ScherzerBlog | Scherzer International

On May 7, 2013, the Federal Trade Commission (the “FTC”) announced the results of its testing operation, revealing that 10 companies out of the 45 that the FTC approached seemed to be willing to sell consumer information without complying with the Fair Credit Reporting Act (“FCRA.”) The FTC reported that its staffers asked the companies about buying the information for purposes such as determining creditworthiness, suitability for employment or eligibility for insurance.

Six of the 10 companies appeared willing to sell consumer information for employment purposes, two for insurance decisions and two for pre-screened lists of consumers to use in making firm offers of credit. The data brokers were contacted again by the FTC, but this time in the form of letters, warning that their practices may violate the FCRA. The warning letters are part of an ongoing international effort spearheaded by the Global Privacy Law Enforcement Network, an informal group of consumer protection and privacy agencies. 

The Consumer Financial Protection Bureau (the “CFPB”) announced that the nation’s largest database of federal consumer financial complaints is live and open for public viewing.

The CFPB’s recent launch significantly expands the Consumer Complaint Database from about 19,000 credit card complaints in 2012 to more than 90,000 complaints on mortgages, student loans, bank accounts and services, other consumer loans, and credit cards. It also includes product sub-categories, such as reverse mortgages, conventional fixed mortgages and adjustable mortgages, and home equity loans or lines of credit. Complaints are entered only after the company provides a response or after it has had the complaint for 15 days, whichever comes first. The CFPB states that while the allegations in the complaints are not verified, a commercial relationship between the consumer and the company is substantiated before the complaint is added to the database.

According to the CFPB, the database now has more than one million data points covering approximately 450 companies, and includes information such as the type of complaint, date of submission, consumer’s ZIP code, and the company’s name. The database also provides information about the actions taken on the complaint, i.e., whether the company’s response was timely, how the company responded, and whether the consumer disputed the response.

To file a complaint with the CFPB, consumers can:>

The Federal Trade Commission (the “FTC”) interim final rule which became effective February 11, 2013 confirms that most service providers are not subject to the Red Flags Rule. The rule clarifies the meaning of “creditor” ensuring that its definition is consistent with the revised definition of that term in the amended Fair Credit Reporting Act (the “FCRA”). A “creditor” must develop and implement a written identity theft prevention program premised on identifying “red flags” of identity theft only if in the ordinary course of business, the “creditor” regularly: 1) obtains or uses consumer reports in connection with a credit transaction; 2) furnishes information to consumer reporting agencies in connection with a credit transaction; or 3) advances funds to or on behalf of a person, in certain cases.

However, any entity collecting consumer data must remain vigilant in how it collects, uses and safeguards that data. The FTC may pursue enforcement actions under the FTC Act when a company does not take reasonable privacy protection measures scaled to the risk level of their business practices.

Seven members of Congress wrote a letter last month to Equifax asking for more information about its employment verification subsidiary, The Work Number, which according to a statement made by Jackie Speier (D-California), “appears to have operated under the radar, with little public awareness of the vast trove of [payroll and other] sensitive data it was gathering.”  Speier asserted that “Equifax needs to explain exactly how it is using this data, and provide evidence that The Work Number does not pose a threat to the privacy of 190 million Americans.”

While companies say that they sign up with The Work Number because it gives them a convenient way to outsource employment verifications, the seven members of Congress are disturbed by the fact that “… this massive database appears to generate revenue using consumers’ sensitive personal information for profit.”

On March 8, 2013, the U.S. Citizenship and Immigration Services (the “USCIS”) announced that its newly revised Form I-9 is to be used immediately. Notably, as indicated in the Federal Register, the USCIS granted companies until May 7, 2013 to implement the new form, which purportedly has been designed to minimize completion errors. This 60-day grace period allows employers time to adjust their human resource processes, and modify their software. The USCIS has also updated its “Handbook for Employers – Guidance for Completing the Form I-9” (3.8.13 version) to correspond to the new form, and is holding webinars to educate companies in the form’s usage.

