguing that while it’s a step in the right direction, “robust improvements” are needed.  The EDPS is an independent advisor/institution and this opinion, along with its recommendations, is geared primarily to the European Commission.

A notable criticism is that Privacy Shield is based on the current EU Directive 95/46/EC, which will be superseded by the new and more robust EU data protection framework, the General Data Protection Regulation (GDPR), in May 2018.   This is problematic because, in his opinion, there isn’t consistency between the current and the future framework and data controllers could find themselves seeking to comply in an environment where that compliance model is changing.

Some additional points worth highlighting are that the EDPS believes more can be done with respect to data minimization and retention as well as automated processing of personal data.  Specifically, he recommends that:

  • The language regarding data minimization and retention should be strengthened to “clearly prohibit keeping personal data in a form which permits identification of data subjects for longer than necessary for the purposes for which the data were collected or further processed.” (See page 9)
  • Language regarding automated processing of personal data — especially when it impacts individuals “performance at work, creditworthiness, reliability, conduct, etc.” — should have greater safeguards and allow for human intervention on the part of the controller to express their “point of view and to contest the decision, and to obtain information about the logic underpinning the processing.”  (See pages 9 and 10)

The EDPS concludes by stating that he “welcomes the efforts shown by the parties to find a solution for transfers of personal data from the EU to the U.S. for commercial purposes under a system of self-certification.  However, robust improvements are needed in order to achieve a solid framework, stable in the long term.”


The Supreme Court has vacated the decision in Spokeo, Inc. v. Robins and remanded it to the Ninth Circuit.   Apparently, the Justices felt that the Ninth Circuit botched their legal analysis and is  sending it back for a “do over.”  Wait!  After biting my nails to stubs, sleepless nights, head scratching and countless conversations with colleagues about what Spokeo portends for the background screening industry and class action litigation, this is all we get!  I want a refund to this rodeo show.

Justice Alito wrote the majority opinion (6-2 decision with Justice Thomas filing a concurring opinion and Justices Ginsburg and Sotomayor filing a dissenting opinion).

The holding — “because the Ninth Circuit failed to consider both aspects of the injury-in-fact requirement, its Article III standing analysis was incomplete.”  And this case is all about standing (not about “that bass”).  The central issue is whether Mr. Robins had standing to bring this claim for alleged violation of the Fair Credit Reporting Act (FCRA) if no concrete harm is suffered.  According to the Court, the Ninth Circuit’s analysis was “incomplete” because they did not “consider both aspects of the injury-in-fact requirement.”  What did the Ninth Circuit fail to consider in its injury-in-fact analysis?  Whether Robins suffered “‘an invasion of a legally protected interest’ that is ‘concrete and particularized’ and ‘actual or imminent, not conjectural or hypothetical.'” (Slip Opinion p. 7)

Concrete = meaning the injury must actually exist.

Particularized = an injury that affects the plaintiff in a personal and individual way.

Skipping ahead to the end and what this means for background screening companies.  A plaintiff such as Mr. Robins cannot satisfy Article III standing by alleging a “bare procedural violation” because such may not result in harm. (Slip Opinion p. 10) This is good news for all of us who filed Spokeo motions to stay proceedings based on this decision because we arguably can continue to do so since the Court appears to open the door to that by saying that a mere technical violation of the FCRA is not sufficient to establish standing.  In other words, plaintiffs who allege violations of the FCRA need to show concrete and particularized harm to bring a claim.

What’s next?  The Ninth Circuit has to review the case again.  Regardless of the outcome, it will likely be appealed to the Supreme Court again.  The question framed by the Court’s opinion is “whether the particular procedural violations alleged in this case entail a degree of risk sufficient to meet the concreteness requirement.”  (Slip Opinion p. 10)  Therefore, the Ninth Circuit must conduct a full analysis of the injury-in-fact requirements paying special attention to the concreteness prong as the Court indicates that the “particularized” element of the analysis has been satisfied by Mr. Robins.

The Federal Trade Commission (FTC) just issued guidance for companies providing employment screening services.   According to the FTC, they have “created new guidance for businesses aimed at giving employment background screening companies information on how to comply with the Fair Credit Reporting Act (FCRA).” The FTC is referring to it as an “FCRA brochure” … I guess like a travel brochure you would pick up at a travel agency.  Anyhow, click here to view the FTC’s blog posting on this subject.

As a practitioner in this area I don’t see anything particularly ground breaking or earth shattering about the FTC’s publication.  I think this publication will be most helpful for newer participants in the background screening industry.

My main takeaways for seasoned background screening firms is that the guidance provides insight into potentially what the FTC considers most important.  FTC — if you are reading this, everything about you and the FCRA is important.  Key points for background screeners to focus on with respect to their compliance programs:

  • Accuracy of the reports — use your identifiers and check your identifiers on the reports (including middle initials); don’t provide reports with multiple entries for the same offense; and for crying out loud don’t report expunged or sealed records.
  • Know your customer before furnishing consumer reports and get your section 604(b) certifications.
  • Provide the appropriate federal notices to users and subjects of the reports.
  • Have consumer dispute procedures in place to appropriately respond to disputes or file requests, conduct reasonable reinvestigations and provide notices to consumers about the results of any reinvestigation.  And finally, don’t make it difficult or challenging for a consumer to request their file or dispute a report.
  • When reporting public records that are likely to have an adverse effect on the consumer’s ability to obtain employment, either provide consumers with notice or follow “strict procedures” as per section 613 of the FCRA.

Above points shouldn’t come as a surprise to seasoned background screening firms.  If they do, or you are not familiar with any of these points, speak with an FCRA attorney to come up to speed on these rapido (that’s Spanish for “fast”).

Maryland requires consumer reporting agencies to register with the Office of the Commissioner of Financial Regulation if you “intend to conduct consumer credit reporting services in the State of Maryland.”

Last week I wrote about Rhode Island’s registration requirement (click here) for background screening companies … enter Maryland.

If you are a background screening company providing consumer reports on Maryland residents, please review COMAR 09.03.07 regarding the annual registration requirements for “consumer reporting agencies.”  The term “consumer reporting agency” is defined in Maryland Code, Commercial Law Article § 14-1201.  The scope of COMAR is as follows, “This chapter governs certain registration requirements and business operations of consumer reporting agencies who collect credit information and furnish consumer reports on residents of this State. The provisions of this chapter are to promote accuracy in consumer reports.”  COMAR requires, “A consumer reporting agency which issues consumer reports on residents of this State shall register with the Commissioner….”

As I said about Rhode Island, do not be lulled into complacency by use of the word “credit” as the definition of “consumer reporting agency” refers to an entity that “assembles or evaluates credit information and other information about consumers” for purposes of a consumer report.

Author’s note: COMAR refers to § 14-1201(f) for the definition of “consumer reporting agency” but it appears that this term if currently defined in § 14-1201(e)(1).

Happy Registration!