Furniture Retailer “Rooms To Go” Adopts Revised Criminal Background Check Procedures in Cooperation with the EEOC
The EEOC and Rooms To Go have reached a voluntary conciliation agreement to resolve allegations of race discrimination raised by an unsuccessful black candidate whose offer of employment was rescinded as a result of Rooms To Go’s background check policies. The agreement reflects the company’s implementation of revised policies and practices to ensure that its pre-employment screenings comply with Title VII of the Civil Rights Act of 1964, as amended (Title VII). Rooms To Go’s revised policies and practices remove any blanket exclusions for criminal conviction from its screening policies, affording all candidates an opportunity for an individualized assessment. The agreement also reformed Rooms To Go’s employment application by removing criminal conviction questions and postponing inquiries about criminal history until later in the hiring process. These changes will ensure that candidates will be judged by their qualifications first, rather than screened based on criminal history questions on the application. Delaying any consideration of criminal history until after a conditional offer of employment gives candidates a fair chance at employment and an opportunity to explain their criminal history. In addition, Rooms To Go will provide training on its revised criminal background procedures to the appropriate personnel. All human resource staff, along with other essential employees, will be required to take mandatory implicit bias training and annual refresher training.
RealPage Will Pay $3 million to Settle FTC Charges That it Failed to Meet Accuracy Requirements for its Tenant Screening Reports
RealPage has agreed to pay $3 million to settle Federal Trade Commission charges that the company failed to take reasonable steps to ensure the accuracy of tenant screening information that it provided to landlords and property managers, a violation of federal law that caused some potential renters to be falsely associated with criminal records. The FTC’s complaint alleges that RealPage, Inc. violated the Fair Credit Reporting Act (FCRA) by failing to take reasonable steps to ensure the accuracy of tenant screening information provided to its clients. The amount RealPage has agreed to pay as part of the settlement is the largest civil penalty the FTC has obtained against a background screening company. “You shouldn’t get turned down for an apartment because someone has the wrong information about you,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “This case shows that, especially with today’s tight rental market, we will hold tenant screening companies responsible for the accuracy of their reports.” The FTC alleges that from at least January 2012 until September 2017, RealPage used broad criteria to match candidates to criminal records and only applied limited filters to the results and did not have policies or procedures in place to assess the accuracy of those results. RealPage compiled screening reports through an automated system that used the candidate’s first name, middle name when available, last name, and date of birth when searching for criminal records. Its matching criteria only required an exact match of an candidate’s last name along with a non-exact match of a first name, middle name, or date of birth, the FTC alleges. For example, if RealPage searched an candidate named Anthony Jones born on October 15, 1967, it would deem a match if it found a criminal record for Antony Jones 10/15/67, Antonio Jones 10/15/67 and Antoinette Jones 10/15/67. Because RealPage’s screening reports associated some potential renters with criminal records that did not belong to them, those renters may have been turned down for housing or other opportunities, according to the complaint. In addition to the civil penalty, the proposed settlement also requires RealPage to maintain reasonable procedures to assure the maximum possible accuracy of the information it includes about individuals in its consumer reports. In addition, RealPage is subject to compliance and reporting requirements. The Commission vote authorizing the staff to file the complaint and stipulated final order was 5-0. The FTC filed the complaint and final order in the U.S. District Court A “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. Stipulated final orders have the force of law when approved and signed by the District Court judge.
OSHA Clarifies That Safety Incentives and Post-Incident Drug Testing Are Permitted
In May 2016, OSHA published a final rule that prohibited employers from retaliating against their employees for reporting work-related injuries or illnesses. OSHA interpreted this provision (found at 29 C.F.R. § 1904.35(b)(1)(iv)) to apply to action taken under workplace safety incentive programs and post-incident drug testing policies. For the past two years there has been considerable uncertainty as to whether OSHA would deem such programs and drug testing to be retaliatory. That is no longer the case. On October 11, 2018, OSHA issued a memorandum clarifying its position that the regulation “does not prohibit workplace safety incentive programs or post-incident drug testing.” OSHA recognized that “many employers who implement safety incentive programs and/or conduct post-incident drug testing do so to promote workplace safety and health.” Consequently, an employer who consistently enforces legitimate work rules (whether or not an injury or illness is reported) would demonstrate that the employer is serious about creating a culture of safety. OSHA concludes that action taken under a safety incentive program or post-incident drug testing policy would only violate the law’s anti-retaliation provision “if the employer took the action to penalize an employee for reporting a work-related injury or illness rather than for the legitimate purpose of promoting workplace safety and health.”
