December 2019 | Screening Compliance Update


Compliance and complacency don’t go well together, so we created an e-book to help you keep your screening practices compliant.

Federal Developments

FMCSA-Regulated Employers Take Note: Drug and Alcohol Clearinghouse Implementation Quickly Approaching

In 2012, Congress enacted, and President Obama signed the “Moving Ahead for Progress in the 21st Century Act,” a transportation reauthorization bill referred to as “MAP-21.” That law directed the Federal Motor Carrier Safety Administration (FMCSA) to create a means of identifying and tracking commercial drivers who violate the agency’s drug and alcohol testing program, to ensure that drivers with a history of violating the drug and alcohol regulations are taken off the road until they demonstrate compliance with those rules. On January 6, 2020, nearly eight years later, a FMCSA database called the Commercial Driver’s License Drug and Alcohol Clearinghouse (Clearinghouse) will launch. As of this date, employers that use commercial drivers must observe new reporting and query requirements adopted to implement this ambitious safety rule. The Clearinghouse will enable employers to more easily identify drivers who commit a drug or alcohol program violation while working for one employer, but who fail to subsequently inform another employer. Records of drug and alcohol program violations will remain in the Clearinghouse for five years, or until the driver has completed the return-to-duty process, whichever is later. Compliance with Clearinghouse reporting and query requirements is mandatory to achieve a compliant FMCSA drug and alcohol program.

Driver Drug and Alcohol History Inquiries
The FMCSA is the federal agency within the Department of Transportation (DOT) that enforces drug and alcohol testing rules and regulations for employees who drive commercial trucks and buses, as well as vehicles that carry hazardous materials. These regulations apply to any driver who holds a commercial drivers’ license and set out drug and alcohol testing requirements in addition to general rules on drug and alcohol use. The regulations also provide detailed instructions on the steps Covered Drivers must complete if they violate those regulations and wish to resume performing safety-sensitive driving work for any employer. Covered Drivers who have committed drug and alcohol violations are ineligible to operate a commercial motor vehicle on public roads until they have completed a federally mandated return-to-duty process. Before the creation of the Clearinghouse, every FMCSA-regulated employer has been required to take proactive steps to verify the drug and alcohol testing record of any Covered Driver about to begin performing safety-sensitive functions (either as a new hire or via internal transfer), primarily by querying the driver’s prior employers. If the record showed that the Covered Driver previously violated a drug and alcohol testing regulation, the employer could not allow the driver to perform a safety-sensitive function until the employer confirmed that the driver successfully completed mandatory return-to-duty requirements.

New Query and Reporting Requirements
The rule implementing the Clearinghouse does not change any existing drug and alcohol testing requirements for DOT-regulated workplace drug and alcohol testing but adds mandatory reporting and review requirements. FMCSA-regulated employers will now be required to track and report the following information directly to the Clearinghouse on an ongoing basis:

  • Any drug or alcohol confirmation test result with an alcohol concentration of 0.04 or greater;
  • Any refusal to submit to a DOT test for drug or alcohol use (including by submitting adulterated or substituted results, or failing to comply with the testing process without medical excuse);
  • Actual knowledge that a Covered Driver used illegal drugs or used alcohol before duty, while on duty, or following a workplace accident in violation of FMCSA regulations;
  • Negative return-to-duty test results; and
  • Confirmation that the Covered Driver successfully completed all follow-up tests ordered by the Substance Abuse Professional.

The Clearinghouse rule also requires Medical Review Officers, Substance Abuse Professionals, consortia/third-party administrators and other service agents retained by employers to report to the Clearinghouse information related to drug and/or alcohol program violations and the return-to-duty process.

These reports will be compiled in a secure electronic database of information that will allow the FMCSA, as well as FMCSA-regulated employers, to identify Covered Drivers who have violated federal drug and alcohol testing program requirements. As the database grows over time, it will therefore become easier to assess whether an individual is eligible to perform safety-sensitive functions or whether the required return-to-duty process has been completed by individuals who previously violated the FMCSA regulations. Unfortunately, employers must also continue to independently gather driver drug and alcohol program compliance records directly from prior and prospective employers until the Clearinghouse has been operating for three years, which is the look-back period for new driver queries on drug and alcohol program compliance. FMCSA-regulated employers will be obligated to query the Clearinghouse database whenever the employer “uses” a driver for the first time.3 The employer is expected to proactively review the information in the Clearinghouse to ensure that prospective Covered Drivers are compliant and allowed to perform safety-sensitive functions in accordance with FMCSA regulations. Specifically, employers must query the Clearinghouse before permitting a specific Covered Driver to operate a commercial motor vehicle on public roads. Employers are also required to query the Clearinghouse annually for each Covered Driver they employ to ensure ongoing compliance. In order to query the Clearinghouse, an employer must obtain the consent of the driver in advance. Consents to initial, or “limited” queries can be evergreen, and allow the employer to continue to query the Clearinghouse as needed (for example, on an annual basis) after the driver’s initial check. If the query identifies a relevant report on a driver in the database, however, the driver must at that time and on an individual basis authorize the release of the full query report to the employer. Failing to authorize the release of these records to the querying employer will prevent the employer from using or continuing to use the driver.

As an FMCSA-Regulated Employer, What Must You Do?
In anticipation of the implementation date, FMCSA-regulated employers should begin the process by registering with the Clearinghouse and purchasing a “Query Plan,”4 which is essentially a credit program for a set number of queries. The Clearinghouse website also contains a set of “FAQs” or frequently asked questions to help regulated employers and their drivers become familiar with the process. Once the database “goes live” on January 6, 2020, FMCSA-regulated employers must initiate a query as part of the onboarding process for new Covered Drivers and must complete this process before allowing a Covered Driver to begin performing safety-sensitive functions. Drivers need not register with the Clearinghouse unless or until there is information in the database for which they will need to authorize a release to current or prospective employers. Employers may want to encourage drivers to create an account, however, as doing so will streamline the process by which a new driver can be hired or returned to work following a report on a limited query requiring the driver to authorize the full query report. FMCSA-regulated employers must also be aware of their obligation to identify and submit information to the Clearinghouse and set up processes to capture and report this information. In some cases, the employer may need to create reports documenting support for a report of a violation. For example, supporting documentation will be required when an employer reports actual knowledge of FMCSA drug and alcohol rules, such as a statement from a supervisor who saw the driver engage in prohibited conduct, or documenting a driver’s admission or a regulatory violation. Similarly, documentation may accompany a report of a refusal to submit to required drug and/or alcohol testing. The employer must also ensure that all the information reported to the Clearinghouse was also provided to the Covered Driver in question, and so certify. This process is designed to ensure that Covered Drivers are able to exercise their right to dispute potentially inaccurate information. Although an employer can empower its third-party administrator and others involved in the administration of its FMCSA drug and alcohol program to assist in making these reports, the employer bears the ultimate responsibility to recognize and report required information to the Clearinghouse. Clearinghouse records are also made available to state driver licensing agencies.

On an annual basis, FMCSA-regulated employers also will need to submit a query regarding all Covered Drivers used, to ensure ongoing compliance with FMCSA regulations. As with existing Motor Vehicle Records (MVR) annual review requirements, the Clearinghouse must be queried at least once for each Covered Driver within 365 days of their hire date, or within another 12-month period as determined by the employer. The employer has some flexibility as to the timing of the query it wishes to conduct but should be aware of how its decision may affect its everyday operations. For example, if an employer elects to run all covered drivers at once as part of its annual review, and the limited query reveals information necessitating a full query on certain drivers, the employer must then conduct a full query on each of those drivers within 24 hours. If the employer fails to conduct a full query within 24 hours—recognizing that the employer must obtain specific consent from the driver to do so within this time period—the employer cannot allow the Covered Driver to continue to perform any safety-sensitive function until the results of the full query confirm that the Covered Driver’s Clearinghouse record is clear. Employers should therefore be wary about the potential disruptions this can create in the workplace and be prepared to respond accordingly.

