August 2017 Screening Compliance Update

Federal Developments

FBI Biometric Database
On August 1st, the FBI issued a final rule in the Federal Register to amend its Privacy Act exemptions for the Next Generation Identification (NGI) System, which is a massive biometric database intended to help the FBI and other law enforcement partners in criminal investigations. The NGI System collects and retains an individual’s personally identifiable information (PII), fingerprints, possible criminal history, and has facial recognition capabilities. Under the finalized rule, which is effective August 31st, individuals will not be authorized to know if their biometric information is stored in the NGI System. According to the FBI, this is for security and logistical reasons since the FBI obtains most of its records from state and local law enforcement agencies and it would not be feasible to inform every citizen that their records are included in the NGI System.
https://www.federalregister.gov/documents/2017/08/01/2017-15423/privacy-act-of-1974-implementation

CFPB Action Against JPMorgan Chase Bank
On August 2nd, the CFPB took action against JPMorgan Chase Bank, N.A. for allegedly not having the appropriate processes in place for conducting checking account screening reports. Banks screen potential customers’ checking account reports from consumer reporting companies. Chase allegedly did not have the proper processes in place to verify the accuracy of the checking account screening reports, in violation of the Fair Credit Reporting Act. The CFPB ordered Chase to pay a $4.6 million penalty to the CFPB’s Civil Penalty Fund and implement changes to its policies. Specifically, the CFPB alleges that Chase: • Failed to have adequate processes to ensure the accuracy of the reported checking account information; • Failed to inform consumers about the results of investigations into their disputes; and • Failed to provide consumers with the name of the consumer reporting company that supplied any information that Chase used to deny a consumer’s checking account application.

State Department Moves Forward Plan to Collect Social Media Identifiers of Visa Candidates
The State Department filed a notice this week seeking comment on the agency’s plan to make permanent the collection of social media identifiers from individuals applying for visas to enter the U.S. The public comment period is open until October 2, 2017. The State Department previously requested emergency approval for the plan. EPIC opposed the State Department initiative, and in comments earlier this year, urged the agency to drop the plan. EPIC argued that the proposal threatens privacy, First Amendment rights, risked abuse, and would disproportionately impact minority groups.
https://epic.org/2017/08/state-department-moves-forward.html
https://www.federalregister.gov/documents/2017/08/03/2017-16343/60-day-notice-of-proposed-information-collection-supplemental-questions-for-visa-candidates

Notices from DHS and SSA
Three federal agencies are making changes that will impact end-user clients.

SSA has a revised Form:
An updated Consent Based SSN Verification Form SSA-89 (Rev 04-2017) from the SSA was released on 6/26/17. End-Users have until year end to make the transition to the new document. CBSV is the superlative personal identifier validation methodology as it matches Name, SSN, DOB, and Death Indicator to the SSA Master File and Death Index for any business purpose.

DHS has a revised Form:
An updated Form I-9 for Employment Eligibility (version 07/17/17 N) from USCIS (part of DHS) was launched 7/7/17. End-Users should use the revised version or continue using Form I-9 with a revision date 11/14/16. On Sept. 18th, employers MUST use the revised form with a revision date of 07/17/17 N

FCRA Liability Harmonization Act
When Congress returns from its August recess immediately after the Labor Day Holiday keep an eye on the House Financial Services Committee as they may hold a hearing and markup the FCRA Liability Harmonization Act (H.R. 2359). The legislation, introduced by Rep. Loudermilk (R-GA), seeks to cap class action lawsuits for noncompliance with the Fair Credit Reporting Act. The total recovery (excluding attorney’s fees) would be $500,000 or 1% of the net worth of the entity.
AGG Compliance Newsflash by Montserrat Miller – http://www.jdsupra.com/legalnews/compliance-news-flash-49217
https://www.congress.gov/bill/115th-congress/house-bill/2359/actions

Court Cases

Data Breach Case
On August 1st, the U.S. Court of Appeals for the District of Columbia Circuit ruled that customers of CareFirst have legal standing to sue the health insurance company for a 2014 data breach that exposed customers’ personally identifiable information (PII). The U.S. District Court for the District of Columbia previously dismissed the class-action against CareFirst on the grounds that a data breach is not sufficient to establish “substantial risk of future harm” for the class members to sue the CareFirst. The Appeals Court reversed this decision by ruling that CareFirst put its customers at an increased risk of identity theft. The case is Chantal Attias, et al. v. CareFirst, Inc., et al., case number 16-7108, in the U.S. Court of Appeals for the District of Columbia Circuit.
https://www.cyberscoop.com/carefirst-customers-granted-right-sue-2014-cyberattack/

FCRA Case
Recently a federal court in Florida issued a couple of opinions related to allegations of non-compliance with the stand-alone disclosure requirement of the Fair Credit Reporting Act (FCRA) and a related claim of obtaining a consumer report without proper authorization, against a healthcare organization. The case involves the FCRA required disclosure and authorization, the issue of standing and the Spokeo decision. The Court certified the class and dismissed Defendant’s motion for summary judgment and recently stayed any further deadlines to allow the parties to enter into settlement discussions. Plaintiff alleged the following deficiencies with the FCRA-required disclosure and authorization, which amounted to extraneous language: (i) inclusion of the business logo of the consumer reporting agency; (ii) blank lines for “Organization Name” and “Account”; (iii) the name and address and phone number of the consumer reporting agency; (iv) a false statement that a copy of “A Summary of Your Rights Under the FCRA” was attached; (v) various disclosures relating to state law; and (vi) a broad authorization requiring Plaintiff and the putative class members to forego their legal rights. On this latter point it is unclear what is meant here as there is no release of liability in the disclosure and authorization. It could be that Plaintiff is referring to agency record release language. The Court stated, “Plaintiff has statutorily-created rights under the FCRA to receive a clear and conspicuous stand-alone disclosure.” It is important to note that the Court has not determined specifically what, if any, of this language is extraneous. On the issue of whether the violations rise to the level of a willful violation of the FCRA the Court said that is a question for the jury and not to be decided at this stage of the proceedings. The Court also pointed out that the Defendant “simply used” a form provided by a third-party background check vendor. The case is Graham v. Pyramid Healthcare Solutions, Inc., Case 8:16-cv-01324 and the Court’s decision was issued June 28, 2017.
AGG Compliance News Flash by Montserrat Miller – http://www.agg.com/SnapshotFiles/8ea3768f-798c-4032-b218-52ffa9abd7c7/Subscriber.snapshot?clid=38228e40-b0c7-4635-9a36-4098035f6480&cid=d8ce77a3-d1a5-495d-b9e4-34ab0bfbc3b3&ce=bHNHiAllz%2fdBLBZCH0FgsItyaoQ5RmUsSrUaOQut2Z8%3d

CoreLogic Reaches Settlements in Records Spats
CoreLogic National Background Data, LLC has agreed to a pair of settlements in two Virginia federal court actions alleging that the wholesale criminal record data provider harmed job candidates by misattributing others’ crimes to them, according to Monday court filings. James O. Hines Jr. and Carolyn Witt asked for preliminary approval of deals that will see each class member in their respective actions receive more than $100, saying the matters accusing NBD of violating the Fair Credit Reporting Act by failing to make sure it was supplying complete public record information were unusual and hard-fought, so the settlements — which collectively took seven conferences to secure — are an excellent result. “The settlement is an excellent result considering the contentiousness of the litigation, the novelty of some of these issues, and the lengthy settlement process,” both settlement approval memorandums said. “The terms of the settlement, as well as the circumstances surrounding negotiations and its elimination of further costs caused by litigating this case through trial and appeal, satisfy the strictures for preliminary approval.” In Hines’ suit, class members will receive at least $150 in connection with claims that NBD incorrectly reported sex offenses on consumers’ records without including the offender’s age or date of birth, which would have shown that the job candidate wasn’t the person who committed the crime. The Hines settlement also includes “industry-changing injunctive relief,” requiring NBD to change the matching criteria it uses to generate consumer reports intended for employment purposes. Specifically, for searches that NBD’s customers indicate are for employment purposes, the company won’t include any records that don’t match the candidate by either Social Security number, address or birthdate, according to the Hines memo. This is important because NBD is a leader in the background-screening field and routinely speaks and teaches at conferences, meaning this change will impact the industry as a whole, the Hines memo said. As for Witt’s action, class members are due at least $115 based on similar allegations stemming from consumer reporting agency CoreLogic SafeRent, LLC’s sale of Virginia criminal records to sister company NBD that ultimately ended up in the hands of prospective employers. Under both deals, class members are only releasing their statutory and punitive damages claims, the settlement memorandums noted, explaining that the consumers can still pursue all other remedies under the FCRA, including actual damages and any attorneys’ fees incurred in the process of pursuing those allegations. Critically, class members will also receive a substantive notice designed to educate them about their rights and benefits under the settlements, which is important because they might not even know that these companies exist, since the records they provide are resold to so-called reseller consumer-reporting agencies, which in turn rebrand the reports and sell them to employers. These deals are great results for the class, especially considering the fact that the defense was “stalwart,” Hines and Witt noted, saying the matters were easily the “hardest fought” class counsel has ever litigated. Class counsel, Consumer Litigation Associates PC and Francis & Mailman PC, will seek up to roughly $3.2 million in fees in the Hines matter and no more than approximately $1.2 million in the Witt suit. Each class representative will ask for up to $10,000 as a service award, according to the settlement agreements. The first suit was the proposed class action stemming from NBD’s sale of sex offender records, which was originally brought by a man named Tyrone Henderson in February 2012. Hines entered the litigation later that year and ultimately, it was decided that Henderson wasn’t a member of the class, so he decided to pursue an individual case and isn’t part of the settlement, the Hines settlement memo explained. According to the dispute, NBD provides data to reporting agencies like Verifications Inc., ADP Screening and Selection Services and HR Plus, which then resell the information to employers. However, the consumers alleged, NBD violated the FCRA in the process by failing to maintain strict procedures to ensure that the public records it provided were complete and up to date and by failing to notify consumers when such records were provided about them. Hines asserted that NBD sabotaged an employment opportunity for him by reporting that he was a registered sex offender in Indiana when he’d never even been to the state, according to court filings. The suit has been vigorously litigated for more than five years, Hines said in his settlement memo, with the parties recently going back and forth over class certification. Witt filed her suit in June 2015, with Henderson and Hines originally serving as two of her co-plaintiffs. But Senior U.S. District Judge Robert E. Payne cut them from the action in January 2016, finding that their claims in the Witt suit fell outside the FCRA’s statute of limitations. According to Witt, the public records attributed to her concerned one or more individuals who weren’t her but had a similar name, leading to a consumer report that incomprehensively said she had an extensive criminal history, according to her suit. The suits are Henderson et al. v. CoreLogic National Background Data, LLC, suit number 3:12-cv-00097, and Witt v. CoreLogic SafeRent, LLC et al., suit number 3:15-cv-00386, both in the U.S. District Court for the Eastern District of Virginia.
https://www.law360.com/cybersecurity-privacy/articles/956629/corelogic-reaches-settlements-in-records-spats?nl_pk=b14f4c91-6e5c-4e22-832d-ef92edafbeed&utm_source=newsletter&utm_medium=email&utm_campaign=cybersecurity-privacy&read_more=1

