Scherzer Blog

Trend of suing employers for technical FCRA violations continues

The threat of a multi-million potential class action lawsuit alleging technical violations of the Fair Credit Reporting Act (FCRA) continues to haunt employers, even where the plaintiffs have alleged or proven no harm.

Pursuant to the statute, employers are required to “provide prior written notice before they can procure a consumer report about any employee or applicant for employment.” Just as important, 15 U.S.C. Section 1681b(b)(2)(A)(i) adds that the notice must be given “in a document that consists solely of the disclosure.”

Seeking to take advantage of the statutory damages available under the FCRA – from $100 up to $1,000 for a willful violation – plaintiffs have challenged employers’ use of a disclosure form that combined the written notice to procure a consumer report with other information or documents, such as an application form.

The trend to sue for FCRA technical violations was started by Singleton v. Domino’s Pizza, LLC in the U.S. District Court of Maryland (case no. 8:11-cv-01823-DKC) where the court ruled that inclusion of a liability release in the employer’s disclosure/authorization form violates the FCRA. Domino’s ended up reaching a settlement with the plaintiffs in 2013 for $2.5 million.

Also taking a strict reading of the statutory language, the Western District Court of Pennsylvania ruled in 2013 in Reardon v. Closetmaid Corporation (case no. 2:0S-cv-01730) that an employer could be liable for the combination of a disclosure/authorization with a liability waiver, and granted summary judgment in favor of the roughly 1,800 job applicants.

In a more recent example, a class of applicants sued Publix Super Markets in the U.S. District Court for the Middle District of Tennessee (case no. 3:14-cv-00720) also based on a violation of the sole disclosure requirement and release of liability. With Domino’s and Closetmaid’s payouts looming over its head and a class of 90,000, Publix agreed to settle the claims for $6.8 million earlier last year.

Although these companies opted not to fight the suits on their merits, a defendant in a case filed in the U.S. District Court for the Eastern District of California (case no. 1:14-742-WBS-BAM) did and won dismissal in October 2014. Syed v. M-I LLC involved identical claims but the judge reached a contrary decision, finding that the FCRA text was not as clear-cut as the plaintiff claimed. Immediately following the subsection mandating the sole disclosure of the employer’s intent to procure a consumer report is a provision that states that the consumer’s authorization is to “be made on the document referred to in clause (i)” – “that is, the same document as the disclosure,” the court noted, and “…thus, the statute itself suggests that the term ‘solely’ is more flexible than at first it may appear…”

The Syed decision is the second one that may give hope to employers facing similar suits. (There are at least six class actions pending.) But the obvious answer for companies looking to avoid the problem entirely is simple: use a standalone disclosure/authorization form that is separate from any other information or documents.

|Employment Decisions, Lawsuit|

Beware of loopholes in reporting on securities brokers

When considering the track record of a securities broker or dealer, investors should be cognizant of loopholes in background reporting.

The Financial Industry Regulatory Authority (FINRA) oversees the regulation of brokers and operates BrokerCheck, an online database that contains disciplinary records of registered brokers. But a review by the Wall Street Journal found that BrokerCheck is sorely lacking a wealth of information about registered brokers, some of which can be found in the records of state regulators. At least 38,400 brokers have regulatory or financial red flags that appear only on state records, according to the WSJ’s investigation; of those brokers, at least 19,000 had clean BrokerCheck records. One significant area omitted by FINRA: internal reviews.

The WSJ identified 4,346 brokers with one or more internal reviews reported on their state records but not on BrokerCheck. Other regulatory red flags not spotted on FINRA’s database: personal bankruptcies filed more than 10 years ago, judgments and liens that have been satisfied, and certain employment terminations.

FINRA’s records do include complaints against brokers, regulatory actions, terminations for cause, and personal bankruptcies filed within the last decade, which the agency says is consistent with the Fair Credit Reporting Act. But in light of the gaps – and a proposal from FINRA to the Securities and Exchange Commission to expand the obligations of financial institutions with regard to the background screening of applicants (https://scherzer.co/sec-considers-background-check-rule-proposed-by-finra/) – investors should consider checking state regulatory records to form a more complete picture of a broker’s history.

In response to the WSJ’s inquiry, FINRA launched a review of its database and said the agency is studying the current rules about the information disclosed on BrokerCheck. The agency is also attempting to patch a separate loophole by coordinating its efforts with state insurance regulators. Following reports that insurance and securities regulators struggle to share data – and that individuals take advantage of the gap by continuing to sell insurance products despite losing a securities license, for example – FINRA vowed to take action. Beginning this month, the agency said it will provide a monthly report of its disciplinary actions against securities brokers not only to state securities regulators but state insurance regulators as well.

|Educational Series|

Medical marijuana laws put employers in a tough spot

The growing number of jurisdictions permitting medical marijuana is putting employers in a tough position. One the one hand, marijuana remains illegal under federal law and a workforce under the influence isn’t much of a workforce at all. On the other hand, 23 states and the District of Columbia now permit the use of marijuana for regulated medical purposes and some state laws include anti-discrimination provisions prohibiting employers from taking action against employees based on their status as a registered medical marijuana user.

