FTC Settles Enforcement Actions Relating to Privacy Shield Certifications
Still no news on a new version of the Form I-9. Last month U.S. Citizenship & Immigration Service (USCIS) informed employers to continue using the Form I-9 currently available on I-9 Central notwithstanding the August 31, 2019 expiration date listed on the form. This version of the Form I-9 has been in use since July 2017. According to USCIS, a new version of the Form I-9 will be published and any updates will be posted on I-9 Central as they become available. No major changes are expected to the form itself, although it is likely the instructions to the Form I-9 may contain changes. Click here to follow the most recent updates from USCIS. Reported in Arnall Golden Gregory September 13, 2019 Compliance News Flash.
The Rise in Bans on Salary History Inquiries Requires Employer Diligence
A seemingly innocuous interview question is now illegal to ask job candidates in numerous jurisdictions, and the number of jurisdictions implementing similar bans is increasing rapidly. More state and local governments are passing legislation and regulations that prohibit employers from asking for salary history information from job candidates and prospective employees. The recent and dramatic rise in these laws in jurisdictions across the nation requires employer diligence. Employers should be cognizant of the increased regulation of this space and should carefully review the relevant laws in all jurisdictions in which they do business. A more fulsome analysis of this issue and the various laws and implications follows.
What’s Behind the Bans?
Underlying the salary history bans is an attempt by a number of state governments and local legislatures to remedy pay inequity. In enacting these laws, advocates and lawmakers have expressed that asking about salary history could contribute to pay gaps by cementing past pay discrimination and trapping women in a cycle of earning lower salaries than male colleagues doing the same jobs. Salary history bans are intended to level the pay gap playing field by removing employer consideration of potentially discriminatory pay history when employers decide appropriate compensation for jobs.
How Do Employers Comply and What Exactly is Banned?
Currently, no uniform federal law prohibits employers from inquiring about salary history; therefore, salary history related bans, prohibitions, exemptions, and restrictions vary widely among state and local jurisdictions. As a result, the patchwork of state, city, county, and other municipal and local laws—each with its own specific prohibited conduct, exceptions, and remedies—present an increasing challenge to employers seeking to comply with the applicable laws in the hiring and interviewing processes. While there is no uniform law and each jurisdiction is different—and companies must carefully review the law in their applicable jurisdictions—the general provisions of these salary history bans include the following notions:
- Affects staffing employees as well as direct hire practices; applies to employers and/or job candidates in the affected jurisdictions (remote workers included).
- Makes it an unlawful employment practice for employers, employment agencies, or an agent thereof to inquire about the “salary history” of a job candidate. This generally prohibits employers from requiring candidate disclosure; asking a question in an interview about salary history; asking an candidate’s former or current employer for the information; searching public records for the information; and conditioning an interview or employment on disclosure of the information. In most jurisdictions, salary history is broadly interpreted to include wages (salaried or hourly), benefits, and other compensation.
- Not necessarily applicable to internal transfers or promotions, though caution should be exercised if the internal transfer is construed as an entirely new position.
- Employer can inquire as to “objective measures” of candidate’s productivity.
- No retaliation against candidates for non-disclosure.
The avenues to enforcement and available remedies or penalties for violations also differ widely from jurisdiction to jurisdiction. The majority of the laws across jurisdictions provide for large fines and civil lawsuits in the event of a violation, but each remedy is different depending on the jurisdiction. Some jurisdictions include a private right of action and allow courts much discretion in determining what it deems an appropriate remedy, including “compensatory damages, attorney’s fees and costs, punitive damages and such legal and equitable relief as the court deems just and proper.” (See, e.g., Connecticut).
Employers Beware of Variations Among Jurisdictions
Employers would be well served to be proactive in reviewing applicable regulations for each relevant jurisdiction, and to also recognize that the laws differ substantially across jurisdictions, even when it comes to the details. Understanding the details is critical for compliance.
U.S. Department of Labor Issues Final Rule Raising Salary Thresholds
The U.S. Department of Labor released a final rule today providing that employees who make less than $35,568 are now eligible for overtime pay.
The new rate will take effect January 1, 2020. The new rule will raise the salary threshold to $684 a week ($35,568 annualized) from $455 a week ($23,660 annualized). The U.S. DOL projects 1.3 million workers will now be eligible for overtime pay. Visit the U.S. DOL website for more information: https://www.dol.gov/whd/overtime2019/.
