As we look back on 2015, we are astonished at the remarkable developments both for our company and the screening industry here and around the globe.
Company Milestones & Achievements
ClearStar’s company leadership and world-class development team have generated an amazing 11 releases this year, furthering our best-in-class technology on behalf of our clients. Highlights include:
Composer – A new and better way to manage data, save time on the order review process, meet compliance requirements and produce clean, well-formatted reports.
Dashboard – A simple and seamless navigation providing an at-a-glance view of what’s happening with applicants, consistently updated with the most current and relevant information.
WebCCF Mobile App – An innovative solution for handheld devices that streamlines the drug test ordering process and helps eliminate the errors and hassles associated with traditional paper forms.
ClearStar Academy – A web-based hub of resources, learning materials and presentations to keep clients abreast of industry trends and our latest offerings.
Additionally, we deepened our relationship with important industry organizations such as NABPS. Kerstin Bagus, ClearStar Director of Global Initiatives, joined the board as an Associate Director, as Craig Caddell, ClearStar VP of CRA Solutions, stepped down after successfully serving as Associate Director for the prior two years.
We were also very proud to recently see our CIO/CISO Ken Dawson featured in CIO Review Magazine.
The article highlights our strong partnership with Oracle and honors us as one of the magazine’s 100 Most Promising Oracle Solution Providers.
Important Industry Developments
European Data Privacy
The European Commission is working to finalize the draft of the new General Data Protection Regulation (GDPR), which will replace the EU Directive and go into effect in early 2018. The GDPR aims to enhance the current Directive. A breach notification requirement and substantial penalties for non-compliance are expected. Data processors will have greater exposure in the GDPR. And entities not located or established in the EU or using servers in the EU may be subject to the GDPR if they involve the processing of EU resident data. The Regulation also obligates data controllers to adopt Privacy by Design principles.
Safe Harbor (EU – US Data Transfer)
Information should be coming out at the end of January on the status of a new data transfer mechanism from the EU to the US. Some agreements are in place in principle but several obstacles remain. An alternative to Safe Harbor is not a given and European regulators are expected to begin to take actions against companies after January, if appropriate data transfer mechanisms are not in place for transfers to the United States. We are seeing countries outside of the EU, such as Israel’s ILITA (Israeli Law, Information and Technology Authority) indicate Safe Harbor may no longer be used as a basis for data transfer to the US.
Supreme Court Decision in the Spokeo Matter is expected in 2016
On August 31st, 2015, Plaintiff Thomas Robins filed a brief with the U.S. Supreme Court arguing that he has standing to sue Spokeo, Inc. in a putative class action for alleged violations of the Fair Credit Reporting Act (FCRA) by publishing incomprehensive information about him. According to Spokeo, the plaintiff lacks standing because he has not suffered a “real-world” or actual injury based on Spokeo publishing incomprehensive information on the plaintiff. The plaintiff, however, relied on “centuries of common-law precedent” to argue he has standing. According to the plaintiff, “this court’s standing decisions, and separation-of-powers principles all disprove Spokeo’s claim that a ‘bare’ statutory violation without additional ‘real-world’ harm is not a cognizable injury, ” adding that “[n]o decision of this court holds that Article III bars Congress from creating personal legal rights and fashioning monetary relief to redress them in federal court.”
Regardless, the plaintiff argues he suffered the exact type of “real-world” harm that the statute is designed to protect, stating that “[a]s soon as Spokeo willfully invaded [the plaintiff’s] legal rights under the FCRA by creating a false report about him without using procedures mandated by the statute, he was entitled to statutory damages, ” explaining that “[h]is claim for those damages created a classic legal dispute over whether one party (here, Spokeo) owes another ([the plaintiff]) a fixed sum of money. Spokeo’s failure to compensate [the plaintiff] is a monetary — or wallet — injury.” Spokeo Inc. v. Thomas Robins et al., No. 13-1339 (S. Ct., Aug. 31, 2015).
