Automatic Sealing of Criminal Records Takes Effect in PA
Governor Tom Wolf today participated in a press conference to celebrate the one-year anniversary of signing Clean Slate into law and to announce that automatic sealing of criminal records begins today.
These are people who have spent 10 years or more without reoffending or in some cases who were never found guilty or had their charges dropped. Pennsylvania has become number one in the nation, the first state to provide automatic sealing of certain low-level criminal records, eliminating the complicated and often prohibitive process of seeking a court order to seal a minor record in one fell swoop. Within a year’s time, 30 million of these records will be sealed in Pennsylvania’s court system, improving the lives of countless citizens and breaking down barriers to employment and productive lives. Around one-twelfth of those 30 million cases will be sealed each month, starting with the most recent cases. This means that all non-convictions from the past 10 years will be sealed over the next few months, before any convictions will be sealed. The courts will be generating individual orders when cases are sealed, which the people whose cases have been sealed can retrieve at the county courts if they would like to have them.
California Consumer Privacy Act Amendments Update
Since its inception, the California Consumer Privacy Act (CCPA) has been in a state of flux as dozens of proposed amendments have sought to modify the hastily-passed law. While numerous amendments have been proposed, even anticipated, time is running out for the California Legislature to amend the CCPA before the law’s effective date of January 1, 2020. The California Legislature’s term expires on September 13, 2019 and so any amendments must be passed by that date to be effective before January 1, 2020. On July 9th, the CCPA’s amendments picture got a little clearer as the California Senate Judiciary Committee advanced several amendments while also eroding and eliminating others. Below is a brief description of the status of some of the key amendments following the July 9th meeting.
Employee Exemption Advanced but Narrowed
AB 25, as originally drafted, excluded employees and job applicants from the definition of “consumer,” which would have essentially removed employee data from the CCPA compliance requirements. In response to push back from employee rights advocates, the Judiciary Committee narrowed the amendment to exempt employers from only certain obligations under the CCPA. Under the current draft, employers will still be subject to private actions by employees in the event of data breach and will still need to provide a privacy notice to employees but will not have to honor employee opt-out and deletion requests. However, the employee exemption is set to expire on January 1, 2021 and at that time businesses will again have to fully comply with the CCPA’s requirements with respect to employee data.
Disclosure Methods Amendment Eases Burden for Online-Only Businesses
AB 1564 seeks to modify the CCPA’s current requirement that all businesses provide, at minimum, two methods for consumers to submit access and deletion requests (toll-free number and website address). Past versions of AB 1564 completely removed the requirement of implementing a toll-free number, but the Judiciary Committee advanced a version of the bill which only exempts online-only businesses from the toll-free number requirement.
Loyalty Program Amendment Modified to Exclude the Sale of Personal Information
AB 846 clarifies that the CCPA’s anti-discrimination provision does not prohibit a business from running a loyalty or rewards program. The original substance of the amendment remains largely intact, and the bill advanced by the Judiciary Committee now includes a prohibition against the “selling” of information collected in connection with a loyalty or rewards program. If passed in its current form, AB 846 could have a significant impact on loyalty and rewards programs given the CCPA’s sweeping definition of “sale.”
Judiciary Committee Tables Amendment Easing Definitions of “Deidentified” and “Personal Information”
AB 873 would: (1) expand the definition of “deidentified” to include any information that “does not identify and is not reasonably linkable” to a consumer; and (2) narrow the definition of “personal information” to include only information “reasonably” capable of being associated with a consumer or household. AB 873 failed in the Judiciary Committee, but is being held for reconsideration, meaning that passage is still possible (albeit unlikely) before the legislature’s term ends on September 13.
