False Claim Participation in EU-US Privacy Shield Framework
Three companies agree to settle FTC charges they falsely claimed participation in EU-US Privacy Shield Framework.
On September 19th, the U.S. District Court for the Northern District of California dismissed three of six claims in an FTC complaint against Internet-of-Things (IoT) manufacturer D-Link for alleged deceptive marketing practices. According to the FTC, in January D-Link violated the FTC Act by allegedly falsely marketing their IoT products as secure, but failed to implement proper safeguards. As a result, consumers’ personal information was put at risk. The Court determined that the FTC failed to identify “a single incident where a consumer’s financial, medical or other sensitive personal information has been accessed, exposed or misused in any way.” Furthermore, two of the FTC’s claims did not meet federal civil procedure rules. The FTC has until October 20th to amend its complaint.
9th Circuit to Reconsider Employer Use of Salary History During Hiring
On Aug. 29, 2017, the U.S. Circuit Court of Appeals for the 9th Circuit announced it will reconsider en banc whether employer use of salary history to determine an applicant’s compensation as a new hire violates the federal Equal Pay Act (EPA). This announcement could signal a reversal of a recent appellate decision that employer consideration of salary history may comply with the EPA. The case, Rizo v. Yorvino, involves a female employee, Aileen Rizo, whom the Fresno County, California school district hired in 2009 to train other math teachers. The 9th Circuit opinion sets out the following: When Fresno County hired Rizo, it used a salary schedule it called “Standard Operation Procedure 1440.” This schedule consisted of 10 salary levels for math consultants like Rizo. To determine the salary level in which a newly hired math consultant would be placed, Fresno County took the applicant’s most recent salary, added 5 percent to it, and then placed the new hire at the corresponding level within the Fresno County pay schedule. Prior to being hired by Fresno County, Rizo was a math teacher at a middle school in Phoenix, Arizona, earning $50,630 per year (plus a stipend for her master’s degree). Rizo’s salary from the Phoenix school system, even with Fresno County’s 5 percent bump, placed her below level one on Fresno County’s pay schedule. The county therefore placed her on level one, with a starting salary of $62,133 per year, plus a stipend. Rizo later learned that a male employee hired at approximately the same time was placed on level nine of the Fresno County scale, and that every other math consultant in the county earned more than she did. Accordingly, she sued the county under the EPA and other gender discrimination statutes. Fresno County later moved for summary judgment on Rizo’s EPA claim. The county conceded that it paid Rizo less than comparable male employees for the same work. It nonetheless argued that it could not be held liable under the EPA because the basis for the pay disparity — the county’s Standard Operation Procedure 1440 — was a “factor other than sex,” thus exempting the county from EPA liability. The district court disagreed, holding:
A pay structure based exclusively on prior wages is so inherently fraught with the risk — indeed, here, the virtual certainty — that it will perpetuate a discriminatory wage disparity between men and women that it cannot stand…
However, a three-judge panel of the 9th Circuit reversed the district court in April 2017. This panel held that the district court impermissibly disregarded a 1982 9th Circuit case, Kouba v. Allstate Insurance Co., which held that salary history is a non-discriminatory factor other than sex. Thus, under Kouba, employers can base compensation on this factor alone, provided the employer can show that use of salary history “effectuates some business policy” and the employer uses this factor “reasonably.”
Rizo petitioned the 9th Circuit to reconsider this April 2017 decision. In her petition, Rizo argued that if salary history qualifies as a “factor other than sex,” “the exception would swallow up the rule and inequality in pay among genders would be perpetuated.” The majority of 9th Circuit judges seem to agree, as the court ordered that an 11-judge en banc panel will rehear this case. This en banc order suggests that the 9th Circuit will reverse the Kouba and Rizo decisions. Such a decision would reverse 35 years of 9th Circuit precedent and bring the court in line with the 10th and 11th Circuits. If, instead, the en banc panel does not reverse, this will crystalize a circuit split, which could result in the U.S. Supreme Court considering the issue for the first time. Oral argument before the en banc panel is set for Dec. 11, 2017.
