+1.877.796.2559 | Investors|

August 2014 Privacy Summary

By Nicolas Dufour | Mar 3, 2015 | Privacy Summary

State Legislation

Background Checks
On August 4th, New York Governor Andrew Cuomo (D) signed S1885C/A2318D, which requires volunteer firefighter organizations to perform a background check on job applicants for sexual offense convictions. The bill would allow individual firefighting organizations to make an eligibility determination in certain circumstances based on the results of the background check. Cuomo stated, “Firefighters are often in a position where they serve and protect vulnerable members of their communities—which is why it is imperative that our volunteer firefighter organizations are staffed with highly qualified and dedicated individuals.”
http://www.governor.ny.gov/press/08042014-background-checks-volunteer-firefighters

Data Breach
On August 25th, the California legislature passed AB 1710, which, if signed by the Governor, would amend the state’s data breach law to require a person or business that may have exposed certain personal information to offer in its breach notification letter to affected individuals at least one year of “appropriate identity theft prevention and mitigation services” at no cost to the consumer if Social Security numbers or driver’s license numbers may have been breached. The bill would also prohibit the sale, advertisement for sale, or offer to sell an individual’s Social Security number except where such release is incidental to a larger transaction and is necessary to identify an individual in the interest of a legitimate business purpose. Finally, the bill would require that any business that maintains personal information that it does not own or license to “implement and maintain reasonable security procedures and practices” for such data (owners and licensees are required to do so under existing law).

International

Russia
President Putin signed a law requiring Internet companies to store Russian users’ personal data inside the country’s borders. The use of Russian data centers would make them subject to Russian laws on government access to information. The Kremlin said the law was aimed at “improving the management of personal data of Russian citizens on computer networks” and that companies that did not comply would be blocked. Politicians who introduced the bill had complained that data stored abroad was at risk of being hacked and stolen by criminals. The law could cause problems for Russian companies such as tourism websites and airlines that rely on foreign-based online booking services.

Russia’s Association of Electronic Communication (RAEC), a group that lobbies on behalf of internet companies, warned earlier this month that “many global internet services would be impossible” under the new law. Internet companies have also warned that the two years before the measures come into force is not sufficient time for them to find or build data centers on which to store the data.

Court Cases

Background Checks
July 30: A federal district court in Pennsylvania dismissed a class action accusing Rite Aid of violating the FCRA in conducting pre-employment background checks.

July 23: A putative class action was filed against Nine West Holdings, alleging that it violated the FCRA by conducting background checks on job applicants without express consent. Lead plaintiff claims in her class action lawsuit that when she applied to a Nine West retail location in New York City in August 2010, the online job application didn’t properly disclose the company’s intent to conduct a background check or provide clear authorization language to the applicant. “The inclusion of additional language into the authorization forms invalidates the purported consent requirements, ” the class action lawsuit alleges. “Following Plaintiff’s submission of the online application, Defendant … procured a consumer report regarding Plaintiff’s ‘police record check.’” Consequently, Nine West “has obtained consumer reports without proper authorization, because the authorization and disclosure form signed by plaintiff and other class members failed to comply with the requirements of the [Fair Credit Reporting Act], ” the class action lawsuit says.

According to the plaintiff, the Fair Credit Reporting Act (FCRA) requires the use of a stand-alone form for applicants to authorize the employer to conduct a background check, but Nine West embeds authorization language in their application with other information. The class action lawsuit also alleges that Nine West did not use the term “consumer report” in its job application as required by the FCRA. “Importantly, no extraneous information can be attached or included on the consent form, ” stresses the Nine West class action lawsuit. “The authorization and disclosure must stand alone.” The complaint explains further that “[b]y including the additional information/language … in its background check disclosure and authorization form, defendant willfully disregarded the FTC’s regulatory guidance and violated the FCRA.”

July 23: Two class actions were filed against Panera and AMC for allegedly violating the FCRA by conducting illegal background checks on potential employees. Panera LLC and American Multi-Cinema Inc. are forcing potential employees to sign off on illegal background checks by burying important information in wordy applications, a woman employed by both alleged in two nationwide class action suits filed in Florida

Miscellaneous
Aug. 18: Hearst Corp. opposed the Second Circuit reviving a defamation suit involving plaintiff claims that online news reports of criminal charges that were later dismissed should be revised or removed.

Please Note: The information contained herein is a monthly summary of the daily information provided by Arnall Golden Gregory LLP, an Atlanta firm servicing the business transactions and litigation needs of background check companies. The information described is general in nature, and may not apply to your specific situation. Legal advice should be sought before taking action based on the information contained herein. For more information about Arnall Golden Gregory LLP, please visit www.agg.com or contact Bob Belair at 202.496.3445 or robert.belair@agg.com.