Those bills which were advanced by the Judiciary Committee will now move to the Appropriations Committee and, if passed there, will go to the full Senate for a vote. While some businesses have taken a “wait and see” approach to CCPA compliance, the likelihood of any drastic legislative changes (e.g., a narrowing of the law’s broad definition of “sale”) is becoming smaller and smaller. Moreover, setting up the necessary CCPA compliance framework is a time-consuming and often challenging task. Therefore, businesses subject to the CCPA should begin compliance efforts as quickly as possible.
Illinois Amends Equal Pay Act to Ban Questions About Applicants’ Pay History
On July 31, 2019, Illinois Governor J.B. Pritzker signed into law an amendment to the state’s Equal Pay Act. The amendment, which is effective on September 29, 2019, prohibits employers from requesting applicants’ wage or salary history on employment applications and during the interview process, and forbids screening job applicants based on their wage or salary histories. Employers may not request this information either from the applicants themselves or from their current or former employers. Employers who violate the law may be subject to special damages up to $10,000, civil penalties of up to $5,000 for each violation, injunctive relief, and attorney’s fees and costs. Employers will not be penalized for obtaining an applicant’s wage or salary history if the applicant voluntarily provides such information during the application process. However, the employer may not consider this information in deciding whether to hire the applicant or in deciding the applicant’s wages or salary. Employers are not prohibited from asking applicants about their wage or salary expectations for the position. The theory behind the amendment is that women and minorities historically have received lower pay for performing the same work, and that when employers base new employees’ pay on the pay they received from their previous employers, they are perpetuating these inequities in pay. Currently, 17 states have passed laws to ban pay history inquiries. Illinois employers may consider reviewing their employment applications to ensure that they do not ask applicants about their compensation history. Even better, they can also coach those who conduct interviews and references to avoid any questions regarding pay history.
Pennsylvania Now Permits Medical Marijuana Use for Anxiety and Tourette Syndrome
On July 20, 2019, Pennsylvania expanded its list of 17 “serious medical conditions” that qualify for medical marijuana usage under the Pennsylvania Medical Marijuana Act (MMA) to now include anxiety and Tourette Syndrome. Previously, the MMA limited access to designated ailments like cancer, multiple sclerosis, post-traumatic stress disorder and inflammatory bowel disease, and terminal illnesses (defined as a life expectancy of 12 months or less). These conditions resulted in about 110,000 registered medical marijuana users under the MMA. Given the rates of diagnosis, the addition of anxiety as a qualifying condition is especially likely to increase the medical marijuana user population in the Commonwealth. According to the National Institute of Mental Health, about 19 percent of U.S. adults have experienced anxiety disorders in the past year, with anxiety manifesting at a higher rate for women than for men, and about 31 percent of U.S. adults experience anxiety disorders in their lifetime.1Tourette Syndrome, on the other hand, affects approximately 1 to 10 in 1,000 children. Employers should review their current drug-testing policies to ensure that they are prepared for a potential influx of medical marijuana users. To comply with Pennsylvania law, employers should clearly identify standards of conduct for their employees, ensure that adverse actions against applicants or employees are not based solely on an individual’s status as a medical marijuana user, and be mindful of the risks associated with failing to engage in an interactive dialogue regarding potential accommodations for medical marijuana use.
New York Enacts New Data Security Laws
On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents. The changes include expanding the scope of information covered by New York’s data breach notification law; defining breaches to include incidents involving unauthorized access to covered information, even where the information is not acquired; and requiring consumer reporting agencies who suffer breaches of social security numbers to offer up to 5 years of identity theft services. Businesses maintaining the private information of New York residents also will now be required to proactively develop “reasonable safeguards” within their organization as part of a new “reasonable security requirement.”
The “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) expands the types of information covered by New York’s data breach notification law by adding:
- Account numbers and credit or debit card numbers if compromised in circumstances where the numbers could be used to access the associated accounts without additional information;
- Biometric information, defined as unique physical or digital representations of biometric data “used to authenticate or ascertain” a person’s identity; and
- Online account credentials (username or e-mail address in combination with password or security question and answer).