IN HB1668 – Use of Social Security Numbers in Credit Files in Indiana
Indiana recently enacted a bill that requires a consumer reporting agency (CRA) that uses a social security number (SSN) as a factor in determining whether a file matches the identity of the subject of a credit inquiry to ensure that the name and at least one additional identifier of the subject matches the name and the same identifier in the file. Basically, CRAs cannot use all or part of a SSN as the sole factor in determining whether a file matches the identity of an individual who is the subject of a credit inquiry from a consumer report user (End-User). If a CRA uses all or part of a SSN as a factor in determining whether a file matches the identity of an individual who is the subject of a credit inquiry from an End-User, the CRA shall ensure that:
- The individual’s name matches the name in the file; and
- At least one additional identifier, including the individual’s (a) current address, (b) previous address, (c) DOB, (d) mother’s maiden name, (e) current place of employment, or (f) previous place of employment matches the same identifier in the file.
Ill. – State Law Now Allows Automatic Suspension of Teachers’ Licenses When Charged With Serious Crimes
A new state law allows state education authorities to suspend a teacher’s license if the teacher is charged with serious crimes, including violent felonies, sexual and drug offenses. That will prevent accused educators from obtaining employment at any other school while under investigation for such crimes. The teacher’s license would be reinstated if there’s an acquittal. State statute bars anyone without a valid and active license from working as a teacher, substitute teacher, paraprofessional or academic administrator in an Illinois public school. The Illinois State Board of Education also reports all licensure suspensions and revocations to a national database. Previously, the state board had to wait until criminal proceedings were concluded before suspending or revoking a teacher’s license, officials said. Senate Bill 456, signed by Gov. J.B. Pritzker on Friday, bans school boards from knowingly employing anyone found to have abused or neglected children by the Department of Children and Family Services or any other child welfare agency. It also increases the frequency of background checks for school employees to every five years the employee remains with the same district. Previous state statute required school districts to conduct a background check only when a candidate applied for a job. Illinois State Police will continue to notify districts when anyone for whom they previously requested a background check is arrested. School districts or regional superintendents also must check statewide databases of sex offenders, murderers and violent offenders against youths every five years for all employees, and Children’s Advocacy Centers counselors/social workers must be involved from day one in every case of sexual misconduct against minors. Other provisions of the law include:
- School districts must review existing policies and procedures concerning sexual abuse investigations.
- School districts must report to the state board of education when an educator is convicted of specific crimes, including sex crimes against children, instead of only if that misconduct resulted in the employee’s resignation or dismissal.
- Creating the Make Sexual and Severe Physical Abuse Fully Extinct Task Force to review best practices for preventing sexual abuse of students in a school-related setting.
- The state board of education must conduct random audits of Professional Educator Licensees to verify a licensee’s fulfillment of required professional development hours.
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) amendment process is coming to an end this month. The California Legislature is scheduled to adjourn Friday the 13th, and sometime thereafter, the California attorney general is expected to issue draft rules that will clarify requirements under the CCPA. One notable change for background screening companies is that the current exception under the Fair Credit Reporting Act (FCRA) may be expanded to more broadly apply to “any activity involving the collection, maintenance, disclosure, sale, communication, or use of any personal information” by a consumer reporting agency, by a furnisher of data and by a user of a consumer report, if the activity is “authorized by” the FCRA. Reminder, the CCPA goes into effect January 1, 2020. Reported in Arnall Golden Gregory September 13, 2019 Compliance News Flash.
Companies Doing Business With New York Residents Face Tighter Data Security Requirements and Increased Scrutiny of Breaches
Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act, which amends New York’s current data breach notification law and places increased obligations on businesses that handle private data. With the SHIELD Act, New York joins the growing list of states that have adopted legislation to strengthen consumer privacy protections.
Expanded Definitions of Protected Data and Businesses Subject to the Notification Law
The SHIELD Act expands the categories of data protected by New York’s data protection laws and the set of businesses subject to those laws. Businesses operating in New York were already required to notify New York residents whose private information was acquired by an unauthorized person.1 But the Act expands the definition of private information to include more data such as: (1) biometric data, (2) user names or emails combined with passwords or security questions and answers, and (3) financial account numbers that can be used alone to access an account.
Broadened Territorial Scope Impacts Businesses Outside of New York
The Act also subjects more businesses to the notification requirements of New York’s data protection laws by requiring any business that owns or licenses computerized data that includes private information of a New York resident to provide notice of breaches to such affected residents. Previously, only companies that conducted business in New York were required to comply with those notice provisions. The expanded definition requires businesses to protect these additional categories of data and disclose to consumers, the New York Attorney General, the New York Department of State, and the division of the New York state police, as well as consumer reporting agencies in certain circumstances, when a data breach exposes that data.