Finally, employers are obligated to notify drivers of the Clearinghouse requirements. Specifically, Covered Drivers must be notified of the requirement that personal information collected and maintained pursuant to the FMCSA regulations will be reported to the Clearinghouse, including: (i) any verified positive, adulterated, or substituted drug test result; (ii) an alcohol confirmation test with a concentration of 0.04 or higher; (iii) a refusal to submit to any test required by the regulations; (iv) an employer’s report of actual knowledge, as defined in the regulations, of on-duty alcohol use; pre-duty alcohol use following an accident; and controlled substance use; (v) a substance abuse professional report of the successful completion of the return-to-duty process; (vi) a negative return-to-duty test; and (vii) an employer’s report of completion of follow-up testing. Employers can provide this information through an updated policy or a special educational communication to the drivers they use.

In a Historic Move, House Judiciary Committee Moves to Federally Legalize Cannabis

On November 20, 2019, the House Judiciary Committee approved a bill that would decriminalize cannabis on a nationwide scale. The Marijuana Opportunity, Reinvestment and Expungement Act of 2019—or MORE Act—passed with what some are calling a landslide vote of 24-10, with two Republicans—Representatives Matt Gaetz (R-FL) and Tom McClintock (R-CA)—crossing party lines to join in supporting bill. This vote marks the first time in history a congressional committee has affirmatively approved to end federal cannabis prohibition. The committee markup of the MORE Act is historical in and of itself, as it represents the first debate that was not centered on whether cannabis prohibition should be abolished, but, instead, focused on implementation of a policy that would ultimately accomplish cannabis legalization.

The MORE Act would remove cannabis from the list of Schedule 1 controlled substances identified in the Controlled Substances Act. The MORE Act would also: (i) allow states to set their own cannabis-related policy, eliminating federal intervention; (ii) require federal courts to expunge prior convictions for cannabis-related offenses; and (iii) establish a 5% tax on cannabis product sales to establish a trust fund to reinvest in communities disproportionately impacted by the “war on drugs.” Proponents argue that the MORE Act would result in significant policy change that would, among other things, create a pathway for resentencing those incarcerated on cannabis-related offenses, protect immigrants from being denied citizenship over cannabis use, and prevent federal agencies from denying public benefits, such as housing, or security clearance due to an individual’s cannabis use.

Historically, the debate on cannabis has generally followed two tracks. The MORE Act was no different. Republican committee members argued that the bill was rushed and should be subject to additional hearings. Democratic lawmakers countered the debate on cannabis has been raging since the 1970s and the time is nigh to reverse decades-long harms incurred enforcing strict prohibition.

It stands to reason that the legislation, which House Speaker Nancy Pelosi supports, has a high chance of approval in the full House where Democrats maintain control with 234 seats. However, the bill will face a tougher battle in the Republican-controlled Senate, where Majority Leader Mitch McConnell opposes cannabis legalization. Senate passage will likely depend on the compromises Democrats are willing to make. It is also important to note that prior to a vote on the House floor, several committees could claim jurisdiction to consider the bill first, including the House Energy and Commerce Committee. It is possible the bill will be further amended and potentially delayed before reaching the House floor.

Admittedly, some Republican committee members openly recognize that prohibition is no longer workable, and that federal law should change regardless of personal opinions on cannabis. These representatives pushed for the Strengthening the Tenth Amendment Through Entrusting States (STATES) Act—an alternative bipartisan cannabis bill that does not contain social equity elements or formally remove cannabis from the Controlled Substances Act. Instead, the STATES Act largely leaves cannabis policy up to the states. There is an argument to be made that this “scaled-down approach” would have a better chance of Senate approval. MORE Act supporters counter that, because the STATES Act does not de-schedule cannabis, it does not sufficiently address key issues including banking and veterans’ access.

The House Judiciary Committee’s approval comes two months after legislation that would protect banks that serve cannabis businesses in states where the substance is legal.

Consumer Financial Protection Bureau Settles With Employment Background Screening Company

The Consumer Financial Protection Bureau (Bureau) filed a proposed stipulated judgment with Sterling Infosystems, Inc. to resolve allegations that Sterling violated the Fair Credit Reporting Act (FCRA). Sterling is a privately-held Delaware corporation headquartered in New York whose primary business is to prepare background screening reports on individual job applicants to assist employers in employment-making decisions. If entered by the court, the stipulated judgment will require Sterling to pay monetary relief to consumers and a civil money penalty and prevent Sterling from engaging in the allegedly illegal conduct again. In its complaint, filed in the federal district court in the Southern District of New York, the Bureau claims that Sterling violated the FCRA by failing to employ reasonable procedures to ensure the maximum possible accuracy of the information it included in the consumer reports it prepared. Specifically, the Bureau alleges that Sterling’s procedures created a heightened risk that its consumer reports would include criminal records belonging to another individual with the same name as the applicant. The Bureau also alleges that Sterling had a practice of including “high-risk indicators” in its reports without taking any steps to verify the accuracy of them. These “high risk indicators,” which Sterling obtained from a third party, characterized addresses that the consumer may have lived at as “high risk.” The Bureau also claims that Sterling violated the FCRA by failing to maintain strict procedures to ensure that public record information that it included in the consumer reports was complete and up to date or notify consumers, at the time that such information was reported, of the fact that public record information was being reported. The Bureau also claims that Sterling violated the FCRA by reporting criminal history information and other adverse information about consumers outside of the allowable reporting period.

If the proposed stipulated judgment is entered by the court, Sterling will be required to pay $6 million in monetary relief to affected consumers and a $2.5 million civil money penalty to the Bureau. The proposed stipulated judgment also includes injunctive relief to prevent the claimed illegal conduct from recurring.

Pay Equity Litigation Update: How the EEOC has Pursued its Equal Pay Focus in Fiscal Year 2019

Since 2012, the EEOC has included equal pay protections as one of its six substantive area priorities in its Strategic Enforcement Plan (“SEP”). The SEP guides the EEOC’s enforcement activity in terms of the types of lawsuits it brings and the theories of law that it champions and pursues.

The EEOC reports—and our yearly analysis has consistently confirmed—that the six priorities identified in the SEP are lightning rods for increased EEOC litigation and are more often the subject of the agency’s conscious, directed development of the law. For that reason, we believe that employers are well advised to understand how the EEOC interprets and applies its enforcement priorities, as they tend to be a reliable guide to the types of employers, industries, and business practices that the EEOC is actively targeting. This post will describe the legal developments in FY 2019 within the EEOC’s equal pay priority.

EEOC Litigation Developments In 2019
Equal Pay Act cases are often highly fact-driven and therefore notoriously difficult for employers to scuttle with pretrial motions. Several recent decisions arising out of EEOC-initiated litigation are illustrative of this trend.

For example, in EEOC v. Enoch Pratt Free Library, No. 17-CV-2860, 2019 WL 5593279 (D. Md. Oct. 30, 2019), the District Court for the District of Maryland denied the EEOC’s and the employer’s cross-motions for summary judgment. With respect to the motion filed by the EEOC, the District Court found that genuine issues of material fact persist regarding elements of the EEOC’s prima facie case. Id. at *5. In particular, the District Court held that the evidence showed that employees within the charging party’s position, library supervisors, perform a wide variety of job duties across various library branches: “Overall, the branches generally have varying responsibilities in light of their different physical plants, different clientele, and different community resources…A factfinder should therefore assess whether the duties performed by [supervisors] are sufficiently similar to establish a prima facie case of unequal pay for equal work.” Id.

With respect to the employer’s motion, the District Court applied the reasoning of a recent decision out of the Fourth Circuit, EEOC v. Maryland Insurance Administration, 879 F.3d 114, 124 (4th Cir. 2018). The EEOC alleged that the employer paid three former female fraud investigators less than it paid four former male fraud investigators with comparable credentials and experience. The Fourth Circuit held that the EPA requires “that an employer submit evidence from which a reasonable factfinder could conclude not simply that the employer’s proffered reasons could explain the wage disparity, but that the proffered reasons do in fact explain the wage disparity.” Id. at 129. The employer argued that it could not have discriminated against the charging parties because it used the state’s Standard Salary Schedule, which classifies each position to a grade level and assigns each new hire to a step within that grade level. The Fourth Circuit rejected this defense because it found that the employer exercised discretion each time it assigns a new hire to a specific step and salary range based on its review of the hire’s qualifications and experience.