The SHIELD Act also updates the definition of breach to include incidents involving unauthorized access to certain information about individuals. Under current law, breaches include only those incidents involving unauthorized acquisition of that information. The SHIELD Act establishes that in determining whether information has been accessed, businesses should consider whether the information was “viewed, communicated, with, used, or altered by” a person lacking authorization to do so.
The new law provides a risk-of-harm exception to the notification obligations for certain types of “inadvertent disclosures.” A business suffering a breach is not required to issue notice if the breach involved the inadvertent disclosure of covered information to unauthorized recipients and the business determines that the exposure is not likely to result in misuse of the information, financial harm to affected persons, or emotional harm to individuals if their online credentials were exposed. Businesses relying on this exception must document their assessment in writing and maintain it for five years. If the breach affects over 500 New York residents, the business must provide the low risk-of-harm assessment to the attorney general within 10 days.
Along with the changes to breach notification requirements, the SHIELD Act amends New York’s general business law to require businesses that own or license certain information about individuals to implement reasonable safeguards designed “to protect the security, confidentiality, and integrity” of the information. The SHIELD Act specifies a number of specific administrative, technical, and physical safeguards, including the requirements to perform risk assessments, manage third-party security risk, designate one or more individuals to coordinate the organization’s security program, and regularly evaluate the effectiveness of security controls that, if implemented, establish such reasonable safeguards.
The data breach notification amendments to New York law take effect on October 23, 2019. The reasonable security requirements take effect on March 21, 2020.
Along with the SHIELD Act, Governor Cuomo signed into law S3582, which imposes new obligations on credit reporting agencies that suffer security breaches involving social security numbers. Following such breaches, credit reporting agencies must provide customers with “reasonable” identity theft prevention services and (if applicable) identity theft mitigation services for up to five years at no cost to affected individuals. Credit reporting agencies need not provide such remediation services if they reasonably determine that a breach is unlikely to result in harm to affected consumers.
Columbia (South Carolina) Won’t Ask Criminal, Wage History on Initial Job Applications
The City of Columbia has passed a law that it will not ask for job seekers’ criminal history on initial employment applications, and it will encourage vendors that do business with the city to also eliminate criminal history from their applications. The new law also stipulates that the city will not ask for a prospective employee’s wage history when considering that person for a job. Columbia City Council unanimously passed final reading on the new law at an Aug. 6 meeting.
CCPA Privacy FAQs: Can a company decide whether to deidentify information or delete information if it receives a ‘right to be forgotten’ request?
The answer is Yes. The CCPA states that people have a right to request that a business “delete any personal information about the consumer which the business has collected from the consumer.”1Although the CCPA does not define what it means to “delete” information or specify how a business must carry out a deletion request, California courts are likely to accept at least two approaches to deletion.
First, a business that receives a deletion request may choose to erase, shred, or irrevocably destroy the entirety of a record that contains personal information. As part of that destruction, any personal information contained within the record will, necessarily, be “deleted.”
Second, California courts are likely to accept the anonymization or de-identification of information as a form of deletion. Among other things, a separate California statute (the “California data destruction statute”), which predates the CCPA, requires that businesses take “reasonable steps” to dispose of customer records that “contain personal information.” That statute recognizes that a customer record can be “dispos[ed]” of without its complete erasure by “modifying the personal information within the record to make it unreadable or undecipherable through any means.”3 As a result, if a business maintains a record, but modifies the portion of the record that contains “personal information” (e.g., deletes, redacts, replaces, or anonymizes name, address, Social Security Number, etc.) its actions conform to the California data destruction statute. A strong argument can be made that a business that complies with the destruction standard under the California data destruction statute should be deemed to be in compliance with the deletion requirements of the CCPA, and, as a result, the removal of the portion of a record that contains personal information is sufficient to “delete” such information. This approach is further supported by the fact that the CCPA expressly states that it does not impose any restriction on a business that “retain[s]” information that is “deidentified.” As a result if a business de-identifies a record by modifying the personal information within it such that the personal information is no longer associated with an identified individual, the further retention of the record (i.e., the record absent the personal information) is not prohibited by the CCPA.
