On January 25, 2012, the Federal Trade Commission ("FTC") sent warning letters to three companies that market, in total, six mobile phone applications ("Apps") that provide users with background check reports. In the warning letters, the FTC states that the Apps may violate the Fair Credit Reporting Act ("FCRA"). According to a press release issued by the FTC on February 7, 2012, the FTC cautioned the Apps' marketers that, if they have reason to believe that the background reports provided will be used for employment screening, housing, credit, or other similar purposes, both the users of the Apps and the marketers of the Apps must comply with the FCRA.

Under the FCRA, individuals or organizations that use outside entities (such as the Apps) to procure certain background information on employees or applicants in connection with their employment (or potential employment) must comply with certain notice, authorization, and other rules. Such outside entities are referred to as Consumer Reporting Agencies ("CRAs") in the text of the FCRA.

Specifically, an entity will be considered a CRA if it assembles or evaluates information on consumers for the purpose of furnishing "consumer reports" to third parties. Consumer reports include information that relates to an individual's character, reputation, or personal characteristics. In addition, consumer reports are used, or expected to be used, for employment or other similar purposes, such as for tenant screening purposes and determining eligibility for credit or insurance.

CRAs must comply with several different FCRA provisions, including:

  • Taking reasonable steps to ensure that the user of each report has a "permissible purpose" to use the report;
     
  • Taking reasonable steps to ensure the maximum possible accuracy of the information provided in its consumer reports;
     
  • Providing those who use its consumer reports with information about their obligations under the FCRA; and
     
  • In cases where consumer reports are supplied for employment purposes, giving the employer information regarding its obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports, and to notify them of their right to receive copies of the reports and to a free reinvestigation of information that an employee or applicant believes is erroneous.

The warning letters state that the FTC has not yet made a determination as to whether the applicable marketing companies actually violated the FCRA. Rather, the letters simply placed each company on notice that it may be in violation of the FCRA. In addition, the letters warned the marketing companies that, even if they included a disclaimer on their websites indicating that the Apps' reports should not be used for employment or other FCRA-related purposes, such a disclaimer would not be sufficient to defend against accusations of FCRA violations. Further, the FTC indicated that, in determining whether each marketing company had reason to believe that its products were being misused for employment or other FCRA purposes, the FTC would evaluate many factors, including the company's advertisement placement and its customer lists. Finally, the FTC advised each marketing company to review its application, policies, and procedures to ensure compliance with the FCRA.

What Employers Should Do Now

  • If you use a mobile application to conduct background checks on your current or potential employees, be aware that such a search will almost certainly be covered by the FCRA. Accordingly, you must receive proper authorization from employees or applicants when background checks are performed, and you must comply with the various other requirements of the FCRA (including, for example, providing notices of intent to take adverse action and notices of adverse action, all of which must accompanied by copies of the reports themselves and summaries of rights under the FCRA).
     
  • Even if you do not, as a matter of policy, perform background checks on employees or applicants, discern whether individual managers may be using background check mobile applications to screen applicants or employees. If they are, you should either insist that the practice cease or make sure that the managers are complying with the FCRA.
     
  • Train managers regarding the FCRA and its requirements, and ensure that such training encompasses all applicable state credit reporting laws.
     
  • Develop policies regarding background checking procedures, and make sure that managers are aware of these procedures and that all such policies comply with applicable state credit reporting laws.
     
  • Whether or not you use a mobile application or a traditional CRA to perform background checks, consult with employment counsel to ensure that your background check process complies in all respects with the various requirements of the FCRA.
     
  • To the extent that you may be considered a CRA under the FCRA, be advised that you must comply with the FCRA if a report generated was for "employment purposes."
     
  • Keep in mind that, whether you are a CRA or an employer procuring a background check, the term "employment purposes" has been interpreted broadly by the FTC to encompass, for example, performing background checks on independent contractors.
     
  • Finally, as a best practice, consider requiring all applicants to authorize you to perform background checks under the FCRA as part of the hiring process, as well as at other times during employment. This should protect you against claims based on expansive interpretations of the FCRA and allow you to obtain reports, as needed, throughout their employment. If this has not been a practice of yours in the past, you may wish to require all current employees to provide such authorizations as well.

*****

For more information about this Advisory or any aspect of FCRA compliance (or compliance with applicable state credit reporting laws), please contact:

Jeffrey M. Landes
New York
212-351-4601
Jlandes@ebglaw.com

Susan Gross Sholinsky
New York
212-351-4789
sgross@ebglaw.com

Steven M. Swirsky
New York
212-351-4640
sswirsky@ebglaw.com

Jennifer A. Goldman
New York
212-351-4500

Teiko Shigezumi, an attorney licensed in Japan who is based in Epstein Becker Green's New York office, contributed significantly to the preparation of this Advisory.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.