S2Verify Reached Settlement Agreement of Class Action Lawsuit
S2Verify has agreed to settle a class action lawsuit in a Northern District of California for $1,090,750. The Plaintiff alleged that S2Verify the background report provided to his prospective employer included past arrests that did not result in a conviction that were older than seven years, in violation of 15 U.S.C. § 1681c(a)(2). During discovery, S2Verify admitted that during the time frame at issue, it made exceptions to the FCRA prohibition on reporting obsolete information for clients who were placing employees in “sensitive” positions by giving those clients access to the stale data until March 2014. While the FCRA allows this type of “obsolete information” to be included where a consumer report is prepared in connection with “the employment of any individual at an annual salary which equals, or which may reasonably be expected to equal $75,000, or more,” there is no exception provided based on the type of position for which an employee applies. The national class of approximately 4,500 includes individuals who were the subject of an S2Verify report for nine different companies from June 2013 through February 2014 and whose reports included any arrests, charges, or indictment information that did not result in a conviction that were older than seven years.

Seventh Circuit Affirms Dismissal of FCRA Class Claims Based on Job Application Credit Reports Due to Lack of Standing
In yet another appellate court decision signaling the strength of the United States Supreme Court’s 2016 Spokeo decision, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a pair of putative class actions against Time Warner Cable, Inc. (“TWC”) and Great Lakes Higher Education Corporation (“Great Lakes”) alleging Fair Credit Reporting Act (“FCRA”) violations because plaintiff job candidate failed to plead an injury sufficient to establish Article III federal standing post-Spokeo. Plaintiff Cory Groshek (“Plaintiff”) filed the pair of suits alleging that TWC and Great Lakes violated the FCRA by requesting consumer credit reports on him as part of the job application process without complying with 15 U.S.C. section 1681b(b)(2)(A). That provision bars prospective employers such as TWC and Great Lakes from obtaining consumer reports for employment purposes unless (a) a clear and conspicuous disclosure has been made in writing to the job candidate at any time before the report is procured, in a document that consists solely of the disclosure that a consumer report may be obtained for employment purposes (commonly known as the “stand-alone disclosure requirement”); and (b) the job candidate has authorized in writing the procurement of the report. According to Plaintiff, TWC and Great Lakes did not provide clear and conspicuous disclosures, and as a result, the authorization he provided permitting the companies to obtain consumer reports was invalid. The trial court agreed with TWC and Great Lakes’ arguments that Plaintiff had not suffered a concrete injury over Plaintiff’s claims that he suffered concrete informational and privacy harms. In light of Spokeo, the Seventh Circuit analyzed whether “the common law permitted suit in analogous circumstances,” and whether the alleged statutory violation presented an “appreciable risk of harm” to the concrete interest Congress sought to protect via statute. In a concise opinion, the Seventh Circuit found that Plaintiff’s claims did not confer Constitutional standing to bring suit in federal court based on either analysis. Initially, the Seventh Circuit analyzed cases Plaintiff cited as examples of standing being offered in similar circumstances. However, the court found that the injuries alleged in those cases were dissimilar and that the harms Plaintiff claimed to have suffered did not rise to the level of concreteness. For example, the court pointed out, Plaintiff presented “no factual allegations plausibly suggesting that he was confused by the disclosure form or the form’s inclusion of a liability release, or that he would not have signed it had the disclosure complied with [the FCRA].” Further, because Plaintiff “admits that he signed the disclosure and authorization form,” he could not rely on the conclusory allegation that the authorization was invalid and thus could not “maintain that he suffered a concrete privacy injury.” The Seventh Circuit also looked to Congress’ intent in enacting the FCRA. The court recognized that the disclosure requirement in the statute was “clearly designed to decrease the risk of a job candidate unknowingly providing consent to the dissemination of his or her private information,” while the authorization requirement was intended to allow job candidates to prevent unwanted violations of privacy by withholding consent. However, Plaintiff’s allegations boiled down to the fact that TWC and Great Lakes’ disclosure forms “contained extraneous information,” and he did not claim that the information caused a misunderstanding, that the lack of the information would have caused him to withhold consent, or that he was unaware a consumer report would be obtained. Thus, Plaintiff “alleged a statutory violation completely removed from any concrete harm or appreciable risk of harm.” Although there is no indication that the tide of privacy-based suits will ebb anytime soon, decisions such as the Seventh Circuit’s indicate that defendants may be able to obtain early dismissals, where plaintiffs allege nothing more than bare procedural violations. In addition, courts’ continuing adherence to a test analyzing prior common law remedies and Congressional intent means that defendants can make a more informed analysis of plaintiffs’ potential standing prior to engaging in motions practice.

Spokeo v. Robins Inc.
On August 15th, the U.S. Court of Appeals for the Ninth Circuit ruled in favor of Thomas Robins in Spokeo v. Robins. The ruling came after the U.S. Supreme Court asked the Ninth Circuit to more closely assess whether Robins actually suffered a “concrete and particularized” injury. According to the original complaint, Robins alleges that data aggregator Spokeo violated the Fair Credit Reporting Act (FCRA) by publishing incomprehensive information on his profile which harmed his employment prospects and emotional well-being. In the decision, Judge Diarmuid O’Scannlain wrote that the errors on the part of Spokeo “do not strike us as the sort of mere technical violations which are too insignificant to present a since risk of harm to the real-world interests that Congress chose to protect with FCRA.” It is likely that the case will return to district court for litigation, although U.S. District Judge Otis Wright, who is overseeing the case, has not yet ruled as to whether it may proceed as a class action.

9th and 7th Circuit Courts Differ on the Question of Standing Case
On August 15th, the 9th Circuit released its opinion in the case of Robins v. Spokeo on remand from the US Supreme Court. Recall that the US Supreme Court remanded this case to the 9th Circuit to evaluate whether Robins had established a “concrete injury”. The 9th Circuit found that Robins had established a concrete injury in its attached opinion. Earlier this month in another FCRA case regarding extraneous information in a disclosure and authorization form the 7th Circuit found in favor of appellees in the cases of Groshek v. Time Warner and Groshek v. Great Lakes Higher Education. The district court in these cases granted Time Warner and Great Lakes Higher Education’s motions to dismiss for lack of standing and Groshek appealed to the 7th Circuit. On August 1st, the 7th Circuit affirmed the district court’s opinion (dismissing the case) because Groshek has not alleged facts demonstrating a real, concrete appreciable risk of harm.