Expanded Definition of What Constitutes a Security Breach
The new law broadens the definition of “data breach” to include situations where data is merely accessed by an unauthorized person, not just in situations where data is acquired, which has been the standard. Access may include viewing, copying, or downloading private information. Additionally, in the event that a breach occurs, the Act adds new information about how to inform affected persons, expands the information that must be given, and requires certain information be provided to the New York Attorney General.
More Rigorous Data Security Requirements
Businesses may be impacted most in the area of their security plans as the Act imposes security requirements for all businesses that own or license the private information of a New York resident and describes new safeguards that businesses must implement to protect data. To comply with the Act, each business must develop a data security program that employs administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the private information (unless the business meets one of the exceptions in the Act, which are for businesses that are already complying with certain federal or state data security obligations). As a starting point, this means, among other things, that organizations will need to conduct risk assessments, train their employees on data security, carefully select vendors with a demonstrated capacity of maintaining and committing to appropriate safeguards, and develop appropriate document retention programs and network security and incident response plans. The new requirements for data security programs take effect in March 2020.
Increased Regulatory Enforcement
The New York Attorney General also gains expanded powers to pursue legal action against businesses that violate New York’s data protection laws. First, the SHIELD Act gives the New York Attorney General authority to pursue civil penalties and injunctions against businesses that fail to establish appropriate safeguards. The Act authorizes the Attorney General to bring an action for damage of not more than $5,000 per violation. The Act also increases the penalties for a company’s failure to provide proper notice of a data breach to affected consumers. Companies that knowingly or recklessly fail to provide proper notice may be subject to a civil penalty of the greater of $5,000 or $20 per failed notification. But more generally, the statute of limitations is extended, so the Attorney General can now bring actions for violations within three years of the date on which the Attorney General became aware of the violation or the date on which a proper notice was issued about the breach. The time limits can be expanded further if the violator takes steps to hide the breach.
While the SHIELD Act has not yet taken effect, complying with the law’s mandates, with its far-reaching effects, could be an extended process. Companies should work with their compliance teams and legal counsel to implement adequate data security programs and breach-response strategies that satisfy these new legal requirements.
Salary History Bans Continue to Gain Momentum Across the Country (AL, IL, NJ, NY, MO, OH)
- The list of states and cities implementing prohibitions on employer salary history inquiries continues to grow. On June 10, 2019, Alabama enacted the Clarke-Figures Equal Pay Act (“CFEPA”), the state’s first pay equity law. The CFEPA prohibits an employer from refusing to interview, hire, promote, or employ an candidate for employment, or retaliate against an candidate for employment because the candidate refuses to disclose their wage history. Wage history is defined in the CFEPA as “the wages paid to an candidate for employment by the candidate’s current or former employer.” The CFEPA took effect on September 1, 2019.
- On July 31, 2019, Illinois’ governor signed into law House Bill 834, amending the Illinois Equal Pay Act of 2003. This law prohibits employers from screening job candidates based on their current or prior salary and from requesting or requiring that candidates disclose information about their salary history as a condition of being interviewed, considered for employment or offered employment. Employers are also prohibited from soliciting salary history information from an candidate’s former employer and from factoring salary history information into compensation or hiring decisions, even if an candidate provides the information voluntarily. The law does allow employers to provide information about the wages, benefits, compensation, or salary offered in relation to a position and employers can discuss with an candidate their expectations with respect to wage or salary, benefits, and other compensation. The salary history law will go into effect on September 29, 2019.
- Effective January 1, 2020, employers in New Jersey will be prohibited from requiring job candidates to disclose their salary history, including prior wages, salaries or benefits. On July 25, 2019, New Jersey’s acting governor signed into law Assembly Bill 1094, amending New Jersey’s Law Against Discrimination, and explicitly banning employers from screening job candidates based on the candidate’s salary history or requiring an candidate’s salary history satisfy any minimum or maximum criteria. Employers may verify salary history if an candidate voluntarily, without employer prompting or coercion, provides their salary history.
- Effective January 6, 2020, employers in New York will be prohibited from requesting, requiring or relying on wage or salary history from candidates or current employees seeking employment, continued employment or promotion. On July 10, 2019, New York’s governor signed the Salary History Bill, broadening the state’s Equal Pay Act. Employers cannot require candidates to reveal salary history as a condition of consideration for a position and cannot request salary history information from an candidate’s former employer. The law also prohibits refusal to hire or retaliation based on failure to provide wage or salary information. Candidates and employees may volunteer their salary history, and, if so, the employer may take it into consideration. Employers with employees in New York City should note this new state law imposes additional restrictions than those of the New York City salary history ban.
- Effective October 31, 2019, employers with six or more employees in Kansas City, Missouri will be prohibited from asking candidates for positions in Kansas City about their salary history. On May 23, 2019, the City Council passed Ordinance No. 190380, barring employers from inquiring about the salary history of an candidate, screening candidates based on their current or prior wages or benefits (including requiring that an candidate’s prior wages or benefits satisfy minimum or maximum criteria), relying on salary history in both hiring decisions or in determining compensation or benefits, or refusing to hire or otherwise disfavor or retaliate against an candidate who refused to provide their salary history to the employer. Employers may ask, however, whether candidates have expectations regarding salary, benefits, and other compensation. The ordinance does not apply to “voluntary and unprompted” disclosures of salary information by candidates.
- On July 5, 2019, Toledo, Ohio’s mayor signed into law the Pay Equity Act to Prohibit the Inquiry and Use of Salary History in Hiring Practices in the City of Toledo. This law prohibits employers in the City of Toledo that employ 15 or more employees within Toledo, from inquiring about, screening or relying upon the salary history of a job candidate in making an employment offer. While there is no violation if the candidate voluntarily, and without prompting, discloses their compensation, employers are barred from relying on an candidate’s salary history—even where voluntarily disclosed—in determining whether to offer the candidate employment or in determining the candidate’s compensation. The Act takes effect beginning July 4, 2020.
Employers in these locations should review and update their hiring practices and job applications to comply with these new laws.
New Jersey Passes Law Prohibiting Employers From Requesting Candidate’s Salary History
New Jersey recently enacted a new law prohibiting employers from seeking or relying on a job candidate’s salary history. The law, which will take effect on January 1, 2020, prohibits employers from: (1) screening job candidates based on the candidate’s prior salary history, which includes prior wages, salary and benefits; and (2) requiring that a job candidate’s salary history satisfy any minimum or maximum threshold. New Jersey follows New York City in its salary ban law enacted in 2017.
Certain exceptions to the NJ salary law exist:
- If an candidate voluntarily, without prompting or coercion, discloses his or her salary history, the employer may: (1) verify that the information the candidate provided was accurate; and/or (2) use the information to determine the candidate’s compensation. An candidate’s refusal to volunteer compensation information cannot be considered in any employment decisions.
- An employer may obtain written authorization from the candidate to confirm salary history after an offer of employment that contains an explanation of the total compensation package.
- Internal transfers or promotions for existing employees are excluded from the statute.
- If an employer is required to obtain or verify salary information by federal law or regulation, an employer is permitted to obtain the information to establish compensation.
- Employers may discuss the substance of incentive and compensation plans covering the candidate at a prior employer, provided that the employer does not ask about the specific compensation in the plans and the job to which the candidate applied with the prospective employer includes an incentive or commission component.
- If an employer conducts a background check with a credit reporting agency and directs the agency not to disclose salary history to the employer, but the background check report inadvertently includes compensation, the disclosure will not violate the law. However, the employer must destroy the salary-history information and is prohibited from using it.
Employment agencies are partially insulated under the law. Candidates may disclose salary history data and information regarding the candidate’s experience with incentive and commission plans to an employment agencies used by an candidate for job placement, and the prospective employer may use such information provided that the candidate provides express written consent to use the data. An employer that violates the law will be liable for a civil penalties of up to $1,000 for the first violation, $5,000 for the second violation, and $10,000 for each subsequent violation. Prior to January 1, New Jersey employers should review and make necessary modifications to their application process regarding salary history.
The Federal Motor Carrier Safety Administration (FMCSA) is Not a Consumer Reporting Agency Under the FCRA
According to a new case decided by the United States District Court for the District of Columbia, the Federal Motor Carrier Safety Administration (FMCSA) is not a consumer reporting agency under the FCRA. The case was brought by two truck drivers against the DOT and the FMCSA claiming that a prospective employer had accessed inaccurate information about them in FMCSA driving records. The drivers claimed the FMCSA had not followed reasonable procedures to protect the accuracy of driver data and fix inaccuracies as mandated by the FCRA. However, the court found that the FMCSA is not a consumer reporting agency under the FCRA for purposes of the records at issue because, while they do provide consumer data to the motor carrier industry for a fee, the data is assembled “for the purpose of ensuring transportation safety and not for the purpose of furnishing consumer reports to third parties.”