National Legislative Trend
The 9th Circuit’s decision to reconsider the salary history issue reflects a national trend among state and local legislatures. Several states and territories in recent years — including Delaware, Massachusetts, Oregon and Puerto Rico — have prohibited employers from asking applicants about salary history. Further, the California legislature is currently considering similar legislation. These state legislatures share the same concern as the district court in Rizo, that reliance on past compensation calcifies gender pay disparities. Several large cities have enacted similar legislation, including New York, San Francisco, Boston, Philadelphia, Pittsburgh and New Orleans.
Significance for Employers
- The 9th Circuit encompasses one-third of the geography of the United States and includes one out of every five of the nation’s employees. Employers should therefore stay tuned to developments in the Rizo case, as the court could require employers to change their hiring practices for a substantial proportion of their jobs.
- Employers in states and localities that have already outlawed consideration of salary history may need to change their hiring practices and procedures now. These employers also may need to conduct training to ensure that their hiring managers and human resources personnel do not violate applicable salary-history laws by asking prohibited questions on applications or during interviews.
- Case law developments aside, the current legislative trend to prohibit the use of salary history in setting new-hire compensation appears to be gaining steam. Thus, employers outside the jurisdictions currently covered by such limits should watch for further legislative prohibitions.
Is Your Company Open to a Discrimination Lawsuit for Enforcing Its Drug-Free Workplace Policy?
Pre-employment drug tests have become the norm in the modern day hiring process. But what if a prospective hire tells you he uses medical marijuana? What if it is one of your long-term employees? With conflicting state and federal laws, deciding how to address an employee’s reported use of medical marijuana may be a tricky landscape. Marijuana use is still illegal at the federal level. However, a total of 29 states, District of Columbia, Puerto Rico and Guam have enacted comprehensive medical marijuana programs, and 17 other states allow for the use of low THC products in limited circumstances. While the majority of states merely decriminalized the use of medical marijuana, some states, including Illinois, offer additional protections against discrimination based on the use of medical marijuana. As the cases are making their way through the court system, the legal landscape continues to change. Unfortunately, there is no uniformity among the courts in addressing this issue. Several states, including California (Shepherd v. Kohl’s Dep’t Stores), Colorado (Brandon Coats v. Dish Network LLC), Montana (Johnson v. Columbia Falls Aluminum Co.), New Mexico (Garcia v. Tractor Supply Co.), Oregon (Emerald Steel Fabricators, Inc., v. Bureau of Labor & Indus.), and Washington (Roe v. TeleTech Customer Care Mgmt.), declined to extend protections for claims of wrongful termination and discrimination. The courts concluded that the law did not allow additional protections in an employment context. Particular emphasis was placed on the at-will nature of the employment relationship. It is important to note here that the termination in these cases was based on a failed drug test and not on an underlying medical condition. A different outcome was reached in states with specific anti-discrimination provisions for medical marijuana. These states, which include Connecticut (Noffsinger v. SSC Niantic Operating Co. LLC), Massachusetts (Barbuto v. Advantage Sales and Marketing, LLC), Michigan (EEOC v. Pines of Clarkston, Inc.), and Rhode Island (Callaghan v. Darlington Fabrics Corp.), now allow private cause of action for discrimination and failure to identify a reasonable accommodation for the use of medical marijuana. The courts in these states equated medical marijuana to the use of medication, which requires a reasonable accommodation from the employer. Illinois courts have yet to address the issue. However, the Illinois Compassionate Use of Medical Cannabis Pilot Program Act explicitly allows employers to enforce a zero-tolerance policy, provided such policy is applied in a nondiscriminatory manner. The Act further allows employers to take action based on a good faith belief that the employee used marijuana on the premises or during work hours or the employee was impaired during work hours. Until Illinois courts interpret this new law, however, employers should be aware of the potential for discrimination lawsuits. As the law continues to evolve, employers should be mindful of potential legal ramifications for enforcing zero-tolerance and drug-free workplace policy. With varying outcomes among the states, termination for the use of medical marijuana needs to be a case specific inquiry. When deciding on the best course of action, employers should never make a decision based on the protected medical condition, but rather should consider company policies, employee’s job duties, and possible reasonable accommodations. However, employers are generally not required to provide accommodation where it would cause undue hardship, especially if continued use of medical marijuana would impair employee’s performance on the job or pose safety risks.