California Enacts Law Expanding Servicemember Protections
On September 19th, California enacted A.B. 3212, which expands certain protections for servicemembers and imposes new criminal penalties for violations:
- Prevents debt collectors from falsely claiming to be a member of the military in attempting to collect any debt;
- Prohibits debt collectors from contacting a servicemember’s military unit or chain of command in connection with the collection of any debt without consent;
- Prohibits consumer reporting agencies from making an annotation in a servicemember’s credit record that the individual is on active duty; and
- Extends most protections to 120 days after military service ends and expands interest rate caps to other types of loans, including student loans.
Amendment to San Francisco’s Fair Chance Order
On October 1st, an amendment to the San Francisco’s Fair Chance Order (FCO) went into effect. The FCO restricts the ability of employers to inquire about job candidates’ criminal histories. The amendment:
- Covers employers with 5 or more employees;
- Changes the penalties for violations;
- Provides a private right of action for any employee or candidate;
- Prohibits employers and housing providers from inquiring about, requiring disclosure of, or basing housing and employment decisions on a person’s conviction history until after a conditional offer of employment; and
- Prohibits employers, housing providers, contractors, and subcontractors from inquiring about, requiring disclosure of, or basing housing and employment decisions on convictions for decriminalized behavior, including convictions for the non-commercial use and cultivation of cannabis.
Massachusetts Ban the Box Amendment Goes Into Effect
On October 13th, an amendment to Massachusetts’ Ban the Box law took effect. The amendment further restricts employers’ ability to consider job candidates’ criminal history during the hiring process:
- Prohibits employers from asking candidates about misdemeanors where the date of conviction or completion of incarceration occurred three years prior to the date of application, with exceptions;
- Prohibits employers from inquiring about expunged or sealed criminal records; and
- Requires employers to provide a notice to candidates when seeking information regarding prior arrests or convictions.
Reported on the October 18, 2018 in Arnall Golden Gregory Daily Privacy & Consumer Regulatory Alert
Accommodating Employees Who Use Medical Marijuana in New Jersey
While it remains to be seen whether New Jersey will become the tenth state to legalize recreational marijuana, the use of medical marijuana has greatly expanded over the last year. Approximately 500 new patients sign up for New Jersey’s medical marijuana program each week, with the total expected to reach around 50,000 patients by 2019. Because of the increased demand, New Jersey will be approving licenses for six new dispensaries, which will be selected from the 146 candidates. As the number of users increase, employers must prepare for how they plan to treat employees who use medical marijuana. While the law regarding the use of marijuana during working hours is rather clear, one question that remained outstanding was whether an employer must accommodate an ill or disabled employee’s request to use medical marijuana outside of work. Two recent court decisions provided clarity on this vexing question. In both instances, the courts determined that the employer was not obligated to accommodate an employee’s use of marijuana.
New Jersey became the 29th state to decriminalize the use of medical marijuana when it passed the Compassionate Use Medical Marijuana Act (“CUMMA”) in 2010. To qualify for medical marijuana, patients still must demonstrate that they have a debilitating medical condition. Examples of qualifying illnesses include epilepsy, cancer, muscular dystrophy, or inflammatory bowel disease. Due to the serious nature of these medical conditions, they likely fall within the Americans with Disabilities Act’s broad definition of a disability. However, as presently written, CUMMA does not require employers to accommodate an employee’s medical use of marijuana. Therefore, New Jersey employers are permitted to enforce “zero tolerance” policies.
