1.
Investigating «Consumers» vs. Investigating «Misconduct in the Workplace» – Can «Consumer Reporting Agencies» Investigate only «Consumer» Activity? ^
[1]
Ms Judi Vail, Counsel for the Society for Human Resources Management (SHRM), was not certain how SHRM or the «consumer reporting agencies» (CRAs) should respond to a growing new market demand. Ms Vail wrote to the U.S. Federal Trade Commission (the FTC) the regulatory agency for the Fair Credit Reporting Act (the FCRA) which governs the activities of «consumer reporting agencies» (CRAs).
[2]
From Ms Vail’s letter, we learn that employers had sought the assistance of CRAs to «investigate» complaints of alleged wrongdoing in the workplace…or, perhaps, that CRAs had seen a business opportunity to promote their services for this purpose. The «Vail Letter», the 1999 «staff advisory opinion letter» of the Federal Trade Commission (FTC) in response to Ms Vail would authorize the innovation that SHRM was seeking.
[3]
Investigation of «wrongdoing in the workplace» might normally be conducted by the employer itself, or, if necessary, the employer might involve «private investigators» who are licensed for such purposes. Under the Fair Credit Reporting Act (FCRA), «consumer reporting agencies» (CRAs) were authorized to prepare «consumer reports» on individual «consumers» for «consumer credit» and,inter alia , for pre-employment purposes. They might also prepare so-called «investigative consumer reports», largely, also for pre-employment purposes.
[4]
The FCRA authorizes «consumer reporting agencies» to «evaluate» «character», «general reputation», «personal characteristics» and «mode of living» in the process. However, «consumer reports» rely mainly on «credit reporting» and public records, while «investigative consumer reports» do not include «credit reporting», but rely on «interviews» with «friends, neighbors, and associates» of the «consumer». For both «consumer reports», CRAs enjoy immunity from charges of defamation or invasion of privacy – so long as they comply with «strict procedures» to insure accuracy, and «reasonable procedures» to correct for inaccuracy when it occurs. But, unless CRAs were to investigate employees as «consumers», they would, conceivably, not be acting as CRAs – and the protection afforded by the FCRA would not apply either to the CRA or to the employer.
2.
The Advent of Private Sector Personal Surveillance in the U.S.A ^
[5]
When the time comes for writing the history of the development of private sector surveillance in the United States, «the Vail Letter» will doubtless represent a chief milestone along that route. With one fell swoop the FTC gave SHRM what seemed like federal agency authority to shuck off their fundamental obligation for exercise of management judgment (for which HR management, is responsible and liable). And, instead, FTC confirmed, that employer HR management now had what appeared to be regulatory approval to contract with a third party CRA to investigate «misconduct in the workplace» – or , effectively, to buy a secret dossier on every man, woman, and teenager in the workforce.
[6]
Why was this so attractive? If there were any suspected wrongdoing in the workplace, management could claim to have paid to have had it investigated. Management could then take «adverse action» on the basis of CRA «reports». Any employee affected could challenge such a «report». But, under the FCRA, management would not have to justify the contents of these «reports» itself. If an employee took issue with the «reports», he or she could be referred to the CRA – or rather to the CRA’s 800 number. If the employee reached a live person, the CRA only had to have «strict procedures» in place for compliance with the FCRA.
[7]
There is no mention in the FCRA how «strict procedures» for correcting inaccurate «credit reporting» might differ from verifying «items of information» collected from «interviews» with «friends», «neighbors», or «associates»—if those persons were the «best sources» (within a three month period) for what was contained in an «investigative consumer report». Neither the names of sources, nor their evidence, had to be disclosed unless subject to «appropriate discovery» in judicial proceedings, which could be fought in court.
[8]
In any event, under the FCRA the employee must be informed that the CRA had not made the «adverse decision», although the employer was privileged to rely on CRA «reports» without having to justify them. To use the language of Google, with such a system, management responsibility and liability could be outsourced, and, effectively, be put «in the clouds».
3.