It is worth noting that the use of de-identification or anonymization techniques to remove personal information from a record is also consistent with other California consumer protection statutes. Specifically, in 2015 California enacted a statute that required operators of websites and mobile apps directed towards minors to “remove” content that a minor posted on a website if requested (the California “Erasure Button Law”).6 The Erasure Button Law specifically states that a company is not required to “erase or otherwise eliminate” such information if “the operator anonymizes the content or information” such that it “cannot be individually identified.”
Fifth Circuit Deals a Blow to EEOC’s Criminal Record Guidance
On August 6, 2019, in Texas v. EEOC, the U.S. Court of Appeals for the Fifth Circuit dealt the EEOC a significant setback, largely affirming the district court’s decision that the EEOC violated the federal Administrative Procedure Act (APA) in issuing its 2012 Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964 (the “Guidance”).
The lengthy but often vague and unspecific Guidance sets forth the EEOC’s position that Title VII prohibits restrictive criminal record screening policies, and in most circumstances, mandates an individualized review of each applicant’s criminal record and circumstances. After the EEOC issued the Guidance, the State of Texas sued the EEOC to bar its enforcement against Texas, claiming that the Guidance interfered with the State’s authority and discretion to limit the hiring of felons into public sector jobs.
The District Court Decision
The district court granted summary judgment for the State of Texas on the issue of whether the Guidance was a substantive rule that ran afoul of the APA since it was issued without providing notice to the public and an opportunity to comment. On that narrow basis, the district court enjoined the EEOC from enforcing the Guidance unless and until it satisfied the APA’s notice and comment requirements. However, the district court also granted summary judgment to the EEOC, agreeing with the agency that “Texas did not have a right to maintain and enforce its laws and policies that absolutely bar convicted felons (or certain categories of convicted felons) from serving in any job that the State and its Legislature deemed appropriate.” Specifically, the district court held that “a categorical denial of employment opportunities to all job applicants convicted of a prior felony paints with too broad a brush and denies meaningful opportunities of employment to many who could benefit greatly from such employment in certain positions.” Finally, the district court denied the State of Texas’s request that the EEOC be enjoined from issuing right-to-sue letters for charges involving claims based on the charging party’s criminal history.
The Circuit Court Decision
On appeal, the Fifth Circuit confined itself to a narrower range of issues, but ultimately upheld the injunction and on a broader basis. The Fifth Circuit held that the Guidance was a substantive rule, and as such, the EEOC was enjoined from enforcing it at all because federal law does not authorize the EEOC to promulgate substantive rules to implement Title VII. In light of that threshold determination that the EEOC did not have power to issue the Guidance at all, regardless of whether it complied with the notice and comment requirements under the APA, the Fifth Circuit modified the district court’s injunction by striking the clause “until the EEOC has complied with the notice and comment requirements under the APA for promulgating an enforceable substantive rule.” Since the court decided that the EEOC could not promulgate the Guidance at all, the Fifth Circuit then declined to rule on the district court’s refusal to declare that Texas has a right to maintain and enforce its laws and policies that bar convicted felons from serving in any job it deems appropriate, or its refusal to enjoin the EEOC from issuing right-to-sue letters in relation to the denial of employment opportunities based on the criminal history of the job applicant, since these holdings were based on the Guidance in the first place.
The Fifth Circuit ultimately issued an unconditional injunction against the EEOC’s reliance on the Guidance as binding for any purpose against Texas. The court’s analysis will be welcomed by the employer community as opening an avenue to contest the EEOC’s vague Guidance under the APA. The timing is ideal because this area of the law remains fertile ground for discrimination claims. Relatedly, employers with criminal record screening requirements should continue to be mindful of the various obligations imposed by the fair credit reporting and “ban the box” laws.