Several parties filed amicus brief with the US Supreme Court in the matter. Fifteen law professors filed an amicus brief in support of Plaintiff’s position, urging the Court to not dismiss the plaintiff’s lawsuit against Spokeo, Inc. for violations of the FCRA after allegedly publishing incomprehensive information about him. According to the professors, the Ninth Circuit properly rejected Spokeo’s argument that its “people search engine” did not cause actual harm to the plaintiff to establish standing. Additionally, the professors express concern over how consumer reporting agencies would react if the Ninth Circuit decision were reversed. According to the amicus brief, “[t]he FCRA’s consumer transparency requirements and remedial provisions were designed to encourage steady improvement in consumer reporting practices and to relieve pressure on public enforcement authorities, ” adding that, “[Spokeo’s] claim that [the plaintiff] cannot pursue it for its violations of the FCRA would unravel that bargain, preserving consumer reporting agencies’ broad immunity from suit while diminishing incentives to handle data fairly.”
Spokeo, Inc. v. Thomas Robins et al., No. 13-1339 (S. Ct., Sep. 8, 2015).
Additionally, The Center for Democracy and Technology filed an amicus brief arguing that the “private right of action is a vital part of [the] FCRA” and the CFPB filed an amicus brief where it expressed support for the plaintiff’s standing to sue, arguing that a plaintiff can show the “injury in fact” requirement for Article III standing “by demonstrating an invasion of his own legally protected interests” as long as the plaintiff can show the invasion was “actual and concrete.”
Numerous state attorneys also general filed an amicus brief arguing that consumers should have the ability to sue a company under the FCRA for “disseminating incomprehensive personal information that is used to make decisions about credit, housing, insurance or employment.”
Since then, many FCRA lawsuits have been placed on stay until a decision is rendered in the Spokeo matter. The decision is relevant to the background screening industry with the increasing number of lawsuits filed by Plaintiffs attorneys in recent years.
The Supreme Court heard oral arguments in the case on November 2, 2015. A link to the transcript can be found here.
From what transpired out of oral argument appears to favor the Defendant Spokeo: a majority of the court appears ready to dismiss FCRA lawsuits premised on a statutory violation and nothing else. What is less clear is the specific grounds on which the case would be reversed and whether or not the ultimate decision would be limited to the FCRA. A decision is expected in the first quarter of 2016.
CFPB Enforcement Action Against GIS and e-backgroundchecks.com
On October 29th, the Consumer Financial Protection Bureau (CFPB) announced a settlement with “two of the largest background screening report providers, ” requiring them to pay $13 million for alleged violations of the Dodd-Frank Act and the Fair Credit Reporting Act (FCRA) by failing to maintain comprehensive information about job applicants in their reports. According to the CFPB, the “serious inaccuracies reported…potentially affected consumers’ eligibility for employment and caused reputational harm.” The CFPB alleges the following violations of the Fair Credit Reporting Act (FCRA) in the context of background reports used for employment screening purposes:
- Failure to use reasonable procedures to assure maximum possible accuracy of the information in the reports (section 607(b) violation);
- Failure to either provide notice to consumers or maintain strict procedures when reporting public record information likely to have an adverse effect on employment (section 613 violation); and
- Failure to exclude non-reportable information from reports (section 605(a) violation).
The CFPB mainly focused on two failures:
(i) Public records and commons names:
- Failure to have written procedures for researching public records information for consumers with common names or who use nicknames – leaving it up to employee’s discretion in determining whether a record matches a particular consumer is not an acceptable practice per the CFPB.
(ii) Quality control
- Failure to use consumer dispute data to identify root causes of accuracy errors, such as a jurisdiction with data integrity problems, ascertaining when certain reporting procedures are causing reporting errors, or when an employee is making too many errors.
- Failure to meet internally on a regular basis to discuss errors and prevention of errors.
- Failure to track the outcome of consumer disputes in a manner which would allow a consumer reporting agency to identify trends or reporting errors.
- Failure to contemporaneously log the outcome of consumer disputes.
