The New York City Commission on Human Rights has issued legal enforcement guidance and FAQs clarifying some of the more ambiguous exemptions in the New York City “Stop Credit Discrimination in Employment Act,” as well as guidance on related recordkeeping obligations and penalties. The Act became effective on September 3, 2015. (For general information on the legislation, see our article New York City Limits Employers’ Use of Credit Information of Applicants, Employees.)
While the law generally prohibits employers from requesting and using consumer credit histories of New York City applicants or employees for employment purposes, the law establishes eight categories of exemptions and permits employers to request information in response to any lawful subpoena, court order, or law enforcement investigation. While some of the exemptions, such as those exempting individuals required to be bonded under city, state, or federal law, are self-explanatory, there has been much speculation as to the scope of others. The following is clarifying information issued by the Commission related to the more ambiguous exemptions:
- positions for which employers are required by law, regulation, or a self-regulatory organization to use an individual’s consumer credit history for employment purposes;
- Applies only to FINRA members with respect to employment decisions about people required to register with FINRA
- As the present time, only licensed mortgage originators would fall under the exemption based on state law requirements
- non-clerical positions that entail regular access to trade secrets;
- Trade secrets do not include, among other items, general propriety information such as handbooks/policies, recipes, formulas, customer lists, processed and other information regularly collected in the course of business or regularly used by entry-level and non-salaried employees and supervisor or managers of such employees
- positions with responsibility for funds or assets valued at $10,000 or more;
- Limited to executive-level positions with overall financial control of the company such as CFOs and COOs, but does not apply to all staff in a finance department
- positions with regular duties that allow the employee to modify digital security systems established to prevent the unauthorized use of networks or databases of the employer or the employer’s client
- Limited to executive-level positions with control over access to all parts of the company’s computer systems, such as a CTO or a senior IT executive, but does not apply to all individuals who may have access to a computer system or network or even all staff in an IT department
In these guidance documents, the Commission clarified that the exemptions should be narrowly construed, do not apply to entire employers or industries, and apply to positions/roles as opposed to individual applicants/employees. The FAQs specifically provide that the exemptions do not cover most low-level employees including, but not limited to, bank tellers, cashiers, salespeople, clerical workers, administrative staff, restaurant/bar workers, and private security employees. Furthermore, it provides even “honest” mistakes will result in liability.
Moreover, an employer claiming an exemption will be expected to prove by a preponderance of the evidence that the exemption applies. In doing so, an employer wishing to claim an exemption should inform the applicant or employee of the claimed exemption and keep a detailed log of all exemptions utilized for five years from the date the exemption is used. The log should include details regarding: (i) the exemption claimed; (ii) why the exemption is applicable; (iii) the name and contact information for all individuals considered for the exempted position; (iv) the job duties of the position; (v) the qualifications necessary to perform the position; (vi) a copy of credit history obtained for all individuals for whom the exemption was claimed; (vii) details on how the credit history was obtained; and (viii) details on how the credit history resulted in the employment action taken. The log may be required to be provided to the Commission upon request.
Finally, the guidance sets forth severe civil penalties for violations of the law (up to $250,000 for willful, wanton, or malicious violations, and up to $125,000 for other violations) in addition to other remedies available under the NYC Human Rights law. In assessing penalties, the Commission advises that it will consider the severity of the violation, number of violations, employer size based on headcount and revenue, as well as constructive or actual knowledge of the law.