In Enoch Pratt Free Library, the employer had also argued that any wage differential was due to a factor other than sex, rather than due to discrimination, based on its use of a facially neutral salary scale, the Managerial and Professional Society Salary Policy (“MAPS”), to determine compensation for newly hired library supervisors. 2019 WL 5593279, at *6. The District Court held, however, that that policy did not necessarily compel any specific salary to be awarded to a new hire because it left open the possibility that the employer could apply discretion with respect to setting starting salaries. Id. Applying Maryland Insurance Administration, the District Court concluded that “[the EEOC’s comparator] was hired at a rate not only higher than the female [library supervisors] represented by the EEOC, but also significantly above the salary he had received during his first tenure at [employer]. Given these facts, combined with the inherent discretion within the MAPS policy, genuine factual questions exist about how defendants arrived at [the comparator’s] salary.” Id. at *7.

An employer’s burden at the motion to dismiss stage is even higher. For example, in EEOC v. George Washington University, No. 17-CV-1978 (CKK), 2019 WL 2028398 (D.D.C. May 8, 2019). the District Court for the District of Columbia denied an employer’s motion to dismiss even though the complaint at issue did not explicitly allege how the positions at issue were equal with respect to skill, effort, and responsibility. In that case, the EEOC had brought a lawsuit on behalf of a female university Director of Athletics, who alleged that a male colleague was treated more favorably and given greater opportunities because of his sex. Id. at *1. The University allegedly advertised a new position in its athletics department, but plaintiff had been informed that the job was off-limits to her because the University had already decided to hire her male coworker. Id. at *2. The position paid far more than plaintiff’s position.

The University moved to dismiss the complaint. The District Court held that the complaint “straightforwardly pleads that [plaintiff] was paid less as Executive Assistant than [comparator] was paid as a Special Assistant for substantially the same job responsibilities.” Id. at *4. The Court held that there was no reason for the complaint to get into the equal skill, effort, and responsibility, or other similar working conditions of those two positions, because at the motion to dismiss stage, a court cannot dismiss a complaint even if the plaintiff did not plead the elements of a prima facie case.


State Developments

New Legislation Precludes Employers in Puerto Rico From Using Credit Reports or Credit History to Take Employment Actions

On October 8, 2019, the Governor of Puerto Rico signed into law Act No. 150 of October 8, 2019 (“Act 150” or “the Act”), which prohibits employers from, among other actions, verifying or investigating credit history or credit reports concerning current employees or employment candidates, or from obtaining or ordering such reports from a credit agency. The Act further prohibits employers from taking adverse employment actions based on an employee’s or employment candidate’s credit history or report. Act 150, however, provides a list of exceptions to its coverage, including management positions, positions in the Department of Justice or the Judicial Branch, public order officials, and positions that have access to trade secrets (as defined under Puerto Rico Act 80-2011), financial or personal information, or cash or other goods subject to misappropriation totaling at least $10,000. Positions that are regulated by the Puerto Rico Office of the Commissioner of Financial Institutions or for which a credit report is required by federal law are also exempt from Act 150’s provisions. When these exceptions apply, employers must obtain written consent from the employee or employment candidate in order to be able to request their credit history or report. Employers must ensure that their employment practices are consistent with Act 150. Otherwise, employers that violate the Act may be subject to administrative penalties of up to $2,500 for each violation. The Act took effect immediately upon the Governor’s signature (October 8, 2019).

New Pennsylvania Medical Marijuana Lawsuit May Someday Provide Guidance to Employ

Q: Are there any new cases involving Pennsylvania’s Medical Marijuana Act in the context of employment?
A: Given that state-sanctioned use of medical marijuana is relatively new, there are few cases interpreting Pennsylvania’s medical marijuana law with regard to employment. This is why a recently filed Pennsylvania lawsuit could have a far-reaching impact on employers.

On October 10, 2019, Derek Gsell of Moon Township, Pennsylvania filed a lawsuit against a Pennsylvania electric company (the “Company”) in the Court of Common Pleas of Allegheny County, Pennsylvania, docketed as No. GD-19-014418. Mr. Gsell alleges that the Company improperly rescinded a job offer because he tested positive for THC (the active ingredient in marijuana) in a pre-employment drug test. As he informed the Company, Mr. Gsell possesses a Pennsylvania medical marijuana card, which allows him to legally purchase and use marijuana for medical purposes. According to the complaint, the Company offered Mr. Gsell employment in August 2019; however, the offer was “contingent upon successful completion of a criminal background check, reference check, and pre-employment drug screen.” Mr. Gsell underwent a pre-employment hair follicle drug test and he was informed that he had “failed” the test due to the detection of THC. The complaint states that written correspondence from the Company informed Mr. Gsell that the job offer was rescinded, and the position was “no longer available due to your positive drug screen results.” In his complaint, Mr. Gsell claims that the Company acted with “malice or reckless indifference” to his rights under Pennsylvania’s Medical Marijuana Act (“PMMA”), which established the state’s medical marijuana program in 2016. Mr. Gsell alleges that his job offer was rescinded solely because he was certified to use medical marijuana, noting that he did not seek to use medical marijuana on the Company’s property or to be under the influence of marijuana while at work.

The PMMA permits the use and possession of medical marijuana in authorized forms by patients with a practitioner’s certificate who suffer from a serious medical condition. Possession is lawful for patients and caregivers who have a valid identification card. The Act provides protections for employees certified to use medical marijuana and in particular, it prohibits employers from discriminating or taking an adverse action against an employee “solely on the basis of the employee’s status as an individual who is certified to use medical marijuana.”

Given the limited issues presented in Mr. Gsell’s one-count complaint, this lawsuit will likely be a good test case for enforcing an employee’s (or a prospective employee’s) rights under the PMMA. The Company has not yet filed a response to the complaint.

Florida Legislature to Consider Bill Protecting Rights of Medical Marijuana Users

A Florida state senator has put forward a bill to protect medical marijuana users from workplace discrimination, including firings for positive drug tests, as discrimination lawsuits follow the trend of legalization across the country. The introduction of Senate Bill 962 is in response to numerous lawsuits filed by workers who were terminated from their jobs for cannabis use. Several states with legalized medical marijuana have protections for users in the workplace, including barring employers from using positive test results to decide on hiring or firing unless the user is bringing their marijuana to work or they work in an environment where safety is a concern. The proposed bill incorporates protections similar to those afforded to workers in other states, such as Arizona, Maine, and Minnesota. In the proposed bill, employers still would be able to punish workers who possess or use medical marijuana during normal business hours. And jobs with “safety-sensitive” duties, such as work with hazardous materials or work that involves carrying a firearm, are exempt from the proposed rules.

Additionally, the proposed bill would permit employers with drug test policies to have five days to provide written notice to applicants who test positive for marijuana or its metabolites, explaining the applicant’s right to provide an explanation for the positive test result. The applicant or employee would then have five business days to submit information explaining or contesting the test result, or to request a confirmation test. According to the text of the proposed bill, employers may take “adverse personnel action” against any employee if the employer has evidence that the medical marijuana use is impairing the worker’s ability to perform his or her job responsibilities.

The proposed bill highlights the inherent conflict between the rights of the individual to accept and undergo treatment for legitimate medical conditions in contradiction to employers’ desire to have a “drug-free” working environment in order to maintain certain standards of work quality and safety.

A similar bill was introduced in the Florida House of Representatives in early November 2019. Both the Florida House of Representatives and Florida State Senate are expected to consider the respective bills in the 2020 legislative sessions.

Saliva Instead of Urine for Drug Testing?

More employers will drug test their employees as an unintended consequence of the legalization of recreational marijuana. Recently, the federal government posted guidelines for federal employers who use “oral fluid specimens.” Illinois employers should consider testing “oral fluid specimens” instead of urine.

What are Oral Fluid Specimens?
An oral fluid specimen is collected from an employee’s oral cavity (“mouth”) and it is a combination of physiological fluids (“saliva” or “spit”) produced primarily by the salivary glands.

