One of the earliest U.S. privacy laws applicable to private entities was the Fair Credit Reporting Act (FCRA), enacted in 1970. The FCRA placed substantial requirements on the use of background checks and credit information for consumer and employment purposes. Those requirements included the two universal tenets of privacy protections—notice (that information will be collected and used) and consent (to the collection and use). In 2003, the Fair and Accurate Credit Transactions Act (FACTA) provided further protections for credit information, including proper disposal of credit reports and information derived from those reports. However, if the employer complied with FCRA’s requirements, employers were free to use the information from the credit report in making employment decisions.
More recently, we’ve seen government agencies (like the EEOC) and legislatures focus more intently on limiting the use of background checks. Ten states, Washington , Hawaii, Illinois, Oregon, California, Connecticut, Maryland, Vermont, Colorado and Nevada, have passed legislation in the past decade prohibiting, with some limited exceptions, private employer inquiries into or obtaining an employee’s or applicant’s credit history. (See, for example, Illinois Employee Credit Privacy Act (820 ILCS 70/1))
Now NYC has enacted its own law, no doubt signaling the trend to follow. On May 6, 2015, New York City Mayor Bill De Blasio signed into law a bill prohibiting New York City employers from requesting or considering an applicant’s or employee’s credit history when making employment decisions, such as hiring, promotion, wage increases, or other terms/conditions of employment. The law, referred to as the “Stop Credit Discrimination in Employment Act,” amends New York City’s Human Rights Law. As a result, an applicant or employee who is discriminated against because of his/her consumer credit history has a private cause of action against the employer, exposing the employer to damages, including front/back pay and uncapped compensatory and punitive damages. According to proponents of the Stop Credit Discrimination in Employment Act, the law is intended to remove an unjustified, discriminatory barrier between qualified workers and desperately needed jobs, including people whose credit was damaged as the result of medical debts, divorce, layoffs or other circumstances outside of their control.
Like the laws in other states, the New York City law contains a number of important exclusions that are intended to protect employers and the public. The NYC law’s exceptions include circumstances when credit history is job related or may be indicative of the applicant’s/employee’s ability to safely and effectively perform the essential functions of the job, such as positions in law enforcement, positions required to be bonded under law or that require security clearance, non-clerical positions that have regular access to trade secrets, intelligence information or nation security information, and positions allowing employees to modify digital security systems. In addition, the law does not apply to positions where the individual has signatory authority over third party funds or assets valued at $10,000 or more as well as fiduciary positons with the authority to enter into financial agreements valued at $10,000 or more on behalf of the employer.
The Stop Credit Discrimination in Employment Act goes into effect on September 5, 2015. If your company has employees in New York City, it is advisable to review and revise, if necessary, company policies and practices to eliminate the request and use of credit history in employment decisions unless expressly permitted as well as revise the company’s employment forms, including the job application. For employers outside of New York City and the states listed above, keep a weather eye. Sixteen more states have bills pending on the use of credit information in employment. As a result, it is important for companies to stay well-informed of legal developments in the states and cities in which it employs workers.
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.