A first-of-its-kind lawsuit demonstrates the conundrum. In December, the American Civil Liberties Union filed suit in a Rhode Island state court on behalf of an individual who allegedly was denied an internship after she disclosed that she lawfully carried a medical marijuana card for severe migraines.

According to the complaint, the company told the applicant that she had been rejected because of her status as a cardholder, and despite promises not to bring medical marijuana on the premises or come to work under the influence, the applicant was denied the position.

The lawsuit charges that the company violated Rhode Island’s medical marijuana law which prohibits schools, employers, and landlords from refusing “to enroll, employ, or lease to, or otherwise penalize, a person solely for his or her status as a cardholder.” The complaint – which also includes allegations of disability discrimination under state law – seeks compensatory and punitive damages.

Employers in states permitting medical marijuana would be well-advised to review their relevant law when considering marijuana use or marijuana-related criminal records in employment decisions. While Rhode Island is not alone in including an anti-discrimination requirement in its law, joined by Arizona, Connecticut, Delaware, Illinois, Maine, Minnesota, Nevada, and New York, other states – including California, Massachusetts, and New York – are clear that employers have no obligation to accommodate an employee’s medical marijuana use or permit them to work under the influence.

Read the complaint.

|Employment Decisions|

OFAC getting more common in contract terms and background checks

Do you know what OFAC is about? OFAC is the acronym of the U.S. Department of Treasury’s Office of Foreign Assets Control, and its function is to administer and enforce sanctions against countries or individuals (like terrorists or narcotics traffickers) with actions ranging from trade restrictions to the blocking of assets.

For U.S. companies, the agency’s enforcement applies to banks, insurers, and others in the financial industry that may be involved in covered dealings, which include engaging in transactions prohibited by Congress such as trade with an embargoed country or with a specially designated national (SDN).

Violations of regulations, which extend to all U.S. citizens, can result in substantial fines and penalties. Criminal penalties can reach up to $20 million and imprisonment up to 30 years; civil fees can range from up to $65,000 to $1,075,000 per violation, depending on the activity at issue.

OFAC has significantly stepped up its enforcement efforts that have resulted in sizable settlement agreements with U.S. entities, and thus companies increasingly are incorporating sanctions compliance language based on OFAC regulations into contracts and agreements, as well as including OFAC checks in their employment-purpose background screening or in connection with business transaction due diligence.

Contract terms requiring a party to affirm that it is not the subject of any OFAC sanctions status, that no OFAC investigations are in process, or that it does not engage in transactions with countries like Iran or North Korea, are becoming standard. Some deals also include a provision attesting that a company is not owned by an individual on the list of SDNs, that the company is not based or located in an embargoed country, or to assure that the monies used to make an investment or purchase were not provided by a sanctioned country or individual. Of course, it is also important to conduct background checks to confirm these representations at the start of the contract and at reasonable intervals thereafter.

The use of compliance language does not insulate a company from OFAC liability. While such a provision may create a contract-based remedy to recover monetary damages based on a fine or settlement with the agency, the clause cannot eliminate liability. Like any other governmental regulator, OFAC is not bound by private contract and can take action even with such terms in place.

Learn more about OFAC.

|Educational Series|

Happy Holidays from Scherzer International

Scherzer International wishes you a Happy Holiday Season and continued success in 2015! We sincerely appreciate your business and the referrals so many of you have made to SI.

|SI Information|

Class action charges LinkedIn with violations of FCRA

According to a new putative class action filed in California federal court, social networking site LinkedIn runs afoul of the Fair Credit Reporting Act (FCRA).

The plaintiffs claim that LinkedIn’s reference search functionality allows prospective employers, among others, to obtain reports on job applicants with profiles on the site. LinkedIn’s dissemination of “Reference Reports” – that are created based on a user’s profile and connections to form a list of former supervisors and co-workers as possible references – are available for users who pay a monthly or annual subscription fee.

“LinkedIn has created a marketplace in consumer employment information, where it sells employment information, that may or may not be accurate, and that is has obtained in part from unwitting members, and without complying with the FCRA,” according to the complaint, which noted the site has more than 300 million members and one million jobs listed.

The Reference Reports bring LinkedIn within the purview of the FCRA, and yet the company fails to comply with a host of statutory requirements, according to the complaint.

Specifically, the complaint alleges that the site violates Section 1581(b) by furnishing consumer reports for employment purposes without obtaining the certifications required by the statute or a summary of the consumer’s rights and also does not maintain any of the procedures required by Section 1681e(a) to limit the furnishing of consumer reports to the limited purposes of the statute. In addition, Section 1681e(b) mandates that all consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information, Section 1681e(d) requires that a user notice be provided to individuals when a report is provided about them, and Section 1681b states that reports can only be provided after an inquiry to ensure the report is used for a “permissible purpose.” None of these statutory requirements were met by LinkedIn, the suit alleges.

