Articles Posted in Privacy

checklistBackground checks enable employers to obtain a vast amount of information about prospective employees. In order to safeguard people’s privacy, the Fair Credit Reporting Act (FCRA) establishes limitations on the collection and use of people’s personal information during the hiring process. The law regulates both employers and consumer reporting agencies (CRAs), which collect consumer information and compile it into reports for employers and others. Both CRAs and employers are potentially liable to job applicants for violations of the FCRA, but liability generally arises under different circumstances. Two recent decisions from New Jersey federal courts clarify who is primarily liable to a job applicant for FCRA violations. Muir v. Early Warning Svcs., et al., No. 2:16-cv-00521, op. (D.N.J., Sep. 15, 2016); Geter v. ADP Screening & Selection Svcs., et al., No. 2:14-cv-03225, op. (D.N.J., Apr. 23, 2015).

The FCRA defines a “consumer report” as any collection of information about an individual with regard to factors like “credit worthiness,…character, general reputation, personal characteristics, or mode of living.” 15 U.S.C. § 1681a(d)(1). A consumer report may include financial information like delinquent accounts and bankruptcies, as well as arrests, criminal charges, convictions, and other legal information. The statute defines a CRA as any individual or business that routinely compiles consumer information into reports in exchange for financial compensation. Id. at § 1681a(f).

A CRA may not issue a consumer report to an employer until the employer certifies that it has complied and will continue to comply with its obligations under the FCRA. Id. at § 1681b(b)(1). An employer must obtain the job applicant’s written consent to obtain a consumer report, and it must provide the applicant with a written disclosure explaining that the employer may use the report in making a hiring decision. Id. at § 1681b(b)(2).

Continue reading

magnifierEmployers frequently conduct background checks on job applicants by obtaining a consumer report from a credit reporting agency (CRA). In some cases, such as jobs in law enforcement or jobs requiring security clearances, employers are required to conduct background checks for specific issues. Background checks also make sense for certain types of jobs. For example, an employer hiring for a position that involves handling large amounts of money might want to check for excessive problems with debt or past convictions for offenses like fraud or embezzlement. By relying on CRAs to provide background information on job applicants, employers rely on the accuracy of the information they provide. Since these reports are not always accurate, the federal Fair Credit Reporting Act (FCRA) regulates both CRAs and employers. The Federal Trade Commission (FTC) recently offered some guidance to employers regarding FCRA compliance in a blog post. Job applicants might find the FTC’s post useful as a guide to potential warning signs in the job application process.

In the context of employment, the FCRA requires both CRAs and employers to follow specific procedures. An employer must give a job applicant a “clear and conspicuous disclosure…in a document that consists solely of the disclosure” detailing its intent to obtain a consumer report as part of the hiring process, and it must obtain the applicant’s written consent. 15 U.S.C. § 1681b(b)(2). A CRA may not issue a consumer report to an employer unless it obtains a certification from the employer stating that the employer has fulfilled all of its obligations regarding disclosure and consent and that it will comply with all additional requirements under the FCRA. Id. at § 1681b(b)(1).

If an employer decides not to hire an applicant because of information contained in a consumer report, the FCRA requires it to provide a copy of the report to the applicant, along with a written description of the applicant’s legal rights. Id. at §§ 1681b(b)(3), 1681g(c). This allows the applicant to review the information that the employer saw and to use other legal mechanisms provided by the FCRA to correct incorrect or incomplete information. The employer must allow a reasonable amount of time for the applicant to review the report and communicate with the CRA that issued it.

Continue reading

Facebook Privacy SettingsThe U.S. Congress has enacted several statutes addressing unauthorized access to computer systems, commonly known as “hacking.” These statutes include both civil and criminal components. The Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., deals with digital information stored by third parties, usually internet service providers (ISPs). It comes into play when someone accesses another person’s email or other stored communications data without authorization. The statute allows civil claims in certain cases. 18 U.S.C. § 2707. When an employer accesses an employee’s online information without permission, it could be liable to the employee for damages under the SCA.

Third-party ISPs include companies that provide internet access, email servers, and social media services. The use of a third-party ISP involves voluntarily entrusting personal information to someone else’s care. The SCA seeks to protect people’s privacy rights with regard to this information against both the government and private individuals and entities. The Fourth Amendment to the U.S. Constitution guarantees people’s right to “be secure in their…papers and effects,” but voluntarily turning materials over to a third party can negate the Fourth Amendment’s protection. The SCA extends Fourth Amendment-like protections against government access to stored communications. Since non-government actors are not constrained by the Fourth Amendment, the SCA also prohibits unauthorized access by private actors.

