On January 25, 2012, the Federal Trade Commission (“FTC”) sent warning letters to three companies that market, in total, six mobile phone applications (“Apps”) that provide users with background check reports. In the warning letters, the FTC states that the Apps may violate the Fair Credit Reporting Act (“FCRA”). According to a press release issued by the FTC on February 7, 2012, the FTC cautioned the Apps’ marketers that, if they have reason to believe that the background reports provided will be used for employment screening, housing, credit, or other similar purposes, both the users of the Apps and the marketers of the Apps must comply with the FCRA.
Under the FCRA, individuals or organizations that use outside entities (such as the Apps) to procure certain background information on employees or applicants in connection with their employment (or potential employment) must comply with certain notice, authorization, and other rules. Such outside entities are referred to as Consumer Reporting Agencies (“CRAs”) in the text of the FCRA.
Specifically, an entity will be considered a CRA if it assembles or evaluates information on consumers for the purpose of furnishing “consumer reports” to third parties. Consumer reports include information that relates to an individual’s character, reputation, or personal characteristics. In addition, consumer reports are used, or expected to be used, for employment or other similar purposes, such as for tenant screening purposes and determining eligibility for credit or insurance.
CRAs must comply with several different FCRA provisions, including:
- Taking reasonable steps to ensure that the user of each report has a “permissible purpose” to use the report;
- Taking reasonable steps to ensure the maximum possible accuracy of the information provided in its consumer reports;
- Providing those who use its consumer reports with information about their obligations under the FCRA; and
- In cases where consumer reports are supplied for employment purposes, giving the employer information regarding its obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports, and to notify them of their right to receive copies of the reports and to a free reinvestigation of information that an employee or applicant believes is erroneous.
The warning letters state that the FTC has not yet made a determination as to whether the applicable marketing companies actually violated the FCRA. Rather, the letters simply placed each company on notice that it may be in violation of the FCRA. In addition, the letters warned the marketing companies that, even if they included a disclaimer on their websites indicating that the Apps’ reports should not be used for employment or other FCRA-related purposes, such a disclaimer would not be sufficient to defend against accusations of FCRA violations. Further, the FTC indicated that, in determining whether each marketing company had reason to believe that its products were being misused for employment or other FCRA purposes, the FTC would evaluate many factors, including the company’s advertisement placement and its customer lists. Finally, the FTC advised each marketing company to review its application, policies, and procedures to ensure compliance with the FCRA.
What Employers Should Do Now
- If you use a mobile application to conduct background checks on your current or potential employees, be aware that such a search will almost certainly be covered by the FCRA. Accordingly, you must receive proper authorization from employees or applicants when background checks are performed, and you must comply with the various other requirements of the FCRA (including, for example, providing notices of intent to take adverse action and notices of adverse action, all of which must accompanied by copies of the reports themselves and summaries of rights under the FCRA).
- Even if you do not, as a matter of policy, perform background checks on employees or applicants, discern whether individual managers may be using background check mobile applications to screen applicants or employees. If they are, you should either insist that the practice cease or make sure that the managers are complying with the FCRA.
- Train managers regarding the FCRA and its requirements, and ensure that such training encompasses all applicable state credit reporting laws.
- Develop policies regarding background checking procedures, and make sure that managers are aware of these procedures and that all such policies comply with applicable state credit reporting laws.
- Whether or not you use a mobile application or a traditional CRA to perform background checks, consult with employment counsel to ensure that your background check process complies in all respects with the various requirements of the FCRA.
- To the extent that you may be considered a CRA under the FCRA, be advised that you must comply with the FCRA if a report generated was for “employment purposes.”
- Keep in mind that, whether you are a CRA or an employer procuring a background check, the term “employment purposes” has been interpreted broadly by the FTC to encompass, for example, performing background checks on independent contractors.
- Finally, as a best practice, consider requiring all applicants to authorize you to perform background checks under the FCRA as part of the hiring process, as well as at other times during employment. This should protect you against claims based on expansive interpretations of the FCRA and allow you to obtain reports, as needed, throughout their employment. If this has not been a practice of yours in the past, you may wish to require all current employees to provide such authorizations as well.
For more information about this Advisory or any aspect of FCRA compliance (or compliance with applicable state credit reporting laws), please contact:
Jennifer A. Goldman
Teiko Shigezumi, an attorney licensed in Japan who is based in Epstein Becker Green’s New York office, contributed significantly to the preparation of this Advisory.