FTC Puts Background Screening Companies on Notice for Possible Privacy Violations
May 9, 2013
The Federal Trade Commission recently sent letters to ten data broker companies warning that their practices could violate the Fair Credit Reporting Act (FCRA) after a test-shopping operation by the FTC indicated the background screening companies were willing to sell consumer information without abiding by FCRA requirements. It’s unclear what requirements they are accused of violating, but the commission included the following commentary in the release:
“Data broker companies that collect, distribute or sell this information are considered consumer reporting agencies under the FCRA, meaning they must reasonably verify the identities of their customers and make sure that these customers have a legitimate purpose for receiving the information. This requirement ensures that the privacy of sensitive consumer report information is protected. Of the 45 companies contacted by FTC staff in the test-shopper operation, ten appear to violate the FCRA by offering to provide the information without complying with the law’s requirements.”
In other words, background screening companies need to engage in proper due diligence to ensure they know who they are doing business with and establish that the entity has a permissible purpose to obtain the information. Much of this information can be established through a compliant User Agreement. But beyond the agreement are taking the proper steps to verify the information provided — things like conducting a 3rd party site inspection of the client’s place of business, independently verifying the client’s physical address, their phone number and the type of business they are engaged in.
According to the FTC release, “staff members posed as individuals or representatives of companies seeking information about consumers to make decisions related to their creditworthiness, eligibility for insurance or suitability for employment.”
Other FCRA requirements include certifying that their clients obtain a signed release from the subject of an employment background check, provide the subject with a summary of their rights under the FCRA, allow the subject to dispute the results of their search and engage in the prescribed Adverse Action process if they choose not to hire the candidate based on the outcome of their background check.
It is clear from these actions that the FTC is aggressively enforcing their background screening guidelines and in my opinion, for good reason. These laws are designed to project all of us: job candidates, employers and background background screening companies. Abiding by these requirements is just good business.
I am not suggesting that the companies that received these letters have blatantly violated FCRA law (in bold for those who accuse us of capitalizing on negative industry information). These could be technical violations or misconstrued information by the FTC. However it is important for employers to properly vet their providers so that they don’t unknowingly violate these requirements.
For more information on how to select a qualified provider, check out the following video: