+1.877.796.2559 | Investors|

September 2014 Privacy Summary

By Nicolas Dufour | Mar 3, 2015 | Privacy Summary

Federal Developments

Credit Reporting
On September 10th, the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled, “An Overview of the Credit Reporting System, ” to “provide…a better understanding of the roles and responsibilities of the consumer reporting agencies, as well as the users and furnishers of consumer credit data.” The hearing panelists were:

  • Stuart Pratt, President and CEO of the Consumer Data Industry Association;
  • Howard Beales, Professor of Strategic Management and Public Policy at George Washington University;
  • John Ikard, President and CEO of FirstBank Holding Company, appearing on behalf of the American Bankers Association; and
  • Chi Chi Wu, Staff Attorney at the National Consumer Law Center.

http://financialservices.house.gov/calendar/eventsingle.aspx?EventID=392357

At the aforementioned hearing, Committee Ranking Member Maxine Waters (D-CA) introduced a draft bill entitled the “Fair Credit Reporting Improvement Act of 2014, ” which is intended to “enhance requirements on the consumer reporting agencies (CRAs), and furnishers that provide information to these CRAs, to guarantee consumers have the capacity to ensure that the information on their credit reports is accurate and complete.”

Specifically, the proposal would:

  • Restrict the use of credit reports for employment purposes;
  • Set a dollar amount that a CRA may charge a consumer for his or her credit report;
  • Require CRAs to provide consumers with a free annual credit or educational credit score upon request;
  • Remove from credit reports adverse residential loan information connected to “predatory mortgage lenders and servicers”;
  • Shorten by three years the “unreasonably long time periods that most adverse information can remain on a person’s credit report”;
  • Require furnishers to retain records related to adverse information for as long as such adverse information remains on a credit report;
  • Require CRAs to remove fully paid or settled debt, including medical debt, from credit reports; and
  • Require CRAs to remove adverse information on private education loans if the borrower makes consecutive, on-time monthly payments for a certain period of time.

http://democrats.financialservices.house.gov/FinancialSvcsDemMedia/file/003%20Maxine%
20Waters%20Legislation/09_09_2014%20WATERS_038_xml%20FCRA%20Draft.pdf

Rep. Kerry Bentivolio (R-MI) introduced H.R. 5479, which would, “amend the Fair Credit Reporting Act to require public disclosure of the method used to calculate consumer credit scores and inclusion of debt settlement agreements in consumer reports.”

Background Checks
On September 16th, Rep. Mike Kelly (R-PA) introduced H.R. 5482, the “Enhanced Security Clearance Act, ” which would expand government background checks to include an applicant’s “publicly available electronic information, ” including but not limited to that from social media accounts. The bill is similar to S. 1618, Sen. Susan Collins’ (R-ME) bill of the same name, introduced last October and reported out by the Senate Homeland Security and Governmental Affairs Committee on July 30th. In a press release, Kelly stated, “Especially in light of today’s anniversary of the Navy Yard shooting, it is critical that we remember the grave costs of security-related oversights and do not hesitate to take obvious and overdue action to save American lives.”
http://kelly.house.gov/press-release/rep-kelly-introduces-enhanced-security-clearance-act-2014

September 11 – WASHINGTON DC- Prosecutors say a former background investigator for the U.S. Office of Personnel Management has pleaded guilty to falsifying work on background investigations of federal employees and contractors. Prosecutors say Gina Adams of Glen Burnie, Maryland, pleaded guilty Thursday in federal court in Washington to a charge of making a false statement. Prosecutors say that in at least 10 reports on background investigations, Adams said she had interviewed a source or reviewed a record when she had not. Prosecutors say her false representations have required officials to reopen numerous background investigations. Adams is scheduled to be sentenced Dec. 18. She faces up to five years in prison.

On September 9th, The Washington Post reported that the Office of Personnel Management (OPM) will not renew any contracts with USIS, a background screening company that currently conducts the majority of background checks for federal security clearances, when the current contracts expire on September 30th. The company has garnered media attention following revelations that it conducted the background checks for former National Security Agency contractor Edward Snowden and Navy Yard shooter Aaron Alexis, as well as allegations in a whistleblower suit that USIS violated the False Claims Act by “dumping” 665, 000 background checks back to OPM that USIS knew were incomplete. Most recently, USIS suffered a cybersecurity incident that potentially exposed the personal information of thousands of federal employees. OPM did not respond to media requests for comment. USIS responded in a public statement that it is “deeply disappointed” with the decision but intends “to fulfill our obligations to ensure an orderly transition” and to “continue[] to provide high quality service to its many other valued government customers.”
http://www.washingtonpost.com/business/economy/opm-to-end-usis-contracts-for-background-securitychecks/2014/09/09/4fcd490a-3880-11e4-9c9f-ebb47272e40e_story.html