What Advantages Derive from Testing an Employee’s Saliva?
Urine testing has been the “go to” testing standard for drug and alcohol use since 1988. Urine testing has a variety of problems while saliva testing has various advantages:

  • Some employees have a hard time producing a urine sample because of a legitimate medical condition. A limited urine specimen can produce an invalid result, or the test may need to be rescheduled.
  • Urine collection requires use of a specialized collection facility, secured restrooms, same gender oversight, and other special requirements. Saliva may be collected in various settings.
  • Up to 3% of unobserved urine collection samples are substituted or adulterated. Since all saliva samples can easily be observed, this should reduce the risk that a sample is tainted.
  • Collecting saliva requires less time than collecting urine. This results in less employee time away from the workplace. Saliva collection may occur at or near the workplace which means there should be no travel time for the employees. The federal government estimates that saliva collection costs $38.00 to $114.00 less per test than urine collection.
  • Saliva collection may be more accurate than urine testing with respect to recent drug use. This is particularly important as employers try to differentiate between legal usage off-duty, and illegal usage on-duty.

Employers concerned about the impact of recreational marijuana on their workforce must promulgate a written policy. This policy should describe when and how drug testing will occur. Moreover, employers must publish their policy either through a company intranet, bulletin board or handbook. Presumably, some aspect of every employer’s policy will contain a drug testing component. For 30 years, testing urine has been the standard. Testing saliva may now be the better option.

Year-End Reminder: New Jersey’s Salary History Ban Takes Effect January 1, 2020

In just a few short weeks, New Jersey employers will no longer be allowed to ask prospective employees about their salary history during the application or interview process or rely upon salary history in setting compensation. The rationale for the new statewide law is that setting compensation based on prior salary may perpetuate an unlawful pay disparity. By excluding salary history from the mix, employers will only be able to set compensation based on lawful considerations, including the specific job duties of the position and the applicant’s skill, education, training, and experience.

Court Cases

Dollar General Reaches Settlement With the EEOC in Years-Long Background Check Bias Suit

Employers should continue to exercise caution and care in drafting their criminal record screening policies. A recent settlement by Dollar General underscores this point, even though it comes on the heels of the Fifth Circuit’s opinion holding that the EEOC violated the federal Administrative Procedure Act (APA) in issuing its 2012 Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions Under Title VII of the Civil Rights Act of 1964. The EEOC and Dollar General recently resolved the EEOC’s six-year lawsuit against the retailer arising under Title VII of the Civil Rights Act of 1964 (Title VII) for $6 million dollars and other programmatic relief.

In 2013, the EEOC filed suit, alleging that the company’s use of criminal background checks disparately impacted African American applicants in violation of Title VII. The lawsuit alleged that the retailer violated Title VII due to the purported “gross disparity in the rates at which Black and non-Black conditional employees were discharged.” Though a federal court in Illinois ruled for the EEOC during some discovery disputes, the federal court never ruled against the company on the substance of the EEOC’s claims, nor has the company admitted any liability. The company has, rather, steadfastly denied liability.

The parties mediated the matter on September 11, 2019. On October 28, 2019, the parties submitted a Consent Decree (“Decree”) to the federal court in Illinois for approval. The Decree, which will be in effect for three years, requires programmatic relief in addition to a monetary payment. Specifically, the retailer can continue to consider applicants’ and employees’ criminal conviction history for employment purposes only if it agrees not to violate anti-discrimination and anti-retaliation laws, and if it complies with numerous requirements, including:

  • retaining a criminal history consultant to evaluate its use of criminal history information in hiring decisions, and implementing recommendations made by the consultant by 180 days from the entry of the Decree at the latest;
  • until the consultant’s recommendations are implemented, conducting internal individualized reviews for various misdemeanor crimes, using factors specified in the Decree; and
  • updating its reconsideration process for individuals whose conditional offer is rescinded because of criminal conviction history.

The retailer further agreed to submit detailed yearly reports to the EEOC, beginning the year after it implements the consultant’s recommendations. The EEOC agreed not to use data from these reports to bring any charges or lawsuits against the retailer, and it agreed to destroy data from these reports upon expiration of the Decree. The company also agreed to conduct trainings on its background check processes and to update its policies. Additionally, it agreed to provide notices to conditional hires about its background check processes and that a criminal history is not an automatic bar to employment.

The terms of the class-wide settlement must still be approved by the federal court.

Overall, employers’ use of background checks, including criminal record screening policies, raises an array of complex legal issues and continues to garner attention from legislatures, the EEOC, and the plaintiffs’ bar. All employers, and particularly multi-state employers, should continue to be vigilant about compliance with all applicable laws, including the so-called ban-the-box laws and the federal Fair Credit Reporting Act (FCRA). The FCRA especially has become one of the mainstays of the plaintiffs’ class action bar.

9th Cir. Allows FCRA “Permissible Purpose” Action to Proceed Despite Plaintiff Not Know the Purpose for Which the Credit Report was Accessed

In Nayab v. Capital One Bank USA, No. 17-55944, 2019 U.S. App. LEXIS 32575, at *24-32 (9th Cir. Oct. 31, 2019), the Court of Appeals for the Ninth Circuit found that an FCRA Plaintiff met the Spokeo and Iqbal/Twombly standards for pleading a “Permissible Purpose” action under the FCRA.

Nayab has pleaded facts sufficient to give rise to a reasonable inference that Capital One obtained her credit report for an unauthorized purpose. Nayab pleaded that she did not have a credit relationship with Capital One of the kind specified in 15 U.S.C. § 1681b(a)(3)(A)-(F). Pl’s First Am. Compl. 11, 40, 47, 50. Nayab specifically pleaded that, [*25] “upon review of her Experian credit report, Plaintiff discovered that Defendant submitted numerous credit report inquiries to Experian.” Id., 18. Nayab then puts forward factual assertions which negative each permissible purpose for which Capital One could have obtained her credit report and for which Nayab could possibly have personal knowledge: (1) Plaintiff did not initiate any credit transaction with Defendant as provided in 15 U.S.C. § 1681b(a)(3)(A). (2) Plaintiff was not involved in any credit transaction with Defendant involving the extension of credit to, or review or collection of an account of, the consumer as provided in 15 U.S.C. § 1681b(a)(3)(A). (3) Plaintiff is not aware of any collection accounts, including any accounts that were purchased or acquired by Defendant that would permit Defendant to obtain Plaintiff’s credit report as provided in 15 U.S.C. § 1681b(a)(3)(A). (4) Plaintiff does not have any existing credit accounts that were subject to collection efforts by Defendant as provided in 15 U.S.C. § 1681b(a)(3)(A). (5) Plaintiff did not engage Defendant for any employment relationship as provided in 15 U.S.C. § 1681b(a)(3)(B). (6) Plaintiff did not engage Defendant for any insurance as provided in 15 U.S.C. § 1681b(a)(3)(C). (7) Plaintiff did not apply for a license or other benefit granted by a governmental instrumentality as provided in 15 U.S.C. § 1681b(a)(3)(D). (8) Plaintiff did not have an existing credit obligation that would permit Defendant to obtain her credit report as provided in 15 U.S.C. § 1681b(a)(3)(E). (9) Plaintiff did not conduct any business transaction nor incur any additional financial obligations to Defendant as provided in 15 U.S.C. § 1681b(a)(3)(F). (10) Defendant’s inquiry for Plaintiff’s consumer report information falls outside the scope of any permissible use or access included in 15 U.S.C. section 1681b. Id. 24-35. These are factual allegations that, when taken as true, rule out many of the potential authorized purposes for obtaining a credit report. Further, Nayab alleges that she discovered Capital One obtained her credit report only upon review of her Experian credit report. The implication is that she never received a firm offer of credit from Capital One. These allegations, together with Nayab’s allegation that Capital One, in fact, obtained her report, state a plausible claim for relief. These are not simply bare conclusions devoid of facts supporting them. The exceptions to the general prohibition in § 1681b(f) are not elements of Nayab’s prima facie case which she must negative to state a claim, rather they are affirmative defenses for which Capital One bears the burden. Van Patten, 847 F.3d at 1044; see Tourgeman, 900 F.3d at 1109. By alleging facts giving rise to a reasonable inference that Capital One obtained her credit report for a purpose not authorized by statute, Nayab has asserted a plausible claim for relief under the FCRA. In a footnote, the Court of Appeals noted that no one really knew why the customer’s consumer report was accessed.

