Consent to a background check seems to be a part of any employment application these days, whether the job sought is with a large corporation or the corner deli. Employers gain a measure of protection from conducting background checks on prospective employees. They are useful for verifying that the prospective employee has been honest about their educational achievements and past employment, and identifying those prospective employees that may carry a risk of theft or workplace violence.
However, courts have seen a recent wave of litigation over the sufficiency of the employer’s disclosure of the background check and the prospective employee’s consent to same. The Fair Credit Reporting Act (FCRA) requires that the employer’s intent to obtain a background check be disclosed conspicuously, in a dedicated, stand-alone document:
[A]n employer or prospective employer cannot “procure, or cause a consumer report to be procured, for employment purposes with respect to any consumer, unless:
- a clear and conspicuous disclosure has been made in writing to the consumer at any time…before the report is procured or caused to be procured, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes; and
- the consumer has authorized in writing…the procurement of the report by that person.
In re Michaels Stores, Inc., 2017 U.S. Dist. LEXIS 9310, *10-11 (D.N.J. Jan. 24, 2017) (citing 15 U.S.C. § 1681b(b)(2)(A)).
This FCRA disclosure requirement is known as the “stand-alone disclosure requirement,” and it has been the subject of a number of recent opinions. The most recent of those is Vera v. Mondelez Global LLC, 2017 U.S. Dist. LEXIS 38328 (N.D. Ill. Mar. 17, 2017). Plaintiff Johnny Vera applied online for a job with Mondelez, an international manufacturer of food products that are marketed under a variety of brand names. As part of the application process, the website displayed a statement related to the general topic of background checks (the Statement). Vera was required to scroll down the webpage in order to read the Statement in its entirety. The Statement provided information about requesting a background check, and included an authorization for “all companies, credit agencies, educational institutions, persons, government agencies, criminal and civil courts, and former employers to release information they have about me and release them from any liability for doing so.”
In filing a putative class action lawsuit against Mondelez, Vera did not allege that the Statement failed to disclose the fact that Mondelez sought a background check as part of his employment application, nor that Vera denied Mondelez permission to conduct a background check. Instead, Vera alleged that the Statement violated FCRA’s “stand-alone disclosure requirement” because the Statement contained more information than just a disclosure that Mondelez intended to procure a consumer report about Vera.
In seeking to dismiss the putative class action, Mondelez argued that the Court did not have subject matter jurisdiction because Vera failed to allege an injury-in fact. In analyzing and ultimately accepting Mondelez’s argument, the Court drew heavily from the recent U.S. Supreme Court opinion in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016). Spokeo involved a FCRA provision that obligates consumer reporting agencies to follow certain procedures when collecting and reporting background and credit information about individuals. The Supreme Court noted that the clear intent of the provision was to decrease the risk of disseminating false information. Id. at 1550. The Supreme Court also noted, however, that an agency’s failure to follow the procedures may result in no harm to the consumer where the information provided was entirely accurate. Id. Accordingly, the Supreme Court held that violation of the FCRA provision, alone, was insufficient to establish constitutional harm. Id.
In Vera, the plaintiff never alleged he was deprived of information to which he was entitled under the FCRA. The pleadings were also devoid of any allegation that the receipt of such information implicated a fundamental right. The Court further noted, to the extent the FCRA establishes privacy right protections that implicate a fundamental right, such was not implicated here, as Vera admitted that he gave Mondelez permission to investigate his private information. Vera, 2017 U.S. Dist. LEXIS at *8-9. As a result, the Court concluded that the “stand-alone disclosure requirement” was akin to the FCRA provision at issue in Spokeo. Id. “A failure to comply with the procedures might cause the statutorily identified harm, i.e. inaccurate and unauthorized reporting…[b]ut a procedural violation will not necessarily cause that harm, so the procedural violation by itself is not an injury in fact.” Id. at *10. The Court proceeded to dismiss Vera’s lawsuit on the basis that it did not have subject matter jurisdiction. Id. at *11.
As noted above, the Vera opinion is not an isolated one. Several federal courts have had the opportunity to analyze whether harm is presumed from a violation of the “stand-alone disclosure requirement.” The majority appear to be in consensus in finding that the “stand-alone disclosure requirement” is procedural in nature, not substantive, and that any claimant must accordingly show harm from violation of the statute. See In re Michaels Stores, Inc., 2017 U.S. Dist. LEXIS 9310 (D.N.J. Jan. 24, 2017); Fields v. Beverly Health & Rehab. Servs., 2017 U.S. Dist. LEXIS 29771 (D. Minn. Mar. 1, 2017); Lee v. Hertz Corp., 2016 U.S. Dist. LEXIS 166911 (N.D. Cal. Dec. 2, 2016); Landrum v. Blackbird Enters., LLC, 2016 U.S. Dist. LEXIS 143044 (S.D. Tex. Oct. 3, 2016). But see Hargrett v. Amazon. Com DEDC, LLC, 2017 U.S. Dist. LEXIS 17236 (M.D. Fla. Jan. 30, 2017) (addressing an alleged violation of the “stand-alone disclosure requirement,” and finding that injury-in-fact may exist solely by virtue of the statute creating legal rights).
Employers should be careful to ensure that their application documents meet the disclosure requirements under the FCRA. While any lawsuit that may result from the failure to comply may ultimately be dismissed, it is costly and time consuming to defend against a potential class action complaint alleging violation of the “stand-alone disclosure requirement.”