Federal Judge Says Terrorist Watchlist is Unconstitutional (System Does Not Provide a Constitutionally Adequate Remedy, Judge Rules)
A federal judge in Virginia has ruled that the government’s terrorism screening database (TSDB) is unconstitutional because people on the list are not given an adequate opportunity to contest their inclusion. The ruling is a victory for a group of almost 20 Muslim Americans who sued the government over the list in 2016. “There is no independent review of a person’s placement on the TSDB by a neutral decisionmaker,” Judge Anthony Trenga wrote on Wednesday. “Individuals are not told whether or not they were or remain on the TSDB watchlist and are also not told the factual basis for their inclusion.” As a result, the judge concluded, the watchlist system is unconstitutional. The government maintains several different lists for suspected terrorists. These include the no-fly list, which, as its name implies, prohibits certain people from flying in the US. The TSDB is a larger list believed to hold more than a million names. People on the list aren’t prohibited from flying, but they can face unpleasant consequences when they travel, especially internationally. The current system “provides no notice concerning whether a person has been included or remains in the TSDB, what criteria was applied in making that determination, or the evidence used to determine a person’s TSDB status.” The judge concludes that the current system “does not provide to a United States citizen a constitutionally adequate remedy under the Due Process Clause.” What’s not yet clear is how much the government will need to change its system. Trenga acknowledged that full transparency—for example, notifying someone as soon as they were added to a list—could endanger national security. So the government will still be able to keep some aspects of the list secret. But the details still need to be worked out. Judge Trenga ordered both sides in the lawsuit to propose changes that could address the system’s constitutional defects. Based on those proposals, he’ll issue a more detailed ruling in the future. We can also expect the federal government to appeal Trenga’s ruling, so this legal fight is far from over.
Lawsuit Claims New State Background Checks Discriminate Against Childcare Workers
The group Lawyers for Civil Rights has filed a class-action lawsuit against the commonwealth of Massachusetts over what they’re calling overly broad and discriminatory background check regulations for childcare workers. The rules were instituted as part of a larger regulation update state legislators passed last year to comply with new federal mandates. At issue is an additional set of rules included in the Massachusetts law that gives state officials the power to review a broad range legal records, including juvenile records, during routine childcare employee background checks. If someone is flagged, officials with the Massachusetts Department of Early Education and Care (EEC) have the power to ban them from working in the industry. Impacted employees have no option to appeal. The lawsuit was filed on behalf of Tara Gregory, who was forced to leave her job with New Beginnings Academy in Hyde Park this spring. The lawsuit claims the Massachusetts Department of Early Education and Care told Gregory she was disqualified because of her juvenile record. Thirty-three years ago, when Gregory was 16, she got into a fight with a group of girls and allegedly kicked someone. She entered plea for the charge of assault and battery with a dangerous weapon and spent two years on probation. Gregory v. Commonwealth of Massachusetts takes issue with two main facets of the new state regulations. First, the attorneys argue EEC’s policy to allow lifetime disqualifications from working in the childcare field without the right to an appeal violates the Massachusetts Constitution’s guarantee of due process. Additionally, the lawsuit alleges that disqualifications based on juvenile adjudications are inherently discriminatory because they disproportionately impact childcare employees of color. The lawsuit calls on the Massachusetts Superior Court to grant a preliminary injunction on the rules that require state officials to permanently disqualify employees from employment based on juvenile offenses. Officials with EEC have said the enhanced background checks were necessary to remain compliant with federal rules and so EEC could continue to qualify for more than $277 million of annual federal funding. But state officials would not comment on the lawsuit. When Gov. Charlie Baker introduced the full regulations last year, he said in a statement, “Allowing the department to access important information and conduct expanded background checks will provide additional safeguards to protect our kids.” Childcare industry experts say they’re not surprised a lawsuit like this has been filed. We have always believed, given the overreach, given the lack of an appeal process, that it was inevitable,” said Bill Eddy, executive director of the Massachusetts Association of Early Education and Care. He added that this case will likely be the beginning of additional litigation as EEC systems are fully updated with the new requirements and more employees come due for routine background checks.
6th Circuit: FCRA Claims Require Consumer to Notify Consumer Reporting Agency of Dispute
On August 29, the U.S. Court of Appeals for the 6th Circuit affirmed a district court’s ruling that a bank was not obligated under the Fair Credit Reporting Act (FCRA) to investigate a credit reporting error because the consumers failed to ever notify a consumer reporting agency. According to the opinion, after plaintiffs paid off their line of credit, the bank (defendant) continued reporting the plaintiff as delinquent on the account. After plaintiffs contacted the bank regarding the reporting error, the bank employee ensured plaintiffs that the defendant submitted amendments to the credit reporting bureaus to correct the situation. However, the plaintiffs claimed the error was not corrected until almost a year later. Plaintiffs also alleged that they did not contact the credit reporting bureau in reliance on the bank employee’s statements. The district court granted summary judgment in favor of the bank, concluding that the FCRA requires that notification of a credit dispute be provided to a consumer reporting agency as a prerequisite for a claim that a furnisher failed to investigate the dispute. Since the plaintiffs failed to trigger the defendant’s FCRA obligations because they never filed a dispute with a consumer reporting agency, the defendant’s responsibility to investigate was never activated. On appeal, the 6th Circuit agreed with the district court that direct notification to the furnisher of the inaccurate credit report does not meet the FCRA’s prerequisite. Additionally, the plaintiffs’ state common law claims for breach of the duty of good faith and fair dealing and tortious interference with contractual relationships were preempted by the FCRA, and their fraudulent misrepresentation claim was forfeited on appeal.