11th Circuit Reinstates FCRA Suit, Addresses Definition of “False Pretenses”

On November 12TH, the U.S. Court of Appeals for the Eleventh Circuit issued an order reversing in part and affirming in part a district court’s dismissal of claims brought by a consumer who claimed a bank violated the Fair Credit Reporting Act (FCRA) and the FDCPA when it allegedly provided debt information using a “false name” to a credit reporting agency and requested the consumer’s credit report without a proper purpose. In 2016, the consumer filed a lawsuit asserting the bank (i) violated the FDCPA by using a name other than its true name in connection with the collection of debt; and (ii) violated the FCRA when it failed to investigate the accuracy of the information provide to the credit reporting agency and requested his credit report without a permissible purpose. The district court dismissed the complaint for failure to state a claim. On appeal, the 11th Circuit affirmed the dismissal of the FDCPA claim, concluding that, while the false-name exception stipulates that the FDCPA applies to a creditor that uses any name other than its own when collecting its own debts (which may indicate a third party was collecting or attempting to collect the debt), the exception does not apply in this instance because “even the least sophisticated consumer” would understand that the bank and the entity named in the consumer report were related. However, the appellate court held that the district court erred in dismissing the FCRA claims. According to the opinion, the consumer stated three plausible claims for relief, including that the bank failed to investigate the accuracy of the information it sent, as required when a dispute arises, and that it unlawfully obtained his credit report. The 11th Circuit noted that while it has never addressed the meaning of “false pretenses” under the FCRA, it now joins other courts in holding that “intentionally obtaining a credit report under the guise of a permissible purpose while intending to use the report for an impermissible purpose can constitute false pretenses.” Moreover, the appellate court noted that while the bank may have obtained the consumer’s credit report for proper purposes, or that it may have disclosed the true purpose to the credit reporting agency, “this fact question cannot be resolved on a motion to dismiss.”

Does it Violate Public Policy to Terminate a Drunk Employee?

The employee, a long-time production foreman, failed a blood alcohol test in February 2018. In response, and pursuant to a federal regulation, the nuclear plant suspended the employee’s access to the facility for fourteen days. Before the suspension ended, the plant terminated him. The employee sued. The employee argued, in pertinent part, that his termination violated an alleged Pennsylvania public policy to “allow[] employees with alcohol or drug-related issues to complete treatment for first offenses before being terminated.” The Court disagreed. It recognized that Pennsylvania law permits common law wrongful discharge claims when an alleged termination “violate[s] a clear mandate of Pennsylvania public policy.” But, the court held, such a clear mandate has been recognized only in three limited circumstances: (1) when an employer fires an employee for refusing to commit a crime; (2) when an employer fires an employee for complying with a statutorily imposed duty; and (3) when a statute prohibits discharge.

Contrary to the plaintiff’s argument, the Court concluded that no statute or regulation required employers to forgive “first offenses,” or offer treatment in lieu of termination. The Court further concluded that, although Pennsylvania offers state employees the opportunity to participate in substance abuse programs after a first offense, this program did not evidence any “public policy” that applied to private employers. Accordingly, under the employment “at will” doctrine, the Court found that the nuclear plant could freely terminate the employee for failing a sobriety test.

The Court’s decision is a reminder that, while the employment “at will” doctrine is under threat, it’s not dead yet. Providing substance abuse counseling and treatment to employees who violate drug and alcohol policies may be good personnel management. But, all other things equal, nothing in Pennsylvania prohibits employers from simply terminating offenders. That guidance, however, comes with a caveat: every employee has multiple protected characteristics (i.e., a sex, race, national origin, religion, etc.). If employers terminate some substance offenders, while referring others to treatment, plaintiffs’ attorneys may be able to assert discrimination claims based upon alleged disparate treatment. At the same time, some offenses may be worthy of termination, while others aren’t. An employer could draw a clear difference, for instance, between a forklift driver who comes to work at three times over the legal limit, and a secretary who tests positive for marijuana. But there are also many gray areas, which could raise factual questions in a discrimination case. To that end, employers who run drug testing programs should draft clear, written guidelines demarcating what kind of offenses they consider terminable, and what kind of offenses warrant treatment, or a lesser sanction.

Judge OKs $3.6M Deal in FCRA Suit Over Background Checks

A Florida federal judge granted final approval Tuesday to a $3.6 million settlement between Global HR Research and a nationwide class of job applicants to resolve allegations the consumer reporting agency violated the Fair Credit Reporting Act by disclosing workers’ background check results to employers without proper authorization.

FCRA Class Action Survives Early Procedural Challenge

In the first quarter of 2019, in Sanders v. Global Radar Acquisition, plaintiffs filed a putative class action claiming that the Defendants failed “to obtain certification prior to furnishing a consumer report for employment purposes in violation of 15 U.S.C. § 1681b(b)(1)(A).” The Plaintiffs were employed by Naples Hotel Group, which was not a party to the action, but were terminated based on the contents of background checks provided by Global HR background checks provided by Global HR, a consumer reporting agency. The crux of the claim was not that the Defendant reported false information but rather that the Defendant lacked certifications from the Naples Hotel Group that were required by the FCRA before providing reports. The issue before the district court was whether the plaintiffs had Article III standing to sue.

By way of some background: When applying for a position at Naples Hotel Group, Plaintiffs were required to sign documents titled “Notice and Acknowledgment”, which purportedly authorized Naples Hotel Group to procure their consumer reports for employment purposes. Global HR supplied the “Notice and Acknowledgement” forms, which plaintiffs allege did not comply with the FCRA. The relevant statutory provisions are 15 U.S.C. § 1681b(b)(1)(A)(i)-(ii), (b)(2), and (b)(3). In the Amended Complaint, Plaintiffs allege they were terminated on October 5, 2016 based upon the consumer reports Global HR unlawfully furnished to Naples Hotel Group and were never provided with pre-adverse action notification required by the FCRA. They further allege that Global HR invaded their “right of privacy” by providing their confidential information without proper authorization. The Defendant moved to dismiss. Importantly, the question in the Sanders case isn’t whether the Plaintiffs had statutory standing to sue. Instead, the issue was whether under Spokeo the plaintiffs had Article III standing. Article III standing is a threshold requirement to bring a claim, which (like jurisdiction) must be addressed before the merits. To establish Article III standing, a plaintiff must establish injury in fact, causation, and redressability. For injury in fact, it’s not enough to allege a procedural violation. The plaintiff must actually have suffered harm. That harm must be caused by the Defendant’s conduct. It must be “fairly traceable” to the Defendant. Finally, the harm suffered must be capable of redress by a favorable decision.

The Sanders court found that the Plaintiffs’ harm wasn’t a mere technical violation of the statute but, rather, was precisely the type of harm the FCRA intends to protect against: the distribution of consumer reports without authorization. As to causation, the Court also found that, critically, that harm was “fairly traceable” to the Defendant’s conduct. Specifically, the injury flowed from the Defendant’s conduct. The Court denied the Defendant’s motion to dismiss and found that the Plaintiffs had Article III standing to sue.

Cited FCRA Violation

604. Permissible purposes of consumer reports [15 U.S.C. § 1681b] (b) Conditions for Furnishing and Using Consumer Reports for Employment Purposes.

