Employers regularly turn to background screening companies in order to obtain information/reports about applicants and employees.  The Fair Credit Reporting Act (FCRA) applies to companies that sell or provide these background screening reports if such a report meets the FCRA’s definition of a “consumer report.”   A consumer report is a report which serves as a factor in determining a person’s eligibility for employment, credit, insurance, housing, or other purposes and includes information bearing on an individual’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living.  Organizations that sell or provide consumer reports to employers are considered “consumer reporting agencies” under the FCRA.

To assist companies that compile background information for employment purposes to understand whether they are considered a consumer reporting agency and thus subject to the requirements of the FCRA, the Federal Trade Commission (FTC) recently issued guidance entitled “What Employment Background Screening Companies Need to Know About the Fair Credit Reporting Act.”  In addition to explaining the legal requirements for consumer reporting agencies, the FTC clarified that if you compile a consumer report containing public record information which is used for employment purposes, you still have obligations under FCRA, including notifying the subject of the consumer report or maintaining strict procedures to ensure the accuracy of the public record information.

Importantly, the FTC explained that even if you do not think of your organization as a consumer reporting agency, if you provide information about applicants or employees to an employer, you may be one.

 

Tags: applicant, Background Checks, consumer reporting agency, consumer reports, employee, employer, Fair Credit Reporting Act, FCRA, Federal Trade Commission, FTC, guidance
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
Online Public Records Aggregators Not Protected from FCRA Suit by Section 230
December 21, 2022
Employers Can Be Vicariously Liable for Employee Data Breaches
January 22, 2018
Supreme Court Will Not Hear Ninth Circuit Decision Regarding Willful Violations of FCRA's Disclosure Provision
December 6, 2017