Does Fifth Circuit Ruling Allow Employers to Discriminate Against Ex-Felons?
In 2012, the EEOC issued guidance stating that blanket bans on hiring employees with criminal records disproportionately impact minorities and instructing employers to ensure that their hiring policies link specific criminal conduct to the risks inherent to a particular position. The State of Texas challenged that guidance on the grounds that it should be allowed to categorically exclude felons from certain categories of public jobs and the District Court enjoined the EEOC from enforcing its guidance. Earlier this week, the Fifth Circuit sided with Texas and upheld the injunction. The court held that the EEOC didn’t follow the proper administrative rulemaking procedures when it issued the guidance (an esoteric process known as “notice and comment”) and, thus, could not enforce those rules. So, what does this mean for employers? Frankly, not much. The court explicitly did not decide whether the EEOC’s criminal background checks were a reasonable interpretation of the law, and only enjoined the EEOC from treating its own guidance as a binding rule in enforcement actions against the State of Texas. Employers should not assume that this decision makes it okay to use a criminal record as a litmus test. The EEOC has been aggressive in pursuing disparate impact claims based on background checks, and it is possible that it will continue to be even if it cannot treat its guidance as a binding rule. Nor does this case have any effect on any of the local or state “ban the box” laws that restrict asking job applicants about their criminal history (such as those in Austin and California). Employers should still evaluate applicants’ criminal records on a case-by-case basis. Doing so will help them stay in compliance with the law but may also prevent them from overlooking a qualified job applicant. After all, someone with a conviction for shoplifting is arguably not the best choice for a retail job, but someone caught drinking underage in college may be a great employee regardless.
Ninth Circuit Affirms Court’s Ruling in FCRA Dispute
On July 24, the U.S. Court of Appeals for the 9th Circuit affirmed a district court’s ruling that the FCRA did not require a consumer reporting agency (defendant) to examine disputed items on an individual’s credit report because the credit repair company—and not the individual—submitted the request to the defendant. Under the FCRA, consumer reporting agencies are required to assess disputed credit file items when a consumer notifies the agency directly. However, the court stated that the plaintiff did not play a part in drafting, finalizing, or sending the letters that the credit repair company sent to the defendant on his behalf, and therefore granted summary judgment in favor of the defendant, ruling that the defendant’s duty to reinvestigate the claims relied upon the plaintiff himself submitting the dispute notifications. On appeal, the 9th Circuit agreed with the district court that the defendant “did not act unreasonably” and was correct in entering summary judgment. “This case does not involve a letter sent to a consumer reporting agency by a consumer’s attorney,” the appellate court wrote in clarifying that the holding was limited to the facts of the specific case. “Nor does it involve one family member assisting another by sending a letter on the other’s behalf. It does not even involve a letter sent by a credit repair agency that a consumer reviewed and approved before it was submitted. We do not decide whether, in any of these circumstances, a consumer reporting agency would have a duty to reinvestigate. We only hold that, in this case, where [the plaintiff] played no role in preparing the letters and did not review them before they were sent, the letters sent by [the credit repair company] did not come directly from [the plaintiff].”
Ninth Circuit Rules that Facebook’s Facial Recognition Could Violate Biometric Law
On August 9, 2019, the U.S. Court of Appeals for the Ninth Circuit unanimously upheld certification of a class of Illinois Facebook users alleging that the social media giant’s facial recognition feature called “tag suggestions” violates the Illinois Biometric Information Privacy Act (“BIPA”). The decision is an important one for its interpretation of the Illinois law, for its discussion of the ways in which new technology shapes privacy risks and harms, and for its conclusion that plaintiffs can establish standing in this case solely based on violation of BIPA’s procedural requirements, without having to demonstrate that information about them was used in some more broadly harmful way.