The USCIS noted that employers do not need to complete the new form for employees for whom they already have a proper Form I–9 on file, unless re-verification applies. Unnecessary verification may violate the anti-discrimination provision of section 274B of the INA, 8 U.S.C. 1324b, which is enforced by the DOJ’s Office of Special Counsel for Immigration Related Unfair Employment Practices.

The Securities & Exchange Commission (the “SEC”) recently released an educational bulletin to help investors make informed financial decisions and avoid common scams. Its 13 points include:

1. Check the investment professional’s background.
   Details about experience and qualifications are available through the Investment Adviser Public Disclosure website and FINRA BrokerCheck.
2. Be mindful of fees associated with buying, owning, and selling an investment product.
   Expenses vary from product to product, and even small differences in these costs can translate into large differences in earnings over time. An investment with high costs must perform better than a low-cost investment to generate the same returns.
3. Diversification can help reduce the overall risk of an investment portfolio.
   By picking the right mix, you may be able to limit losses and reduce the fluctuations of investment returns without sacrificing too much in potential gains. Some investors find that it is easier to achieve diversification through ownership of mutual funds or exchange-traded funds rather than through ownership of individual stocks or bonds.
4. Paying off high-interest debt may be the best “investment” strategy.
   Few investments pay off as well as, or with less risk than, eliminating high-interest debt on credit cards or other loans.
5. Promises of high returns, with little or no associated risk, are classic warning signs of fraud.
   Every investment carries some degree of risk and the potential for greater returns comes with greater risk. Ignore the so-called “can’t miss” investment opportunities or those promising guaranteed returns or, better yet, report them to the SEC.
6. Any offer or sale of securities must be either registered with the SEC or exempt from registration.
   Otherwise, it is illegal. Registration is important because it provides investors with access to key information about the company’s management, products, services, and finances.
7. Do not invest in a company about which little or no information is publicly available.
   Always check whether an offering is registered with the SEC by using the SEC’s EDGAR database or contacting the SEC’s toll-free investor assistance line at (800) 732-0330.
8. Investing heavily in shares of any individual stock can be risky.
   In particular, think twice before investing heavily in shares of your employer’s stock. If the value declines significantly, or the company goes bankrupt, you may lose money and there’s a chance you might lose your job, too.
9. Active trading and some other common investing behaviors actually undermine investment performance.
   According to researchers, other common investing mistakes include focusing on past performance, favoring investments from your own country, region, state or company, and holding on to losing investments for too long and selling winning investments too soon.
10. Con-artists are experts at the art of persuasion, often using a variety of influence tactics tailored to the vulnerabilities of their victims.
    Common tactics include phantom riches (dangling the prospect of wealth, enticing with something you want but can’t have), source credibility (trying to build credibility by claiming to be with a reputable firm or to have a special credential or experience), social consensus (leading you to believe that other savvy investors have already invested), reciprocity (offering to do a small favor for you in return for a big favor) and scarcity (creating a false sense of urgency by claiming limited supply).
11. Some investments provide tax advantages.
    For example, employer-sponsored retirement plans and individual retirement accounts generally provide tax advantages for retirement savings, and 529 college savings plans also offer tax benefits.
12. Mutual funds, like other investments, are not guaranteed or insured by the FDIC or any other government agency.
    This is true even if you buy through a bank and the fund carries the bank’s name.
13. The key to avoiding investment fraud is using independent information to evaluate financial opportunities.
    Many investors may have avoided trouble and losses if they had asked questions from the start and verified the answers with sources outside of their family, community, or group. Whether checking the background of an investment professional, researching an investment, or learning about new products or scams, unbiased information is a significant advantage for investing wisely. 

On December 7, 2012, the Federal Trade Commission (the “FTC”), submitted its written testimony to the U.S. Civil Rights Commission on the use of criminal background checks in employment decisions. The Commission intends to apply the testimony in reviewing the EEOC’s guidance that an employer’s use of an individual’s criminal history in making employment decisions may, in some instances, violate the prohibition against employment discrimination under Title VII of the Civil Rights Act of 1964. The EEOC suggests that minorities are disproportionately likely to have criminal records, which means that when employers use criminal background reports, minorities are possibly affected more than other groups.