- Failure to sample non-disputed reports to assure accuracy
- Failure to use proprietary software in its possession which identifies discrepancies in data (as well as suppression of data) across multiple reports and on a consumer-wide basis, not just limited to the pool of reports prepared for each client.
One key take away from the Consent Order is that because neither entity could meet the lesser standard of section 607(b) (reasonable procedures to assure maximum possible accuracy) for the failures listed above, they could therefore not meet the more stringent requirements of “strict procedures” pursuant to section 613(a)(2) of the FCRA.
FCRA- 613 Notices
On July 17th, a federal district court provided insight into the interpretation of the Fair Credit Reporting Act’s (FCRA) section 613 notice requirement for consumer reporting agency’s when reporting public record information for employment purposes.
In Rodriguez v. Equifax Information Services, LLC, the plaintiff had applied for a position with the Office of Personnel Management (OPM), was granted the security clearance, but allegedly never received notice about the reporting of public records under Section 613 of the FCRA. In finding that Equifax implemented an appropriate process for providing notice to consumers, the district court addressed the ambiguity in the FCRA’s “at the time” notice requirement.
According to the district court, there is “more than one reasonable interpretation of what that requirement means, ” adding that, “Congress did not impose a ‘same time’ requirement with respect to the receipt of the notice; and in 2000, the [FTC] interpreted the ‘at the time’ requirement to permit the mailing” of such a notice.”
One relevant fact in this case is that Equifax Information Services’ process included sending notices by mail the following business day (and in some instances two business days later), after the report had been provided to OPM. On take away from this case is that the Court did not require parity with the method by which the notice is sent. Meaning, a CRA can send the notice by automated/electronic means to the employer and by mail to the consumer.
Rodriguez v. Equifax Information Services, LLC, No. 1:14-cv-01142 (E.D. Va., July 17, 2015).
California Supreme Court / Background Checks
On November 25th, the California Supreme Court announced that it will consider whether the Investigative Consumer Reporting Agencies Act (ICRAA) is “unconstitutionally vague” when applied to employee background checks because of its overlap with California’s Consumer Credit Reporting Agencies Act (CCRAA). A class of bus drivers brought forth the original case, alleging that First Student, Inc. (First Student) did not gain prior written consent necessary under the ICRAA, but not the CCRAA, when conducting background checks.
A Los Angeles Superior Court ruled that the ICRAA was unconstitutionally vague and granted summary judgment to First Student. However, the Second Appellate District reversed this ruling, saying that, “the applicability of the CCRAA does not render the ICRAA unconstitutionally vague”: Connor v. First Student, case number S229428, in the California Supreme Court. The ICRRA has a more expansive definition of “investigative consumer report” than the FCRA and includes all third party collection of information about character obtained through “any means, ” not just personal interviews with acquaintances. This broad definition could include reference checks performed by a third party. One can argue that any type of background check, other than a pure credit check, is covered by the ICRRA.
In 2007 in the matter entitled Ortiz v. Lyon Management Group, the court found that the ICRAA is unconstitutionally vague because one couldn’t determine whether unlawful detainer information constitutes “character” information covered by the ICRAA or “creditworthiness” information governed by the CCRAA. Since then, in several lawsuits, courts have found the ICRRA unconstitutionally vague because criminal background checks concern both credit-worthiness and character; therefore, it is unclear whether the ICRRA or the less severe California Consumer Credit Reporting Agencies Act is the governing law.
Most recently, the Court of Appeal of the Second Appellate District stated that they disagreed with Ortiz and that “there is nothing in either the ICRAA or the CCRAA that precludes application of both acts to information that relates to both character and creditworthiness. A decision is expected in the first quarter of 2016 which will hopefully clarify the background screening landscape in California.
Looking Towards 2016
For the upcoming year, we anticipate major developments in Global Screening, ID Validation, Drug Screening and Temporary Worker Certification. Want to stay connected and get the latest news in background & drug screening? Be sure to follow us on Facebook, Twitter and LinkedIn.
We’re excited about what’s in store for next year, and we wish you the very best as we head into 2016!