Reflecting on 2015: Company & Screening Industry Developments

By ClearStar | Dec 29, 2015 | Associations, Candidate Care, Compliance and Regulations, Data Security, Drug Screening, Employment Screening, Global Screening, Industry Insights, Integrations, Screening Operations, Screening Technology, Trends in Employment

As we look back on 2015, we are astonished at the remarkable developments both for our company and the screening industry here and around the globe.

Company Milestones & Achievements

ClearStar’s company leadership and world-class development team have generated an amazing 11 releases this year, furthering our best-in-class technology on behalf of our clients. Highlights include:

Composer – A new and better way to manage data, save time on the order review process, meet compliance requirements and produce clean, well-formatted reports.

Dashboard – A simple and seamless navigation providing an at-a-glance view of what’s happening with candidates, consistently updated with the most current and relevant information.

WebCCF Mobile App – An innovative solution for handheld devices that streamlines the drug test ordering process and helps eliminate the errors and hassles associated with traditional paper forms.

ClearStar Academy – A web-based hub of resources, learning materials and presentations to keep clients abreast of industry trends and our latest offerings.

Additionally, we deepened our relationship with important industry organizations such as NABPS. Kerstin Bagus, ClearStar Director of Global Initiatives, joined the board as an Associate Director, as Craig Caddell, ClearStar VP of CRA Solutions, stepped down after successfully serving as Associate Director for the prior two years.

We were also very proud to recently see our CIO/CISO Ken Dawson featured in CIO Review Magazine.

The article highlights our strong partnership with Oracle and honors us as one of the magazine’s 100 Most Promising Oracle Solution Providers.

Important Industry Developments

European Data Privacy

The European Commission is working to finalize the draft of the new General Data Protection Regulation (GDPR), which will replace the EU Directive and go into effect in early 2018. The GDPR aims to enhance the current Directive. A breach notification requirement and substantial penalties for non-compliance are expected. Data processors will have greater exposure in the GDPR. And entities not located or established in the EU or using servers in the EU may be subject to the GDPR if they involve the processing of EU resident data. The Regulation also obligates data controllers to adopt Privacy by Design principles.

Safe Harbor (EU-U.S. Data Transfer)

Information should be coming out at the end of January on the status of a new data transfer mechanism from the EU to the U.S. Some agreements are in place in principle but several obstacles remain. An alternative to Safe Harbor is not a given and European regulators are expected to begin to take actions against companies after January, if appropriate data transfer mechanisms are not in place for transfers to the United States. We are seeing countries outside of the EU, such as Israel’s ILITA (Israeli Law, Information and Technology Authority) indicate Safe Harbor may no longer be used as a basis for data transfer to the U.S.

Supreme Court Decision in the Spokeo Matter is expected in 2016

On August 31st, 2015, Plaintiff Thomas Robins filed a brief with the U.S. Supreme Court arguing that he has standing to sue Spokeo, Inc. in a putative class action for alleged violations of the Fair Credit Reporting Act (FCRA) by publishing incomprehensive information about him. According to Spokeo, the plaintiff lacks standing because he has not suffered a “real-world” or actual injury based on Spokeo publishing incomprehensive information on the plaintiff. The plaintiff, however, relied on “centuries of common-law precedent” to argue he has standing. According to the plaintiff, “this court’s standing decisions, and separation-of-powers principles all disprove Spokeo’s claim that a ‘bare’ statutory violation without additional ‘real-world’ harm is not a cognizable injury, ” adding that “[n]o decision of this court holds that Article III bars Congress from creating personal legal rights and fashioning monetary relief to redress them in federal court.”

Regardless, the plaintiff argues he suffered the exact type of “real-world” harm that the statute is designed to protect, stating that “[a]s soon as Spokeo willfully invaded [the plaintiff’s] legal rights under the FCRA by creating a false report about him without using procedures mandated by the statute, he was entitled to statutory damages, ” explaining that “[h]is claim for those damages created a classic legal dispute over whether one party (here, Spokeo) owes another ([the plaintiff]) a fixed sum of money. Spokeo’s failure to compensate [the plaintiff] is a monetary—or wallet—injury.” Spokeo Inc. v. Thomas Robins et al., No. 13-1339 (S. Ct., Aug. 31, 2015).