The same principle that excludes voluntarily disclosed information from Fourth Amendment protection also applies to the SCA. The “authorized user exception” states that SCA protection does not apply to “conduct authorized…by a user of that service with respect to a communication of or intended for that user.” 18 U.S.C. § 2701(c).

Continue reading

computerA plaintiff in a civil lawsuit must establish that they have standing, meaning that they are legally eligible to bring this particular claim against this particular defendant. The method of establishing standing varies considerably among different types of claims. In many cases, a plaintiff must demonstrate that they have suffered actual harm, known as an “injury-in-fact.” The U.S. Supreme Court recently established an injury-in-fact requirement for claims under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., which can include employment-related claims. In a putative class action brought by a group of employees under the FCRA, a New Jersey judge denied class certification on the ground that the plaintiffs had not alleged an injury-in-fact but gave the plaintiffs the opportunity to amend their complaint. In re Michael’s Stores, Inc. Fair Credit Reporting Act (FCRA) Litigation, Nos. 14-7563, 15-2547, 15-5504, opinion (D.N.J., Jan. 24, 2017).

The FCRA regulates the collection, distribution, and use of consumer credit information by credit reporting agencies, employers, and others. Since many employers want to review credit history and related information when making employment decisions, the FCRA regulates how employers may obtain that information. In addition to getting consent from each employee or job applicant, employers make specific disclosures to those individuals about how they intend to use the information. The disclosure must be “clear and conspicuous” and “in writing,” and it must be presented to the individual “in a document that consists solely of the disclosure.” 15 U.S.C. § 1681b(b)(2)(A).

The Supreme Court ruled on the FCRA’s injury-in-fact requirement in Spokeo, Inc. v. Robins, 578 U.S. ___ (2016). The defendant in that case operates a search engine that aggregates personal information from a variety of sources, allowing users to gather information about specific individuals. The plaintiff filed suit under the FCRA after finding that the site created a profile page for him that contained inaccurate information. He alleged that the defendant violated his rights under the FCRA by mishandling his personal credit information. The Supreme Court ruled that the plaintiff had not demonstrated an injury-in-fact, noting three required elements:  (1) “an invasion of a legally protected interest” that is both (2) “concrete and particularized” and (3) “actual or imminent, not conjectural or hypothetical.” Lujan v. Defenders of Wildlife, 504 U.S. 555, 560 (1992).

Continue reading

DNAFederal law protects employees against discrimination based on a wide and expanding range of factors. Congress enacted the Genetic Information Non-Discrimination Act (GINA), 42 U.S.C. § 2000ff et seq., in 2008 to protect employee privacy with regard to genetic information and to prohibit discrimination on the basis of such information. The Equal Employment Opportunity Commission (EEOC) recently announced that it had settled a lawsuit against an employer that allegedly violated GINA by requesting family medical history from employees and job applicants. EEOC v. BNV Home Care Agency, Inc., No. 1:14-cv-05441, complaint (E.D.N.Y., Sep. 17, 2014). In a consent decree filed in October 2016, the employer agreed to pay $125,000 in damages, along with other injunctive and equitable relief.

GINA defines “genetic information” broadly to include the results of an individual’s genetic tests and those of the individual’s family members, as well as “the manifestation of a disease or disorder” in members of that individual’s family. 42 U.S.C. § 2000ff(4)(A). “Family members” include first-degree relatives, including “parents, siblings, and children,” through fourth-degree relatives, including great-great-grandparents and -grandchildren. Id. at § 2000ff(3), 29 C.F.R. § 1635.3(a)(2). Genetic testing includes screening for various genetic abnormalities or genetic variants indicating a predisposition to certain diseases, such as “the BRCA1 or BRCA2 variant evidencing a predisposition to breast cancer.” 29 C.F.R. § 1635.2(f)(2)(i).