Does Asking About Employee’s Alcohol Use Violated the ADA?
In Lansdale v. UPS Supply Chain Solutions, Inc., No. 16-4106 (July 23, 2019), the United States District Court for the District of Minnesota concluded that a jury had sufficient evidence to find that an employer’s discharge of an employee for suspected corporate credit card abuse following an investigation in which the employee was asked about his alcohol use and drinking habits did not constitute disability discrimination in violation of the Americans with Disabilities Act (ADA) or corresponding state law.
The employer had a policy prohibiting employees from using corporate credit cards for personal purchases and providing inaccurate expense reports. Following an audit that revealed discrepancies between the employee’s corporate credit card expenses and expense reports, the employer conducted an investigation. During the investigation, the employer interviewed the employee, who indicated that he had used his corporate card for personal charges in order to hide his alcohol consumption from his wife. During the interview, the employer asked the employee several questions about his drinking habits and how his drinking affected his health and family. The following morning, the employer discharged the employee.
The employee contended that he had been asked impermissible disability-related questions and that his employment had been terminated based on his responses. Under the ADA, an employer “shall not make inquiries of an employee as to whether such employee is an individual with a disability or as to the nature or severity of the disability, unless such examination or inquiry is shown to be job-related and consistent with business necessity.”
The court found that the jury had been provided sufficient evidence to find that, even if the questions posed to the employee had been disability-related inquiries, the inquiries had not caused the termination of his employment; rather, the employee’s acknowledgement that he had used his corporate credit card for personal use was a sufficient evidentiary basis for a jury to find that this admission by itself was the reason for the termination.
Additionally, while alcoholism may constitute a disability under the ADA and corresponding state laws, this case confirms that an employee so claiming must still establish that he or she had an impairment that substantially limited one or more major life activities, or that the employer regarded him or her as having such an impairment, and that it was a motivating factor in the termination decision.
Here, the court found that a reasonable jury, weighing the credibility of the witnesses—in particular, the employee’s own testimony about his alcohol consumption and how it impacted him, his wife’s testimony that he drank nightly, and his doctor’s testimony that he drank more than what was recommended (though the doctor never applied any diagnostic criteria or noted any serious concerns)—could have found that the employee failed to prove that he suffered from an impairment that substantially limited one or more of his major life activities, that the employer regarded him as having such an impairment, and that it was a motivating factor in the termination decision. In the end, the employee’s belated attempts to claim a disability to excuse his corporate credit card and expense report abuses were insufficient to establish a disability discrimination claim.
Accurate Adverse Reporting Not a Violation of FCRA, says 3rd Circuit
On August 15, the U.S. Court of Appeals for the 3rd Circuit affirmed summary judgment in favor of a credit reporting agency (CRA), concluding that the CRA did not violate the Fair Credit Reporting Act (FCRA) by reporting past negative incidents. According to the opinion, after struggling financially, a married couple missed payments on at least five credit accounts. The consumers allegedly resolved the late payments and filed complaints with the CRA arguing the continued presence of the late payments misrepresented the “real status of their credit.” Additionally, the consumers argued some of the “key factors” the CRA discloses to credit providers, “such as ‘[s]erious delinquency’ or ‘[a]mount owed on revolving [a]ccounts is too high,’ are misleading.” The consumers filed suit against the CRA, alleging a variety of federal and state law claims, including violations of the FCRA for failing to maintain reasonable procedures and failing to conduct a reasonable investigation into disputes. The district court granted summary judgment in favor of the CRA and the consumers appealed their FCRA claims. On appeal, the 3rd Circuit agreed with the district court, concluding the consumers must show their credit report contains inaccurate information to prevail on their claims, which the consumers failed to do. The panel noted the consumers admitted they made the late payments and did not allege the adverse information is more than seven years old. The panel concluded the consumers’ claim “is not that the information in their credit reports and disclosures is inaccurate, but rather that it is irrelevant,” which does not support their claims for a violation under the FCRA.