Data Breach Case
On August 21st, the U.S. Court of Appeals for the Eighth Circuit affirmed the lower court’s decision to dismiss the case in Kuhns v. Scottrade, Inc., a consolidated data breach class-action lawsuit. According to the original complaint, Plaintiff Matthew Kuhns alleged that securities brokerage Scottrade Inc. violated its contractual obligations by failing to adequately protect customers’ personally identifiable information following a 2013 data breach. Scottrade argued that no customers actually suffered any injury because there were no cases of fraud that resulted in a financial loss. The lower court dismissed the case holding that the Plaintiffs failed to demonstrate concrete injury under Article III of the Constitution. The Eighth Circuit affirmed the lower court’s decision saying that “massive class action litigation should be based on more than allegations of worry and inconvenience,” but disagreed with the lower court’s claim that the Plaintiff did not have Article III standing. The case is Kuhns v. Scottrade, Inc., case nos. 16-3426 and 16-3542, in the U.S. Court of Appeals for the Eighth Circuit.
https://www.bloomberglaw.com/public/desktop/document/Matthew_Kuhns_Individually_and_on_behalf_of_all_others_similarly_?1503496443

Privacy Case
United States v. Microsoft deals with the validity of a warrant outside of the U.S under the SCA. In 2013, law enforcement issued a warrant to Microsoft requiring the Company to produce the contents of a customer’s email that was mostly stored on a server in Ireland. Microsoft only produced the information on the U.S. server arguing that the warrant did not extend outside of the U.S. The U.S. Court of Appeals for the Second Circuit ruled in favor of Microsoft holding that the SCA does not apply extraterritorially. The case has yet to be certified for review by the Supreme Court.
https://iapp.org/news/a/scotus-and-the-stored-communications-act-two-cases-that-could-mean-big-changes/

Another victory for medical marijuana users at work!
On 8/8/17, a federal district court judge in Connecticut concluded that federal law does not preempt a Connecticut state statute that prohibits employers from firing or refusing to hire someone who uses marijuana for medicinal purposes. The decision contains an excellent review of the state of the law in this area (including a footnote a listing all states that have laws prohibiting discrimination against employees who use medicinal marijuana). The case is Noffsinger v. SSC Niantic Operating Company, LLC, (D. Conn. 8/8/17).

• No federal law preemption: In Noffsinger, a nursing home rescinded a candidate’s job offer as a director of recreational therapy after she tested positive for marijuana in pre-employment drug screening — even though she provided evidence that a marijuana product was prescribed to treat her PTSD and that she only took the drug at night before bedtime and was not under the influence of marijuana at work. The nursing home filed a motion to dismiss arguing that the Connecticut law was preempted by several federal laws, including the Controlled Substances Act (CSA) (which makes it a federal crime to use, possess or distribute marijuana), the ADA and the Federal Food, Drug and Cosmetic Act (FFDCA).
• Federal laws do not regulate employment decisions: The court rejected arguments that the CSA preempts the Connecticut law’s employment protection provisions on the ground that the CSA does not make it illegal to employ a marijuana user and, in fact, does not “purport to regulate employment practices in any manner.” The court similarly rejected arguments that provisions of the ADA addressing drug testing and illegal drug use preempt the Connecticut law because the ADA provisions do not expressly state that an employer may prohibit an employee from the illegal use of drugs outside of the workplace. The court reasoned that just because the ADA permits employers to engage in drug testing, this does not mean that it was intended to preclude the States from adopting legislation prohibiting employers from taking adverse acting against someone who fails a drug test. The court also emphasized that there was no evidence that the candidate’s medicinal use of marijuana would adversely impact her job performance.
• Being a federal contractor not a defense either: The court also rejected an argument by the nursing home that it was exempt from the Connecticut law because as a nursing facility it is subject to federal regulations that require compliance with federal laws and since the CSA prohibits marijuana use, the nursing home would be violating federal law by hiring the employee. The court abruptly dismissed this argument commenting that it “borders on the absurd,” stating that the act of merely hiring a medical marijuana user does not itself violate the CSA or any other federal law.
• Lessons for Employers: This is the second court decision in a month to conclude that state laws legalizing marijuana provide protections to employees in the workplace. Employers should anticipate that there will be additional pro-employee rulings in this regard. It may be time to review drug-testing policies, at least for those states with laws permitting the use of medical marijuana. In that regard, in addition to Connecticut, the following states have medical marijuana laws that include explicit anti-discrimination protections in the workplace: Arizona; Delaware; Illinois; Maine; Nevada, New York; Minnesota and Rhode Island. Moreover, while the Massachusetts law does not contain employment discrimination provisions, the Supreme Judicial Court of Massachusetts recently ruled in Barbuto v. Advantage Sales & Marketing, LLC that employers may be required to accommodate a candidate’s or employee’s medical use of marijuana by, for example, modifying drug testing policies.

Employers can still decline employment if there is evidence that marijuana use could adversely impact job performance or create a safety risk. It also remains to be seen whether or not the Trump administration will make efforts to curtail this latest judicial trend as the administration has indicated that it remains committed to having marijuana classified as an illegal controlled substance.

LinkedIn Privacy Case
On August 14th, the U.S. District Court for the Northern District of California ordered LinkedIn to allow a third-party company to scrape data publicly posted by LinkedIn users. In May, LinkedIn sent a letter to hiQ labs, which creates software that uses public LinkedIn profiles to determine employees’ behavior, including when they might leave, ordering the Company to stop extracting data from its website. Following the letter, hiQ labs filed a lawsuit alleging that LinkedIn violated California antitrust laws by denying it access to publicly available data. The Court ruled in favor of hiQ saying that “hiQ unquestionably faces irreparable harm in the absence of an injunction, as it will likely be driven out of business.” The Court ordered LinkedIn to remove any technology preventing hiQ from accessing public profiles within 24 hours. According to a LinkedIn spokeswoman, the Company plans to challenge the decision.
http://www.reuters.com/article/us-microsoft-linkedin-ruling-idUSKCN1AU2BV

Verification of Employment Eligibility Verification Form (I-9)
A recent government investigation related to the employment eligibility verification form (aka the “Form I-9”) demonstrates the cost of non-compliance with immigration law requirements tied to a company’s workforce. The fast food chain Panda Express agreed to settle a Department of Justice investigation and was fined $400,000 and required to create a $200,000 fund to provide back pay to affected employees in addition to training human resources personnel on the requirements of the Immigration and Nationality Act’s non-discrimination provision. Panda Express’ issue was tied to re-verification of existing employees work authorization and potential discrimination based on an employee’s citizenship or national origin status. The misdeed? Panda Express required lawful permanent resident workers to re-establish their work authorization when their Permanent Resident Cards expired – which is not permissible. Individuals presenting an unexpired Permanent Resident Card do not need to have their work authorization re-verified in section 3 of the Form I-9 when the document expires.
AGG Compliance Newsflash by Montserrat Miller – http://www.jdsupra.com/legalnews/compliance-news-flash-49217

State Developments

San Francisco Enacts Salary History Law
Following the lead of other states and cities, on July 19, 2017, San Francisco Mayor Ed Lee signed the “Parity in Pay Ordinance” into law. The Ordinance, which takes effect on July 1, 2018, prohibits San Francisco employers from asking job candidates about their salary history or from considering earnings information in determining whether to hire an candidate and what salary to offer them. The stated purpose of the law is to narrow the salary gap between men and women in the city. According to the Findings in the Ordinance: “In San Francisco, women are paid 84 cents for every dollar a man makes, according to the 2015 United States Census Bureau report. Women of color are paid even less. African American women are paid only 60 cents to each dollar paid to men. Latinas are paid only 55 cents to each dollar paid to men.” “Salary” is defined as “an candidate’s financial compensation in exchange for labor, including but not limited to wages, commissions, and any benefits.” “Salary History” means “an Candidate’s current and past Salary in the Candidate’s current position, or in a prior position with the current Employer or a prior Employer.” “Inquire” means any direct or indirect statement, question, prompting, or other communication, orally or in writing, personally or through an agent, to gather information from or about an Candidate, using any mode of communication, including but not limited to application forms and interviews.” The Ordinance includes the following prohibitions:

• An Employer shall not Inquire about an Candidate’s Salary History.
• An Employer shall not consider an Candidate’s Salary History as a factor in determining what Salary to offer an Candidate. This prohibition applies even if, absent an Inquiry from the Employer, the Candidate discloses Salary History to the Employer.
• An Employer shall not refuse to hire, or otherwise disfavor, injure, or retaliate against an Candidate for not disclosing his or her Salary History to the Employer.
• An Employer shall not release the Salary History of any current or former employee to that person’s Employer or prospective Employer without written authorization from the current or former employee.

The Ordinance does not prohibit an Candidate from voluntarily disclosing Salary History following an Employer’s initial salary offer in order to negotiate a different salary or prohibit an Employer from considering that candidate’s Salary History in determining a counter-offer. The Ordinance will be enforced by the Office of Labor Standards Enforcement. When a violation has occurred, OLSE may issue a warning and notice to correct or a penalty of $100, $200, or $500. Penalties for violating the law begin on January 1, 2019.
http://www.lexology.com/library/detail.aspx?g=b1afe92e-7098-44a1-a107-26066703beeb&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+General+section&utm_campaign=ACC+Newsstand+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2017-08-02&utm_term

Ind. – Council Panel Votes to Weaken Ban the Box Ordinance
An Indianapolis City-County Council Committee in August voted unanimously-though with reluctance-to weaken the city’s so-called “ban the box” ordinance, which prohibits city vendors from asking about their job candidates’ prior criminal history. Members of the Metropolitan and Economic Development Committee said they felt forced to approve a new measure as the result of a new state law, which preempts Indiana municipalities’ authority to put in place such regulations. The City-County Council passed the city’s “ban the box” law in 2014.
http://r20.rs6.net/tn.jsp?f=001mky9FWuzN41jL9cWb-ZLTrKXS4__SSDAC-XTgYwWfFWhcew4MCVNvxFeh7sGIIUMzDO7bC2jHYRwt5DRdE_i7lc0rVVrOWU9Eh4eggWPse3DhiAkUC8RICTixdVv9f9hy38ihlygCpX1gcxqFtRCom6N3kG0Kbyvci8Ps8pdfVyR-niFqt7H1Q-6KJCJO1F1hYymAVVOz-WLBG194wpDa73FEdlRLppBSPt_7qD2HV3KRqbCJdaUBLFYNRouvEk4&c=Oqov2TtqOgE5PRSRwqhhhj1Iz0j1lfuyk6qqvauqGwMrvPuK_8fP7g==&ch=KdXdTiq8Ism_6EOenggXP0vofZ02yL6OkLARjglLpOpw8QUBk_H41Q

