By Brian K. Morris
Last week, the Northern District of Texas weighed in on the proper application of Article III standing requirements in light of the Supreme Court’s 2016 decision in Spokeo, Inc. v. Robins, 136 S.Ct. 1540 (2016), and delivered a win to employers in Fair Credit Reporting Act (FCRA) cases.
In Dyson v. Sky Chefs, Inc., 2017 WL 2618946 (N.D. Tex. June 16, 2017), the court held that the plaintiff in a putative class action who alleged the improper inclusion of “extraneous” information in a FCRA disclosure, lacked Article III standing. The employer’s document did not “consist solely of the disclosure” because it contained: (a) an “ongoing authorization” clause; (2) state and municipal law notices; (3) a summary of rights; and (4) a legal disclaimer. While the employer’s disclosure was not a standalone document (as required by the statute) it provided the plaintiff with all of the statutorily-required information.
The employer moved to dismiss the action, contending that the inclusion of extraneous information was a procedural rather than a substantive violation and thus did not constitute injury in fact. The court agreed, concluding that the plaintiff did not allege a concrete informational or privacy-based injury.
In reaching this conclusion, the court distinguished the substantive right to information from the procedural right to receive it in a specified format, and made clear that the allegations in Dyson fell squarely in the latter box:
“Plaintiff does not allege that he did not receive a disclosure or that he failed to understand it, he just attacks the fact that it wasn’t on its own sheet of paper. Where … plaintiffs do not allege that they did not see the disclosure, or were distracted from it, the allegations amount to no more than a bare procedural violation of the stand-alone requirement. … Plaintiff’s allegations therefore do not confer standing on an informational injury theory.”
Id. at *7 (internal citations and quotation marks omitted).
The court also rejected the contention that the employer obtained the background check with “no legal right to do so” and thus caused a privacy-based injury. Embracing the principle that violating the standalone disclosure requirement necessarily renders the background check unauthorized would “negate the entire procedural/substantive distinction” articulated in Spokeo.
According to the court, the existence of a privacy and informational injury in a FCRA case turns on the same central question: whether the plaintiff received the requisite information (even if provided in an improper format) prior to knowingly authorizing the background check. Because the plaintiff signed the authorization and did not claim ignorance regarding its content or import, he did not allege an invasion of privacy.
What This Means For Employers
Courts throughout the country continue to wrestle with the impact of the Supreme Court’s decision in Spokeo and are reaching divergent conclusions. Indeed, the Dyson court explicitly declined to follow a recent contrary decision from a Virginia federal court. Because of the unsettled nature of the law and the proliferation of high-dollar FCRA class actions predicated on highly-technical statutory violations, employers should evaluate their FCRA compliance by:
• Updating FCRA documents, including disclosures, authorizations, and state and locality-specific notices.
• Training managers and human resources professionals regarding background check processes such as how to present information to applicants and employees (e.g., disclosures, authorizations, etc.) and providing appropriate notices when taking an adverse action based on information obtained in a background check.