This list of judgments has become an all too familiar sight…
-
Smith v. HireRight: $40M+
-
Jane Roe, et al. v. Intellicorp: $18M
-
Shamara T. King et al. v. GIS: $3.2M
-
Evelyn Sanders v. FADV: Pending
The following is not legal advice and should not be used in lieu of legal advice. Seek a legal opinion from your lawyer before implementing any new compliance measures.
Stale Data Raises the Stakes: Compliance Is Your Best Protection
Most national criminal files are built the same way. Records are aggregated using methods such as bulk data purchases, online data collection tools, and direct court feeds. The database is then used for searching a candidate’s criminal record history.
However, the quality of the information can vary greatly from file to file. Most importantly, some information may be outdated, incomplete, obsolete, and/or not reportable. Different vendors use different processes to ensure that information is comprehensive, reportable, complete, and up to date. These differences in process can have a material and significant impact on the employer.
Some of the biggest differences in vendor processes occur in the refresh policy. This can range from always updating a record prior to reporting it to not updating it and reporting it even if it has been in the vendor’s file for 6 months or more.
Complying with Section 613 of the FCRA
Section 613 of the FCRA states that when a CRA compiles and reports adverse public record information on consumers for employment purposes, it must either (1) notify the consumer that the data is being reported, with the name and address of the employer who is receiving it, or (2) have “strict procedures” in place to ensure that the information reported is complete and up to date. It further provides that “items of public record relating to arrests, indictments, convictions, suits, tax liens, and outstanding judgments shall be considered up to date if the current public record status of the item at the time of the report is reported.”
Complying with Section 607(b) of the FCRA
An FTC Informal Staff Opinion Letter references 607(b) while focusing primarily on the “up to date” language from the strict procedures section in 613(2) in responding to a request about the reporting of stored data that may not have been updated in 30, 60, or 90 days. The Staff concluded that this would not comply with the strict procedures requirement in 613(2), but dropped in a footnote indicating that, in the alternative, the 613 notice provision could be used, which since 607(b) is expressly referenced in the letter’s discussion, could be argued to support the view that stored data for as much as a certain limited number of days old could be disclosed with a 613(1) notice while still meeting 607(b) obligations (30 days or less is often floated in the industry).
The FTC also opined that a CRA that furnishes public record information must also follow reasonable procedures to assure maximum possible accuracy of that information as required by section 607(b), even if it chooses to comply with Section 613(a)(1) by providing a notice when providing public record information to employers.
Section 607(b) of the FCRA states, “Whenever a consumer reporting agency prepares a consumer report, it shall follow reasonable procedures to assume maximum possible accuracy of the information concerning the individual about whom the report relates.”
Translation
In other words, if a CRA reports public record information for employment screening purposes, it must follow 2 distinct requirements of the FCRA: It must meet (i) Section 607(b) requirement (follow reasonable procedures to assure maximum possible accuracy) and (ii) Section 613(a)(1) (by sending a notice to the candidate that public record information is reported about the candidate) or (a)(2) (follow strict procedure to ensure that the reported information is complete and up to date). This can be generally done by verifying at the source any information retrieved from a database search. Additionally only information that was verified and retrieved at the source should be reported.
Conclusion
Clearly it is in a CRA’s best interest to validate records from a national criminal file before they are reported to an end-user and that the information provided to an end-user is the latest information obtained from the source. When ClearStar provides records to a CRA, it is ClearStar’s recommended best practice that the CRA do the same, or at their request, ClearStar will perform an order review where all retrieved records are verified at the source before they are reported to the CRA.
This difference is more than a semantic legal point, as evidenced by the many large lawsuits centering around this duty of accuracy and complete and up-to-date records and the financial penalties for which they were settled as seen in the list at the top of this article.
To lower the stakes, it is very important that you do your homework and understand the processes your vendor uses for updating and reporting out records from their national criminal file.
Nicolas Dufour – EVP & General Counsel
Nicolas Dufour advises ClearStar’s management team on all legal matters, issues and risks impacting the organization. He provides legal guidance, legal management and operating standards related to business, state and federal laws, regulatory and legal strategic matters.
Dufour has more than two decades of legal practice experience and ten years of experience in the background check industry. Prior to joining ClearStar, he was Chief Regulatory Counsel at First Advantage, where he oversaw litigation matters; regulatory enforcement investigations related to privacy and data security issues.
