Do companies that use workplace surveillance tools to make hiring and firing decisions risk violating the Fair Credit Reporting Act (FCRA)? According to the Consumer Financial Protection Bureau (CFPB or Bureau) in a recent comment, the answer to that question is yes. The Bureau’s official comment comes in response to a request for information issued by the White House’s Office of Science and Technology Policy on the impact of automated tools used by employers to monitor and evaluate workers. The CFPB’s position that the FCRA applies to automated worker surveillance tools is consistent with the Bureau’s March 2023 request for information on data brokers, discussed here, to determine whether the FCRA applies to modern data surveillance practices.
As background, the FCRA provides protections related to consumer reports. The FCRA defines “consumer report” to include “any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for … employment purposes.”
The gathering and use of information from worker surveillance technologies to support retention and promotion decisions has greatly increased in recent years, in large part because of COVID-19 work-from-home arrangements. But in a now-familiar refrain, the CFPB cautions that such “automated technologies may produce incomplete or inaccurate information or exacerbate biases.”
The CFPB makes clear that the FCRA may apply to worker surveillance when making decisions including hiring, firing, promotion, reassignment, retention, and compensation. The CFPB also expressed interest in exploring how the information employers obtain about their employees through such technologies can find its way into the data broker market as well as when such information is used for employment background screening and other decisions that could impact consumers.
Furthermore, the CFPB expressed significant concerns about whether entities offering evolving worker surveillance technologies to employers are complying with applicable law. The CFPB stated that a company’s choice to use new technologies does not absolve it from its legal obligations.
The CFPB presumably is not going to transform itself into an employment regulator, but its public announcement does signal an interest in protecting employee rights from the types of monitoring discussed by the Bureau in its comment. We expect the Bureau to consider enforcement action on this subject if a company engaged in such practices comes to its attention, which means that employers should consider their use of such technologies to ensure that they are in a defensible position. The subject matter of the Bureau’s statements lies at the intersection of employment, privacy and consumer protection laws, and we believe that all three need to be taken into account in assessing this issue. That’s why the three of us — representatives of Troutman Pepper’s Labor & Employment, Privacy, and Consumer Financial Services groups — wanted to write on this jointly and will be watching this issue together for further developments.