Employing the Formerly Incarcerated: A Global Perspective
Much attention has been focused recently on second-chance employment in the United States. But what is happening in other countries regarding employing the formerly incarcerated? Internationally, second-chance employment depends on a country’s background-check laws, data-privacy laws and laws banning discrimination on the basis of conviction history.
In Canada, while employers can typically obtain criminal-background checks on job applicants by meeting required criteria, such as getting the applicant’s consent to do the background check and giving proper notification that one will be conducted, some provinces have enacted laws that prohibit discrimination based on a criminal conviction.
In Europe, the focus tends to be on protecting an individual’s data, which can limit criminal-background checks and hinder second-chance employment.
In Hong Kong, an employer cannot obtain a criminal-background check on a job applicant without the applicant’s consent. But a company can make disclosure of a criminal conviction a condition of employment.
Roger James, an attorney in the London office of Ogletree Deakins, added that many countries, including Australia, the United Kingdom (U.K.), France and Germany observe the concept of “spent” convictions. If an offense is minor and the person has served his or her sentence, the conviction is considered spent, and employers can’t inquire about it. This concept protects employees and potential recruits from having to disclose old convictions to obtain most types of work. It is aimed at maximizing the potential of former prisoners to lead a law-abiding life and contribute positively to society—”something which is much less likely if they are unemployed,” James said. The length of time that must pass before a conviction becomes spent depends on the seriousness of the crime, with the most-serious offenses remaining disclosable indefinitely. James noted that Canada has a similar process but requires the ex-offender to pay a fee to get the criminal record suspended, although reform is being discussed. The principle of spent convictions does not provide relief to a former prisoner until the applicable period expires, but the first few months out of prison will likely determine whether a former inmate can reform and survive. U.K. government figures show just 17 percent of former prisoners in the U.K. are employed 12 months after their release. Research by the University of Manchester showed that 90 percent of employers were concerned that hiring an ex-offender might damage their business, staff dynamics or customer base. However, of those who employed an ex-offender, 60 percent reported that the experience was positive.
By contrast, in Australia, breaching the laws on spent convictions falls within the country’s employment discrimination legislation.
Many employers conduct online searches of job candidates, which is often another obstacle to second-chance employment. This can reveal past arrests and misdemeanors. James shared an example of a young man in Singapore: Celebrating a birthday, he left a nightclub drunk and leapt onto the roof of a taxi—all of which was filmed by the taxi’s dashboard camera and uploaded to social media. The man was fined $2,500 and lost his job, and his online “fame” made finding a new job difficult.
In South Africa, prison authorities recently suggested a novel approach to helping former inmates: Pay unemployed ex-offenders a social grant for a transition period to help steer them away from further crime.
In the United States, many states are considering new ways to promote second-chance employment, and President Donald Trump has expressed support for it.
Canada Begins Issuing Pardons for Cannabis Possession Convictions
Canada has begun issuing pardons for people who were convicted of simple possession of cannabis and do not have other criminal records. Canada became the first developed nation to legalize the use of recreational marijuana last October. Under the previous system, Canadians with a cannabis possession conviction had to wait five years before applying for a pardon and pay the parole board C$631 ($478), Lametti said. Those requirements have been removed under the new system.
Ontario Process for Police Record Check Has Undergone Substantial Reform
Outside of a few defined industries, most organizations are not obligated to obtain police record checks when screening employment candidates. However, depending on the nature of an organization’s business, police record checks may be crucial. In the recent past, there was no standardized framework for conducting police record checks. This landscape changed significantly when the Police Record Checks Reform Act 2015 (the “Act”) came into force in late 2018. The Act sets out a comprehensive and standardized approach governing police record checks in Ontario, including a 2-stage process for obtaining consent. Below is an outline of the key provisions of the Act, along with practical takeaways for employers seeking to conduct police record checks.