Mandatory Drug Tests
On August 10, 2018, a federal judge dismissed a claim against an employer based on the finding that “New Jersey law does not require private employers to waive drug tests for users of medical marijuana.” In Cotto v. Ardagh Glass Packing, Inc., Daniel Cotto worked as a forklift operator at Ardagh Glass. Because of a neck and back injury in 2007, Cotto was prescribed Percocet, Gabapentin, and medicinal marijuana to help him cope with his pain. Using these medications was not an issue until Cotto was injured in a forklift accident in 2016. As a condition to return to work, Ardagh Glass required that Cotto pass a breathalyzer and drug test. Upon being notified of his treatment plan, Ardagh Glass indicated it was not concerned with Cotto’s use of the pain medication, however, he would remain indefinitely suspended until he passed a drug test for marijuana. As a result of his suspension, Cotto sued Ardagh Glass for discriminating against him under the New Jersey Law Against Discrimination. He argued that Ardagh Glass had an obligation to provide a reasonable accommodation for his disability—i.e. to accommodate his disability by waiving the requirement he pass a drug test before returning to work. The court disagreed and dismissed the lawsuit. Of particular importance, marijuana remains illegal under the federal Controlled Substance Act. The court determined that nothing in the New Jersey Law Against Discrimination or CUMMA would require that an employer accommodate an employee’s use of a federally-illegal substance (including medical marijuana) by waiving its requirement that the employee complete a drug test.
Prohibiting Medical Marijuana Outside of Work
Advancements in technology have made it possible (for better or for worse) for employees to work remotely. No longer are employees limited to working at their desk or during normal business hours. As a result, many employers feel it is important to enforce “zero tolerance policies” that prohibit using marijuana at any time, including while outside the office. The enforceability of such a policy, in light of CUMMA’s requirements, was recently decided by a New Jersey court. In the recent decision, the court determined that an employer may terminate an employee who tests positive for marijuana, despite the employee never using or being under the influence while at work. In Wild v. Carriage Services, Justin Wild was diagnosed with cancer and prescribed medical marijuana. Sometime thereafter, Wild was involved in an accident at work. Wild disclosed his marijuana usage to his employer, but claimed he was not under the influence during the accident because he only used marijuana at night. Following his disclosure, his employer required Wild take a drug test. When he failed, he was terminated for violating the employer’s drug and alcohol policy.
Wild sued under the New Jersey Law Against Discrimination. However, his claim was dismissed based on the court finding that employers may terminate employees who violate a “zero tolerance policy,” even when the violation was the result of the employee’s use of medicinal marijuana. Specifically, the court found that according to Wild’s own admission, “the termination of his employment was due to his testing positive to a drug test and for violating [the employer]’s drug use policy. As marijuana is an illegal substance, an employer may lawfully terminate an employee for failing a drug test.” Based on this decision, “zero tolerance policies” can be used to discipline employees, regardless of whether the employee used marijuana during the workday or after-hours.
The laws surrounding the medical and recreational use of marijuana are continuously evolving. There remain several bills before the New Jersey legislature that have the potential to change the entire landscape. Of particular importance, proposed legislation would make it unlawful (with certain exceptions) for employers to take any adverse employment action based on an employee’s use of medical marijuana. If passed, employers could no longer have “zero tolerance policies” and may have to provide certain accommodations. Employers should continue to pay close attention to what is occurring in Trenton, while also acting prudently in enacting policies that balance their employees’ needs with their business interests.