Delaware Bans Compensation History Inquiries
On June 14, 2017, Delaware Governor John Carney signed into law a bill that amends Delaware’s Code relating to unlawful employment practices to prohibit employers from (i) engaging in salary-based screening of prospective employees where prior compensation must satisfy certain minimum or maximum criteria or (ii) seeking the compensation history of a prospective employee from the prospective employee or a current or former employer (the “Law”). Under the Law, “compensation” is defined broadly to include wages, benefits, or other compensation. Similar to the New York City salary history ban, employers are not prohibited from discussing and negotiating salary expectations, so long as employers avoid asking for a prospective employee’s compensation history. Additionally, after an employment offer has been made and accepted, and compensation terms have been extended and accepted, the Law allows for the confirmation of a prospective employee’s compensation history. Any such compensation confirmation must be authorized by the employee in writing. The Law adds to a growing wave of bans on compensation history inquiries. Similar restrictions have been enacted in Massachusetts (eff. July 1, 2018), Oregon (eff. October 9, 2017) and Puerto Rico (eff. March 8, 2018), as well as in New York City (eff. October 31, 2017), Philadelphia, and most recently, San Francisco (eff. July 1, 2018). Philadelphia’s pay history ban was supposed to take effect May 23, 2017, but the City delayed its enforcement in light of a legal challenge by the Chamber of Commerce for Greater Philadelphia. The law is not yet being enforced by the City.

DE: https://legis.delaware.gov/json/BillDetail/GenerateHtmlDocument?legislationId=25599&legislationTypeId=1&docTypeId=2&legislationName=HB1
NY: http://www.ebglaw.com/content/uploads/2017/05/Act-Now-Advisory-NYC-Mayor-Signs-Salary-History-Bill-Advisory.pdf
MA: http://www.ebglaw.com/news/massachusetts-passes-legislation-aimed-at-correcting-gender-related-pay-imbalances/
Philadelphia: http://www.ebglaw.com/content/uploads/2017/01/Act-Now-Advisory_Philadelphia-Law-Prohibiting-Salary.pdf and http://www.financialservicesemploymentlaw.com/2017/04/25/philadelphias-salary-history-law-temporarily-stayed-pending-lawsuit/

Delaware Data Breach Notification Law
On August 17th, Delaware amended its data breach notification law. Under the new law, which goes into effect in April 2018: (i) Companies are required to notify State residents affected by a data breach within 60 days and to notify the attorney general if it affects more than 500 residents; (ii) Medical and biometric data, usernames and passwords, passport numbers, financial routing numbers, and Individual Taxpayer Identification Numbers are now included in the list of protected personal data; and o Companies must provide one year of free credit monitoring services to any Delaware resident whose Social Security Number is compromised in a breach.

http://www.jdsupra.com/legalnews/compliance-news-flash-49217
http://legis.delaware.gov/BillDetail?legislationId=26009

Vermont Bans the Box on Criminal Records
Effective July 2017, Vermont joined the growing list of state and local jurisdictions to “ban-the-box” and limit employer access to a prospective employee’s criminal record. Eight other states (Connecticut, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, Oregon and Rhode Island) have removed criminal history questions from job applications for private employers. Vermont’s law generally prohibits an employer from requesting “criminal history record information” on initial employment application forms. “Criminal history record information” includes an individual’s arrests, convictions, or sentences. An employer is permitted to inquire about an candidate’s criminal history record during an interview or once candidate has been deemed otherwise qualified for the position. An employer who inquires about an candidate’s criminal history record information must afford the candidate an opportunity to explain the information and the circumstances regarding any convictions and post-conviction rehabilitation. Additionally, an employer may inquire about criminal convictions on an initial application if the candidate is applying for a position for which federal or state law creates a mandatory or presumptive disqualification based on a conviction for one or more types of criminal offenses or an obligation not to employ an individual who has been convicted of one or more types of criminal offenses. The questions on the application form must be limited to the types of criminal offenses creating that disqualification or obligation not to hire. An employer is permitted to inquire about criminal convictions even if that federal or State law also permits the employer to obtain a waiver that otherwise would allow the employer to employ such an individual. The employer does not have to provide the candidate an opportunity to explain his or her convictions and rehabilitation if the candidate is ineligible for the position under federal or state law. An employer who violates the law’s provisions faces a civil penalty of up to $100.00 for each violation.

Amendment to NY Fair Chance Act
Although New York City’s “ban the box” law, the Fair Chance Act (“FCA”), went into effect close to two years ago, the New York City Commission on Human Rights’ final regulations became effective on August 5, 2017. These regulations expand on the previously issued Enforcement Guidance (New York City Issues Enforcement Guidance Related to City’s Fair Chance Act) and both clarify and impose additional obligations on employers in screening candidates and existing employees for promotions. Through these final rules, the Commission significantly expands on per se violations, creates a discretionary mechanism to resolve per se violations by sending employers an Early Resolution Notice, and, most important, confirms that, while restrictions related to timing of statements and inquiries apply, employers are not required to engage in the FCA review process on arrests currently pending. Following are some significant changes employers should note in ensuring compliance with the FCA.

• It is a per se violation to use a standard boilerplate job application across multiple jurisdictions that requests or refers to criminal history, even with a New York City disclaimer;
• When engaging in the Fair Chance Process (the process by which an employer evaluates whether it wishes to withdraw a conditional offer of employment after learning of an candidate’s or employee’s conviction history), the employer must affirmatively request information concerning clarification, rehabilitation, or good conduct to rely upon in making its determination. The employer also must provide the candidate or employee with a complete and comprehensive copy of each and every piece of information relied on to determine that the individual has a conviction history (this includes, but is not limited to, background check reports, internet print outs, public records, and written summaries of oral conversations);
• Employers can be liable for a per se violation for inquiring about a pending criminal case before a conditional offer of employment is made;
• The regulations do not require employers to engage in the Fair Chance Process after making a conditional offer of employment if they learn the employee or candidate has a currently pending criminal case and the potential withdrawal of the offer is based solely on the pending criminal case and not the employee’s or candidate’s conviction history;
• While employers who seek to claim a Work Opportunity Tax Credit (“WOTC”) are not exempt from the FCA, such employers may require an candidate to complete IRS Form 8850 (Pre-Screening Notice and Certification Request for Work Opportunity Credit) and U.S. Department of Labor Form 9061 (Individual Characteristics Form) before a conditional offer as long as the information gathered is used solely for purposes of applying for the WOTC.
• While the regulations only require employers to undergo the Fair Chance Process when withdrawing an offer based on an employee’s or candidate’s conviction history (and not merely an employee’s or candidate’s criminal history), the regulations are inconsistent in that they do create a rebuttable presumption that an employer was motivated by an candidate’s criminal history if it revokes a conditional offer without following the Fair Chance Process.

Wash. – Seattle Approves Protections for Tenants with Criminal Records
Landlords will not be allowed to screen tenants based on their criminal records under a measure passed by the Seattle City Council. The ordinance unanimously approved Monday says landlords can’t screen a tenant based on arrests or convictions. Landlords also won’t be able to ask about or consider arrests that didn’t lead to a conviction. The law won’t apply to adult sex offenders. Supporters say the rise in online criminal background checks have made it harder for formerly incarcerated people to find housing and get back on their feet.
http://www.chronline.com/news/seattle-oks-protections-for-tenants-with-criminal-records/article_65f8da88-81dd-11e7-a7e0-d7fdb053e356.html

DC Metro-Area Nonprofits and Accommodating Medical Marijuana in the Workplace
The following briefly summarizes a nonprofit organization’s obligations in the District of Columbia, Maryland, and Virginia regarding the accommodation of an employee’s use of medical marijuana. As is typical of the region, the legal landscape shifts as you cross the Potomac River, and again as you cross Western Avenue.

• District of Columbia: The District of Columbia (DC) has legalized medical marijuana, but without any express provision protecting employees who use medical marijuana from “the denial of a right or privilege,” or any other such similar language. In the private sector, there are not yet any reported judicial decisions about whether an employer, including a nonprofit, must permit or otherwise accommodate an employee’s use of medical marijuana. In the public sector, the DC Department of Human Resources has issued guidance stating that a DC employee who has been “authorized by a licensed physician to use marijuana for medicinal purposes is permitted to do so in accordance with applicable laws, rules and regulations of their states of residence, provided such usage does not impair or otherwise impede his or her ability to safely carry out assigned duties and responsibilities.” It remains to be seen whether courts will apply this approach to the private sector.
• Maryland: Maryland also legalized the use of medical marijuana, with the express protection that qualifying patients, providers, caregivers, and growers may not be “denied any right or privilege for the medical use of cannabis.” Md. Code, Health-Gen §13-3313. How Maryland courts will interpret that clause remains to be seen. In the meantime, nonprofit employers should proceed with caution and consider engaging in an interactive process to attempt to accommodate an employee’s use of medical marijuana.
• Virginia: Virginia has not legalized medical marijuana. While some Virginia lawmakers have proposed such bills in the General Assembly, to date, none has garnered enough support to become law.