Answering Concerns over Sexual Harassment in the Workplace ^
[9]
The «Vail Letter», the «staff advisory opinion letter» of the FTC in reply to Ms Vail, repeated the basis for the question from Ms Vail’s letter. «Under Title VII [of the Civil Rights Act of 1964], she had written, an employer has specific obligations, including the obligation to investigate allegations of sexual harassment in the workplace». Could employers satisfy that obligation by hiring CRAs for that purpose?
[10]
«Obligation to investigate allegations of sexual harassment in the workplace»? Where is that to be found in Title VII? «Sexual harassment» was not a concept that was current in 1964 when Title VII was enacted. Discrimination on the basis of sex was named in Title VII. «Sexual harassmen» as a source of harassment in the workplace may have been in the air by 1970, when the FCRA was enacted. But, not until 1986 did the U.S. Supreme Court complete the circle and hold that «sexual harassment» is a form of discrimination on the basis of sex.
[11]
Under Title VII, however, investigation of discrimination complaints was lodged in the Equal Employment Opportunity Commission (EEOC). If EEOC sees a basis to find illegal discrimination, they can negotiate with the employer, sue, or issue a letter authorizing the victim to sue. But there is nothing in Title VII that goes beyond what management ought to be doing in the first place – knowing what is going on under its own management authority.
[12]
In 1980, the Equal Employment Opportunity Commission (EEOC) issued guidelines, for implementation by employers, for combating sexual harassment in the workplace. The number of such state and federal cases increased in the 1980s, leading the courts, as well, to call for measures to combat a «hostile environment» involving sexual harassment in the workplace. So far, this only concerned EEOC guidelines, and employer implementation of guidelines.
[13]
The Supreme Court took up the issue of “sexual harassment” in two decisions in 1998. But the Court dealt with those cases in terms of the vicarious liability of the employer for the wrongs of the agent/supervisor. The decisions in those cases involved pure agency theory. The employer could be liable for misconduct of its agent acting in official capacity. There was no special obligation on the part of the employer to do anything other than to manage its employees and supervisors in accordance with EEOC guidelines.
The business opportunity that Ms Vail was developing here, and which the FTC appears to have been ready enough to go along with, was the practice of engaging CRAs to investigate general «misconduct», or alleged «sexual harassment» in the workplace – and get it out of the realm of direct employer – that is HR management, and federal agency (EEOC) – oversight. Nothing in Title VII, or the case law, would have led to that. Yet, the FTC appears, both to have supported the idea, and to have limited it.
4.
From a «Consumer Reporting» Law to Investigating «Misconduct in the Workplace» ^
[14]
On the one hand, the FTC stumbled into supporting farming out management responsibility to CRAs where there was good reason to object. The legitimate inquiry of Ms Vail was as to whether it was appropriate for a CRA to investigate alleged general “misconduct in the workplace”. If answered «No», that could have kept CRAs from creating a new workplace investigation business, and from compiling dossiers on individual employees.
[15]
Instead of answering directly, FTC offered a correct, but irrelevant, reply that if an employer asks a CRA to investigate an employee, (that is to investigate a «consumer») that involves, by definition, an «investigative consumer report».
The relevant inquiry here is not whether the scope of the investigation goes beyond the employer’s workforce or internal documents .…FCRA defines a consumer reporting agency (CRA) as a person which, for monetary fees, «assembles or evaluates» credit information or other information on consumers for the purpose of regularly furnishing «consumer reports» to third parties using any means or facility of interstate commerce.…
[16]
But, is that really what is happening here? The assisting entity would be a CRA, if it furnished «consumer reports» on «consumers» (i.e., here, on employees) to a third party. But the question asked related to different facts. The CRAs were being asked to (or were soliciting requests to) investigate «hostile environment» in the workplace.
[17]
Crucial to the FTC staff attorney, however, was not the nature and purpose of the investigation, but whether the CRA delivered «consumer reports» or «investigative consumer reports» as a result of their services:
A «consumer report» is…defined…as a report containing information bearing on an individual’s «character, general reputation, personal characteristics, or mode of living» that is used or expected to be used for the purpose of serving as a factor in establishing the consumer’s eligibility for, among other things, employment. (The FTC’s «Vail Letter». Italics and paragraphing added.)