False Report of Prison Time Satisfies Spokeo’s Requirement of Injury in Fact
In Landry v. Thomson Reuters Corp., 2018 U.S. Dist. LEXIS 162741 (D. N.H. Sept. 24, 2018), a putative class action, a key issue was whether the Plaintiff’s amended complaint—which alleged Thomson Reuters Corporation (“TRC”) wrongly reported that Plaintiff served time in prison—adequately alleged a particularized, concrete harm sufficient to vest Plaintiff with Article III standing: it did. Plaintiff alleged that when applying for a job at Time Warner in New Hampshire, he authorized Time Warner to conduct a background check. The check revealed no criminal history, and he was hired at the Time Warner call center. After working there for five months, he was hauled into a meeting and accused of failing to disclose that he had served time in a Texas prison. He was then suspended without pay. Plaintiff cleared up the case of mistaken identity with the Texas prison system and Time Warner ultimately acknowledged the mix-up, but Time Warner terminated him anyway. (His dispute with Time Warner is the subject of a separate arbitration.) Plaintiff sued TRC, the company which allegedly performed the errant background check, alleging it violated the FCRA in four separate ways, including that TRC failed to follow reasonable procedures to assure the maximum possible accuracy of the information provided in the reports it prepared, as required by 15 U.S.C. § 1681e(b). In Spokeo, the Supreme Court found that, in the context of an FCRA claim, to have Article III standing, a plaintiff must have suffered some actual harm, or “injury in fact.” As the Landry Court reminded us, though, sometimes an alleged procedural violation is enough to satisfy this burden: [S]ome violations of the FCRA may be so trivial that they cause no quantifiable injury. The Supreme Court gave two examples of such inconsequential violations of the FCRA: the inclusion in a credit report of an inaccurate zip code; and, despite violations of FCRA procedural requirements, the dissemination of an entirely accurate credit report. Other violations of the FCRA, however, may be sufficiently severe that those statutory violations alone constitute a concrete and particularized injury. Landry, 2018 U.S. Dist. LEXIS 162741.In other words, there were two separate ways which the Plaintiff could demonstrate standing: he could show that he suffered actual “concrete harm” as a result of TRC’s alleged FCRA violations, OR he could demonstrate that the alleged procedural violations were sufficiently severe to constitute an injury in fact. The Court held that TRC’s alleged violations of the FCRA created exactly the kind of harm which Congress was attempting to prevent when it enacted the FCRA. Therefore, even if Plaintiff was unable to demonstrate a concrete harm (i.e., that he was fired as result of the allegedly incorrect credit report), the severity of the alleged statutory violations was sufficient to convey Article III standing.
What’s a “Reasonable” Reinvestigation: Defining Consumer Reporting Agency Obligations Under FCRA
Last week, the District Court for Colorado offered important insight into what it means for consumer reporting agencies to conduct a “reasonable reinvestigation” into a dispute. In Thomas v. Hyundai Capital Am., the plaintiff filed FCRA claims against a car dealership, collection agency, and Equifax. See 2018 U.S. Dist. LEXIS 173594. The dispute arose after the plaintiff leased a vehicle from a Hyundai dealership. When he returned the vehicle at the end of his lease, the plaintiff incurred more than $623.00 in fees for excess wear on the vehicle, $400.00 for a “disposition fee,” and roughly $80.00 in taxes. The Plaintiff, an attorney, sent a check for $623.42—equal to the amount owed for the wear on the vehicle—and noted on the instrument that the payment was in full settlement of the outstanding sum owed. The dealership accepted the check and hired a collections agency to collect the outstanding sum. Yet the plaintiff refused to pay the fees, asserting that the dealership’s acceptance of the $623.42 payment was an accord and satisfaction for the full amount. Subsequently, plaintiff discovered derogatory information on his credit report—Equifax reported an overdue balance for the fees owed to the collection agency. When Equifax refused to remove the information from his report, Plaintiff filed suit. Plaintiff argued, among other things, that Equifax failed to conduct a reasonable reinvestigation, which would have revealed that the information from the collection agency was inaccurate. Under 15 U.S.C. § 1681i(a)(1)(A), the FCRA requires consumer reporting agencies (or “CRAs”) to conduct a “reasonable reinvestigation” to determine whether disputed information in a consumer’s file is inaccurate. The statute, however, does not clearly define what constitutes a “reasonable reinvestigation,” so courts have sought to fill in the gaps. Critically, while the statute demands that CRAs conduct more than a cursory investigation into a dispute, it decidedly does not require CRAs to evaluate and adjudicate the legal merits of a dispute between a debtor and the collection agency. In Thomas, the district court concluded that for Equifax to have found that the information provided by the collection agency was inaccurate, as Plaintiff argued, Equifax would have to determine that Plaintiff did not in fact owe the fees claimed by Defendant HMF. This overstated the CRAs obligations under 15 U.S.C. § 1681i(a)(1)(A). Ultimately, the plaintiff’s credit reporting agency reflected a true statement: the collection agency sought payment, which Plaintiff refused to make. Consumers have other, more appropriate avenues than the Fair Credit Reporting Act for seeking redress under these circumstances. In sum, resolving contract disputes is not something that consumer reporting agencies are “equipped or required by law to do.”