The proximity of these three jurisdictions to each other raises interesting potential questions. For example: Imagine that a Maryland resident who has been prescribed medical marijuana crosses into Virginia every day to work, is terminated for failing a drug test, and brings suit. Can that Virginia nonprofit terminate the Maryland resident for marijuana use that occurred and is protected in Maryland? While it is not yet clear where DC metro-area nonprofit organizations will find a comfortable space between the rock (where accommodating medical marijuana is required) and the hard place (where marijuana use for any purpose is illegal), nonprofits should revisit their policies and consult with legal counsel.

Recent Legislation
Recently enacted state legislation regarding background checks includes:

• North Carolina – S.B. 599 requires the State Board of Education to automatically revoke the license of a teacher without the right to a hearing upon receipt of a criminal record showing the teacher was convicted of certain crimes (http://www.ncleg.net/gascripts/BillLookUp/BillLookUp.pl?Session=2017&BillID=s599) ; and
• Wisconsin – S.B. 293 requires private schools participating in one of the State’s choice programs to conduct background checks on its employees and prohibits the schools from employing individuals who would be ineligible for a teaching license based on their criminal history (https://docs.legis.wisconsin.gov/2017/proposals/sb293)

What can employers do with regard to background checks and inquiries in New Hampshire?
Criminal records and arrests: Employers in New Hampshire are generally free to condition offers of employment on the satisfactory results of a criminal records check and to ask about criminal backgrounds on employment applications and in the recruitment process; however, they may ask only about pending arrests and convictions that have not been annulled. Schools, home healthcare agencies, residential care and treatment facilities (including nursing homes), and other entities that offer personal care services regulated by the New Hampshire Department of Health and Human Services are required to conduct criminal records checks when the position involves services or direct access to a vulnerable individual. The state legislature has attempted to restrict employers’ ability to use criminal background checks, but such bills have not been successfully legislated as of August 2015. It is worth monitoring state legislation to identify whether any new bills are introduced in 2016.

Medical history: It is unlawful for any employer to require an candidate or employee to undergo genetic testing or to affect terms of employment based on genetic testing, except in very limited circumstances (RSA 141-H:3).

Drug screening: No state-specific laws restricting or regulating an employer’s ability to impose pre-employment drug screens exist. However, one statute (RSA 151:41) requires healthcare facilities to have a written policy addressing drug testing and diversion prevention of controlled substances. Healthcare facilities include, without limitation, hospitals, doctors’ offices, home healthcare providers, outpatient rehabilitation centers, ambulatory surgical centers, urgent care centers, nursing homes, assisted living facilities, adult day-care centers, and hospice care facilities. The policy, which applies to employees, contractors and agents who provide direct patient care, must include procedures for drug testing, including, at a minimum, testing where reasonable suspicion exists. While not specifically required, pre-employment drug testing should probably be a part of the drug-testing program. As of 2013, New Hampshire has a medical marijuana law (RSA Ch. 126-X). The law is completely effective now that special dispensaries have begun to open around the state to make prescription cannabis available to qualified patients. The statute states that the law is not to be construed to require “any accommodation of the therapeutic use of cannabis on the property or premises of any place of employment” (RSA 126-X:3, III (c)). Further, the law does not “limit an employer’s ability to discipline an employee for ingesting cannabis in the workplace or for working while under the influence of cannabis” (id.). While these provisions are seen as helpful to employers’ efforts to maintain a drug-free workplace, no case decisions or administrative guidance exists on whether the statute will limit an employer’s rights to refuse employment or terminate the employment of qualified individuals who test positive on employer-mandated drug tests for marijuana, especially pre-employment drug screens.

Credit checks: No state-specific laws exist that restrict an employer’s use of credit checks in the hiring or employment process. However, there have been attempts in the state legislature to restrict this ability. Such bills have not been successfully legislated as of August 2016, but it is worth monitoring state legislation to identify whether any new bills are introduced.

Immigration status: New Hampshire law requires all employers to comply with federal law (RSA 275-A:4-a).

Social media: In 2014, New Hampshire passed a law, under which employers cannot:

• request or require candidates and employees to disclose login information to their personal social media and electronic accounts; or
• compel any candidate or employee to add anyone to his or her personal social media or electronic accounts or reduce the privacy settings on such accounts (RSA 275:74).

There are exceptions under the law to allow employers to:

• monitor employee use of the employer’s social media accounts and electronic systems;
• conduct certain workplace investigations;
• obtain access to accounts that were created by virtue of the employment relationship or that were paid or sponsored by the employer; and
• obtain information about an employee or candidate that is in the public domain.

The law applies to all employers.

Other: As of January 1, 2017, healthcare provider facilities licensed under New Hampshire law (RSA Chapter 151) are mandated to provide certain employment information regarding the misconduct and competency of an employee healthcare worker when requested by a prospective or current employer. If disclosure is done in good faith, the facility, as well as its employees and directors, will be immune from civil liability unless:

• the information disclosed was false; or
• the information was disclosed with the knowledge that it was false.

This new law applies to hospitals, long-term care facilities, ambulatory surgical centers, walk-in clinics, home health agencies, hospice facilities, labs, health services offered by schools, and adult daycare services with medical services for three or more individuals.

If an employer intends to require a new employee to execute a non-compete agreement as a condition of employment, the employer must provide the new hire with a copy of the agreement before the individual’s acceptance of the offer of employment. See the full text of the law below at section 7.3.1.

What can employers do with regard to background checks and inquiries in North Carolina?
Criminal records and arrests: No state legislation restricting background checks or inquiries into criminal records and arrests exists. Employers must comply with the Federal Fair Credit Reporting Act. Employers are prohibited from making candidates pay the cost of obtaining criminal records as a condition of hiring (N.C. Gen. Stat. § 14-357.1).

Medical history: No state legislation restricting inquiries into medical history exists. However, employers should be aware that it is unlawful for any employer with 25 or more employees to require any candidate to pay the cost of a medical examination or the cost of providing any records required by the employer as a condition of hire (N.C. Gen. Stat. § 14-357.1). The North Carolina Department of Labor takes the position that such records are not just medical records, but also any required records including, but not limited to, criminal records. Any employer that violates this section may be fined. It is the North Carolina Department of Labor’s position that Section 14-357.1 does not apply where the medical examination or records are required by law, rather than by the employer.

Drug screening: Employers are permitted to conduct drug screenings of prospective employees pursuant to, and in compliance with, the Controlled Substance Examination Regulation Act (N.C. Gen. Stat. § 95-230, et seq.) and the related regulations codified in 13 NCAC .0400, et seq., which include the following:

• At the time of providing a sample for testing, the prospective employee must be provided with written notice of his or her rights and responsibilities under the act.
• A preliminary screening procedure that uses a single-use test device may be used for prospective employees.
• Samples for prospective or current employees may be collected onsite or at an approved laboratory.
• If a screening test for a prospective employee produces a positive result, an approved laboratory shall confirm that result by a second examination of the sample, using gas chromatography with mass spectrometry or an equivalent scientifically accepted method, unless the prospective employee signs a written waiver at the time or after he or she receives the preliminary test result.
• Candidates and employees have a right to retest a confirmed positive sample at the same or another approved laboratory.
• A retest must be requested in writing, specifying to which approved laboratory the sample is to be sent.
• The candidate or employee is responsible for all reasonable expenses for chain of custody procedures, shipping, and retesting of positive samples related to this request.
• Employers are prohibited from imposing the costs of drug screening tests as a condition of hiring (N.C. Gen. Stat. § 14-357.1).

In addition, the Occupational Safety and Health Administration has issued a final rule which impacts drug testing in every state, and it is clear in the commentary to the final rule that blanket post-accident or injury testing is prohibited.

Credit checks: No state legislation restricting background checks or inquiries into credit histories for hiring purposes exists.

Immigration status: No state legislation restricting background checks or inquiries into immigration status exists. Employers with 25 or more employees are required to use E-Verify for all new hires (N.C. Gen Stat. § 64-25, et seq.).

Social media: No state legislation restricting the use of social media in background checks or inquiries for employment purposes exists.

Other: There is limited statutory immunity for employers that disclose truthful information about a current or former employee’s job history or job performance to a prospective employer. This immunity does not apply when the information disclosed by the employer was false and the employer knew or reasonably should have known that the information was false (N.C. Gen. Stat. § 1-539.12). North Carolina also has a blacklisting law prohibiting employers from preventing or attempting to prevent a discharged employee from obtaining employment (N.C. Gen. Stat. § 14-355).
http://www.lexology.com/library/detail.aspx?g=770402b7-8b02-4339-9445-5a80799088a3&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+General+section&utm_campaign=ACC+Newsstand+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2017-08-02&utm_term

What can employers do with regard to background checks and inquiries in Texas?
Criminal records and arrests: Texas requirements are generally the same as those under federal law. The federal Fair Credit Reporting Act may apply. Criminal background checks are required for certain employees of in-home service providers and residential delivery companies.