  • Certification from user. A consumer reporting agency may furnish a consumer report for employment purposes only if
    • the person who obtains such report from the agency certifies to the agency that
      • the person has complied with paragraph (2) with respect to the consumer report (Disclosure to Consumer), and the person will comply with paragraph (3) with respect to the consumer report if paragraph (3) becomes applicable (Conditions on use for Adverse Action); and
      • information from the consumer report will not be used in violation of any applicable Federal or State equal employment opportunity law or regulation; and
    • the consumer reporting agency provides with the report, or has previously provided, a summary of the consumer’s rights under this title, as prescribed by the Federal Trade Commission under section 609(c)(3) [§ 1681g].
  • Disclosure to Consumer.
    • In general. Except as provided in subparagraph (B), a person may not procure a consumer report, or cause a consumer report to be procured, for employment purposes with respect to any consumer, unless—
      • a clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consists solely of the disclosure, that a consumer report may be obtained for employment purposes; and
      • the consumer has authorized in writing (which authorization may be made on the document referred to in clause (i)) the procurement of the report by that person.
  • Conditions on use for adverse actions.
    • In general. Except as provided in subparagraph (B), in using a consumer report for employment purposes, before taking any adverse action based in whole or in part on the report, the person intending to take such adverse action shall provide to the consumer to whom the report relates—
      • A copy of the report; and
      • A description in writing of the rights of the consumer under this title

Court Decertifies $6.5 Million Member Class in Background Check Suit

A California federal court decertified a class of millions of Walmart employees after concluding that the named plaintiffs lacked Article III standing to bring their challenge to the employer’s use of background checks. Each of the three named plaintiffs applied for a job at Walmart, and each was subsequently hired after a credit and background report was conducted. They later filed a putative class action alleging that the employer ran afoul of the Fair Credit Reporting Act (FCRA) as well as California’s Investigative Consumer Reporting Agency Act (ICRAA) by willfully including extraneous information in the disclosure forms and inadequately informing them of their rights. Last January, U.S. District Judge David O. Carter certified a class of approximately 6,547,400 individuals who applied for a job at Walmart between June 2012 and March 2019. Walmart responded with a motion to decertify, arguing that the named plaintiffs lacked standing. Judge Carter agreed, granting the motion. Even assuming that Walmart’s written disclosures were inadequate under the FCRA, the plaintiffs failed to identify an injury stemming from the statutory violation that could suffice to support Article III standing, the court said. Pursuant to the U.S. Supreme Court’s Spokeo v. Robins decision, a statutory violation must also be accompanied by a “concrete injury”—either a de facto, actually existing injury or “the risk of real harm”—to establish standing. But the named plaintiffs alleged only a “bare procedural violation,” the court said. All of them testified in their depositions that they understood that Walmart might conduct a background check and none of them objected. In fact, two of the plaintiffs welcomed the check, the court noted, because they wanted to be hired. “[T]he only injury plaintiffs identify is that, as a result of defendant’s deficient disclosure forms, they ‘have been injured including, but not limited to, having their privacy and statutory rights invaded in violation of the FCRA,’ or, put differently, that defendant ‘obtained plaintiffs’ personal information in violation of their statutorily protected rights,’” the court wrote. “If, as the Supreme Court has established, there is a category of ‘bare procedural violation,’ then it must certainly encompass the wrongdoing alleged in plaintiffs’ first cause of action.” Case law from other California federal courts backed this conclusion, Judge Carter added, citing decisions holding that when job applicants have not claimed that the disclosure forms impaired their understanding or that they would not have authorized the background check had the disclosure form complied with the FCRA, they were unable to establish standing. The court distinguished the U.S. Court of Appeals, Ninth Circuit’s decision in Syed v. M-I, LLC, where the FCRA plaintiff learned after the fact that he had been subjected to a background check. “Named plaintiffs, however, understood that defendant might run a background check, and because they wanted defendant to hire them, they consented to the potential background checks,” the court said. The “named plaintiffs have not adduced any evidence that their substantive rights were violated.” As the plaintiffs’ claims under the ICRAA mirrored the FCRA claims, they similarly failed for lack of standing. Judge Carter decertified the class and remanded the case to state court.

First Day on the Job and on Notice: When the Statute of Limitations Begins for Employer Background Checks

Employers began to rethink how they obtain authorization and retrieve background and credit checks for new employees after the Ninth Circuit’s decision in Gilberg v. California Check Cashing Stores, LLC, 913 F.3d 1169, 1177 (9th Cir. 2019), as we’ve previously discussed. However, lower California courts recently decided other issues surrounding background checks, such as the amount of time employees have to file a claim. These recent rulings suggest that the statute of limitations for an employee to file a claim for an alleged violation of federal and/or state background and credit checks laws can begin on the employee’s first day of work.

Plaintiffs Have Two Years to File a Background Check Claim
Background check disclosure and authorization forms are required by the Fair Credit Reporting Act (“FCRA”), California’s Consumer Credit Reporting Agencies Act (“CCRAA”) and Investigative Consumer Reporting Agencies Act (“ICRAA”). Each has a two-year statute of limitations. 15 U.S.C. 1681p (earlier of two years from date of discovery or five years from date of the violation); Cal. Civ. Code § 1785.33 (two years from discovery but not more than seven years unless a defendant willfully violated the code); Cal. Civ. Code § 1786.52 (two years from date of discovery). For the two-year limit to apply, employers carry the burden to show that a “reasonably diligent plaintiff would have discovered the facts constituting the violation.” Drew v. Equifax Information Services, LLC, 690 F.3d 1100, 1110 (9th Cir. 2012). Yet, proving when a plaintiff discovered that their potential employer retrieved a background check on them can be problematic.

Courts Decide That Plaintiffs Can Be on Constructive Notice from Their First Day of Work
Recent California cases deemed that plaintiffs discovered facts constituting their background check as early as their first day of work.[1] In Berrellez v. Pontoon Solutions, Inc., 2016 U.S. Dist. LEXIS 142174 at *18 (C.D. Cal. Oct 13, 2016), an employee was on constructive notice that his new employer pulled a background check on him because, in addition to having his fingerprints taken, he signed consent forms stating he was aware a background check would be performed. At the latest, the employee was on notice on his first day of work, so his claims were barred by the statute of limitations. Thus, the employer’s motion for summary judgment was granted. Additionally, the court in Ruiz v. Shamrock Foods Company, 2018 U.S. Dist. LEXIS 148929 at *16 n.6 (C.D. Cal. Aug. 22, 2018), dedicated a lengthy footnote to this issue. Two employees received job offers contingent on receiving satisfactory background checks. Thus, they knew on their first day of work that their employer retrieved background checks on them, because they started work. Although the court decided the case on other grounds, the two employees’ claims would have failed because of the two-year statute of limitations. Id.

Finally, a reported case from the Northern District of California held that an employee can be on notice from his or her first day of work. In Rodriguez v. U.S. Healthworks, Inc., 388 F.Supp.3d 1095, 1104 (N.D. Cal. 2019), an employee was on constructive notice that her employer retrieved a background check on her because her job offer was contingent on a satisfactory result. Thus, the statute of limitations began to run on the employee’s first day of work, similarly to Ruiz. Since the employee started work four years prior to filing the lawsuit, her claim was barred by the two-year statute of limitations. The court granted the employer’s motion for summary judgment.

If an employee’s position is contingent on a satisfactory background check, the employee is likely aware of any alleged FCRA, CCRAA or ICRAA violations starting with his or her first day of work and would have two years from that day to file a claim.

International Developments

Employee Data Protection in Canada

Requirements for Registration
Canadian law provides for both private-sector and public-sector privacy legislation. Depending on the jurisdiction in which they operate, private-sector employers in Canada are subject to either federal or provincial legislation governing the collection, use and disclosure of personal information.

The federal Personal Information Protection and Electronic Documents Act (PIPEDA) applies to federally regulated employers, as well as employers that are provincially regulated that operate in provinces that have not adopted substantially similar privacy legislation. To date, Quebec, Alberta and British Columbia have enacted personal information legislation, which has been recognized as substantially similar to PIPEDA. In 2013, Manitoba passed private-sector privacy legislation that is not yet in force. It has not yet been determined whether this legislation is substantially similar to PIPEDA.

In addition to PIPEDA and provincial legislation dealing specifically with the collection, use and disclosure of personal information in the private sector, employers may have additional statutory privacy obligations. For example, several provinces have enacted legislation, such as the British Columbia Privacy Act, which makes it an actionable wrong for one person, willfully and without claim of right, to violate another’s privacy. In Quebec, the CCQ and the Quebec Charter of Human Rights and Freedoms provide for additional privacy obligations.

