- GDPR is Promoting Renovation of Data Protection Practices Across the World
- Virginia Criminal Database Missing 750k Cases Used for Gun and Background Checks
- PA – Crestwood Cancels Classes Again Over Background Checks
- NC – Duke Moves to ‘Ban the Box’
- Fifth Circuit Opines on When Claims May be Properly Maintained Under ERISA § 502(a)(1)(B) Versus § 502(a)(3)
- How Elected Officials Shaped the FCRA
- NY – Westchester May Prohibit Employers from Asking About Convictions on Job Applications
- Court of Appeal Decision Narrows Use of Employee Non-Solicitation Provisions in California
- NJ Continues to Raise the Bar for Enforceable Arbitration Agreements
The General Data Protection Regulation, which took effect in May 2018, has renewed interest in security spending. Gartner projects security will drive 65% of buying decisions related to data loss prevention by the end of the year. While the focus of the regulation is on citizens in the EU, GDPR is having a global impact.
The United States, as well as individual states, are creating new laws inspired by the GDPR:
US Consumer Privacy Act – gives companies 30 days to report a data breach after it occurs.
Colorado – the state legislature is considering passing a bill that would require organizations to implement “reasonable security procedures and practices” to protect Personal Identifying Information (PII) of state residents.
California Consumer Privacy Act of 2018 – gives similar rights to state residents as those granted to EU citizens by the GDPR.
GDPR’s impact on other countries can be found via the link below.
In an alarming discovery, members of the Virginia State Crime Commission found that more than 750k records were not in the state’s Central Criminal Records Exchange, including more than 300 murder convictions, 1,300 rape convictions and 4,600 felony assault convictions.
It was determined that failure to enter a defendant’s fingerprints into the system by the arresting agency when he or she was charged led to the missing records.
The Crestwood (PA) School District canceled all classes for two consecutive days after state auditors found that background checks for some bus drivers were not up to date. While the busing contractor is supposed to run background checks as part of the process for employees to become fully certified to transport students, the responsibility to compile records ultimately falls on the school district.
At the time classes were canceled, the owner of the bus company stated that all drivers had applied for background checks – with about half having been approved and the others slowly trickling in.
Duke University joined the growing number of states and other universities in “banning the box”, which prevents organizations from requiring applicants to disclose their criminal records when initially applying.
The decision by Duke came after other university systems including New York, California, Louisiana and Maryland instituted bans disallowing colleges fro asking about crimes during the application process.
The US Court of Appeals for the Fifth Circuit recently addressed the complexities of ERISA law and practice. The court highlighted the importance of identifying the purported injury to understand whether an ERISA § 502(a)(3) claim (a claim for equitable relief) is duplicative of a claim that could have been brought under ERISA § 502(a)(1)(B) (a claim to recover benefits or enforce a right under the terms of a plan), in which case it should be dismissed.
Further details can be found via the link below.
In Thornton v. Equifax Info. Servs., the Middle District Court of Georgia confirmed that a plaintiff’s state law claims were preempted by section 1681t of the Fair Credit Reporting Act (FCRA).
The Court discussed that there were two different versions of the FCRA at issue in this case – “section 1681h(e), which was part of the original FCRA, which did not impose duties on furnishers of credit information or create a right of action against furnishers based on their furnishing of inaccurate credit information to consumer reporting agencies” and the new version of the FCRA – including section 1681t(b)(1)(F) – which was overhauled when Congress enacted the Consumer Credit Reporting Reform Act of 1996 (“CCRRA”).
The CCRAA added section 1681s-2, which imposed specific duties on furnishers of information, as well as an enforcement scheme for violations by those furnishers. In doing so, Congress also added section 1681t(b)(1)(F), which expressly preempted state law.
At the conclusion of its analysis, the Court held that section 1681t(b)(1)(F) implicitly preempted section 1681h(e) – to the extent that the two statutes conflict – as the CCRRA was a, “clear and manifest expression of Congress’s intent to regulate the duties of credit information furnishers and to displace state law on this subject.”
Westchester (NY) might be the latest municipality to prohibit private employers from asking about an individual’s criminal history on the initial job application. Lawmakers are expected to vote, and if the law is enacted, Westchester would join 31 states and 150 municipalities throughout the US in “banning the box”.
An interesting case out of California involving the solicitation of former co-workers to leave a company. The California Supreme Court did not consider whether employee non-solicitation provisions were void, and based on previous case law, they were considered valid until recently.
The decision by a California Court of Appeal seriously calls into question whether non-solicitation clauses are even aloud.
Much more to read on this via the link below.
Employee operating in New Jersey should consider a through review of their arbitration agreements to make sure they include necessary provisions after a recent decision by the New Jersey Appellate Division. In Flanzman v. Jenny Craig, Inc., the court found that because an arbitration agreement did not establish the forum for arbitration. In not not establishing the forum, the agreement lacked sufficient details to establish the “meeting of the minds” component critical to making the agreement enforceable.