Notably, in its testimony, the FTC, which shares the authority for enforcing the Fair Credit Reporting Act (“FCRA”) with other federal agencies, including the Consumer Financial Protection Bureau (“CFPB”) does not say anything substantial about civil rights.

The testimony does, however, provide a good recap of the legal rights and obligations prescribed by the FCRA when consumer reports are used for employment purposes, and highlights the FTC’s law enforcement efforts in this area. As its starting point, the testimony reminds that the FCRA imposes several requirements on consumer reporting agencies (“CRAs”) that provide consumer reports to employers, which include ensuring that the employer is in fact using the report for a permissible purpose. In the employment context, permissible purposes are limited to “employment, promotion, reassignment, or retention.” Thus, employers may only obtain a consumer report about applicants or employees, and may not simply use their status as employers to get information about competitors, opposing parties in litigation, or anyone else. Relatedly, under the permissible purpose requirement, CRAs must have reasonable procedures in place to ensure that the consumer report users are who they claim.

The CRAs also must comply with certain procedural requirements, such as giving all users of consumer reports a notice that informs them of their duties under the FCRA. The CRAs must obtain certifications from the employer that: (1) it is in compliance with the FCRA; and (2) it will not use consumer report information in violation of any federal or state equal employment opportunity laws or regulations.

Further, the FCRA mandates that CRAs follow “reasonable procedures to assure maximum possible accuracy of the information [15 U.S.C. § 1681e(b)].” It does not establish, however, a requirement of absolute accuracy and does not require that the CRAs guarantee that the reports are error-free.

If a CRA provides a report that has negative information about an applicant or employee that is based on public records — for example, tax liens, outstanding judgments, or criminal convictions — that CRA either has to notify the applicant or employee directly that it has provided the information to the employer, or has to adopt strict procedures to ensure that the information is complete and up to date [15 U.S.C. § 1681k(a)(1)-(2)]. Regardless of whether a CRA opts to provide the notice or adopt strict procedures, FCRA § 1681e(b), as noted above, requires CRAs to have “reasonable procedures to assure maximum possible accuracy.”]

The FCRA also places specific obligations upon employers to provide certain disclosures to the applicants or employees, and obtain their written authorization before using consumer reports. If an employer intends to take an adverse action based either in whole or in part on the information in a consumer report, such as denying a job application, reassigning or terminating an employee, or denying a promotion, the employer must provide the applicant or employee with a pre-adverse action notice before taking the action. The pre-adverse action notice must include a copy of the consumer report on which the employer is relying and a summary of rights under the FCRA. The form, which recently was reissued by the CFPB, describes the consumers’ rights under the FCRA, including the right to obtain copies of their consumer reports and dispute information.

Once the employer has taken the adverse action, it must give the applicant or employee a notice that the action was based on information in the consumer report.  This adverse action notice must include the name, address, and phone number of the CRA that supplied the report, and must inform the applicant or employee of his or her right to dispute the accuracy or completeness of any information in the report, and the right to obtain a free report from the CRA upon request within 60 days. Even though a consumer has the right to dispute errors, the CRAs and furnishers of information to the CRAs typically are allowed thirty days to investigate the consumer’s dispute, and the information may not be corrected in time to affect the consumer’s consideration for a particular job.

The FTC points out that it has pursued an aggressive law enforcement program to ensure that CRAs, furnishers, and consumer report users (including employers) comply with their responsibilities under the FCRA, providing details of recent lawsuits for FCRA violations that resulted in civil penalties against CRAs ranging from $800,000 to $2.6 million. Its recent actions against employers included charges against railroad contractors for failing to provide pre-adverse action and adverse action notices to employees who were fired and job applicants who were rejected based on information in their consumer reports. Under negotiated settlement orders, the companies were required to pay penalties in the amount of $1,000 per violation, and are subject to specific injunctive, record-keeping, and reporting requirements to ensure compliance with the FCRA.

The FTC’s enforcement actions and the latest wave of class action lawsuits enforce that FCRA compliance must be a priority for employers, CRAs and furnishers of information alike.