Employers Paid Out $174M to Resolve Background-Check Lawsuits
In the past decade, employers resolving class-action lawsuits over alleged background check violations paid out a total of $174 million, a new compilation of court records showed. The companies that provided those reports to employers paid another $152 million when they were sued directly by individuals for allegedly violating the Fair Credit and Reporting Act (FCRA), according to Good Jobs First, the non-profit that compiled the report. According to Good Jobs First, 40 employers have paid out $1 million or more in FCRA employment settlements since 2011. The database includes settlements involving Wells Fargo ($12 million), Target ($8.5 million), Uber Technologies ($7.5 million), Publix Super Markets ($6.8 million), Amazon.com ($5 million), Home Depot ($3 million), and Domino’s Pizza ($2.5 million). The dollar amounts were compiled from 146 successful class actions. The FCRA may not be at the top of the list of mandates HR professionals are tracking compared to discrimination or sexual harassment legislation, but it still carries risks. With hiring occurring regularly and many employers admitting that they don’t do regular screenings, the risk of violating the law — and making poor hiring decisions — can’t be ignored. And the payouts for violations, per Good Jobs First’s data, are worth noting.
Jury Awards $101,000 to Portland Man Who Sued Wells Fargo for Not Fixing Credit Report Due to ID Theft
An identity thief opened a Wells Fargo car loan account in the name of Matthew Sponer, bought a BMW at a used car dealership in Southern California in July 2016, was caught that fall and convicted several months later. Despite repeated attempts by Sponer and his lawyer to get his bank to delete the $29,000 debt that his credit report showed he owed for the car loan; Wells Fargo didn’t do it for 14 months. They finally followed through after Sponer sued the bank. The delay came despite a detective confirming to the bank the identity theft, the thief’s guilty plea and sentencing, the bank’s receipt of a police report and Sponer’s credit card statements that showed he was out of the country when the car was purchased.
On Tuesday, a federal jury awarded Sponer $101,000 in noneconomic damages, finding Wells Fargo Bank negligently and willfully violated the Fair Credit Reporting Act. But the eight-member jury didn’t issue any punitive damages.
Yahoo Settles Data Breach Class Action Lawsuit
Yahoo expects to pay $117.5 million to settle a data breach class action lawsuit over four separate data breach events that occurred between 2012 and 2016. The breaches exposed the sensitive personal information of over a billion user accounts including usernames, passwords, email addresses, birthdays, phone numbers, and security questions and answers. User credit card and bank account data were not exposed. Claims brought against Yahoo included negligence, breach of contract, invasion of privacy, and violation of various consumer protection laws including California’s Unfair Competition Law and Customer Records Act.
An Administrative Law Judge (ALJ) Ordered a Cleaning Service to Pay Almost $1.2 Million in Civil Penalties for Employment Eligibility Verification Form Violations
The company was missing the Forms I-9 of 224 employees. Additionally, it had not completed the Forms I-9 of 102 employees within three days of hiring, as required by law. In fact, it had completed some of the forms after being served with Notice of Inspection from the Immigration and Customs Enforcement (ICE). Finally, the Forms I-9 of 329 of the company’s employees were found to be incomplete due to blank pages, missing pages, missing signatures, lack of indication that work authorization was checked, and missing alien registration numbers. The ALJ found the company’s bad faith in hastily completing and backdating some of its Forms I-9 to be an aggravating factor that impacted the size of the fine.
Privacy Shields Has Reached 5000 Active Company Participants
The EU-U.S. Privacy Shield Framework has reached over 5,000 active company participants according to a recent announcement from the U.S. Secretary of Commerce.