California Statewide Ban-the-Box Law Approved by Legislature
In February 2017, five California assembly members introduced Assembly Bill 1008, which proposes to add a section to the California Fair Employment and Housing Act (FEHA) containing new state-wide restrictions on an employer’s ability to make pre-hire and personnel decisions based on an individual’s criminal history, including a significant and far reaching “ban-the-box” component. The bill has passed both houses and will now be forwarded to Governor Jerry Brown (D). While the governor has until October 15, 2017 to sign, veto, or otherwise not act upon all bills that passed both houses as of September 15, he is expected to sign AB 1008.
The proposed bill continues the recent flurry of criminal background legislation activity in California, including new statewide regulations on the consideration of criminal records in employment decisions and the City of Los Angeles’s recent ban-the-box law, which also mandates an individualized assessment of an applicant’s criminal history prior to any employment decision based on a criminal record.
AB 1008 has now passed both houses and is ready to be presented to Governor Brown, who is expected to sign the bill. Existing law prohibits state and local agencies from asking an applicant to disclose conviction information until the applicant is determined qualified for the position. AB 1008 would extend this prohibition to all employers in California with five or more employees. The bill would make it unlawful for California employers with at least five employees to:
- Include on any application for employment any question that seeks the disclosure of an applicant’s conviction history;
- Inquire into or consider the conviction history of an applicant before the applicant receives a conditional offer of employment; and
- Consider, distribute, or disseminate information about any of the following while conducting a criminal history background check in connection with any application for employment: (1) an arrest that did not result in a conviction, subject to the exceptions in Labor Code § 432.7(a)(1) and (f); (2) referral to or participation in a pretrial or post trial diversion program; and (3) convictions that have been sealed, dismissed, expunged or statutorily eradicated pursuant to law.
Under AB 1008, consideration of an applicant’s criminal history would be permissible only after the employer has made a conditional offer of employment. Once that offer has been made and the criminal history obtained, AB 1008 further provides that the employer cannot deny an applicant a position solely or in part because of conviction history until the employer performs an individualized assessment. This assessment must justify denying the applicant the position by linking relevant conviction history with specific job duties of the position sought. In particular, the assessment would have to consider:
- The nature and gravity of the offense and conduct;
- The time that has passed since the offense or conduct and completion of the sentence; and
- The nature of the job held or sought.
AB 1008 provides that the employer “may, but is not required to, commit the results of this individualized assessment to writing.”
Once the employer makes a preliminary decision that the applicant’s conviction history is disqualifying, the employer must notify the applicant of this preliminary decision in writing. However, the employer is not required to justify or explain to the applicant its reasoning for making the preliminary decision. But, the employer must:
- Provide the written notice of the disqualifying conviction or convictions that are the basis for the preliminary decision to rescind the offer;
- Include a copy of the conviction history report, if any;
- Provide an explanation that the applicant has the right to respond to the notice within at least five (5) business days, and that the response may include submission of evidence challenging the accuracy of the conviction record, or evidence of rehabilitation or mitigating circumstances or both.