Cross-Border Data Transfers
Canadian privacy legislation addresses the notion of cross-border data transfers. In this regard, the transfer of personal information outside Canada must be disclosed in an employer’s privacy policy, to meet the openness and safeguarding principles that apply to PIPEDA and similar privacy legislation. Further, employees whose personal information is collected must be informed of the transfer to any foreign entities and must be provided with appropriate contact information for obtaining details on the privacy obligations of those entities. While this has been held to exist as an implicit requirement in privacy legislation across Canada, it is made explicit in Alberta’s Personal Information Protection Act, which also differs from other Canadian privacy law in that it imposes specific breach notification obligations on organizations.

Sensitive Data
Under all Canadian privacy legislation, personal information is broadly defined as ‘information about an identifiable individual’, with certain exclusions. Sensitive information that would generally fall under the ambit of ‘personal information’ in Canadian privacy legislation would include, in particular, financial information, medical information, educational history, union membership or information relating to an employee’s family background.

Background Checks
The validity of background checks varies greatly across Canadian jurisdictions. Generally, employers may perform a background check on prospective employees; however, certain jurisdictions limit criminal or credit checks. Human rights legislation and privacy legislation across the jurisdictions will limit the use of criminal or credit background check results, even if these types of background checks are permitted. Employee consent to background checks is almost always preferred, if not required in most Canadian jurisdictions.

Employee Data Protection in Mexico

Requirements for Registration
On 5 July 2010, the federal government published in the Federal Official Gazette the Federal Law for Personal Data Protection Possessed by Private Persons (DPL), which has been in force since 6 July 2010 and is intended to protect personal data held by private persons—either companies or individuals—in order to regulate the lawful, informed and controlled treatment of the data, with the objective of ensuring the right to privacy as well as the right of informational self-determination of persons. The DPL protects personal data that is subject to process, use or transfer, at a national and international level. To clarify the content of the DPL, on 21 December 2011, the Ministry of the Economy published in the Federal Official Gazette the Regulations of the DPL (the Regulations), which have been mandatory since 22 December 2011. The Regulations provide in detail the conditions for the compliance and enforcement of the DPL to bring legal certainty to its regulated subjects. Both regulatory instruments have a direct impact on employees, either by strengthening their right to privacy in relation to their employer and its subcontractors or to establish duties they must comply with in order to preserve the privacy of the personal data that is processed in the course of their activities. In terms of the DPL and its Regulations, there is no obligation to register the company—in its role of data controller—with the Mexican data protection agency (the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI)) or any other government body. However, diverse obligations should be fulfilled in order to comply with the provisions of the DPL and its Regulations.

The Regulations compel employers to create an inventory of processed personal data to identify its nature—as sensitive, financial or economic personal data requires the written express consent of the data subject to be collected and processed and should be protected by stronger measures than ‘ordinary’ personal data. In addition, the inventory may determine the form of the processed data (i.e., whether it is expressed or contained in a digital format, in printed form, or in visual or audio format).

For the collection and processing of personal data, the general rule is that the data subject must be informed by means of a privacy notice about the collected data, the purposes for the processing and the data transfers, and the means to exercise the right to access, rectify, cancel and oppose the data processing, as well as the means to express his or her consent to authorize the data processing and transfers. However, the data subject’s consent is not required for the processing of personal data to be lawful if it is necessary to comply with obligations derived from a legal relationship, such as a labor contract, entered into by the data subject (employee) and the data controller (employer). Candidates for employment do not fall within this exception as they do not have any legal relationship with the employer, so their consent is required to transfer their personal data to a third party. The Regulations compel companies to limit access to personal data only to authorized employees owing to their position or functions. The DPL also provides that companies must implement and maintain administrative, technical and physical security measures to protect personal data against damage, loss, alteration, destruction, use, access or unauthorized use (Article 19 of the DPL and Chapter III of the Regulations). Under Article 48 of the Regulations, the employer is compelled to implement a range of actions to ensure that their employees comply with the DPL and its Regulations such as:

  1. developing binding and enforceable privacy policies and programs within the organization;
  2. implementing a training and staff awareness program on the obligations regarding personal data protection, including any modifications that are made;
  3. establishing an internal system for supervision and monitoring, verification or external audits to test compliance with privacy policies;
  4. allocating resources for the implementation of privacy programs and policies;
  5. providing mechanisms for the enforcement of privacy policies and programs, as well as for sanctioning lack of compliance;
  6. establishing measures for tracking personal data during its processing;
  7. establishing procedures to receive and respond to doubts and complaints from the personal data holder;
  8. establishing measures for the assurance of personal data, in other words a set of technical and administrative actions that guarantee the responsible party’s compliance with the principles and obligations set forth by the DPL and its Regulations; and
  9. establishing measures for the traceability of personal data, that is, actions, measures and technical procedures that allow for the tracking of personal data while it is being processed.

Privacy regulations should be related to a company’s internal labor regulations in order to enforce sanctions for infringement.

Cross-Border Data Transfers
In terms of the DPL and its Regulations, companies are not compelled to register their data transfers at the INAI or at any other government agency and, as a general rule, data transfers are subject to the consent of the data subjects (generally granted through the privacy notice). However, the DPL provides for a few exceptions in which the employee’s consent is not required for the data transfer:

  1. the transfer is necessary for preventive treatment or medical diagnosis, the delivery of healthcare, medical treatment or the management of health services;
  2. the transfer is to companies under the same corporate control (subsidiaries and affiliates under the common control of the data controller), or to a parent company or an associated company that operates under the same processes and internal policies;
  3. the transfer is necessary under a contract that has been concluded, or a contract to be concluded, in the interest of the employee by the employer and a third party; or
  4. the transfer is necessary for the maintenance or fulfilment of a legal relationship between the company and the employee (Article 37 of the DPL).

Neither the DPL nor the Regulations require safe harbor registration for data transfers or for carrying out an onward transfer.

Sensitive Data
In terms of the DPL, sensitive data is defined as data that pertains to the data subject’s most intimate sphere, or data that, if misused, could lead to discrimination or cause a serious risk to the data subject. In particular, personal data is considered to be sensitive if it relates to racial or ethnic origin, current or future health status, genetic information, religious, philosophical and moral beliefs, union membership, political opinions, and sexual preference (Article 3, Section VI of the DPL). Financial and economic data is not included within the category of sensitive data; however, the processing of this data requires the express consent of the data subject, except as provided by law (Article 8, Section IV of the DPL). The requirement for consent for the collection of sensitive data is more stringent than in the case of non-sensitive data. When sensitive personal data is collected, the privacy notice must address explicitly that it deals with this type of data (Article 16 of the DPL). No databases that contain sensitive data should be created without justifying their creation for legitimate purposes, concrete and consistent actions, or explicit purposes pursued by the regulated subject (Article 9 of the DPL). If infringements to the DPL are committed in the processing of sensitive data, the penalties can be increased to twice the established amounts (Article 64, Section IV of the DPL).

Background checks
Under the DPL and its Regulations, background checks, credit checks and criminal record checks are allowed if the candidate for employment has granted his or her express consent, as such records include sensitive data. Employers must be aware of processing personal data under the principles of lawfulness, consent, information, loyalty, proportionality, confidentiality and accountability, and must be aware of processing the candidate’s or employee’s personal data or information on a non-discriminatory basis.

Why Special Category Personal Data Needs to be Handled More Carefully

The General Data Protection Regulation (GDPR) recognizes that some types of personal data are very sensitive and states that data controllers must give it extra protection. This is known as special category data. Special category data is information concerning a person’s:

  • health;
  • sex life or their sexual orientation;
  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs; or
  • membership to a trade union.

Special category data under the GDPR is broadly similar to sensitive personal data under the Data Protection Act 1998. However, special category data also relates to genetic and biometric identification data.

Special category data is the most sensitive personal data a controller can process. The misuse of this data is likely to interfere with an individual’s fundamental rights and freedoms and could cause real harm and damage. Due to the possible risks, the ICO expects controllers to take all necessary precautions to protect this data.

What does our new guidance say about how organizations should approach processing special category data?
Firstly, as always, you must have a GDPR lawful basis to process data under Article 6. However, when processing special category data you also need an Article 9 condition for processing and potentially an associated DPA 2018 Schedule 1 condition. Many of the DPA 2018 conditions require you to have an appropriate policy document in place. This is a short document that should outline your compliance measures and retention policies with respect to the data you are processing. We have a template appropriate policy document in our guidance to help organizations ( There is more to do when processing special category data, but the provisions are in place to help you protect the data of those whose information you hold and increase their confidence in you. It’s worth taking the time to get it right.

