FCRA obligations when requiring vendors to conduct background screening
You may have obligations under the Fair Credit Reporting Act (“FCRA”) if you require vendors or third-party contractors to screen their employees and you have access to any information from the screening report.
A growing practice amongst some companies is a required background check for vendors’ employees who have access to the company’s premises or systems, or for other third-party contractors who will provide services to the company. Some companies require employment agencies to screen individuals before they can work on projects for the company, using screening criteria established by the company itself. A few may go a step further by requesting that the consumer reporting agency provide the company with a summary of the consumer report sent to the employment agency. If your company engages in such practices, any information you receive about the screened individual from the consumer reporting agency may be considered a consumer report and thus subject you to various FCRA requirements, even if you do not have an employment relationship with the individual and do not make any employment decisions.
Ernst v. Dish Network—A Cautionary Tale
A recent case against Dish Network illustrates why organizations that require their vendors or third-party contractors to screen employees should proceed with caution when receiving any information regarding such screening reports. In this case, Dish Network was only receiving a summary of the consumer report requested by its vendors, but the court still considered the summary a “consumer report” subject to any applicable FCRA requirements.
In Ernst v. Dish Network, 12 Civ. 8794 (LGS) (S.D.N.Y. Sept. 22, 2014), Dish Network (“Dish”) required a third-party contractor to conduct background checks on technicians before they could provide installation services to Dish customers. Dish worked with a consumer reporting agency to develop screening criteria but did not receive a copy of the full background report. Instead, the full report was sent to the third-party contractor and Dish received a “Summary Report” for each technician that contained the individual’s first and last name, the last four digits of the individual’s social security number, the company where the individual worked or was seeking employment, the date the background check was ordered and completed and the technician’s risk rating (along with some additional information). The risk rating was one of three designations— “high risk,” “low risk” or “review.” The “high risk” rating was typically the result of prior criminal activity or an invalid driver’s license. Dish did not require its third-party contractors to terminate employees who were rated “high risk,” but did not permit individuals with a “high risk” rating to serve as Dish technicians.
Superior Satellite, Inc. (“Superior”), one of the employment agencies that provided Dish with contractors, hired Plaintiff, Scott Ernst, as a technician in the fall of 2009. On Nov. 28, 2011, Superior sent a request to the consumer reporting agency for a background report on Plaintiff. The background report revealed that Plaintiff had prior criminal convictions, which resulted in him being rated “high risk” in the Summary Report sent to Dish. Based on this rating, Plaintiff’s supervisor informed him that he would no longer be able to work on Dish assignments, but that he could remain with Superior in retail sales. Plaintiff did not wish to perform retail sales and left Superior on Dec. 9, 2011.
Plaintiff filed a case against Dish, alleging that the Summary Report it received from the consumer reporting agency was itself a consumer report and thus required Dish to comply with the FCRA. Applying the language of the FCRA, the court held that the Summary Report received by Dish was a consumer report under the FCRA because it communicated information bearing on Plaintiff’s character, general reputation or mode of living, and the information was collected and expected to be used for “employment purposes.” The court concluded that the “high risk” label is facially disparaging and bears on Plaintiff’s character and reputation because it was a shorthand term defined and understood to convey information about prior criminal activity as well as driving information. The court concluded that a “high risk” rating on the Summary Report in effect says that, except in the narrow circumstance that Plaintiff does not have a fully valid driver’s license, he has done something highly improper that impugns his moral character.
The court further noted that the FCRA defines a consumer report as information “which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for … employment purposes.” The actor who is using, expecting to use or collecting the report is neither limited nor specified. This means that if anyone uses, expects to use or collects the information for employment purposes, including to evaluate an individual for reassignment, the statutory definition of “consumer report” is arguably satisfied.
Best practices for your organization
Organizations that require vendors or third-party contractors to screen their employees should review such processes in light of this recent court opinion. Even if you are not making an employment decision, the FCRA’s definition of “employment purposes” includes using a consumer report for decisions regarding promotion or reassignment. Thus, if you receive any information on the screening of vendors’ employees, that information may be considered a consumer report and therefore require that you abide by the FCRA’s disclosure and authorization requirements. You may be able to satisfy this requirement by asking your vendor or third-party contractor to include “dual-authorization” language in its background screening authorization form that specifically authorizes your organization to obtain a consumer report on the individual.
If you are adjudicating reports on behalf of the vendor or otherwise making what could be considered an “adverse employment decision” based on any information you receive from the background screening report, you should follow the FCRA’s pre-adverse and adverse action processes.
Your organization would also be well-advised to have a process in place to regularly verify that vendors and third-party contractors are following all applicable FCRA requirements (and analogous state requirements) when screening their employees who will provide services to your organization.
All Rights Reserved © 2017 Business Information Group, Inc.
This document and/or presentation is provided as a service to our customers. Its contents are designed solely for informational purposes, and should not be inferred or understood as legal advice or binding case law, nor shared with any third parties. Persons in need of legal assistance should seek the advice of competent legal counsel. Although care has been taken in preparation of these materials, we cannot guarantee the accuracy, currency or completeness of the information contained within it. Anyone using this information does so at his or her own risk.