Effective January 1, 2013, California will join Maryland and Illinois in significantly restricting employers’ access to their employees’ and job applicants’ social media accounts. Signed into law by Governor Jerry Brown on September 27, 2012 and fittingly announced via Twitter, AB 1844 provides that an employer cannot require or request an employee or applicant to do any of the following:

• disclose a username or password for the purpose of accessing personal social media;
• access personal social media in the presence of the employer;
• divulge any personal social media, except as provided in subdivision.

The law also prohibits an employer from discharging, disciplining, or otherwise retaliating against an employee or applicant for not complying with a request or demand by the employer that violates these provisions. However, an employer is not prohibited from terminating or taking an adverse action against an employee or applicant if otherwise permitted by law.

The law does preserve an employer’s rights and obligations to request that an employee divulge personal social media information reasonably believed to be relevant to an investigation of allegation(s) of employee misconduct or violation of applicable laws and regulations, provided that the information is used solely for purposes of that investigation or a related proceeding. An employer is also not precluded from requiring or requesting that an employee disclose a username or password for the purpose of accessing an employer-issued electronic device.

A companion law, AB 1349 that establishes similar requirements for postsecondary education institutions in regard to their students also goes into effect on January 1, 2013.

Identity theft again tops FTC’s top complaints list for 2011

The Federal Trade Commission (FTC) on February 27, 2012 released its list of top consumer complaints received by the agency in 2011. For the twelfth year in a row, identity theft topped the list at 279,156 complaints or 15%. The breakdown for the next nine complaint categories (from a list of 30) is as follows:

 
The FTC records the complaints in its Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. Other federal and state law enforcement including the U.S. Postal Inspection Service, the Department of Justice’s Internet Crime Complaint Center, and the attorneys general offices of Idaho, Michigan, Mississippi, North Carolina, Ohio, Oregon, Tennessee, and Washington also contribute to the database content, along with private-sector organizations such as U.S. and Canadian members of the Better Business Bureau, Western Union and Moneygram, and the Lawyers Committee for Civil Rights Under Law.

About 20 years ago, the United States Sentencing Commission (USSC) enacted the Federal Sentencing Guidelines (FSGs) for organizations with the intent to govern the sentencing of companies convicted of federal crimes. The FSGs, which have been amended several times, hold that organizations can act only through agents and, under federal criminal law, generally are vicariously liable for offenses committed by their agents.

A proactive approach to prevent, detect and report illegal and unethical activities can substantially reduce fines and punishment, in some cases up to 95% according to a commentary by the USSC. The USSC specifies that the two factors that mitigate an organization’s ultimate punishment are “the existence of an effective compliance and ethics program, and self-reporting, cooperation, or acceptance of responsibility.” In contrast, the absence of solid compliance mechanisms can increase fines and punishment, as verdict determination is based on “the organization’s involvement in or tolerance of criminal activity, its prior history, violation of an order, and obstruction of justice.”

The compliance incentives provided by the FSGs and the proliferation of new regulations mandate a cultural imperative for ethical and law-abiding conduct by all companies, large and small. High-level attention, leadership and sufficient resources must be dedicated to meet the strict requirements of a compliance program defined by the USSC as “effective.” In its manual, the USSC emphasizes the necessity of strong due diligence to prevent and detect criminal conduct. Among its guidelines, a provision in Chapter 8 notes that:

“The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.”

Comprehensive background investigations, whether for employment purposes, evaluation of prospective clients, existing relationships and third-parties, or for other business transactions, are essential for compelling due diligence which actualizes a masterful compliance strategy. Although various committees and officials are calling for a complete review of the FSGs which the 2005 landmark case U.S. vs. Booker held as discretionary rather than mandatory, well-developed compliance programs are here to stay.

Scherzer International is on the forefront of the quick-changing regulations regime with a portfolio of background investigation products designed to facilitate purposeful risk management and compliance protocols. Visit us often at www.scherzer.com as we continuously analyze and test new elements and incorporate them into our products if they have proven value. And stay tuned for a Dodd-Frank regulations product which we will introduce within the next few months.