FCRA Amendment Effective Date Quickly Approaching

Effective September 21, 2018:  According to the Economic Growth, Regulatory Relief and Consumer Protection Act (“Act”), passed by Congress in May, language must be added to the Fair Credit Reporting Act (“FCRA”) Summary of Rights form explaining a consumer’s right to a security freeze.  Specifically, the Act amends Section 605A of the FCRA, stating that “[a]t any time a consumer is required to receive a summary of rights required under section 609,” the following notice must be provided:

“You have a right to place a ‘security freeze’ on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.

As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years.

A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account that requests information in your credit report for the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements.”

The Consumer Financial Protection Bureau (“CFPB”) should be issuing a new FCRA Summary of Rights; however, they are not expected to do so before the September 21st deadline.  It is imperative for any entity required to provide the ‘Summary of Your Rights Under the Fair Credit Reporting Act’ to a consumer to update the form prior to the September 21st effective date to ensure compliance with this new nationwide requirement.

Is New Federal Privacy Legislation on the Horizon?

Both the US Chamber of Commerce and large technology companies are requesting change when it comes to data privacy and security laws.  The US Chamber of Commerce has asked Congress to develop new federal data privacy legislation to preempt state laws, while companies such as Facebook and Google are lobbying the administration for similar change.

Against the backdrop of Europe’s GDPR and California’s Consumer Privacy Act (effective in 2020), businesses argue they need clarity and consistency.  As such, they are proposing a set of rules that would give them some leeway over how personal digital information is handled.  There is great concern that California is setting the benchmark for other states and with various laws, businesses that operate across state lines would have a regulatory nightmare in maintaining compliance.

In terms of enforcement, the Chamber is seeking business-friendly rules, arguing that enforcement “should only apply where there is concrete harm to individuals,” and that “a federal privacy framework should not create a private right of action for privacy enforcement.”

The Chamber argues that consumers benefit from the responsible use of data, giving them more options than ever when it comes to goods, services, information, and entertainment.  However, it also recognizes the goal that consumers must have assurance that data is safeguarded and used responsibly.  To that end, it offers the following privacy principles that should be included in any federal legislation:

  1. Nationwide Privacy Framework.
  2. Privacy Protections Should be Risk-Focused and Contextual.
  3. Transparency.
  4. Industry Neutrality.
  5. Flexibility.
  6. Harm-Focused Enforcement.
  7. Enforcement Should Promote Efficient and Collaborative Compliance.
  8. International Leadership.
  9. Encouraging Privacy Innovation.
  10. Data Security and Breach Notification.

 

Everyone seems to be in agreement that privacy and data security have never been more important.  However, whether these issues should be dealt with at the state or federal level is yet to be agreed upon.  How the efforts of the US Chamber of Commerce and these large companies play out over the coming months and years will help determine this issue.

FTC Amends Privacy Act System of Records Notices

Data security and privacy issues are affecting everyone – even the federal government.  The Federal Trade Commission (FTC) recently adopted final amendments to its system of records notices under the Privacy Act of 1974 (Act).  In part, the Act authorized federal agencies to adopt routine uses of agency records, as long as they were compatible with the purpose for which the information was originally collected.

The terminology “routine uses” was updated in 2007 based on language recommended by the Justice Department, allowing the disclosure of records to appropriate persons and entities in order to respond to a data breach.  It has since been determined that the language used in 2007 was too narrow and that agencies need the authority to make disclosures that go beyond those anticipated by the original routine use.

The final amendments specify that “harm to individuals” may justify a routine use disclosure.  The amendments also add a second routine use, so that the FTC will now have the ability to disclose records to another federal agency, if it is reasonably needed to respond to a data breach.

For more information, visit the Notice by the Federal Trade Commission.

California Clarifies Salary History Law

California recently passed AB 2282 to clarify some of the items in its Salary History Law, which became effective January 1st of this year.  The following terms are now defined:

  • Applicant: only individuals who seek new employment with the employer, not current employees applying for new positions with the same employer.
  • Pay scale: a salary or hourly wage range, which does not include bonuses or equity ranges.
  • Reasonable Request: a request made after the applicant has completed the initial interview.

Additionally, AB 2282 clarifies that employers may ask about an applicant’s salary expectations for the position.  Finally, the new legislation addresses the California Equal Pay Act:  “Prior salary shall not justify any disparity in compensation. Nothing in this section shall be interpreted to mean that an employer may not make a compensation decision based on a current employee’s existing salary, so long as any wage differential resulting from that compensation decision is justified by one or more of the factors listed in this subdivision.”  The factors listed include: (1) a seniority system, (2) a merit system, (3) a system that measures earnings by quantity or quality of production; and (4) a bona fide factor other than race or ethnicity, such as education, training, or experience.

Full text of the California law.

For more information on these and other laws and whether they affect your state, visit our resource guide at https://www.hireimage.com/resource-library/

Long-Awaited Decision in California Clarifies Interpretation of Two State Statutes Affecting Background Screeners

On August 20, 2018, the Supreme Court of California held that the state’s Investigative Consumer Reporting Agencies Act (“ICRAA”) was not unconstitutionally vague as applied to employer background checks, despite some overlap with another state statute, the Consumer Credit Reporting Agencies Act (“CCRAA”).  In Connor v. First Student, Inc., a conflict between two courts of appeal about whether the ICRAA applied if a background screener did not obtain the information from personal interviews was resolved.  The case had a long and interesting history and had been pending for eight years.

While the statutes involved in this case have some differences, including the information they govern, the obligations and limitations they impose, and the remedies they provide for violations, they have something important in common.  Both the ICRAA and the CCRAA govern reports that contain information relating to character and creditworthiness, which was based on public information and personal interviews and used during the employment background screening process.  As such, the background check involved in this case was found to be an investigative consumer report under the ICRAA, triggering its application, and even though the CCRAA also applied, the defendants were not exempt from the requirements under ICRAA before conducting the background check.

Key takeaways from the court’s ruling in Connor include:

(1) partial overlap between two statutes does not render one unconstitutionally vague; and

(2) the ICRAA and CCRAA can coexist, as both acts are sufficiently clear, and each regulates information that the other does not.

With this decision, California companies should confirm with their background screener whether or not they fall under the ICRAA and are complying with its provisions, as well as with the CCRAA.

Attention Hawaii Employers: Salary History Ban Effective January 1, 2019

Effective January 1, 2019, Hawaii employers are prohibited from asking applicants about their prior compensation history. This law covers a broad range of employers (as long as they have at least one employee in the state, they are subject to the law), as well as employment agencies and agents.

Specifically, employers may not inquire about, nor rely on, an applicant’s “current or prior wage, benefits, or other compensation.” Employers are also prohibited from searching public records or reports to ascertain an applicant’s salary history. However, employers may discuss an applicant’s compensation expectations for the job without violating the law. Employers will also not violate the law if a background check is used to verify an applicant’s disclosure of non-salary-related information and incidentally discloses an applicant’s salary history, as long as the salary history information is not then relied upon to set compensation for the position.

If an applicant voluntarily and “without prompting” discloses his or her salary history, the employer may then verify, and rely upon, that information in setting compensation.

Hawaii’s Salary History law applies to new applicants only and not to current employees seeking advancement.

Full text of the Hawaii law.

For more information on these and other laws and whether they affect your state, visit our resource guide at https://www.hireimage.com/resource-library/