[18]
In other words, as long as you are investigating a «consumer» (here, «employee») in this connection, not necessarily the «hostile environment» of the workplace as such, go right ahead if you are a CRA!
5.
From Management Liability to Employee Liability ^
[19]
The trouble with such a «staff opinion» from the FTC is not simply that it opens the door to CRAs to go into new business ventures. What it really does is take the issue:
«Is an investigation of whether there is a ‘hostile environment’ in the workplace an investigation of possible employer violation (involving poor HR management)?»
[20]
and, lets it be characterized as:
«As long as the CRA is engaged in preparing an ‹investigative consumer report› on an employee, it may prepare a report containing information bearing on an individual’s ‹character, general reputation, personal characteristics, or mode of living› that may reveal a possible employee violation (a possible criminal offense).»
[21]
But, isn’t that shifting the blame before we even know whether an employee was involved in any «wrongdoing in the workplace» or not? Or is the FTC proclaiming a new doctrine of «the employer can do no wrong»?
[22]
Doubtless, this learned exchange on the statutory language of FCRA served the legal consciences of Attorney Vail and of the staff attorney of FTC. We can also imagine the immense satisfaction of the business managers of CRAs across the country with this new business windfall. They were now free to expand their services to implement the most intrusive «investigative consumer reports» of untold numbers of employees, and, as we shall soon see, investigate them over and over again!
6.
From «Consumer Reporting» to Vigilante Criminal Investigation ^
[23]
Of course, the employer has management responsibility to see that there is no illegal activity in the workplace – w hether sexual harassment, or any other discriminatory or illegal activity. Management responsibility, if neglected, can also result in employee complicity in an offense.Does that also mean that an employer has criminal investigative powers? … or can outsource those powers to a third party, a CRA, to exercise without benefit of the normal protection of due process of law?
[24]
The «Vail letter» manages to re-cast what is essentially a quasi-criminal investigation of conditions in the workplace into an “investigative consumer report” on an employee or employees. Set up in this fashion, the question of absence of exercise of proper management authority, which may have led to this situation, never arises. Management appears to have no obligation but to call in CRA investigators of employees – regardless of whether anything untoward has occurred in the workplace or not. But, CRA conclusions, whether justified or not, go into a lifelong secret masterfile on the employee or employees.
[25]
This offers a windfall business opportunity to the CRAs. But, it also changes the purpose of law in the «Fair Credit Reporting Act» (FCRA). Granted, the FCRA gives ancillary statutory authority for «consumer reporting» on applicants for pre-employment purposes. But, the «scope of the investigation» foreseen in this new «staff advisory opinion letter» goes far beyond confirming qualifications for employment, even on the basis of «character, general reputation, personal characteristics, or mode of living».
[26]
Instead:The «Vail Letter»:
- Provides a theoretical basis for criminal investigation without probable cause;
- Robs the employees involved of due process of law;
- Deprives those employees of the right to confront their accusers; and
- Foregoes the protection of Fourth, Fifth and Sixth Amendments of the Constitution of the United States.
7.
Subterfuge in Obtaining Employee «Authorization» ^
[27]
Within months, the CRAs were back again to ask, whether, if they were to investigate «consumers» (here «employees») rather than «workplaces», how should they proceed to obtain FCRA «authorization ». The “Consumer Credit Reporting Reform Act” of 1996, amending the FCRA, had required the employer to make clear and conspicuous disclosure of any intent to seek a «consumer report» or an «investigative consumer report» on job applicants and employees. That question was then essentially made moot, however, since FTC obligingly provided and encouraged subterfuge for obtaining unwitting employee «authorization »:
1. Make it mandatory at the outset of employment, so you always have it on hand; or
2. Require it from everybody, so that nobody is singled out.
2. Require it from everybody, so that nobody is singled out.
[28]
This time, FTC staff did not waste much time on statutory analysis. There is passing mention of the requirement of «consent» – but no hesitation over whether one might consider that «consent» was being obtained by misrepresentation . Just go ahead and make it mandatory in the initial employment application, and you can always come back to it again, if you need it:
to procurement of a consumer report…can be routinely obtained at the start of employment, thereby relieving the employer of the awkward prospect of having to ask a suspected wrongdoer for permission to allow a third party to provide an investigative (or other) consumer report to the employer…. (The FTC’s «Meisinger Letter»)
[29]
And, if the employer did not think to include the request for «authorization » in the initial application form, then go ahead and ask all employees to sign, now, and the suspected wrongdoer will be none the wiser:
Another way for an employer to comply with these FCRA requirements without alerting a suspected wrongdoer is to ask all current employees to sign a consent form, and provide them any required notice at the same time. (The FTC’s «Meisinger Letter»)
[30]
The issue in tactics sanctioned by the FTC in obtaining «authorization » for «investigative consumer reports» from applicants for employment is not whether the FTC went well beyond its remit in offering the advice in the «Vail Letter», and the «Meisinger Letter» which followed.The point is that those «staff advisory opinion letters» offered subterfuges for obtaining «authorization» from applicants for financial and other public services, and employment, that the FTC, the SHRM, and the CRAs obtaining such «authorization», had to know was misrepresentation.
[31]
HR management now had «staff advisory opinion letters» from the regulatory agency authorizing them to outsource an investigation of supposedly rogue elements in the workforce. It did not matter whether the individual «investigative consumer reports» delivered were right or wrong or pure fantasy. HR manager’s judgment was no longer on the line. The ostensible issue for employers – to fob off for the product of the «consumer reporting agencies» (CRAs) – was sexual harassment. The perfect he said she said crime. What they needed was not hard evidence that would win a case, but the comprehensive «investigative consumer report» that could allege sins that speak for themselves and undermine «character» and «reputation», and never have to prove anything. It was unlikely that any individual case would go to court. But in that event, HR management did not have to defend its own judgment. They now had the ability to put the rogue file in evidence to pass for due diligence.
8.
Can the CRA Redact its Sources from the «Investigative Consumer Report» for Their Protection? ^
[32]
If there was any doubt left that FTC did not waste any tears on the «consumer», that last suspicion would be removed by FTC’s response to an inquiry of Douglas Hahn, President of HR Plus (a CRA), in July, 1998. The FTC summarized the inquiry regarding:
[T]he requirement…of the amended…FCRA that any person intending to take an adverse employment action, based in whole or in part on the contents of a consumer report from a …CRA must first provide a «copy of the report» to the consumer. You point out that an «investigative consumer report» (such as a background investigation for employment purposes) is a «consumer report» covered by this provision, and that [that section] does not expressly permit the employer to delete the identity of the sources of information….If this happens, you believe that it may be difficult for consumer reporting agencies such as your company to obtain information from former employers or friends or associates of a consumer since you will not be able to offer confidentiality to these sources. (The FTC’s «Hahn Letter»)
[33]
The «staff opinion letter» concedes FTC’s belief that: «the section requires the employer to provide the complete report. » However, the «staff opinion letter»then goes on to provide precisely the subterfuge that CRAs were looking for:
In order to reduce concerns about disclosure of sources, CRAs such as your company may wish to provide employers with reports that do not specifically identify sources. For example, instead of stating that a specific individual working for a named company provided an item of information, you may state that the information came from a former employer without identifying either the individual or the employer. Your clients may then release these reports to consumers «as is» consistent with the requirements of…the FCRA. (The FTC’s «Hahn Letter»)
[34]
That solution simply disregards the Sixth Amendment problem (the right to confront one’s accuser). It may be that private sector entities are not held to constitutional standards. They are, nonetheless, protected from liability in whatever they are doing by the FCRA. But,Congress cannot authorize what it cannot do itself.
[35]
The question that still remains under the FCRA is: is this «investigative consumer report» «truthful», made «in good faith», and «not malicious»? There is no question that such a «report» is intended to be used to affect credit or employment or other public services.Are we to believe that Congress intended not to require solid evidence for such vital concerns? Or intended them to be subject only to gossip and hearsay?
9.