FCRA Case Related to States and Sovereign Immunity
A plaintiff cannot sue a State for alleged violations of the FCRA due to sovereign immunity. In Pendergrass v. Washington Metro Area Transit Authority, 2018 WL 4938578 (D. D.C. Oct. 11, 2018) the plaintiff tried to sue the Washington Metro Area Transit Authority (WMATA), alleging FCRA related violations after he was not hired due to a prior conviction on a non-violent offense. The Court ruled that because WMATA was created pursued to a Congressionally-authorized Interstate Compact among D.C., Virginia and Maryland, it (i) retained sovereign immunity; (ii) that WMATA did not waive its sovereign immunity; and (iii) Congress has not abrogated the States’ immunity to claims under the FCRA. Bottom line—States are immune from FCRA claims.
Court Finds Permissible Purpose Under FCRA, Despite Alleged Lack of Consent
The Eastern District of Wisconsin recently confirmed that the permissible purpose for obtaining a consumer credit report under FCRA is broad. In Long v. Bergstrom Victory Lane, 2018 U.S. Dist. LEXIS 171750 (E. D. Wisc. October 4, 2018), the plaintiff brought FCRA and other claims after an auto dealer submitted her credit application and report in connection with financing for a vehicle. The plaintiff told the dealer that it could only run her credit with one company and no other entity. The auto dealer allegedly agreed. Later, however, the plaintiff learned that the auto dealer had in fact submitted her credit application and report to multiple other entities. Plaintiff claimed that the auto dealer acted with intentional disregard to the authority she gave, causing her emotional distress. Plaintiff sued the auto dealer, arguing that defendant acted with an “impermissible purpose” when it obtained her credit report. Conversely, the auto dealer argued that it acted with a permissible purpose under FCRA to procure financing for the plaintiff. The Court agreed with the auto dealer and dismissed plaintiff’s complaint. Specifically, FCRA provides that a consumer report can be provided when a person “intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to…the consumer.” 15 U.S.C. § 1681b(a)(3)(A). Accordingly, the auto dealer acted with a statutorily defined permissible purpose when it used plaintiff’s credit report to obtain financing for the plaintiff. The fact that the auto dealer allegedly submitted plaintiff’s credit application to a number of financial institutions did not negate the auto dealer’s underlying permissible purpose. The Court explained that “[u]nder the FRCA, a business does not require the consent of the potential customer, so long as it has a statutorily defined ‘permissible purpose.’” Long, 2018 U.S. Dist. LEXIS 171750. Accordingly, the Court found that the auto dealer acted with a permissible purpose, even though plaintiff claimed that she did not consent to the manner in which the auto dealer used her credit application.
The Ontario Government has Granted Exception to Background Screening Firms Under Bill 113
The Ontario government has confirmed the exemption to Section 12 of Bill 113 The Police Records Checks Reform Act, 2015, has been granted. This exemption covers third party agents, like our consumer reporting agencies NAPBS and eliminates the need for sharing of the criminal record result with the candidate and obtaining consent from the candidate before sharing the information with a designated end user.