The ECJ Issued a Judgment Holding That GDPR’s “Right to be Forgotten” is Limited in Scope to the European Union (EU)
The European Court of Justice (ECJ) held that, when responding to EU subjects’ requests that Google remove certain search results containing their sensitive personal information (referred to as “de-referencing requests”), Google need only remove the search results from its country-specific sites located within the EU, not globally. In the decision, the ECJ reasons that under GDPR Article 3, Google is “established” in the EU and therefore falls within the territorial scope of the GDPR. However, the Court then goes on to consider the fact that different countries have struck their own balance between an individual’s right to privacy and the public’s right to information, resulting in different laws. Therefore, the court decides, there is “currently no obligation under EU law, for a search engine operator to carry out de-referencing on…versions of the search engine [outside the EU].” However, the court adds the caveat that “a supervisory or judicial authority of a Member State remains competent to…order, where appropriate, the operator of [a] search engine to carry out a de-referencing concerning all versions of [a] search engine.” It now remains to be seen whether this decision is a one-off or whether it means the court will continue to limit the extraterritorial scope of GDPR.
Update From the Office of Privacy Commissioner of Canada
On Monday September 23, 2019 the Office of the Privacy Commissioner of Canada (OPC) announced its previous 2009 Guidance for Processing Personal Data Across Borders will remain unchanged.
Recreational Marijuana and Workers’ Compensation: What Employers Need to Know
With the impending legalization of recreational marijuana in Illinois on January 1, 2020, employers are abuzz about the potential implications on their operations, particularly how legalization impacts alleged work injuries. Under the Illinois Workers’ Compensation Act, employees found intoxicated at the time of an accident are denied compensation if the intoxication was the proximate cause of the injury or if the employee was so intoxicated it constituted a departure from the employment. 820 ILCS 305/11.
The act already considers evidence of intoxication from the use of marijuana. If at the time of the accident there is evidence of intoxication due to the “unlawful or unauthorized” use of marijuana, there is a rebuttable presumption the employee was intoxicated, and the intoxication was the proximate cause of the accident. Id. It then becomes the employee’s burden to prove the intoxication was not the proximate cause of the injury. Evidentiary issues are likely to present the greatest challenge in marijuana cases. Unlike alcohol, there is no defined “legal limit,” nor is there a straightforward method of measuring impairment due to marijuana use. Urinalysis is one of the most common forms of drug testing and while it can detect marijuana in a user’s system, it cannot detect the amount of the drug present in the user’s system or how long ago the cannabis was ingested. Cannabis also metabolizes at different rates depending on the individual, which makes it difficult to determine a quantifiable level of impairment because of how long it can be detected in the system. Another option includes blood testing, which can detect marijuana from between 12 hours to seven days after use. A third alternative is saliva testing, which can detect cannabis up to 12 hours after intake. In practice, the legalization of recreational marijuana should have little impact as to how employers and carriers approach alleged work injuries. The act does not allow compensation where the employee was intoxicated due to the unlawful or unauthorized use of cannabis. While marijuana will no longer be illegal in Illinois come 2020, the same legislation legalizing marijuana provides protections and empowers employers to maintain a zero-tolerance policy for marijuana in the workplace. In such workplaces, the use of marijuana or intoxication due to marijuana would arguably be “unauthorized” use and, thus, employers can still deny cases where there is evidence of intoxication due to marijuana at the time of the accident just as they do with intoxication due to alcohol. Furthermore, employers are still allowed to implement reasonable drug testing policies, which can include urinalysis and saliva testing. An important caveat under the act that employers should keep in mind is that a refusal to submit to a drug test creates a presumption that the employee was intoxicated at the time. It is also impossible to overstate the importance of good experts in evaluating drug tests in intoxication cases, as they are likely to play a crucial role in cases of impairment due to marijuana. So what can employers do to get ahead of the curve when it comes to potential marijuana intoxication? The first step is to review workplace policies as to drugs and alcohol to make any necessary revisions to address marijuana. Next, communicate the policy to all employees. It is also important to encourage management, supervisors, and employees to be aware of each other and their surroundings. Because marijuana impairment cannot be quantified, one method of demonstrating intoxication or impairment is by changes or deviations in someone’s typical behavior. Overall, while there is some uncertainty as to how the Commission and Courts will apply the act’s provisions as to marijuana, it is certainly likely to be an issue at the forefront of workers’ compensation litigation. It is also an issue that is likely to evolve through practical application, legislative amendment, and research advancements in science and medicine.
Artificial Intelligence in the Employment Relationship: Friend or Foe?
While the use of AI can be an efficient and cost-effective means for employers to handle tasks such as talent acquisition, compensation analysis, and administrative functions, it is not without its challenges. As lawmakers on the federal and state level struggle to catch up with the rapidly changing technology, it is imperative for employers to stay ahead of the curve and ensure that their use of AI is not exposing them to costly litigation.