“[A]ny potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained,” Sweet and the other plaintiffs claim. “Such secrecy in dealing in consumer information directly contradicts the express purposes of the FCRA.”

The main plaintiff alleges that she located a job opening on the site and submitted her resume through LinkedIn. She received a notification from the site that the general manager of the employer had viewed her profile and she was offered the job after an interview. The general manager declined the plaintiff’s offer to provide a list of references but later called back to rescind the offer, telling her that he had checked some of her references and changed his mind.

The plaintiffs seek to certify a nationwide class of LinkedIn users who had a Reference Report run on them as well as a subclass of users who applied for employment via the site and had a Report generated by a potential employer. As for remedies, the putative class requests actual, statutory, and punitive damages, as well as attorney’s fees and costs.

To read the complaint in Sweet v. LinkedIn Corporation, click here.

|Employment Decisions, Lawsuit|

SEC considers background check rule proposed by FINRA

Financial institutions could face expanded obligations to conduct background screening of applicants for registration pursuant to a rule proposed by the Financial Industry Regulatory Authority (FINRA) to the Securities and Exchange Commission (SEC).

As currently drafted, the National Association of Securities Dealers (NASD) Rule 3010(e), the Responsibility of Member to Investigate Applicants for Registration, provides that a firm “must ascertain by investigation the good character, business reputation, qualifications and experience of an applicant before the firm applies to register that applicant with FINRA,” the regulator explained.

Seeking to “streamline and clarify members’ obligations relating to background investigation, which will, in turn, improve members’ compliance efforts,” FINRA proposed the addition of background checks to the Rule for the SEC’s consideration.

The change would mandate that firms verify the accuracy and completeness of the information in an applicant’s Form U4 (Uniform Application for Securities Industry Registration or Transfer) for first-time applicants as well as transfers. Written procedures for conducting the background check – including a public records search – must also be established.

While the rule is prospective, FINRA announced that it would take a look at currently registered representatives. The financial regulator intends to begin its efforts with a search of all publicly available criminal records for the roughly 630,000 registered individuals who have not been fingerprinted within the last five years; going forward, FINRA will periodically review public records “to ascertain the accuracy and completeness of the information available to investors, regulators and firms,” the agency said.

To read the Federal Register notice: click here.

|Fraud, Risk Management|

Background screening of independent contractors

The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?

The answer: it depends.

While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)

The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.

Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.

In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.

The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.

However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”

To read the Allison Letter, click here.

To read the Solomon Letter, click here.

|Employment Decisions|

California expands privacy protections for state residents

A perennial trendsetter with regard to data security and privacy, California has updated its state law with tweaks that expand the scope of the privacy protections for state residents.

A.B. 1710 made three changes to existing law that go into effect January 1, 2015: first, businesses that maintain “personal information” about California residents must “implement and maintain appropriate and reasonable security procedures and practices” to protect the data from “unauthorized access, destruction, use, modification, or disclosure.” Personal information is defined to include an individual’s first name or first initial and last name, Social Security number, driver’s license number, as well as medical and financial account information.

Second, if a person or business was “the source” of a data breach and offers to provide identity theft prevention and mitigation services to affected individuals, the business must offer the services at no cost for at least 12 months. Some controversy has swirled around this provision, with debate on whether the language actually requires businesses to provide one year of free identity theft protection and mitigation services or if the law simply requires that if the services are offered, they last for 12 months and are provided gratis. Additional guidance may be forthcoming.

Finally, the new legislation prohibits a business from “selling, offering for sale, or advertising for sale” Social Security numbers. Limited exceptions were noted in the bill, including “if the release

[not necessarily a sale] of the Social Security number is incidental to a larger transaction and is necessary to identify the individual in order to accomplish a legitimate business purpose” or “for a purpose specifically authorized or specifically allowed by federal or state law.”

The law’s scope reaches well beyond the borders of California, as it applies to businesses that maintain any personal information about a state resident. Companies would be well advised to familiarize themselves with the new requirements.

To read AB 1710, click here.

|Legislation, Privacy|

Pennies add up to $18.7 million in allegedly illicit gains

A bit different from the billion dollar frauds that frequently made the headlines in the years past, a complaint filed on October 5, 2014 by the justice department in the federal district court in Manhattan accuses two former New York brokers of securities fraud and conspiracy for secretly adding a few pennies to the cost of securities trades they processed to generate $18.7 million in gains. The SEC also filed civil charges against the men, and added another broker as a defendant. The SEC’s complaint alleges that from at least 2005 through at least February 2009, the defendants perpetrated the scheme by falsifying execution prices and embedding hidden markups or markdowns on over 36,000 customer transactions. According to the SEC, the defendants charged small commissions—typically pennies or fractions of pennies per share; the scheme was devious and difficult to detect because they selectively engaged in it when the volatility in the market was sufficient to conceal the fraud. One of the defendants, who was in charge of entering the prices into the trading records and playing a critical role by controlling the flow of information, already pleaded guilty to securities fraud and conspiracy.

|Criminal Activity, Fraud|

Previous 363738 Next