Medical history: Texas requirements are generally the same as those under federal law. The federal Americans with Disabilities Act and Genetic Information Non-discrimination Act may apply.

Drug screening: Texas requirements are generally the same as those under federal law. Private employers in Texas may adopt drug and alcohol testing policies for their workers.

Credit checks: Texas requirements are generally the same as those under federal law.

Immigration status: Texas requirements are generally the same as those under federal law.

Social media: The federal National Labor Relations Board has imposed strict requirements on employer policies addressing social media, but Texas imposes no unique requirements.
http://www.lexology.com/library/detail.aspx?g=c5376f2d-fd5a-426a-9c3e-1cb698935d95&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+General+section&utm_campaign=ACC+Newsstand+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2017-08-02&utm_term

What can employers do with regard to background checks and inquiries in Tennessee?
Criminal records and arrests: Tennessee has not passed any legislation regulating background checks and inquiries but does require that some employers check criminal conviction records (though not arrest records). Employers should be mindful of federal laws limiting the use of criminal and arrest records in employment decisions, however.

Medical history: Although no specific prohibition exists in the Tennessee Disability Act, employers are likely prohibited from checking medical history before employment, as with the Americans with Disabilities Act.

Drug screening: Employers that comply with the Tennessee Drug-Free Workplace Program are eligible for several workers’ compensation-related benefits. Private employers that wish to participate in the program must conduct:

• job candidate testing for drugs following a conditional offer of employment;
• reasonable suspicion testing of employees whose behavior indicates that they are using or have used drugs or alcohol in violation of the employer’s policy;
• post-accident testing;
• follow-up drug testing after treatment for drug or alcohol-related problems; and
• routine fitness for duty testing of employees, if such testing is required by the employer’s written policy.

Testing of public employees is subject to state and federal constitutional limitations. Positive tests must be verified by a confirmation test and by a medical review officer before an employer may discharge, discipline, refuse to hire, discriminate against, or request or require rehabilitation of an candidate or employee (T.C.A. § 50-9-101, et seq.).

Credit checks: Tennessee follows the legal rules set out in the Fair Credit Reporting Act and has not passed legislation prohibiting employers from pulling credit reports or from using such reports when making a hiring decision.

Immigration status: Under the Tennessee Lawful Employment Act, effective January 1, 2012, all employers in Tennessee are required to demonstrate that they are hiring and maintaining a legal workforce (T.C.A. §50-1-103(c) and § 50-1-701, et seq.).

Social media: Tennessee’s Employee Online Privacy Act of 2014 prohibits employers from:

• requiring or requesting that employees or candidates disclose passwords to personal online accounts;
• compelling employees or candidates to add them to their personal online account contact lists;
• compelling employees or candidates to access personal online accounts in their presence so that the employer can view the contents; and
• taking adverse action, failing to hire, or otherwise penalizing employees or candidates because of a failure to disclose such information or to take such actions (Tenn. Code Ann. § 50-1-1001, et seq).

Other: Eligibility to work verification requirements.

What can employers do with regard to background checks and inquiries in Illinois?
Criminal records and arrests: The Job Opportunities for Qualified Candidates Act (“Ban the Box Act”) prohibits most Illinois employers from considering or inquiring into a job candidate’s criminal record or history until after the individual has been determined qualified for the position and notified of an impending interview or, if the candidate will not be interviewed, until after a conditional offer of employment is made. The act does not preclude an employer from notifying candidates in writing of specific offenses that will disqualify an candidate from employment in a particular position due to federal or state law or the employer’s policy. Additionally, Illinois employers are prohibited from discriminating against candidates or employees on the basis of their arrest records.

Medical history: The Genetic Information Privacy Act prohibits employers from seeking or using genetic information for personnel-related reasons. The Illinois law is similar to the federal Genetic Information Non-discrimination Act, except that the Genetic Information Privacy Act is more expansive and covers employers with at least one employee. Additionally, the AIDS Confidentiality Act provides that no person may order an HIV test without first obtaining the documented informed consent of the subject of the test or the subject’s legally authorized representative.

Drug screening: Illinois has no statute relating to drug testing. However, the Illinois Human Rights Act explicitly states that it is not illegal for employers to require drug tests of employees who have or are in a drug rehabilitation program.

Credit checks: The Illinois Credit Privacy Act prohibits covered employers from inquiring about an candidate or employee’s credit history or obtaining a copy of his or her credit report. However, employers may inquire about an employee or candidate’s credit history for a position in which credit history is a “bona fide occupational qualification,” as defined in the act.

Immigration status: Although there are no explicit protections under Illinois law based on immigration status, the Illinois Human Rights Act, Cook County Human Rights Ordinance and Chicago Human Rights Ordinance all prohibit discrimination on the basis of national origin.

Social media: The Illinois Right to Privacy in the Workplace Act allows employers to access employees’ professional social media accounts. However, the act generally prohibits employers from requesting that any employee or prospective employee provide a password or other account information to enable the employer to gain access to an employee’s personal social networking accounts.

What can employers do with regard to background checks and inquiries in Indiana?
Criminal records and arrests: Non-criminal justice agencies and individuals may request a limited criminal history (including arrests) of an candidate for employment.

A non-criminal justice organization or individual that receives a limited criminal history may not use it for purposes other than those stated in the request, or that deny any civil right to which the subject is entitled.

Employers are prohibited from asking an employee, contract employee, or candidate whether the person’s criminal records have been sealed or restricted. An employer which violates this subsection commits a Class B infraction.

Any person who knowingly or intentionally uses limited criminal history for any purpose not authorized by statute commits a Class A misdemeanor.

Medical history: Indiana has no specific statute restricting inquiries into medical history in the employment setting. Private employers can generally test job candidates and employees for drugs, alcohol, and other controlled substances in accordance with the requirements of the Americans with Disabilities Act and the Indiana Civil Rights Act.

Drug screening: Indiana has no specific statute restricting drug tests. Private employers can generally test job candidates and employees for drugs, alcohol, and other controlled substances in accordance with the requirements of the Americans with Disabilities Act and the Indiana Civil Rights Act.

Credit checks: Indiana has no specific statute restricting credit checks in the employment setting. Private employers can generally perform credit checks on employees and candidates in accordance with the requirements of federal law, such as the Fair Credit Reporting Act and Title VII.

Immigration status: Indiana has no statute regarding immigration status that is generally applicable to private sector employers. However, all Indiana agencies and political subdivisions are required to use the federal E-Verify program to check the work eligibility status of all employees hired after June 30, 2011. After June 30, 2015, a public agency cannot enter into or renew a contract for a public works project with a contractor unless:

• the contract contains a provision:
  • requiring the contractor to enroll in and verify the work eligibility status of all newly hired employees of the contractor through the E-Verify program; or
  • that provides that a contractor is not required to verify the work eligibility status of all newly hired employees of the contractor through the E-Verify program if the program no longer exists; and
• the contractor signs an affidavit affirming that the contractor does not knowingly employ an unauthorized alien.

If a contractor uses a subcontractor to provide services for work, the contractor is performing under a public contract for services or a contract for a public works project. At the time of certification, the subcontractor must certify to the contractor in a manner consistent with federal law, that the subcontractor:

• does not knowingly employ or contract with an unauthorized alien; and
• has enrolled and is participating in the E-Verify program.

Social media: Indiana has no state laws protecting social media passwords in the employment context.

Other: An employer doing business in Indiana cannot:

• require an candidate for employment or an employee to disclose information about whether the candidate or employee owns, possesses, uses, or transports a firearm or ammunition, unless the disclosure concerns the possession, use, or transportation of a firearm or ammunition that is used in fulfilling the duties of the employment of the individual; or
• condition employment, or any rights, benefits, privileges, or opportunities offered by the employment, on an agreement that the candidate for employment or the employee forego:
  • the rights of the candidate or employee; or
  • the otherwise lawful ownership, possession, storage, transportation, or use, of a firearm or ammunition.

Employers may not require, as a condition of employment, that an employee or prospective employee refrain from using tobacco products outside the course of employment.

What can employers do with regard to background checks and inquiries in Arizona?
Criminal records and arrests: Arizona does not have a law prohibiting an employer from asking an candidate about prior arrests or convictions. However, the Arizona Attorney General’s Office has stated in a guide on permissible inquiries in a background check that, consistent with the EEOC’s guidance on the subject, such an inquiry must include a statement that “conviction will not be an absolute bar to employment” (See www.azag.gov/sites/default/files/documents/files/PRE-EMPLOYMENT_INQUIRIES.pdf). Employers must also have a basis for denying employment based on the candidate’s prior criminal conduct that relates to the connection between the job and the job requirements. Arizona’s fingerprinting and criminal history statute provides for the exchange of criminal justice information with any individual for any lawful purpose on submission of the subject’s fingerprints and the prescribed fee (A.R.S. § 41-1750(G)(4)). In certain banking-related professions, it is unlawful to provide a written employment reference that advises of the candidate’s involvement in any theft, embezzlement, misappropriation, or other defalcation that has been reported to federal authorities (A.R.S. § 23-1361(G)). However, Arizona statute states that:

“no bank, savings and loan association, credit union, escrow agent, commercial mortgage banker, mortgage banker or mortgage broker shall be civilly liable for providing an employment reference unless the information provided is false and the bank, savings and loan association, credit union, escrow agent, commercial mortgage banker, mortgage banker or mortgage broker providing the false information does so with knowledge and malice.” (Ariz. Rev. Stat. Ann. § 23-1361 (H).)

