New Background Check Mobile Web Application May Jeopardize FCRA Compliance Obligations
“BeenVerified” is a new mobile Web application that allows users to conduct background checks on any individual by merely entering the name or email address of the individual. Users get three free background checks monthly and unlimited checks for a monthly fee of only $8. BeenVerified has been a smashing success, with more than one million checks run to date.
HR professionals, recruiters, managers, and co-workers may find BeenVerified hard to resist. According to the application, users can check an individual’s “Criminal History, Property Records, Current Contact Info, Relatives, Neighbors, and more,” merely by entering an individual’s name. By entering an email address, the user can find out about the individual’s social networking activities and view “their online photos, websites, blog posts, and entire online presence.” All of the data is compiled into a concise report.
Despite its ease of use and apparent low cost, the BeenVerified app may expose employers to liability under the federal Fair Credit Reporting Act (FCRA) and analogous state laws. These laws prohibit background checks for employment purposes without providing notice and obtaining the subject’s prior, written authorization. The FCRA permits recovery of compensatory damages, including statutory damages for willful violations, and a fee award.
Although BeenVerified states that information obtained “should not be used for employment, tenant screening, or any FCRA related purposes,” the potential for abuse exists. HR professionals, recruiters, managers, and co-workers now have the ability to review financial, criminal, and other personal information about subordinates, co-workers, and applicants without any safeguards to protect against violations of federal and state background check laws. As a result, employers should consider implementing a policy that prohibits employees from using the application to obtain information about any other employee unless the user has complied with the FCRA’s notice and authorization requirements.
This entry was written by Philip L. Gordon and Jennifer L. Mora.
Photo credit: HelleM
Employers already face concerns about how to handle employees trash-talking about them on blogs, Facebook and other social media. Now, employers must be cautious of the converse — employee endorsements of their employers’ products and services on social media websites. The Federal Trade Commission (FTC) recently issued updated guidelines aimed at protecting consumers from misleading endorsements and advertising. As these guidelines make clear, employers whose employees use social media like blogs or Facebook to comment on their employer’s products or services face potential liability, even where the employer has not authorized or ratified the employee’s remarks.
As the Supreme Court 
This past week, Facebook asked each of its 350 million users whether they wanted to change their privacy settings to new settings offered by Facebook. The request ignited a firestorm among privacy advocates who believed that the changes meant less privacy for users. At the same time, the request forced users to consider their old settings and whether to change them to the new ones. The Financial Times 
The U.S. Supreme Court agreed, today, to review the Ninth Circuit Court of Appeal’s decision in Quon v. Arch Wireless, a case with potentially important implications for private employers. As 
The New Hampshire Attorney General and the federal Center for Medicare and Medicaid Services are investigating Wentworth-Douglass Hospital’s decision not to notify patients or the Attorney General of a security incident that occurred more than two years ago. The security incident, which lasted from May 2006 until July 2007, involved a former hospital employee who became disgruntled after being transferred from the pathology lab. The former employee gained unauthorized access to pathology reports on nearly 2,000 occasions and changed reports involving more than 1,100 patients. The hospital investigated the incident and determined that neither New Hampshire’s notice law nor HIPAA required notification.
Sometimes cases with disgusting facts provide good law for employers. A case recently decided by the Wisconsin Court of Appeals proved that point in reversing a $1.4 million judgment on claims for negligent training and supervision against a security company based on the off-duty Internet activities of one of its employees.
Identity theft is a booming business. Each year, millions of Americans fall victim to identity theft or have their personal privacy otherwise compromised through unlawful means. Whether it comes in the form of a lost or stolen credit card, or computer hackers accessing social security numbers from employment records, financial institutions, medical records, or government agencies, the costs are staggering. Studies demonstrate that victims spend anywhere from a few hours to, in some cases, literally thousands of hours working to repair damage done by identity theft. Investigations related to identity theft often take months – or sometimes years – to resolve. 