On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers use these reports to make hiring and benefits-related decisions. The FTC alleged that, because HireRight “regularly sells in interstate commerce information on consumers that it assembles for the purpose of furnishing consumer reports to third parties,” it functioned as a consumer reporting agency as defined by the FCRA. Accordingly, the FTC claimed that HireRight violated FCRA requirements by (1) failing to ensure maximum accuracy of its background reports, specifically noting that some background reports failed to reflect expungement of criminal records or provided obviously erroneous consumer report information (2) failing to provide consumers with access to information in their files and closed dispute investigations without written notice, and (3) failing to follow requirements that background screeners who use public information notify consumers that such information is reported or to ensure the reported information is complete and up-to-date. Despite initial appearances, however, the case has broader geopolitical implications.
For years, the United States has argued that the FCRA is the foundation of a privacy regime aimed at preventing harm to individuals. The FCRA requires consumer reporting agencies to comply with fair information practice principles, such as accuracy, access and correction, and imposes strong penalties for violations. In addition, FTC enforcement actions establish a basis for consumer private rights of action when companies fail to comply with the Act.