CFPB’s Message to Employment Background Screening Providers: A Rose by Any Other Middle Name is Probably the Wrong Person
On October 29, the CFPB took action against two of the country’s largest employment background screening report providers for violations of the FCRA. This is one of the CFPB’s most significant FCRA actions to date, following a relatively small number of FCRA consent orders by the CFPB over the past few years. The providers are consumer reporting agencies that annually generate and sell over 10 million consumer reports about job applicants to potential employers. The consent order focuses on several major alleged violations and provides for various injunctive and monetary relief, as well as civil monetary penalty.
Maximum Possible Accuracy Claims: The CFPB alleges that the providers failed to take basic steps to assure the maximum possible accuracy of their consumer reports. In particular, it asserts that the providers lacked written procedures for addressing situations in which confusion about a consumer’s identity could arise, such as researching public records information for consumers with common names or requiring employers to use middle names to match criminal records to consumers. As a result, the CFPB contends, the providers reported inaccurate criminal information about job applicants. The CFPB also noted that the providers should have used information from consumer complaints to identify the source of the inaccuracies in their reports. The CFPB criticized the extent to which the providers tested their data to ensure that they reported information with maximum possible accuracy.
Adverse Action Claims: According to the CFPB, the providers also failed to meet the FCRA’s requirements governing the furnishing of consumer reports containing information likely to adversely affect a consumer’s ability to obtain employment. The CFPB pointed to the insufficiency of the providers’ policies and procedures to ensure that their background reports excluded non-reportable information. In particular, it alleged that the providers illegally included non-reportable civil suit and civil judgment information that is more than 7 years old, in violation of the FCRA.
The Consent Order: The providers are to pay $10.5 million in monetary relief to consumers, as well as a $2.5 million civil penalty. In addition, the CFPB ordered them to develop and implement policies and procedures to bring them into compliance with the sections of the FCRA that they allegedly violated and to develop a comprehensive audit program to test the accuracy of their reports. The consent order also requires the providers to retain an independent consultant to review their policies, practices, and procedures.
This most recent consent order is a reminder that the CFPB is paying close attention to FCRA compliance, focusing not just on the accuracy of consumer reports, but also on companies’ efforts to address asserted inaccuracies in consumer information. The consent order also underscores the continued importance of establishing and maintaining sound FCRA compliance practices.