Privacy & Cybersecurity Law Blog

On August 8, 2012, the Federal Trade Commission announced a settlement agreement with employment screening company HireRight Solutions, Inc. (“HireRight”). In its first enforcement action against an employment background screening company for Fair Credit Reporting Act (“FCRA”) violations, the FTC alleged that HireRight functioned as a consumer reporting agency, but failed to comply with certain FCRA requirements. The proposed consent order imposes a $2.6 million penalty on HireRight and requires the company to remedy the alleged FCRA violations, create and retain certain records and submit reports to demonstrate compliance.

According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers use these reports to make hiring and benefits-related decisions. The FTC alleged that, because HireRight “regularly sells in interstate commerce information on consumers that it assembles for the purpose of furnishing consumer reports to third parties,” it functioned as a consumer reporting agency as defined by the FCRA. Accordingly, the FTC claimed that HireRight violated FCRA requirements by (1) failing to ensure maximum accuracy of its background reports, specifically noting that some background reports failed to reflect expungement of criminal records or provided obviously erroneous consumer report information (2) failing to provide consumers with access to information in their files and closed dispute investigations without written notice, and (3) failing to follow requirements that background screeners who use public information notify consumers that such information is reported or to ensure the reported information is complete and up-to-date.

In June 2012, we reported on a similar FTC settlement concerning alleged FCRA violations by data broker Spokeo.