Completing the Circle to Vigilante Justice ^
[36]
Congress has not been altogether candid, either, in their enactment of the FCRA amendments. The point has already been made that the legislation displays language remarkably favorable to employers, the financial services industry, and the electronic personal data collection agencies. It goes much further than that, however. Master/servant law, that emphasizes the subservience of labor to management, has never really been the dominant trend in American labor law. Even in the heyday of unbridled capitalism, the U.S. Supreme Court upheld the doctrine of an employee’s «freedom of contract». A New York law limiting the number of hours that bakers could work to 60 hours per week was held contrary to the «freedom of contract», that permitted laborers to work as long as they chose.
[37]
In reality, capitalism was essentially unconstrained in those years. Efforts to form unions, or to carry out strikes, were brutally suppressed. There was no real «labor contract». In fact the doctrine of «employment at will» was then first being promoted. All these things allowed capital and management, and even the state, vast powers over labor. But labor was never subject to any legalized police power exercisable by their employers – such as was now emerging in the amendments to the FCRA.
[38]
The «Hahn Letter» emphasizes that in the FCRA amendments Congress calls for disclosure when an employer seeks an «investigative consumer report» on an applicant for employment. But,it appeared that Congress had also provided for special «communications» that employers could receive from CRAs, that are not «investigative consumer reports». Since these «communications» were specifically exempted from the definition of «investigative consumer reports», and, were conceived of as not leading directly to «adverse action» with respect to a particular employee, they did not require disclosure. Suddenly, in the eyes of the FTC, Congress seemed to have adopted the master/servant law perspective:
Thus, Congress protected sources from disclosure at the same time that it broadened consumers’ rights to gain access to information .…Section 603(o) is an entirely new provision added by Congress in the recent amendments. It exempts from the definition of «consumer report» (and, thus, from coverage by the FCRA) certain communicatons by employment agencies…that would otherwise be investigative consumer reports. In order for the exemption to apply, certain procedures must be followed. Among these procedures is a disclosure that parallels the disclosure required by Section 609. Significantly, the subsection that mandates disclosure…specifically excludes from disclosure «sources of any information that is acquired solely for use in making the communication and actually used for no other purpose »…. (The FTC’s «Hahn Letter»)
[39]
For «no other purpose »? That is, they mean, not for the purpose of «adverse action», which requires disclosure? This mysterious language does not appear to make any sense – other than as an anticipation of the kind of «communication» that Congress was soon to provide for. That came in the, then yet to be enacted «Fair and Accurate Credit Transactions Act» (FACTA), of 2003.
[40]
As the «Hahn Letter» pointed out, when an «adverse action» by the employer is contemplated, section 604 mandates that the employer must provide «a copy of the [consumer] report » to the «consumer» (that is to the «employee») prior to taking the action contemplated. Receiving «a communication » from the CRA, allows the employer to inform itself – without taking an «adverse action» – at least for the moment.
[41]
Inform itself, for no «adverse» purpose, has, however, to be translated into some kind of plain English. Either the employer is not taking «adverse action», but is spying on the employee. Or, as the FACTA Act perhaps intends, is preparing to turn over negative information to the police or to a regulatory agency. After all, the employer would have conducted a kind of private quasi-criminal investigation. In other words, if the employer lets the police or an administrative agency take any «action» called for, that action is, arguably, not employer «adverse action» for which advance disclosure is called for.
[42]
It is worth mentioning that the worst form of wrongdoing to have been investigated by outsourcing agents, when this question was first raised, was to be creation of a «hostile environment» associated with sexual harassment – which can range from posting pin-ups to salacious conversation and touching, but which did not rise to the level of criminal sexual exploitation.If that kind of violation already leads to such extreme surveillance measures, what kind of response is left for organized crime or terrorism.
Orlan Lee
Professor, School of Management, New York Institute of Technology, Global Programs, P.O. Box 840878, Amman 11184, Jordan,acfolee@gmail.com .
This paper is an excerpt from the forthcoming:Waiving Our Rights: The Personal Data Collection Complex and its Threat to Privacy and Civil Liberties (Lanham, MD: Lexington Books).