Several parties filed amicus brief with the U.S. Supreme Court in the matter. Fifteen law professors filed an amicus brief in support of Plaintiff’s position, urging the Court to not dismiss the plaintiff’s lawsuit against Spokeo, Inc. for violations of the FCRA after allegedly publishing incomprehensive information about him. According to the professors, the Ninth Circuit properly rejected Spokeo’s argument that its “people search engine” did not cause actual harm to the plaintiff to establish standing. Additionally, the professors express concern over how consumer reporting agencies would react if the Ninth Circuit decision were reversed. According to the amicus brief, “[t]he FCRA’s consumer transparency requirements and remedial provisions were designed to encourage steady improvement in consumer reporting practices and to relieve pressure on public enforcement authorities, ” adding that, “[Spokeo’s] claim that [the plaintiff] cannot pursue it for its violations of the FCRA would unravel that bargain, preserving consumer reporting agencies’ broad immunity from suit while diminishing incentives to handle data fairly.”

Spokeo, Inc. v. Thomas Robins et al., No. 13-1339 (S. Ct., Sep. 8, 2015).

Additionally, The Center for Democracy and Technology filed an amicus brief arguing that the “private right of action is a vital part of [the] FCRA” and the CFPB filed an amicus brief where it expressed support for the plaintiff’s standing to sue, arguing that a plaintiff can show the “injury in fact” requirement for Article III standing “by demonstrating an invasion of his own legally protected interests” as long as the plaintiff can show the invasion was “actual and concrete.”

Numerous state attorneys also general filed an amicus brief arguing that consumers should have the ability to sue a company under the FCRA for “disseminating incomprehensive personal information that is used to make decisions about credit, housing, insurance or employment.”

Since then, many FCRA lawsuits have been placed on stay until a decision is rendered in the Spokeo matter. The decision is relevant to the background screening industry with the increasing number of lawsuits filed by Plaintiffs attorneys in recent years.

The Supreme Court heard oral arguments in the case on November 2, 2015. A link to the transcript can be found here.

From what transpired out of oral argument appears to favor the Defendant Spokeo: a majority of the court appears ready to dismiss FCRA lawsuits premised on a statutory violation and nothing else. What is less clear is the specific grounds on which the case would be reversed and whether or not the ultimate decision would be limited to the FCRA. A decision is expected in the first quarter of 2016.

CFPB Enforcement Action Against GIS and e-backgroundchecks.com

On October 29th, the Consumer Financial Protection Bureau (CFPB) announced a settlement with “two of the largest background screening report providers, ” requiring them to pay $13 million for alleged violations of the Dodd-Frank Act and the Fair Credit Reporting Act (FCRA) by failing to maintain comprehensive information about job candidates in their reports. According to the CFPB, the “serious inaccuracies reported…potentially affected consumers’ eligibility for employment and caused reputational harm.” The CFPB alleges the following violations of the Fair Credit Reporting Act (FCRA) in the context of background reports used for employment screening purposes:

Failure to use reasonable procedures to assure maximum possible accuracy of the information in the reports (section 607(b) violation);
Failure to either provide notice to consumers or maintain strict procedures when reporting public record information likely to have an adverse effect on employment (section 613 violation); and
Failure to exclude non-reportable information from reports (section 605(a) violation).

The CFPB mainly focused on two failures:

(i) Public records and commons names:

Failure to have written procedures for researching public records information for consumers with common names or who use nicknames—leaving it up to employee’s discretion in determining whether a record matches a particular consumer is not an acceptable practice per the CFPB.

(ii) Quality control

Failure to use consumer dispute data to identify root causes of accuracy errors, such as a jurisdiction with data integrity problems, ascertaining when certain reporting procedures are causing reporting errors, or when an employee is making too many errors.
Failure to meet internally on a regular basis to discuss errors and prevention of errors.
Failure to track the outcome of consumer disputes in a manner which would allow a consumer reporting agency to identify trends or reporting errors.
Failure to contemporaneously log the outcome of consumer disputes.
Failure to sample non-disputed reports to assure accuracy
Failure to use proprietary software in its possession which identifies discrepancies in data (as well as suppression of data) across multiple reports and on a consumer-wide basis, not just limited to the pool of reports prepared for each client.