NAFTA Update Includes Data Provisions
On October 1st, text of the United States-Mexico-Canada Agreement (USMCA) was released, which would update the North American Free Trade Agreement. The USMCA contains a number of provisions related to digital trade and personal data, including requiring all parties to:
- Adopt or maintain consumer protection laws to proscribe fraudulent and deceptive commercial activities that cause harm or potential harm to consumers engaged in online commercial activities;
- Adopt or maintain a legal framework that provides for the protection of the personal information of the users of digital trade;
- Publish information on the personal information protections it provides to users of digital trade;
- Encourage the development of mechanisms to promote compatibility between different regulatory regimes regarding personal data; and
- Allow the cross-border transfer of information, including personal information, by electronic means if this activity is for the conduct of the business of a covered person, among other provisions.
Reported in Arnall Golden Gregory Privacy Summary dated October 4th, 2018
Vietnam Plans to Enforce a New Data Law Requiring Companies to Store Data Locally
Vietnam is preparing to strictly enforce a new cybersecurity law requiring global technology companies to set up local offices and store data locally despite pleas from Facebook, Google and other firms, a government document showed. Vietnamese lawmakers approved the new law in June overriding strong objections from the business community, rights groups and Western governments including the United States, who said the measure would undermine economic development, digital innovation and further stifle political dissent. The new draft decree requires companies providing a range of services, including email, social media, video, messaging, banking and e-commerce, to set up offices in Vietnam if they collect, analyze or process personal user data. The companies would also be required to store a wide range of user data, ranging from financial records and biometric data to information on peoples’ ethnicity and political views, or strengths and interests inside Vietnam’s border.
EU Approves Regulation Prohibiting National Data Storage Requirements
The EU institutions have reached a political agreement on a new regulation prohibiting requirements for national data storage in order to encourage the free flow of non-personal data in Europe. First proposed by the European Commission in September 2017, the new regulation will complement the General Data Protection Regulation protecting personal data and make it easier for businesses to transfer data across borders. The new rules agreed by the European Commission, Parliament and Council set a framework for data storage and processing across the EU, prohibiting data localization restrictions. EU states will have to communicate to the Commission any remaining or planned data localization restrictions, which can apply only in limited specific situations of public sector data processing. Public authorities will still be able to access data for supervisory control wherever it is stored or processed in the EU, and member states may sanction users that do not provide access to data stored in another EU country. To facilitate switching between cloud providers, the EU said it will encourage the creation of codes of conduct with “clear deadlines” for changing provider. This will make the market for cloud services more flexible and data services in the EU more affordable, the European Commission said.
Hungary: Employers Unlawfully Requesting Criminal Records from Employees Face Fines
As a result of the General Data Protection Regulation (“GDPR”), it has become more difficult for companies to request criminal records from their prospective and current employees. A criminal records register may be kept and operated only by the state, and a company may handle personal criminal data only where the law expressly permits the company to do so.
The Hungarian Labor Code, for example, states that criminal records may be requested by employers operating in the following fields:
- when the employee cares for those under the age of 18;
- when the employee supervises those under the age of 18;
- when the employee educates those under the age of 18; or
- when the employee provides health care to those under the age of 18.
Previously, those who worked in accounting positions could have been required to provide criminal records, but current applicable law no longer provides for this. On the other hand, public employees, a teacher or a caretaker employed by a kindergarten can be required to provide a clean criminal record.
Companies still have certain means to run some background checks on their candidates, but those checks may not have the aim of collecting and processing personal criminal data. The instances in which the law requires the presentation of a criminal record are extremely rare. Under the GDPR, a prospective or current employee may not be required to present his/her criminal record solely on the basis of the prevailing legitimate interest of the employer. Such records may not be procured even with the express consent of the prospective employee, because the voluntary nature of such consent might be challenged. Companies that currently require criminal records from their prospective or current employees should review their practices, because the unlawful processing of criminal personal data can result in potentially significant data protection fines. Further, the employee may enforce his/her rights before a court or an equal treatment authority as a result of the infringement of their personal rights, if the processing of the personal criminal data resulted in unfair discrimination. Those companies who break the rules can expect significant fines under the GDPR.