Types of Police Record Checks
The Act provides for three categories of police record checks. Each category of police record check authorizes the disclosure of additional information. Briefly stated, the checks will include the following types of information:
- Criminal Record Checks. Will contain criminal convictions and findings of guilt under the Youth Criminal Justice Act.
- Criminal Record and Judicial Matters Check. Will contain the information that is in a Criminal Record Check as well as outstanding charges, arrest warrants, certain judicial orders, absolute discharges, conditional discharges, and other records as authorized by the Criminal Records Act.
- Vulnerable Sector Check. Will contain the information that is in a Criminal Record and Judicial Matters Check as well as findings of “Not Criminally Responsible” due to mental disorder, record suspensions (pardons) related to sexually-based offences, and non-conviction information related to the predation of a child or other vulnerable person (i.e., charges that were withdrawn, dismissed or stayed, or that resulted in acquittals).
Notably, outside the Vulnerable Sector Check, the Act specifically restricts the disclosure of non-conviction and non-criminal records (such as arrests where no criminal charges were laid) as well as mental health information.
The Process to Request a Police Record Check
The Act contemplates a two-stage process for employers to obtain a police record check:
- The individual who is the subject of a police record check must provide his or her written consent (specifying which check is being consented to). The results of the police record check are then disclosed only to the individual who is the subject of the check.
- After receiving the information, the individual has the opportunity to determine if the police record check is in compliance with the Act and decide if he or she consents to the further disclosure to the organization requesting it. Only after this secondary consent will the police record check be provided to an employer or prospective employer.
However, it should be noted that pursuant to the regulations, and except for Vulnerable Sector Checks, there are certain limited exemptions from this two-step process (including for certain background check providers).
Takeaways for Employers
- Obligations under the Ontario Human Rights Code (the “Code”) – Police record checks can serve as a valuable tool for some organizations to scrutinize employees, prospective employees and volunteers. However, organizations need to be careful how they use them. Police record checks can be invasive and lead to unconscious discriminatory treatment. For example, the “Vulnerable Sector Check” includes disclosure of a criminal offence where the individual was ultimately found “not criminally responsible” due to a mental illness. Unfortunately, this could put employers in the unenviable position of acting on information in ways which could constitute discrimination under the Code. Notably, in Ontario, an employer cannot discriminate against an employee on the basis of a “record of offences” which is defined under the Code to mean (i) an offence in respect of which a pardon has been granted, and (ii) an offence under a provincial law (for example a speeding ticket under the Highway Traffic Act). As such, employers should ensure that any check which will reveal an employee’s record of offences is being performed where there is a bona fide reason to perform the check (i.e. where it is required and directly relevant to the particular position the employee will hold). To help avoid the above issues, organizations should consider whether or not police record checks are a necessary requirement or if other tools for screening applicants (such as reference checks, client feedback, interviews) are sufficient.
- The Principle of Consent – Similar to many other pieces of privacy legislation, the Act relies heavily on the principle of consent. In order to receive the information in a police record check, an employer may have to wait for a potential employee to provide consent twice. For employers, this could provide quite the dilemma. For example, it is not clear whether an individual’s refusal to consent to a police record check (or a particular level of examination) would be sufficient to withdraw an offer of employment. Given the speed at which most businesses move, the delay imposed by this process may be a significant impediment.
- Third Party Providers – Employers using third party providers to conduct these checks should confirm that their providers are following the Act’s requirements, including that the appropriate employee consents are being secured. Employers may also wish to consider using third party providers as it may alleviate the necessity for the second consent to be obtained.
- Privacy Obligations – Employers who conduct police record checks may find themselves in receipt of information which is highly personal and confidential. Employers should ensure that this information is kept extremely secure and only used for its specified purpose. Notably, the Act specifically forbids the further disclosure of information received by an organization. Organizations (or individuals) who willfully disclose the received information can be liable for a fine of up to $5,000.