Employers should also remember to carefully comply with all Fair Credit Reporting Act requirements and technicalities, including the Ninth Circuit’s recent decision in Syed v. M-I, LLC, 2017 WL 242559 (9th Cir. 2017), which held that an employer violates the Fair Credit Reporting Act when it procures a job candidate’s consumer report after including a liability waiver in the same document as a statutorily mandated disclosure. Based on this case authority, any waiver of liability should be in a separate, standalone document.

Medical history: Covered entities, including employers, employment agencies, labor organizations, and joint labor-management committees, cannot conduct a medical examination or ask a job candidate whether they are disabled (A.R.S. §§ 41-1461(3), 41-1466(A)). An employer may inquire as to the ability of an candidate to perform job-related functions. After an offer of employment has been made but before employment begins, an employer may condition the employment offer based on the employee passing a medical examination if all employees are required to undergo such an examination, regardless of disability. An employer cannot request an examination or inquire about whether one of its employees is disabled; however, an employer can make an inquiry or request an examination if it is shown to be job-related and consistent with business necessity (A.R.S. § 41-1466(C)). An employer may conduct voluntary medical exams of its employees as a part of an employee health program. The definition of a “medical exam” excludes a test to determine the illegal use of drugs (A.R.S. § 41-1466(F)).

Drug screening: Arizona law does not impose any restrictions on drug and alcohol testing of employees per se. If an employer conducts drug or alcohol testing in compliance with A.R.S. § 23-493 et seq., it will gain “safe harbor” protection against employee lawsuits arising from the tests or test results.

Credit checks: Arizona’s version of the Fair Credit Reporting Act (A.R.S. §§ 44-1691 and following) requires employers to disclose to candidates if the employer relies on a report issued by a consumer reporting agency in taking adverse action (e.g., denying employment) against the candidate. An employer may be liable if it is grossly negligent or acts willfully and maliciously with intent to harm when using information from a consumer reporting agency for an employment purpose (A.R.S. § 44-1695(C)). This law is likely pre-empted by federal law (Loomis v. U.S. Bank Home Mortg, 912 F. Supp.2d 848, 854-55 (D. Ariz. 2012)).

Immigration status: As of 2016 no Arizona law restricts an Arizona employer’s ability to inquire as to the immigration status of a prospective employee. Arizona employers can have their business and operating licenses suspended or permanently revoked for intentionally or knowingly hiring unauthorized workers (A.R.S. § 23-211 and following). Additionally, Arizona employers must verify the employment eligibility of a new hire employee through the E-Verify program and maintain a record of verification for three years or the duration of the employee’s employment, whichever is longer (A.R.S. § 23-214). An employer should be mindful not to inquire about national origin in complying with these laws.

Social media: As of 2016, no Arizona law restricts an Arizona employer’s ability to review prospective employees’ social media information. However, employers should be mindful not to restrict employees’ social media usage in a manner that would violate the National Labor Relations Act.

What can employers do with regard to background checks and inquiries in Minnesota?
Criminal records and arrests: Minnesota has a “ban the box” law which prohibits all employers from inquiring about, requiring disclosure of, or considering an candidate’s criminal record or criminal history during the initial stages of the hiring process. However, once an employer selects an candidate for an interview or makes a conditional offer of employment, the employer may then inquire about the candidate’s criminal history (Minn. Stat. § 364.021). State law also mandates that employers of certain employee categories conduct criminal background checks before hiring candidates. These include healthcare workers, public school employees, apartment managers, and employees who have direct contact with persons served by state-licensed programs (Minn. Stat. §§ 144.057, 123B.03, 299C.66 to .71, 245C.03).

Medical history: Covered entities, including employers, labor organizations, and employment agencies, cannot conduct a medical exam or ask a job candidate questions about an employee’s physical or mental impairments or health before making a job offer. Any post-offer inquiry or exam must screen for essential job-related capabilities only (Minn. Stat. § 363A.20, subd. 8).

Drug screening: Minnesota’s Drug and Alcohol Testing in the Workplace Act is one of the most restrictive drug and alcohol testing statutes in the United States. Employers must have a policy that strictly complies with the act, and any testing must carefully follow the process outlined in the act or else the test will be invalid and the employer may be liable for damages to an employee harmed by an unlawful test. An employee who has a first positive test must be given the chance to complete treatment. In addition, an employee may not be fired for a first positive test unless the employee refuses to seek treatment or fails to successfully complete a treatment program. Testing may be performed in the following circumstances:

• pre-employment testing for candidates;
• with reasonable suspicion;
• treatment program testing;
• routine physical exam testing; and
• random testing for safety-sensitive positions (Minn. Stat. § 181.950-.957).

Credit checks: Minnesota’s Access to Consumer Reports Act (Minn. Stat. § 13C.001 – 13C.04) regulates an employer’s use of credit reports, similar to the federal Fair Credit Reporting Act. Minnesota requires that a prospective employer clearly and comprehensively notify candidates in writing if they will be the subject of a consumer credit report prepared by a consumer reporting agency. The disclosure must include a box that the candidate can check to receive a copy of the report. Additional notification is required if the report is used to make an adverse decision, such as refusing to hire the candidate. An employer is required to pay for the cost of any credit check on a current or prospective employee.

Immigration status: As of the end of 2015, there is no Minnesota law that restricts an employer’s ability to inquire about the immigration status of a potential employee. Minnesota requires that any contractor or subcontractor of the state which has been awarded a contract in excess of $50,000 must use the E-Verify federal system to verify employee work eligibility (Minn. Stat. § 16C.075).

Social media: As of the end of 2015, there is no Minnesota law that specifically restricts an employer’s ability to view potential employees’ social media information. However, Minnesota does have a Lawful Consumable Products Act, which generally prohibits an employer from taking any adverse action against an candidate or an employee for the use of lawful consumable products (e.g., alcohol or tobacco) while off the employer’s premises during non-working hours. Thus, employers should be cautious about taking any adverse employment action based on an individual’s lawful use of consumable products which may have been viewed on social media (Minn. Stat. § 181.938). Employers are also cautioned not to restrict employee use of social media in such a way as to violate the National Labor Relations Act.

What can employers do with regard to background checks and inquiries in Alabama?
Criminal records and arrests: There are no restrictions, subject to federal restrictions (the Fair Credit Reporting Act).

Medical history: There are no restrictions, subject to federal restrictions (the Americans with Disabilities Act).
Drug screening: Drug screening is authorized. There is a drug-free workplace law, but there is no specific regulation of drug testing in the workplace.

Credit checks: There are no restrictions on credit checks, subject to federal restrictions (the Fair Credit Reporting Act).
Immigration status: The Beason-Hammon Alabama Taxpayer and Citizen Protection Act requires employers to use E-Verify.

Social media: There are no state restrictions.

What can employers do with regard to background checks and inquiries in Colorado?
Criminal records and arrests: Colorado employers may not inquire about sealed records (C.R.S. §24-72-702). Otherwise, Colorado law does not restrict an employer’s use of criminal history records for both arrests and convictions. However, the Colorado Civil Rights Division states in its pre-employment Inquiries Guidelines that asking any questions about arrests may lead to a discriminatory inference and questions about convictions should be substantially related to the candidate’s ability to perform a specific job.

Medical history: The Colorado Code of Regulations prohibits pre-offer medical examinations and pre-employment inquiries as to whether an candidate is an individual with a disability (3 CCR §708-1:60.3). However, employers may condition an offer of employment on the results of a medical examination conducted before the employee begins employment, as long as all entering employees are subject to such an exam regardless of disability and the exam results are used only in accordance with Colorado law (Id.).

Drug screening: Colorado does not have a state law regulating drug and alcohol testing by private employers. However, employers should note that Colorado has legalized the use of marijuana for both medical and recreational purposes. The Colorado Supreme Court ruled that terminating an employee who used medical marijuana outside the workplace after he or she tested positive during a random drug test did not violate Colorado’s lawful activities statute (Coats v. Dish Network, LLC, 2015 CO 44 (2015)). The city of Boulder has an ordinance related to alcohol and drug testing (Boulder Rev. Code §12-3-1 to 5).

Credit checks: Colorado’s Employment Opportunity Act, C.R.S. §8-2-126, restricts the use of consumer credit information by employers. Generally, employers may not require or request a credit report as a condition of employment, unless the employer is a financial institution, the report is required by law, or the report is substantially related to the employee’s current or potential job and is disclosed in writing to the employee.
“Substantially related to the employee’s current or potential job” means the information in a credit report is related because the position:

• constitutes executive or management personnel (or their professional staff) and involves one or more of the following:
  • setting the direction or control of a business, division, unit, or agency of a business;
  • a fiduciary responsibility to the employer;
  • access to customers’, employees’, or the employer’s personal or financial information other than which is customarily provided in a retail transaction; or
  • the authority to issue payments, collect debts, or enter into contracts;
• involves contracts with defense, intelligence, national security, or space agencies of the federal government; or
• is a bank or financial institution.