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) – Version Adopted After Public Consultation

The document can be retrieved and downloaded at:

Other Developments

Marijuana Breathalyzers: Could New Testing Methods Help Employers and Employees?

Employers are grappling with the wave of marijuana laws sweeping the nation, some of which provide very employee-friendly protections. While no state requires an employer to tolerate employees’ use of marijuana or impairment while they are working, present drug testing methodologies cannot determine whether an employee used marijuana two hours or two weeks ago. That might be changing as companies reportedly are closer to developing technology that will be able to detect recent use, a welcome development for both employers and employees.

Marijuana causes impairment to people who ingest it. Actually, the psychoactive component of marijuana, THC (tetrahydrocannabinol), is what really causes impairment. It weakens judgment and motor function. If an employee goes to work high, that creates serious safety concerns. It also creates legitimate concerns regarding employee judgement, behavior, work product, and efficiency. Science has confirmed that these concerns stemming from marijuana use are legitimate.

Another problem is that marijuana use is illegal under long-standing federal law, the Controlled Substances Act. To be clear, it is still illegal to use, possess, or distribute marijuana. Many employers take issue with the idea of being required to tolerate their employees’ conduct that is plainly criminal. Understandably, employers may not like the message that condoning marijuana use sends to their clients, target markets, and communities.

Opinions as to whether marijuana should be legal vary. But most would agree that no employer should have to tolerate employees working while high from use of marijuana—whether the use is legal or illegal. This idea is similar to the generally accepted idea that employers need not tolerate employees working while intoxicated from alcohol consumption, which is legal. Indeed, a number of state marijuana laws include provisions reflecting that employers need not accommodate or tolerate marijuana use or impairment in the workplace or while working. This is the point at which perhaps the most practical problem lies for employers and employees. How can an employer know if an employee is impaired or high from ingestion of THC? An employer with “reasonable suspicion” that an employee is working while intoxicated from alcohol can rely on science to establish impairment. Blood alcohol tests have generally been accepted to measure impairment from alcohol consumption. Unfortunately, there has been no scientifically accepted drug test to show impairment from marijuana use. While most tests show the presence of THC in a person’s system, reflecting use in recent days or weeks before the test, they do not show impairment at or near the time of the test.

New and Improved Testing Methods Could be a Solution
Science may be catching up with the times. A number of media outlets have reported that certain companies are developing tests that use breathalyzers to evaluate how recently a person used marijuana. According to reports, these tests are being designed to show if a person used marijuana within the 2-3 hours before the test, which has been reported to be within the peak period of impairment after ingestion of THC. It is unclear if and when these devices will be available for employment-related testing or the costs associated with such tests. That said, if new marijuana testing devices and methodologies become generally available, and they are validated as a reliable means by which to determine impairment or recent marijuana use, employers may have a much-needed solution to their legal and practical dilemmas. In fact, these marijuana tests could bring employees and applicants peace of mind too. An employee who uses marijuana at home on Sunday evening, in accordance with his doctor’s instructions, may be able to rest easy knowing that, if sent by his employer for a drug test on Monday, the test results will show that he was not impaired while working.

The near-term development and reliability of these testing devices is currently unknown and employers should not expect them to be a panacea to their marijuana woes. Amongst other issues, the devices may not be permitted by state law. Where their use is permissible, we predict their validity and reliability will be challenged by experts and their widespread use by certified laboratories for workplace drug testing programs is not likely to occur any time soon.

Advice to Employers: Evaluate Whether Outright Bans on Marijuana Are Outdated

As more states legalize medical marijuana, employers should evaluate employment policies that outright ban the use of marijuana. Currently, 33 states have passed laws approving the use of medical marijuana. Within Phelps Dunbar’s geographic footprint, the states of Louisiana, Florida, Texas, and North Carolina have adopted medical marijuana programs. For now, all marijuana usage, including for medical purposes, remains illegal in both Mississippi and Alabama. However, employers in these states should not sit idle because medical marijuana might be legal in both states soon. In 2020, the state of Mississippi will be voting on the legalization of medical marijuana via ballot Initiative Measure No. 63. In Alabama, the state legislature set up the Alabama Medical Cannabis Commission which has been charged with examining the laws and regulations of the federal government and other states regarding medical marijuana and considering the potential impacts of legalization. The commission is supposed to report its finding to the Alabama legislature by Dec. 1. Based on national trends, medical marijuana might be legalized in both Mississippi and Alabama sooner rather than later.

Under federal law, marijuana remains an illegal Schedule I drug under the Controlled Substances Act. As a result, employment policies that prohibit the use of marijuana both at home and in the workplace do not run afoul of federal law. Furthermore, courts have found that the Americans with Disabilities Act (ADA) does not protect individuals who use marijuana for medical purposes because marijuana is illegal federally. Thus, under federal law, an employer may make hiring or firing decisions based on an individual’s marijuana usage.

Unlike federal law, some states have specifically passed laws prohibiting discrimination against employees who legally use medical marijuana, and some state courts have found that medical marijuana users are entitled to protection. In 2017, Massachusetts courts found that an employer owed its employee an obligation to participate in the interactive process before it terminated her for medical marijuana usage. However, Florida’s medical marijuana law specifies that it does not limit the ability of an employer to establish, continue or enforce a drug-free workplace program or policy, and that employers are not required to accommodate the medical use of marijuana in any workplace or any employee working while under the influence of marijuana. Florida law further provides that the state’s medical marijuana law does not create a cause of action against an employer for wrongful discharge or termination. The laws in Louisiana, Texas and North Carolina are silent on medical marijuana’s impact on employer-employee relations.

Due to the uncertain state of the law, employers should consider whether an outright ban on marijuana in their policies might be modified to account for the changes. One potential option is to treat medical marijuana like any other prescription medication and to alter policies that provide a blanket prohibition on marijuana use. Such changes would need to account for the state laws in the states where the employer operates, and consider whether the employer wants to test for marijuana, and how it may want to handle positive tests for marijuana, which could differ based on what type of job is at issue (e.g., federal contractors and transportation workers subject to DOTD regulations).

The law on allowance of medical and even recreational use of marijuana is continuing to evolve, and some employers have been challenged in court when relying on their policies that were compliant in the past. Employers seeking to stay ahead of the trend should take a look at their policies and consider whether an update is necessary and consult with legal counsel before implementing such changes.

The ADA Does Not Cover the Possibility of Future Disabilities

The Seventh Circuit Court of Appeals recently ruled that the American with Disabilities Act (“ADA”) does not protect an applicant who later may become impaired. In this instance, a worker applied for a position that would have required him to perform “safety-sensitive” tasks. After he was extended a conditional offer of employment, Plaintiff was required to pass a medical evaluation. Defendant, as a matter of course, does not hire applicants for safety-sensitive position if their body mass index (“BMI”) is over 40. Defendant reasoned that applicants who exceed BMI levels are at a substantially higher risk of developing certain conditions that can result in incapacitation on the job. Plaintiff’s BMI was 47.5. Plaintiff filed suit asserting that the failure to hire him amounted to discrimination under the ADA on the basis of a perceived disability. The employer denied the allegations, arguing that the worker did not have a disability because “obesity” was not a qualifying impairment and, moreover, there is no evidence to suggest that he was regarded as being presently impaired. The District Court found Plaintiff’s allegations of “perceived disability” to be worthy of a trial, but the Seventh Circuit reversed, concluding that the employer did not perceive there was a current perception had an obesity-related impairment at the time of withdrawal of the offer. This decision adds to the growing body of ADA related case-law and may add to the confusion as to when a perceived disability is protected. Interesting, the Genetic Information Nondiscrimination Act (“GINA”) is not discussed in the Court’s decision as BMI likely does not qualify as genetic information. However, employers should be aware of GINA in all employment decisions.

This information has been prepared by Validity Screening Solutions for informational purposes only and is not legal advice. The content is intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have.