The employer cannot make any final determination based on conviction history during this five (5) business day period. If the applicant timely notifies the employer in writing that he or she is disputing the conviction history and is taking steps to obtain evidence to support this, the employer must provide five (5) additional business days to respond to the notice. The employer must also consider any additional evidence or documents the applicant provides in response to the notice before making a final decision. And if the employer ultimately decides to deny an applicant based on the conviction history, the employer must notify the applicant of this in writing, and include notification of any existing procedure the employer has to challenge the decision, as well as notification of the applicant’s right to file a complaint with the Department of Fair Employment and Housing. If signed by Governor Brown, the Bill is likely to take effect on January 1, 2018.
New York Cybersecurity Regulation
On August 28th, the New York Department of Financial Services (DFS) announced that the first phase of its new financial cybersecurity regulations went into effect. According to the DFS, all regulated entities must begin reporting cybersecurity events to the Department through its online cybersecurity portal and must implement a cybersecurity program to protect consumers’ PII; create a written policy approved by the board or senior officer; hire a Chief Information Security Officer to protect data and systems; and implement controls to ensure the safety and security of New York’s financial services industry.
What can employers do with regard to background checks and inquiries in Connecticut
Criminal records and arrests: With limited exceptions, employers are prohibited from inquiring about a prospective employee’s prior arrests, criminal charges or convictions on an initial employment application (Conn. Gen. Stat. Section 31-51i(b)). Employers may inquire about such information after the initial employment application. Employers cannot require an employee or prospective employee to disclose the existence of any arrest, criminal charge or conviction the records of which have been erased, pursuant to Conn. Gen. Stat. Sections 46b-146, 54-76o and 54-142a. This includes:
- youthful offender adjudications;
- criminal charges that have been dismissed; and
- convictions that have been pardoned.
Medical history: Connecticut has no applicable statute regarding medical history. However, employers should be aware of and comply with the federal Americans with Disabilities Act and the Connecticut Fair Employment Practices Act, both of which prohibit discrimination on the basis of disability.
Drug screening: Connecticut regulates urinalysis drug testing of prospective and existing employees. Employers may not require a prospective employee to submit to a urinalysis drug test as part of the application process unless:
- the applicant is informed of the drug screening in writing at the time of application;
- the test is conducted in accordance with Conn. Gen. Stat. Sections 31-51u(a)(1) and (2); and
- the applicant is given a copy of any positive drug test result.
The statute requires that the results of any such drug test be kept confidential. Individuals who were previously employed by the employer and who are applying for re-employment within 12 months of their termination are considered current employees for purposes of drug testing (Conn. Gen. Stat. Sections 31-51t and following). An employer cannot refuse to hire an applicant or discharge or penalize an employee solely on the basis of such person’s status as a qualifying medical marijuana patient (Conn. Gen. Stat. Section 21a-408p(b)(3)).
Credit checks: With limited exceptions, an employer may not require prospective or existing employees to consent to a request for a credit report that contains information about:
- his or her credit score;
- credit account balances;
- payment history;
- savings or checking account balances; or
- savings or checking account numbers as a condition of employment (Conn. Gen. Stat. Section 31-51tt).
Immigration status: Connecticut has no applicable statute regarding immigration status.
Social media: Employers are prohibited from requesting or requiring an applicant to provide his or her user name and password or any other authentication details for a personal online account (Conn. Gen. Stat. Section 31-40x(b)(1)). Personal online accounts include social media accounts (Conn. Gen. Stat. Section 31-40x(a)(5)).
Other: With limited exceptions, during the hiring process employers are prohibited from:
- requesting information about an individual’s child bearing age or plans, familial responsibilities or related information (Conn. Gen. Stat. Section 46a-60(a)(9));
- requesting information about an individual’s genetics (Section 46a-60(a)(11)(A)); and
- requiring an individual to take a polygraph test (Section 31-51g(b)(1)).
What can employers do with regard to background checks and inquiries in Wyoming
Criminal records and arrests: Wyoming law does not restrict an employer’s use of criminal history records for both arrests and convictions.