The Growing Use of AI
AI is often used in the workplace to assist employers with recruitment through the use of algorithms to make hiring decisions. Notably, although common sense would suggest that AI would help eliminate unconscious (or conscious) bias in the hiring process, it has quickly become apparent that the risk of bias persists.
The Potential for Implicit Bias and Disparate Treatment
Title VII of the Civil Rights Act of 1964 prohibits employers from discriminating against an individual on the basis of race, color, sex, national origin or religion with respect to all aspects of employment. According to the Bureau of Labor Statistics, the growth of employment in computer science and engineering jobs is more than double the national average. Despite the surge in this field, women and minorities continue to be under-represented. Back in 2016, the U.S. Equal Employment Opportunity Commission stated that diversity in the high-tech sector is “a timely and relevant topic for the Commission to investigate and address.” Since then, some companies have evaluated using AI in the recruitment process in order to increase diversity in their workforce. Unfortunately, it can sometimes have the opposite effect.
When companies train computer programs to filter out the best candidates for interviews, the learning is often based on prior resumes or attributes of previously hired successful candidates. Given the disparity between genders or even races in certain professions, using past data will only perpetuate the problem, as algorithms are taught to favor specific characteristics or experience.
Similarly, employers considering the implementation of AI in the workplace should be cognizant of the potential for age discrimination claims. The federal Age Discrimination in Employment Act (“ADEA”) prohibits age-based discrimination against candidates or employees age 40 or over. The use of AI in the workplace to streamline certain activities could result in a disparate impact on an older workforce and potentially expose a company to discrimination claims. Specifically, if older workers struggle to adapt to new technology, or implicit bias results in the perception that younger employees are better suited to handle the changes than their older counterparts, older employees may be the first to go if the company undergoes a reduction in force as a result of the use of AI.
168 Uber and Lyft Drivers Suspended for Offenses, Including Felonies, That Should Have Barred Them From Employment
Scores of workers for Uber and Lyft were driving passengers around Portland, Oregon, despite having offenses ranging from traffic violations to criminal records that should have barred them from doing business as a ride-share driver, according to local authorities. The Portland Department of Transportation confirmed to ABC News that they suspended or revoked the permits for 168 ride-share drivers in Portland since 2015, including two Lyft drivers who were convicted felons — one convicted of sexual assault and the other for assault with intent to murder. John Brady, the director of communications at the Portland Bureau of Transportation, said they uncovered these drivers after they started doing a system of “random checks.” “For 80 people a month, we do the full background check, we do criminal history and if the person is on the sex offender list,” he told ABC News. They also do a series of random field checks using “secret shoppers and uniformed personnel” who check the safety of the vehicles and more. “We want these consumers to be safe, in terms of physical safety and the mechanical safety of the cars as well as the drivers, so we would like Uber and Lyft to do everything that they can to make sure that that takes place,” Brady said. “We’re still going to continue to do our own checks, we found it a good backup system to enhance consumer protections.” While two of the 168 drivers were felons, “you can be disqualified for driving for a number of things, if you haven’t had a driver’s license continuously for the past year, if you have had a certain number of traffic violations, if you have been involved in any traffic crime, if you don’t have a valid license, it runs the gamut,” Brady added. “We have tens of thousands of taxi, Uber and Lyft drivers and by and large, they are safe drivers and safe individuals but we’re committed to finding anyone who isn’t and make sure that they aren’t driving,” Brady said. A spokesperson for Uber told ABC News, “There’s nothing more important than the safety of the drivers and riders we serve. We have strengthened our background checks and introduced new screening technology that monitors new criminal offenses. But safety does not start and end with a background check.” “Uber has a number of safety features in place for riders and drivers, including an emergency button with 911 integration technology in more than 250 cities across the US, including Portland. We will continue to put safety at the heart of our business,” the statement added.
Lyft told ABC News that “safety is fundamental” to them and “since the beginning we have built products and policies with that in mind.” The statement continued: “All those who apply to drive with Lyft are screened for criminal offenses and driving incidents. Lyft was the first rideshare company to institute criminal background checks. Just this summer we announced an expansion of our criminal background check process to include continuous monitoring, as well as a new enhanced identity verification process. Any driver who does not pass the initial, annual, and continuous screenings is not able to use our platform. We are constantly working to improve the safety of our platform and are committed to delivering the best experience for all users.”
NAPBS is Now PBSA
Name change! The Professional Background Screening Association (PBSA, formerly NAPBS) is now the Professional Background Screening Association (PBSA). The change in trade association name was announced at the annual conference in San Antonio, Texas. The change is intended to reflect the global nature and reach of the association. Reported in Arnall Golden Gregory September 13, 2019 Compliance News Flash.