HIPAA
Sep. 23: DHS and the FBI warned that, “disgruntled and former employees pose a significant cyber threat to US businesses.
http://www.ic3.gov/media/2014/140923.aspx

On September 15th, The App Association sent a letter to Rep. Tom Marino (R-PA) requesting a “more sensible” approach to health privacy laws. In the letter, the signatories expressed concern regarding “a regulatory environment that has not kept pace with the rapid growth of technology that gives users greater access to healthcare providers and more control over their health information.” The signatories also request that the Department of Health and Human Services (HHS) “take a fresh look at the implementation of [HIPAA] to ensure that it better fits today’s mobile world.” Specifically, the signatories write that:

  • HHS should draft new Frequently Asked Questions responses to address concerns of mobile app developers;
  • HHS and the Office of Civil Rights (OCR) should update the Security Rule Guidance Material to provide better guidance regarding mobile standards and mobile implementation; and
  • HHS, OCR, and others should expand their outreach, including into “newly-forming health technology communities” and “developer-focused events.”

http://actonline.org/2014/09/mobile-health-industry-asks-for-hipaa-clarity-and-simplification/

International

Russia
September 5: A bill in Russian parliament would impose a Jan. 1, 2015, deadline for compliance with its recently enacted server localization statute.

European Union
Sep. 10: European Commission President Jean-Claude Juncker stated that he expects to finalize the EU’s data protection policy and US-EU Safe Harbor negotiations within the coming six months.

Court Cases

Background Checks
On September 16th, Canon Business Solutions, Inc. (Canon) settled a proposed class action alleging that Canon violated the Fair Credit Reporting Act by failing to provide an employee terminated because of findings on a background report with a copy of a background report obtained in connection with her hiring and a chance to dispute the accuracy of information contained in the report. When the lead plaintiff transitioned from a temporary employee at Canon to a full-time position, Canon asked if she had been convicted of a crime within the last seven years, to which she responded that she had not, after which Canon notified her that it had discovered a 12-year-old felony conviction on her background report and terminated her employment.
Anya McPherson v. Canon Business Solutions, Inc., No. 1:12-cv-07761 (D.N.J., Sep. 16, 2014).

On September 9th, a proposed class action was filed in a federal district court in Illinois against Home Depot seeking damages, restitution, and injunctive relief in connection with Home Depot’s unauthorized access to systems containing customer payment card information. Specifically, the complaint alleges that Home Depot failed to timely notify affected individuals of the breach and failed to uphold Payment Card Industry Data Security Standards; violated the Stored Communications Act by “failing to take commercially reasonable steps to safeguard sensitive private financial information”; breached its privacy policy contract with customers to secure personal financial information; and, as an alleged consumer reporting agency as defined under the Fair Credit Reporting Act (FCRA), committed both willful and negligent violations of the FCRA by failing to appropriately safeguard customers’ personally identifying information and resulting in expenses for remedial actions to prevent identity theft, attorneys’ fees, anxiety and emotional distress, “and other economic and non-economic harm.”
Michael J. Marko and Mike’s Inc., et al., v. Home Depot U.S.A., Inc., No. 3:14-cv-00981 (S.D. Ill., Sep. 9, 2014).

Privacy Policies
On September 5th, The Atlantic published an article entitled, “Why Privacy Policies Are So Inscrutable, ” which reviewed the online privacy policies of “the 50 most popular American websites.” The article’s authors, “gathered up and analyzed the 145, 641 words that make up” those privacy policies—“a text that’s about as long as The Grapes of Wrath”—and found that, “these policies tell you very little about the data these websites have on you.” The authors argue that website operators intentionally avoid providing consumers with certain information for two reasons: firstly, “to inoculate themselves against lawsuits and fines, ” and secondly, to dis-incentivize consumers from opting out of the “big business” of firms that, “cross-reference and synthesize data to create richly detailed profiles that can include purchasing habits, political affiliations, sexual orientation, religious beliefs, and medical history.” The authors assert that 34 of the 50 privacy policies they examined collect consumer data; further, 40 websites contract with third parties in some form regarding consumer information, and 9 of those 40 identify that third party by name. “This ambiguity surrounding consent, ’” the authors state, “becomes disconcerting when one considers what one is ‘consenting’ to, namely widespread data collection by third party companies.”
http://www.theatlantic.com/technology/archive/2014/09/why-privacy-policies-are-so-inscrutable/379615/

Please Note: The information contained herein is a monthly summary of the daily information provided by Arnall Golden Gregory LLP, an Atlanta firm servicing the business transactions and litigation needs of background check companies. The information described is general in nature, and may not apply to your specific situation. Legal advice should be sought before taking action based on the information contained herein. For more information about Arnall Golden Gregory LLP, please visit www.agg.com or contact Bob Belair at 202.496.3445 or robert.belair@agg.com.