A case involving a consumer credit report used in an automobile purchase demonstrates the potential dangers of terrorist database searches commonly used by background firms. This appears to be the first case in the nation dealing with use of terrorist databases by credit bureaus under the federal Fair Credit Reporting Act (FCRA), and provides guidance for the use of such information by Consumer Reporting Agencies (CRAs), which includes both credit bureaus and background screening firms.
In a case handed down by the United States Court of Appeals for the Third Distort on August 13, 2010, a consumer tried to purchase a car. She obtained her own credit report which showed a score of 760. She was born in Chicago, stated she had never been out of the Unites States, and was living in Colorado when she tried to purchase her car.
Unknown to the consumer, the automobile dealership ran their own credit report, and it included information that was not available to the consumer, including an alert that stated that “OFAC ALERT-IMPUT NAME MACHES NAME ON THE OFAC DATABASE.”
As the court explained, the Treasury Department – through the Office of Foreign Asset Control (OFAC) – maintains various lists since it “administers and enforces economic and trade sanctions against threats to the national society, foreign policy, or economy of the united States.”
OFAC maintains and publishes various lists, including terrorists and narcotic traffickers, that are called “Specially Designated Nationals” or “SDNs.” The OFAC list, in conjunction with numerous other terrorist lists, is often used by background screening firms as part of a background check as well.
In this case, the consumer was asked questions about whether she ever lived outside this country. She was asked to wait in an office for several hours. When she asked to leave, she was told to wait since the FBI was being called. She finally left the dealership.
Although she went back that night and finally got her car, she described other events relating to the OFAC information, such as emotional distress, the need to take medication, and having to confront the same issue when trying to rent.
After that, she described a number of efforts to have the credit bureau remove the information from any credit report relating to her. She contacted the credit bureau several times and got nowhere. She reviewed the OFAC alerts posted on the internet and apparently found a name close to hers but was still different, that also reflected a different date of birth. She demanded that the alerts be removed.
She later discovered that although on the copy of the credit reports she obtained there were no alerts, the alerts in fact were not removed when sent to users of credit reports. She eventually filed a lawsuit under the federal Fair Credit Reporting Act (FCRA) that controls both credit reports and background screening reports.
Per the Court’s opinion, the jury found that:
- The credit bureau failed to follow reasonable procedures to assure maximum possible accuracy in producing the report (which is required by the FCRA);
- The credit bureau willfully failed to re-investigate the consumer’s dispute after she had demanded it (which is required by the FCRA);
- The credit bureau failed to note the consumers dispute on the credit report as required by the FCRA; and
- The credit bureau failed to provide the consumer all of the information despite requests.
The jury awarded $50,000 in actual damages and $750,000 in punitive damages, that were lowered by the trial court to $100.000.00
It should be noted that the above grounds used by the jury are duties placed upon any Consumer Reporting Agency (CRA), regardless of whether it supplies employment background reports or credit reports.
The credit agency attempted to defend on the basis that the OFAC information was not subject to the FCRA. The court quickly dispensed with that defense, pointing out that argument would require a court to disregard the clear language of the law and conclude that the Congress did not mean what it said.
Although the case was in the context of a credit report, under the FCRA, it equally applies to background check for employment. The case ran some 91 pages and covered detailed areas of credit reports and federal law, but the lessons for background screening firms are clear:
- A screening firm cannot automatically report the results of an OFAC or other terrorist search without following some reasonable procedures to assure maximum possible accuracy. In the case of an OFAC potential match, there is substantial information on the US Treasury web site on how to attempt to determine if a possible match belongs to the target of the report, including a phone number to call for assistance. What is clear is that just passing on the information is not a defensible practice.
- If a consumer requests s re-investigation, a CRA has an absolute responsibility to conduct the re-investigation, normally within 30 days.
This case once again underscores the fact that employment screening background checks are not a mere data service, but a highly regulated professional service that must be conducted by firms that have an understanding of the laws controlling background checks, and the immense impact that an incorrect report can have on both employers and consumers.
The case can be found at: http://caselaw.findlaw.com/us-3rd-circuit/1534956.html. For more information on terrorist database searches, see: http://www.esrcheck.com/articles/article.php?article_id=TerroristSearchandPatriotAct.htm.