One key take away from the Consent Order is that because neither entity could meet the lesser standard of section 607(b) (reasonable procedures to assure maximum possible accuracy) for the failures listed above, they could therefore not meet the more stringent requirements of “strict procedures” pursuant to section 613(a)(2) of the FCRA.

FCRA- 613 Notices

On July 17th, a federal district court provided insight into the interpretation of the Fair Credit Reporting Act’s (FCRA) section 613 notice requirement for consumer reporting agency’s when reporting public record information for employment purposes.

In Rodriguez v. Equifax Information Services, LLC, the plaintiff had applied for a position with the Office of Personnel Management (OPM), was granted the security clearance, but allegedly never received notice about the reporting of public records under Section 613 of the FCRA. In finding that Equifax implemented an appropriate process for providing notice to consumers, the district court addressed the ambiguity in the FCRA’s “at the time” notice requirement.

According to the district court, there is “more than one reasonable interpretation of what that requirement means, ” adding that, “Congress did not impose a ‘same time’ requirement with respect to the receipt of the notice; and in 2000, the [FTC] interpreted the ‘at the time’ requirement to permit the mailing” of such a notice.”

One relevant fact in this case is that Equifax Information Services’ process included sending notices by mail the following business day (and in some instances two business days later), after the report had been provided to OPM. On take away from this case is that the Court did not require parity with the method by which the notice is sent. Meaning, a CRA can send the notice by automated/electronic means to the employer and by mail to the consumer.

Rodriguez v. Equifax Information Services, LLC, No. 1:14-cv-01142 (E.D. Va., July 17, 2015).

California Supreme Court / Background Checks

On November 25th, the California Supreme Court announced that it will consider whether the Investigative Consumer Reporting Agencies Act (ICRAA) is “unconstitutionally vague” when applied to employee background checks because of its overlap with California’s Consumer Credit Reporting Agencies Act (CCRAA). A class of bus drivers brought forth the original case, alleging that First Student, Inc. (First Student) did not gain prior written consent necessary under the ICRAA, but not the CCRAA, when conducting background checks.

A Los Angeles Superior Court ruled that the ICRAA was unconstitutionally vague and granted summary judgment to First Student. However, the Second Appellate District reversed this ruling, saying that, “the applicability of the CCRAA does not render the ICRAA unconstitutionally vague”: Connor v. First Student, case number S229428, in the California Supreme Court. The ICRRA has a more expansive definition of “investigative consumer report” than the FCRA and includes all third party collection of information about character obtained through “any means, ” not just personal interviews with acquaintances. This broad definition could include reference checks performed by a third party. One can argue that any type of background check, other than a pure credit check, is covered by the ICRRA.

In 2007 in the matter entitled Ortiz v. Lyon Management Group, the court found that the ICRAA is unconstitutionally vague because one couldn’t determine whether unlawful detainer information constitutes “character” information covered by the ICRAA or “creditworthiness” information governed by the CCRAA. Since then, in several lawsuits, courts have found the ICRRA unconstitutionally vague because criminal background checks concern both credit-worthiness and character; therefore, it is unclear whether the ICRRA or the less severe California Consumer Credit Reporting Agencies Act is the governing law.

Most recently, the Court of Appeal of the Second Appellate District stated that they disagreed with Ortiz and that “there is nothing in either the ICRAA or the CCRAA that precludes application of both acts to information that relates to both character and creditworthiness. A decision is expected in the first quarter of 2016 which will hopefully clarify the background screening landscape in California.

Looking Towards 2016

For the upcoming year, we anticipate major developments in Global Screening, ID Validation, Drug Screening and Temporary Worker Certification. Want to stay connected and get the latest news in background & drug screening? Be sure to follow us on Facebook, Twitter and LinkedIn.

We’re excited about what’s in store for next year, and we wish you the very best as we head into 2016!

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_25209956_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
utm_campaign	past	This cookie is used for tracking elements of the Google AdWord campaign used to generate traffic to the site.
utm_content	past	This cookie is used for storing the session content value if present.
utm_source	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
utm_term	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
utm_medium	past	This cookie is used to record from where the visitor came to the website orginally. This information is used by the website operator to know the efficiency of their marketing.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
email	past	No description available.
gclid	past	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	past	No description available.
handl_ref	past	No description available.
handl_url	1 month	No description available.
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
username	past	No description available.
X-Mapping-liijibeb	session	No description