We live in a world where almost anything we do can be recorded and stored digitally. Many businesses have sprung up around aggregating this data into consumer reports—more colloquially known as background checks. Loan companies, employers, and many more all rely on consumer reports in making decisions as to how to proceed with any given individual.
However, like any aggregate of personal information, these reports can really damage a person’s a life if they are misused or simply contain incorrect information. With this in mind, there are laws protecting against how somebody can access, collect, and use the dirty laundry of any person off the street. The Fair Credit Reporting Act (FCRA) holds both those who collect and sell consumer reports and those who use them under strict obligations as to how they must operate. When a business steps out of line, the lawsuits can be extremely costly.
For example, Frito-Lay has recently agreed to a $1M settlement in response to claims that it failed to act in accordance with the Fair Credit Reporting Act by failing to provide sufficient notice to prospective employees before taking adverse employment action against them based on information disclosed in a consumer report.
Frito-Lay is far from alone; litigation based on FCRA violations is at an all-time high. The restaurant chain Waffle House is embroiled in a similar ongoing lawsuit over their alleged systematic failure to take adequate steps to ensure information in background checks was accurate. In the last few years Chipotle, Food Lion, Home Depot, BMW, Chuck E Cheese, and Whole Foods have all been sued for FCRA violations and settled for amounts hovering between around $1M to $3M. Earlier this year, Wells Fargo even settled a suit for a whopping $12M.
It’s crucial to understand rights and obligations under the FCRA; whether to protect your business or ensure the protection and accuracy of highly personal information.
What are My Rights as an Individual Under the FCRA?
First and foremost, the FCRA gives individuals the power to sue based on violations of the act. This means that if your information is mishandled, you have the right to have the situation remedied through either court ordered action or damages. This means that a lot of your rights are intertwined with the obligations of both credit reporting agencies (CRA) and employers.
For instance, CRAs are under an obligation to identify and remove inaccurate or obsolete (many things on a consumer report are required to be removed after 7 years) information from your consumer report and their failure to do so allows you to sue them. However, your rights under the Fair Credit Reporting Act also encompass a great deal of ability to ensure that the information that is collected about you is accurate.
You are allowed to request and receive a copy of your credit report, including all information in the file at the time you request it, from any CRA. If you don’t think any part of the report is accurate, then you may file a dispute and the company that gave you the report is obligated, unless your dispute is obviously ridiculous, to investigate the information and update it to ensure accuracy.
If you have been a target of identity theft, or are active duty military, your rights under the FCRA are expanded. The rules are also slightly different in the trucking industry.
What are My Obligations as an Employer Under the FCRA?
As mentioned above a great deal of the individual rights provided by the FCRA involve the right to sue over an employer’s failure to live up to their FCRA obligations. For this reason, it’s crucial for a business to ensure its procedures are in compliance with the act lest they end up in Frito-Lay’s situation.
Before accessing a background check or credit rating, an employer must receive written permission from the employee or would-be employee that they seek to look into. This permission can be for a one time deal or at any time throughout employment, but it must be explicit what level of access you will seek. You must also notify the person you are seeking information if the report may be used in decisions related to their employment. Both these requirements can often be folded into a properly worded conditional job offer or similar document.
The access must also be for a permissible purpose under the FCRA. These purposes include hiring and promotion decisions. However, be careful of the timing of your request as situations where an employer is not yet sure if they are going to hire or knows they will not hire a person and still seeks a background check might be enough to establish the background check was not actually used in a hiring or promotion decision.
Before receiving a consumer report, an employer must certify to the CRA they are working with that they have a permissible purpose and will follow all FCRA guidelines.
If you intend to take adverse action based on a background check (eg. fire, not promote, not hire), then there are further steps you must take. An employer needs to, before the adverse action is taken, notify the employee or would-be employee of your intent to take negative action and provide them a copy of the consumer report you used to reach your decision and a summary of their rights under the FCRA. The idea is to give them a chance to make sure the information is correct before you take action.
Once you finally do take action, an employer is required to give notice of that action over the phone, in person, in writing, or electronically. This notice has to include: (1) the name and address of the CRA you got the report from; (2) an explanation that the CRA didn’t make the adverse decision and can’t explain the reasoning behind it; (3) notice of the right to dispute the information in the report. Once you’re finished with a consumer report, you’re required to destroy it.
An employer also needs to be careful in how and when they request background checks. If you don’t check every applicant or employee as a matter of policy, checking only a few people can give rise to discrimination lawsuits if the checks are more common for a protected class such as person's race, national origin, color, sex, religion, disability, genetic information (including family medical history), or age (40 or older). If information within a background check which is more common among a protected class is used in employment decisions, this too can lead to discrimination suits.
The FCRA isn’t the only source of protection when it comes to background checks. State law often provides substantially more rights to consumers than the FCRA itself. It’s important to ensure that you know these rights as an individual and avoid treading on them as an employer.
Shelling out a cool million may be pocket change for Frito-Lay, but most businesses aren’t ready to take that kind of hit. With FCRA litigation on the rise, it’s time for employers to double-check their policies and workers to ensure they’re not being misrepresented or mistreated on how their sensitive information is being used.
Authored by Jonathan Lurie, LegalMatch Legal Writer and Attorney at Law