Medical history: Under Wyoming’s Fair Employment Practices Act, which prohibits discrimination on the basis of disability (among other things), employers cannot take adverse action against an applicant or employee because of genetic information. ‘Genetic information’ is defined as information about an individual’s genetic tests, the genetic tests of his or her family members, or occurrences of disease or disorder among his or her family members (Wyo. Rules, Dept. of Workforce Servs., Labor Standards, Ch. 5, Sec.2(f)).
Drug screening: Wyoming has no state law regulating drug and alcohol testing. However, courts have addressed the reasonableness of employer testing (e.g., Employment Sec. Comm’n v. Western Gas Processors, Ltd., 786 P.2d 866 (Wyo. 1990)).
Employers can receive a discount on workers’ compensation premiums by participating in a drug and alcohol testing program approved by the Wyoming Workers’ Safety and Compensation Division (Wyo. Stat. §27-14-201(o); Wyo. Rules, Dept. of Workforce Servs., Workers’ Compensation Div., Ch. 2, Sec.8).
Credit checks: Wyoming has no law restricting how employers can use credit reports.
Immigration status: There is no Wyoming law regarding immigration or employment eligibility verification.
Social media: No Wyoming law addresses social media in the context of employment.
Other: Under Wyoming’s Fair Employment Practices Act, employers cannot require that employees or prospective employees refrain from using tobacco products off duty, or otherwise discriminate against an employee for use or non-use of tobacco products outside of his or her employment. An exception may apply if there is a bona fide occupational qualification that an individual not use tobacco products outside the workplace (Wyo. Stat. §27-9-105).
What can employers do with regard to background checks and inquiries in Bulgaria?
Criminal records: According to Article 10 of Law 677/2001 on the protection of individuals regarding personal data processing (which transposes Directive 95/46/EC), the processing of personal data regarding criminal convictions may be made only by or under the supervision of the relevant public authorities within the powers granted to them by law. By law, criminal conviction registers may be held only by the relevant authority within the Ministry of Interior and can be accessed only by the concerned person or, under certain conditions, by other public authorities. Accordingly, employers may not access the criminal conviction registers. However, they should be entitled to request that the relevant employee or candidate provide an excerpt of his or her criminal record if the employer has a legitimate interest in checking that there is no criminal penalty forbidding an employee from holding the relevant position. Processing such information should be made in full compliance with data privacy requirements. For instance, except where expressly required by law (e.g., there is a legal obligation for certain categories of employee to present a criminal record before engaging in an employment relationship), the processing should be notified to the data privacy authority, which must carry out an inspection.
Under Law 677/2001, employers cannot carry out any other type of processing pertaining to criminal convictions unless the relevant data:
- is manifestly made public by the concerned person; or
- is closely connected to the official status of the concerned person or the public nature of the acts.
Medical history: A medical document attesting the employee’s capacity to perform work must be presented before engaging in an employment relationship. However, such document does not contain a detailed medical history and grants the employer no right to further investigate the potential employee’s medical condition. No other legal provisions allow such further investigations. Nonetheless, with the employee’s consent the employer may be given access to his or her medical history. All medical data should be processed in accordance with data privacy legislation. For instance, unless the processing is required by law (e.g., as in the case of the medical document presented on commencement of employment or as required to observe health and safety obligations), the data must be notified to the data privacy authority for inspection.
Drug screening: Romanian labor law makes no reference to drug screening. However, this may be deemed to be medical data and processed accordingly (see above).
Credit checks: Romanian labor law makes no reference to credit checks. However, since credit information amounts to personal data and since it could be claimed that the employer has a legitimate interest in performing such check, the processing of credit-related data could most likely be done only with the employee’s consent. In addition, the processing of credit-related information should observe all other relevant requirements under data privacy legislation.
