Employment Law Bits

Storing Credit Reports

Neither the Fair Credit Reporting Act (FCRA) nor Massachusetts law dictates exactly how an employer must store consumer reports. However, given that there is potential liability for disclosing such information, the credit report should be kept separate from the employee’s general employment file and access them should be limited to those who need the information to make employment decisions.

Additionally, employers are reminded that Massachusetts law now requires all businesses to take reasonable steps to protect the personal information of Massachusetts residents by May 1, 2009. “Personal information” includes, but is not limited to, the first and last name of a Massachusetts resident or the resident’s first initial and last name, in combination with the individual’s social security number. Such information is commonly found on consumer reports.

Because all businesses have records of their employees’ name and social security number, every employer of Massachusetts residents is subject to the new requirements. The failure to property protect personal information may result in sanctions imposed by the Massachusetts Attorney General’s Office.

Disposing of Credit Reports

The FCRA regulations provide that employers must properly dispose of consumer reports by taking reasonable measures to protect against unauthorized access to the information in connection with its disposal. The regulations further suggest that an employer implement policies and procedures whereby such reports are either (1) physically destroyed (i.e. shred, burned, pulverized) so that they are illegible; (2) if stored electronically, erased or destroyed so that they cannot practicably be read or destroyed; or (3) after due diligence, utilizing the services of a business that engages in record destruction.

Given the potential for liability under both federal and state law, employers are urged to contact an employment attorney to ensure adequate compliance.

On February 12, 2009, the Office of Consumer Affairs and Business Regulation amended the identity theft regulations to give all businesses storing or maintaining “personal information” until January 1, 2010 to ensure that their practices are in full compliance. The regulations, which are the most stringent in the country, were originally scheduled to take effect on January 1, 2009. However, the economic climate and concerns in the business community led to an initial four month extension and eventually another extension of eight months.

Two additional changes to the regulations warrant attention by employers. First, the amendments relaxed the requirement pertaining to third-party service providers. Originally, businesses were required to contractually obligate compliance and obtain written certification from all third-party service providers with access to “personal information.” Now, instead of mandating these safeguards, the regulations simply require that all businesses take reasonable steps to verify that all third-party service providers can and do use security measures consistent with the regulations to protect “personal information.”

Secondly, the amendments ease the Computer System Security Requirements for encryption of data. Before the amendment, the requirement directed the encryption of all data to be transmitted wirelessly to the extent technically feasible. The amendment altered this requirement by only requiring encryption of data containing “personal information.”

Even though the government has given Massachusetts employers extra time to prepare, employers should not wait until the last minute to make sure they are in compliance with the identity theft laws. It is very possible that because of the extra time, the Office of Consumer Affairs and Business Regulation may be less forgiving of violations. Business owners are encouraged to contact their attorney for information regarding how the regulations apply to your particular business or for assistance assessing, drafting, or implementing a comprehensive information security program.

On February 17, 2009, President Barack Obama signed into law the American Recovery and Reinvestment Act of 2009.

In summary, the Act contains a subsidy through COBRA for employees who were involuntarily terminated between September 1, 2008 through December 31, 2009. In short, the subsidy covers 65% of the COBRA premium for a period of nine months for employees of a certain income level who were involuntarily terminated between September 1, 2008 and December 31, 2009. The employees, or “assistance eligible individuals” “AEI” would only pay 35% of the premium, (as opposed to the full amount of the premium under preexisting COBRA law.) In exchange, employers who are subject to various notice and reporting requirements may receive a tax credit to offset the subsidy.

The assistance eligible employees are defined as “qualified beneficiaries” if (1) the employee is Eligible for COBRA benefits from September 1, 2008 through December 31, 2009; (2) the employee elects coverage under COBRA; and (3) is involuntarily terminated during the period. It should be noted that the Act does not define “involuntarily terminated” and leaves open issues relating to claims for constructive discharge.

There are various issues relating to the COBRA benefits available to qualified beneficiaries. These issues include notice requirements for the employee and employer, election issues, employer reporting requirements, and employer tax credits.

With respect to notice requirements for the employer, the ACT requires an immediate change to an employers COBRA notice procedure. An employer must give notice of the availability of a premium reduction and the option to enroll in different coverage if permitted by the employer. In addition, an employer may amend current forms or provide an addendum to those forms to comply with notice requirements. Employers are required to send notice to previously terminated employees whose involuntary termination occurred between September 1, 2008 and December 31, 2009. The employer can elect to use the model Department of Labor Notice (when available) or to create its own notice.

If an employer is interested in more information regarding this issues, or needs assistance in preparing the appropriate notice, please contact:

Kevin V. Maltby, Esq.
or Paul H. Rothschild, Esq.

Employers may use consumer reports when hiring new employees and when evaluating employees for promotion, reassignment and retention. Consumer reports contain information about a person’s personal and credit characteristics. Prior to using these reports, employers must comply with applicable State Laws and the federal Fair Credit Reporting Act (FCRA.) These laws govern the use of consumer reports generated by private reporting companies and failure to comply with these laws exposes employers to liability. Furthermore, in Massachusetts, such failure is an unfair trade practice.

Sound Business Reason

It is important for employers to remember that consumer and credit reports may only be obtained for a legitimate business purpose. Neither Massachusetts state or federal laws provide clear guidance regarding what exactly is a legitimate business purpose behind obtaining a consumer or credit report. However, employers that do not have legitimate business reasons may leave themselves open to claims of discrimination, because the use of credit reports in some other contexts has been shown to place protected classes at a disadvantage.

Given that the FCRA defines employment purposes as "evaluating a consumer for employment, promotion, reassignment or retention as an employee,” the employer should ensure that such information is necessary to make these kinds of decisions. For example, an employer cannot make a persuasive argument that it needs a credit report to hire a driver if such driver will not engage in financial transactions.

To avoid the appearance of discriminatory practices, once an employer determines that it should request a consumer report for potential applicants, it should do so uniformly. For instance, all applicants for the same position should have their credit checked. In addition, an employer must show that there is a business necessity for hiring someone whose wages have not been garnished. For instance, employers who reject applicants solely because of a garnishment order have been found in violation of federal civil rights law, because minorities are disproportionately more likely to have their wages garnished.

When deciding to use credit reports, employers are reminded to take into consideration that many factors may affect the report that really do not bear on an individual's character or ability to work. For example, they may reflect things like divorce, sickness, recent unemployment, or even identity theft. Therefore, consumer reports should only be used as one of the many tools available to make informed employment decisions. A qualified employment specialist or employment attorney is an excellent resource for guidance regarding the appropriate use of consumer reports.