Immigration status: Colorado no longer has a state employment verification. Employers must comply with federal law. (See C.R.S. §8-2-122).

Social media: Colorado employers may not suggest, request, or require that an employee or candidate disclose any user name, password, or any other information that provides access to the individual’s personal accounts or personal electronic communications devices. Employers also may not compel an employee or candidate to add anyone as a “friend” or to his or her list of contacts and may not require, request, suggest, or cause an employee or candidate to change his or her privacy settings associated with a social networking account. Finally, employers cannot discharge, discipline, or discriminate against any employee or candidate for refusing or failing to disclose such information. A few exemptions exist related to conducting workplace investigations regarding compliance with applicable laws or the unauthorized downloading of the employer’s proprietary information (C.R.S. §8-2-127).

Other: Colorado law prohibits employers from terminating an employee for engaging in any lawful activity off the premises of the employer during non-working hours. There are exceptions when such a restriction relates to a bona fide occupational requirement or is necessary to avoid a conflict of interest with any responsibilities to the employer or the appearance of such a conflict of interest (C.R.S. §24-34-402.5).

Privacy Policy
Nevada has passed a law requiring website operators to post a privacy policy on commercial websites that collect personal information. The law goes into effect October 1, 2017. If you operate a commercial website viewed by Nevada residents this is for you. As a general rule, all companies that operate a commercial website should have a privacy policy explaining their treatment (e.g., collection, use, disclosure) of consumer or customer personal information. California and Delaware have similar laws.
AGG Compliance News Flash by Montserrat Miller – http://www.agg.com/SnapshotFiles/8ea3768f-798c-4032-b218-52ffa9abd7c7/Subscriber.snapshot?clid=38228e40-b0c7-4635-9a36-4098035f6480&cid=d8ce77a3-d1a5-495d-b9e4-34ab0bfbc3b3&ce=bHNHiAllz%2fdBLBZCH0FgsItyaoQ5RmUsSrUaOQut2Z8%3d
NV: https://www.leg.state.nv.us/Session/79th2017/Bills/SB/SB538_EN.pdf
CA: https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf
DE: http://delcode.delaware.gov/title6/c012c/index.shtml

Gov. Christie Vetoes Legislation Barring Salary History Inquiries
On July 21, 2017, New Jersey Governor Chris Christie vetoed legislation that would have amended the New Jersey Law Against Discrimination to prohibit employers from requesting salary history information from prospective employees. The legislation had passed easily though the State’s Democratically controlled Senate and Assembly, with votes along party lines. With the upcoming gubernatorial election in November, employers may expect to see the bill revived and quite possibly enacted – particularly if the next governor is a Democrat.
http://www.lexology.com/library/detail.aspx?g=6ff29bc7-ecd9-401a-9c98-6d0be2d70eac&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+General+section&utm_campaign=ACC+Newsstand+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2017-08-03&utm_term

International Developments

UK Data Protection Bill
The UK Parliament is expected to introduce a data protection bill in September, which would replace the UK Data Protection Act of 1998 and incorporate the EU General Data Protection Regulation (GDPR) into UK law. The new legislation will aim to facilitate cross-border data flows between the UK and EU post-Brexit by implementing rules similar to the GDPR for UK businesses. The bill is expected to “modernize and update data processing operations used by law enforcement agencies,” have consumer protections such as the right to be forgotten and the deletion of social media information when children turn 18, and update the powers and available sanctions of the Information Commissioner’s Office.
https://www.infosecurity-magazine.com/news/uk-data-protection-bill-september/

UK Data Protection Bill
On August 7th, the UK’s Department for Digital, Culture, Media & Sport released “A New Data Protection Bill: Our Planned Reforms” which highlights major reforms for its new Data Protection Bill. According to the Department, the three main objectives for the new Data Protection bill are maintaining trust with UK citizens regarding their personal information, continuing uninterrupted cross-border data flows with other countries, and using data to help law enforcement’s efforts to protect citizens. The UK’s planned reforms include: • Expanding the definition of ‘personal data’ to include IP addresses, internet cookies and DNA; • Requiring explicit consent in order to process sensitive personal data; • Making it easier to withdraw consent for the use of personal data; • Allowing parents and guardians to give consent for their children’s data to be used; and • Bringing the EU’s General Data Protection Regulation into UK law.
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635900/2017-08-07_DP_Bill_-_Statement_of_Intent.pdf

What can employers do with regard to background checks and inquiries in the UK?
Criminal records: While criminal records checks are not normally mandatory, pre-employment screening is mandatory for people to be employed in a ‘regulated activity’ – broadly involving work with children and provision of health and other care. Subject to certain exceptions (including individuals working in regulated positions, such as within financial services), a person who has been convicted of a criminal offence but does not re-offend during a ‘rehabilitation period’ (which depends on the offence and sentence imposed) is entitled to treat himself or herself as having a clean record (i.e., the conviction is ‘spent’).

Medical history: Under the Equality Act 2010, it is unlawful for employers to ask questions about health and disability before making a job offer – with some limited exceptions. Employers can ask candidates information about their health (e.g., to complete a pre-employment health questionnaire or to attend a medical examination) after a job offer has been made. However, employers should consider whether this medical information is necessary.

Drug screening: Drug screening (whether as part of the recruitment process or during employment) is permitted, but can be undertaken only with the individual’s explicit consent. The use and application of drug tests should be justified, necessary and proportionate. Drug tests are therefore more common in safety-critical sectors such as transport or construction, or for roles where drug abuse risks compromising the integrity of the individual or position, or the recruiting organization (e.g., public sector roles such as police officers). The Information Commissioner’s Office (an independent body set up to uphold information rights in the United Kingdom) makes a number of recommendations in relation to drug testing – including, given the intrusive nature of the tests, that employers undertake and document an impact assessment.

Credit checks: Credit checks should be carried out only where they are relevant to the position for which an candidate has applied (e.g., where the position involves giving financial advice) or where financial difficulties could expose the employee to risks of bribery or other security risk.

Immigration status: Prior to allowing a job candidate to start work, employers should take the following steps to check whether he or she has the right to work in the United Kingdom:

• Require the job candidate to produce original documents from List A or B, indicating that he or she has the right to work in the United Kingdom;
• Check that the features of the documents meet the requirements set out in List A and B, that they appear to relate to the job candidate and that they are not forgeries; and
• Take copies of the original documents and certify them as true copies of the original documents (the individual certifying the documents must clearly sign, write his or her name and state the date on which the copy was taken).

Although it is not a legal requirement to check and retain copies of such documents, by doing so employers are provided with a statutory excuse (defense) against liability for a civil penalty for illegally employing a migrant worker. Copies of such documents should be kept for the duration of the person’s employment and for two years thereafter. However, an employer that checks and retains copies of documents confirming a worker’s right to work will not have a statutory excuse if it nonetheless knowingly employs an illegal migrant worker or has reasonable cause to believe that an employee does not have the lawful right to work in the United Kingdom.

Social media: This is permitted, but only where the screening is for a specific and good reason and is not arbitrary. The extent of the screening must be necessary and proportionate to achieve that reason. Employers using social media sites as part of a recruitment process should let candidates know this, and should explain what form these checks will take and why they are considered necessary. Candidates should ideally also be given an opportunity to comment on any information obtained via such checks if it may negatively influence the decision to offer them a job.

Other: If the position involves giving financial advice or if financial difficulties could expose the employee to risks of bribery or other security risk, a prospective employer may wish to check whether a county court judgment has been issued against the individual. A county court judgment is a judgment issued by the UK county courts when someone has failed to pay money that he or she owes.

What can employers do with regard to background checks and inquiries in Mexico?
Criminal records: Employers can freely ask any candidate and can also conduct legal searches with applicable authorities.

Medical history: Employers can freely ask any candidate.

Drug screening: Employers may require screening and would be obliged to secrecy. If positive, the employer must be careful not to deny employment solely on the basis of a positive result.

Credit checks: Credit checks are applicable.

Immigration status: It is an obligation to inquire about immigration status and to resolve all migratory issues before hiring a foreign candidate. If the Migration Institute realizes that foreign nationals are working without permission, employees may be subject to deportation and the employer would be liable to pay penalties and fees.

Social media: This is private information and direct involvement by an employer could be considered an offense.

Other: Employers can use any information that is publicly available, but must never pry or infiltrate social media, email or other closed personal accounts. Before offering employment, employees may be subject to drug screening and must sign a waiver. While recruiting, employers need to maintain objectivity and must never deny employment due to race, sexual preference, appearance, color, religion or other aspects that may imply discriminatory practices.

Miscellaneous

Data Localization Laws
U.S. companies are pushing back against foreign countries’ data localization laws.
https://www.usatoday.com/story/money/2017/08/12/more-u-s-companies-push-back-foreign-must-store-data-here-rule/558702001/

Please Note: Some of the information contained herein is a monthly summary of the daily information provided by Arnall Golden Gregory LLP, an Atlanta firm servicing the business transactions and litigation needs of background check companies. The information described is general in nature, and may not apply to your specific situation. Legal advice should be sought before taking action based on the information contained herein. For more information about Arnall Golden Gregory LLP, please visit www.agg.com or contact Bob Belair at 202.496.3445 or [email protected].