Immigration status: Romanian labor law makes no reference to credit checks. However, since credit information amounts to personal data and since it could be claimed that the employer has a legitimate interest in performing such check, the processing of credit-related data could most likely be done only with the employee’s consent. In addition, the processing of credit-related information should observe all other relevant requirements under data privacy legislation.
Social media: Romanian labor law makes no reference to social media screening. However, where social media information can be deemed as lawfully obtained from publicly available sources, an employer could, in principle, process this without the employee’s consent provided that private data protection legislation is observed. For certain categories of data, additional conditions (e.g., that the data subject made public the information himself or herself) may have to be fulfilled.
Other: Romanian labor law makes no reference to other types of screening. However, where the screening information can be deemed as lawfully obtained from publicly available sources, an employer could, in principle, process this without the employee’s consent provided that private data protection legislation is observed. For certain categories of data, additional conditions (e.g., that the data subject made public the information himself or herself) may have to be fulfilled.
What can employers do with regard to background checks and inquiries in the Netherlands?
Criminal records: Employers can ask the potential employee for a certificate of conduct. This is a document in which the state secretary for security and justice declares that the applicant has committed no criminal offences that are relevant to the performance of his or her duties. However, this is allowed only for certain functions and positions. Reference is made to the Dutch Association for Personnel Management and Organizational Development (NVP) Recruitment Code, which contains the basic rules that (in the NVP’s opinion) should be observed by recruiting companies and job applicants during recruitment and selection process. These rules also relate to the wording of recruitment campaigns and psychological and medical assessments, among other things.
Medical history: The rules on this are governed by the Medical Examinations Act. The employer can ask the potential employee for a medical record. However, this is allowed only under certain conditions. The nature, content and scope of the examination must be limited to the purpose for which it is performed.
Drug screening: It is possible only for very specific positions (e.g., a position with the police).
Credit checks: It is possible only for very specific positions (e.g., a high-level financial position).
Immigration status: If the potential employee is an immigrant, he or she must submit his or her relevant immigration information (e.g., a residence and work permit).
Social media: It is not regulated as such, although it is advisable to use social media in moderation in terms of background checks, given the limited value of social media postings.
China’s Cybersecurity Law
China’s Cybersecurity Law Gives the Ministry of State Security Unprecedented New Powers Over Foreign Technology
Employee Privacy Ruling
On September 5th, the European Court of Human Rights ruled against a company holding that an employer failed to protect an employee’s privacy because it failed to notify him that it was monitoring his communications. In past judgements, the Court has sided with companies saying that the employer is within its right to monitor work accounts to ensure that company systems are protected from inappropriate use or vulnerabilities. However, the Court determined that the employer must be subject to limitations, as an employee’s privacy may not be entirely eliminated, and that the employer failed to demonstrate that it had sufficient reason to monitor the employee’s communications.
Equifax Breach Compromises 143M Consumers’ Personal Data
Credit reporting giant Equifax Inc. on Thursday revealed that it had recently been hit by hackers who exploited a website application vulnerability to gain access to names, Social Security numbers, addresses and other personal data belonging to roughly 143 million consumers in the U.S.
CFPB Blogpost Following Equifax Data Breach
The CFPB published a blogpost entitled, “Identity theft protection following the Equifax data breach”.
Credit Bureaus Announce Changes
On September 15th, Experian, Equifax, and TransUnion will implement a 180-day waiting period before an unpaid medical debt can be included on consumers’ credit report as a result of a 2015 multistate settlement. The waiting period will allow individuals to resolve unpaid medical bills through insurance or other payment mediums.
Please Note: Some of the information contained herein is a monthly summary of the daily information provided by Arnall Golden Gregory LLP, an Atlanta firm servicing the business transactions and litigation needs of background check companies. The information described is general in nature, and may not apply to your specific situation. Legal advice should be sought before taking action based on the information contained herein. For more information about Arnall Golden Gregory LLP, please visit www.agg.com or contact Bob Belair at 202.496.3445 or firstname.lastname@example.org.