Privacy & Information Security Law Blog

As reported on the Hunton Employment & Labor Perspectives blog, on October 24, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued a policy statement (known as a Circular) to explain the link between the Fair Credit Reporting Act (“FCRA”) and employers’ growing use of artificial intelligence (“AI”) to evaluate, rank and score applicants and employees. Employers should take note that the FCRA does not only apply to criminal history or credit reports. As the use of advanced data analysis and AI rise, employers should ensure that they are not running afoul of the FCRA’s requirements.

Consumer Reporting Tools

The CFPB notes that vendors now offer a range of products and services to employers, including those that record workers’ activities, personal habits, tendencies, attributes and, in some cases, biometric information. Some employers use this information to, e.g., track worker productivity and evaluate performance.

Vendors also offer similar products and services that provide insights into prospective employees. As an example, the CFPB highlighted a phone app that monitors a transportation worker’s driving activity and provides driving scores to companies for employment purposes.

The CFPB’s Circular makes clear to employers that some of these vendors may be considered, under the FCRA, as consumer reporting agencies, and the products and services they provide may fall under the definition of a “consumer report,” triggering a host of accuracy, notice, and transparency requirements.

FCRA’s Reach

Under the FCRA, a consumer reporting agency is a company that “regularly assembles or evaluates consumer information” into a consumer report and sells that information to third parties.

In turn, a consumer report is “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for” certain purposes, including “employment purposes.”

If employers seek to use information in a consumer report for an adverse employment action, there are various disclosure and notice requirements that must be complied with prior to taking action. 

What Does the Circular Mean for Employers?

Employers should assess the current technological tools they are using, including AI, to determine whether those tools may constitute consumer reports, triggering the need to comply with the FCRA.  The CFPB notes that “[a] company that employers use to help make employment decisions could meet this standard in a number of ways.” For example, in the applicant realm, consumer reporting agencies may offer data (e.g., disciplinary or performance trends) about applicants gathered from other employers. If employers are using this information to make employment decisions, that data may fall within the ambit of the FCRA.

Employers or vendors with questions about the FCRA, and the CFPB’s circular, should consult with their labor and employment attorneys and stay abreast of developments in the law.