In recognition of recent technological advances – and the resulting increase in worker monitoring, tracking, and assessment through third-party companies – the Consumer Financial Protection Bureau (“CFPB”) issued guidance cautioning employers that the Fair Credit Reporting Act (“FCRA”) broadly applies to employee screening, monitoring, and assessment tools (the “Guidance”). Read on for highlights of the Guidance and proactive measures you can take to mitigate risk.
Coverage of Traditional Consumer Reports
The CFPB reminds employers that consumer reports obtained from third parties used to make employment decisions – commonly, background checks and credit reports – generally are covered by the FCRA, which imposes various disclosure, consent, and notice requirements on employers. To determine whether a third-party report is subject to the FCRA requirements, the Guidance directs employers to consider (1) whether the data is used for employment purposes (e.g., hiring, promotion, reassignment, or retention), and (2) whether the vendor “assembled” or “evaluated” consumer information to produce the report (and is thus a “consumer reporting agency” under the FCRA).
Coverage of Employee Monitoring and Assessment Tools
The Guidance then clarifies that coverage may also extend to certain screening, monitoring, and assessment tools used for hiring and gauging worker productivity. Specifically, where a third-party vendor collects consumer data from sources other than an employer to train an algorithm that produces worker scores or makes other assessments for the employer, the vendor providing the score or assessment would then be considered a “consumer reporting agency” subject to requirements under the FCRA.
For example, the vendor of a tool that generates a score or assessment by combining an employee’s performance data with data from other employers or public records would be considered a “consumer reporting agency” subject to the FCRA’s requirements. Similarly, a vendor that generates a risk score by collecting historical data on an applicant’s disciplinary history from past employers or driving records would also qualify as a “consumer reporting agency” subject to FCRA coverage. This broad interpretation impacts nearly every employer using third-party vendors for employee screening, monitoring, or assessment.
Exemption
The FCRA exempts reports that contain information solely as to transactions or experiences between the employee and employer (e.g., a report containing a worker’s driving scores or assessments based solely on their driving activity for the employer receiving the report). However, the exemption does not apply if the report contains data from outside this relationship, such as algorithmic scores or information from external sources, past employers, or aggregated data.
Employer Takeaways
While technological advances have made it easier and more cost-effective to track, assess, and evaluate workers, employers should be mindful that there may be additional compliance requirements. Employers should take the following steps to manage risk and ensure compliance:
• Audit third-party employee monitoring and assessment tools to determine whether a vendor falls within the scope of a “consumer reporting agency”;
• Understand the third-party monitoring and assessment tools used, including the types of data used to produce metrics and the source from which the data was obtained;
• Establish a framework for complying with the FCRA’s requirements in the use of traditional consumer reports and third-party monitoring or assessment tools;
• Train appropriate personnel on the FCRA’s applicability and requirements; and
• Comply with state and local laws that contain obligations in addition to those required under the FCRA, such as state or local “Fair Chance,” “Ban-the-Box,” and “Clean Slate” laws.
If you have any questions related to the CFPB’s Guidance or need assistance complying with obligations under the FCRA, please reach out to the NFC Attorney with whom you typically work or call us at 973.665.9100 or 619.292.0515.