Employers may not discriminate in hiring, firing, compensation, or other features of employment on the basis of a person’s genetic information. 42 U.S.C. § 2000ff-1(a). For example, an employer violates GINA if they refuse to hire someone based on genetic tests showing a predisposition to cancer. Employers are also prohibited from “request[ing], requir[ing], or purchas[ing] genetic information” on an employee or an employee’s family member(s), with some exceptions. Id. at § 2000ff-1(b). The EEOC and aggrieved individuals may bring claims for alleged violations of GINA in the manner prescribed under Title VII of the Civil Rights Act of 1964. Id. at §§ 2000ff-6, 2000e-5(f).

Continue reading

runnerThe Equal Employment Opportunity Commission (EEOC) recently issued two new Final Rules regarding employer wellness programs. 81 Fed. Reg. 31125, 81 Fed. Reg. 31143 (May 17, 2016). Federal law defines a “wellness program” as any program offered to employees that is “designed to promote health or prevent disease.” 42 U.S.C. § 300gg(j)(1)(A). The new rules address compliance under Title I of the Americans with Disabilities Act, 42 U.S.C. § 12101 et seq.; and Title II of the Genetic Information Nondiscrimination Act (GINA), 42 U.S.C. § 2000ff et seq. In addition to prohibiting employment discrimination, both statutes include provisions for the protection of employees’ medical information. Concerns over the new rules led AARP, an advocacy group for older Americans, to file a lawsuit seeking an injunction against the EEOC. AARP v. EEOC, No. 1:16-cv-02113, complaint (D.D.C., Oct. 24, 2016).

The EEOC notes that some wellness programs offer incentives to employees to encourage participation, from discounts on health insurance premiums to cash or other prizes. Other programs offer similar incentives for specific outcomes like weight loss. The ADA prohibits employment discrimination based on disability, including in the availability of employment-related fringe benefits. The statute does not allow employers to require medical examinations or make inquiries about disabilities if they are not directly related to the employee’s job duties, but it allows an exception for “voluntary” medical examinations in connection with a wellness program. 42 U.S.C. § 12112(d)(4).

GINA prohibits discrimination based on genetic information and places strict limits on employers’ ability to collect medical history and genetic information from employees. Employers may collect employees’ genetic information in connection with a voluntary wellness program, with limits on who may access that information, how employers may use that information, and which incentives or inducements employers may offer to encourage participation in the program. 29 C.F.R. § 1635.8(b)(2).

Continue reading

checkDigital technology has brought all sorts of conveniences into our lives, but these conveniences might come at a significant cost for some people. Our daily activities leave a trail of information behind, which is accessible to credit reporting agencies (CRAs). Employers often ask to conduct credit checks as part of the hiring process. The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., offers some protection to job applicants by making this process reasonably transparent. An employer must provide job applicants with various disclosures, particularly if it decides not to hire an applicant because of information in their credit report. A proposed class action currently pending in New Jersey claims that a transportation network company (TNC), also known as a rideshare company, failed to provide disclosures required by the FCRA to prospective drivers. Cuccinello v. Uber, Inc., No. 2:15-cv-06604, am. complaint (D.N.J., Dec. 7, 2015). The complaint also alleges FCRA violations against a CRA.

A person’s credit report potentially includes their complete financial history for the previous seven years, if not longer, along with other information about their current life and history. This might include criminal convictions and arrests, marriages, divorces, and children. In order to protect people’s privacy, the FCRA places restrictions on the CRAs that collect consumer credit information and issue credit reports, as well as on individuals and businesses that request those reports.

An employer that wants to obtain a job applicant’s credit report must give the applicant “a clear and conspicuous disclosure,” stating that it intends to use the report “for employment purposes.” 15 U.S.C. § 1681b(b)(2)(A). The disclosure must be provided “in a document that consists solely of the disclosure.” Id. The job applicant must consent in writing to the issuance of a credit report for this purpose. CRAs are not permitted to issue a credit report unless the employer certifies that it has complied with these provisions. Id. at § 1681b(b)(1).

Continue reading

Unsplash [Public domain, CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0/deed.en)], via PixabaySmartphones, mobile devices with an ever-expanding list of capabilities that make the “phone” part seem like an afterthought, have become a common feature of daily life throughout the U.S. Most smartphones include cameras capable of taking both pictures and video, often with better quality than some of the best digital cameras of a few years ago. This feature has made smartphones an indispensable tool in a wide range of legal matters, from police brutality investigations to employment law cases. The National Labor Relations Board (NLRB) recently found that an employer violated federal law by barring employees from using smartphones to take pictures or make recordings without permission. Whole Foods Market Group, Inc., et al., 363 NLRB No. 87 (Dec. 24, 2015). The policy, while perhaps not originally intended to do so, prevented workers from documenting workplace conditions that violate federal or state employment laws.

