I recognize this is a few days late, but the content is still timely. Last month I attended the NAPBS Mid-Year Conference in Washington, DC both as an attendee and speaker. One session of particular interest to me was Maneesha Mittal’s presentation. Maneesha is the Associate Director of the Division of Privacy and Identity Protection at the Federal Trade Commission (FTC). Her team is the team that would bring an enforcement action against a background screening company for non-compliance under the Fair Credit Reporting Act (FCRA).
Below are the take-away points I found most helpful for purposes of my day to day practice advising background screening companies on their compliance with the FCRA:
- Reasonable security of data – Maneesha stressed the importance of “knowing your customer” when transacting with them and provided examples of companies who failed to maintain appropriate data security through reasonable procedures, and failed to ensure a permissible purpose to the reports (e.g., ACRAnet, Inc., SettlementOne Credit Corporation, Statewide Credit Services).
- The FCRA applies equally to social media when used for background screening purposes and she gave as examples the FTC letter to Social Intelligence Corporation and the ongoing Spokeo v. Robins case. For the Spokeo case, note that the U.S. Supreme Court granted cert. and will take up this important case next year. The Spokeo case goes to the issue of whether a plaintiff has to show actual injury in fact in order to have Article III standing, or whether a mere violation of the statute is sufficient to bring suit. Let’s hope the former and not the latter.
- Companies cannot disclaim liability under the FCRA and then proceed to sell information to employers which could be used for background screening purposes. As an example she cited the settlement against Filiquarian Publishing LLC, Choice Level LLC and their CEO for alleged failure to ensure that the information they sold was accurate and could only be used for a permissible purposes. In this matter, the maker of the mobile app claimed that users could use the app to conduct criminal background searches on individuals but used disclaimers stating that they were not FCRA complaint and that the products should not be used for employment screening purposes.
- Accuracy of the reports – reports with multiple entries listing the same offense are not acceptable. Basically, a data dump is not acceptable as it does not comply with the FCRA requirement to maintain maximum possible accuracy. As an example she cited the HireRight Solutions enforcement action and settlement.
- Consumer disclosures — have adequate staff to respond to consumer requests for their reports.
- Use of section 603(y) of the FCRA as a defense to litigation is on the rise. It is the FTC ‘s opinion that this section of the FCRA, which relates to investigations of suspected employee misconduct, is only intended to cover current employees and not job applicants. Stay tuned for potential guidance from the FTC on this point.
- U.S. based background screening companies doing background checks on international employees – the FCRA would apply.
- Regarding the amicus brief in Moran v. The Screening Pros tied to section 605 of the FCRA and the obsolescence rule for dismissals, this is an FTC “opinion” and not just a staff view as the Commission approved the FTC’s participation in the amicus brief.