The NLRB investigates and adjudicates alleged violations of the National Labor Relations Act (NLRA), the federal statute that protects the right of workers to organize for collective bargaining and other purposes, and to engage in other “concerted activities” aimed at protecting workers’ rights. 29 U.S.C. § 157. In the present case, the NLRB was investigating whether a policy prohibiting smartphone use constituted “interfer[ence] with, restrain[t], or coerc[ion of] employees in the exercise of [their] rights” to engage in concerted activity. 29 U.S.C. § 158.

The use of smartphones to take photographs and record videos in the workplace, and to record conversations among employees or between employees and supervisors, can assist employees and their advocates in building a case under various employment statutes. This might include, for example, an audio recording of a supervisor making derogatory statements about employees of a certain race, sex, or religion, used in support of a claim for discrimination under Title VII of the Civil Rights Act of 1964 or the New Jersey Law Against Discrimination. The NLRA protects these activities, but wiretap statutes present a separate challenge.

Continue reading

stevepb [Public domain, CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0/deed.en)], via PixabayWinter and spring are “flu season” throughout the U.S. and much of the world, and millions of people obtain flu vaccine shots in order to obtain some protection against the disease. Influenza, or the “flu,” can be a very serious disease. The health care industry has required employees to obtain annual flu shots for some time, but other employers have also begun to require flu shots. Some people cannot get flu shots for medical reasons, and others decline them for a variety of personal reasons. Several recent lawsuits have considered whether New Jersey law prohibits employers from taking adverse action against an employee who refuses to get a flu shot, based on various theories of religious discrimination.

For most people, a case of the flu means a few miserable days in bed, but it can mean hospitalization or even death for some. According to the Centers for Disease Control and Protection (CDC), the annual death toll from 1976 to 2007 ranged from a low of around 3,000 to a high of close to 49,000 in a single season. The vast majority of fatalities are people who are 65 years old or older.

Preparing a vaccine against seasonal influenza, the type of the disease that rears its head during the winter and spring months, is difficult, since it requires advance predictions of which strains are most likely to appear. Unlike vaccines for childhood diseases like measles and whooping cough, a flu vaccine obtained one year is not likely to provide protection beyond that year. It is also not guaranteed to prevent the flu. It only bolsters the immune system.

Continue reading

ArtsyBee [Public domain, CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0/deed.en)], via PixabayThe Americans with Disabilities Act (ADA) of 1990 prohibits employers from discriminating against employees on the basis of “disability,” as defined by the statute, and requires them to provide “reasonable accommodations” to disabled employees and job applicants. 42 U.S.C. §§ 12102, 12112(b)(5)(A). The ADA’s definition of “disability” includes a wide range of conditions that “substantially limit[] one or more major life activities.” Id. at § 12102(1)(A). Courts have found that infection with the human immunodeficiency virus (HIV) may constitute a disability under the ADA. The Equal Employment Opportunity Commission (EEOC) recently published two guidance documents addressing the rights of HIV-positive employees and job applicants.

The U.S. Supreme Court first ruled that an HIV infection may constitute a disability under the ADA in 1998, although it did so without a clear majority of justices. Bragdon v. Abbott, 524 U.S. 624, 655 (1998); see also Fiscus v. Wal-Mart Stores, 385 F.3d 378, 383 (3rd Cir. 2004). In order to qualify for ADA protection, an individual must demonstrate a limitation on their “life activities” caused by their condition. The regulations implementing the ADA state that, by “substantially limit[ing] immune function,” an HIV infection can qualify as a substantial limitation. 29 C.F.R. § 1630.2(j)(3)(iii).

The New Jersey Law Against Discrimination (NJLAD) also protects employees and job applicants from disability discrimination, including discrimination based on an HIV infection. The definition of “disability” under the NJLAD expressly includes “AIDS or HIV infection.” N.J. Rev. Stat. 10:5-5(q). Unlike the ADA, the NJLAD’s definition of “disability” does not require evidence of substantial impairment of life activities. The NJLAD also requires employers to make reasonable accommodations for employees with disabilities, unless doing so would create an “undue hardship.” N.J.A.C. § 13:13-2.5(b).

Continue reading

Contact Information