February 15, 2021
Arnall Golden Gregory LLP is pleased to provide you with the Compliance News Flash, which includes current news briefs relevant to background screening, immigration and data privacy, for the benefit and interest of our clients as well as employers and consumer reporting agencies generally.
-
Several organizations, including the Professional Background Screening Association and Consumer Data Industry Association submitted amicus briefs to the U.S. Supreme Court in the TransUnion v. Ramirez case. The case is significant to the background screening industry because it could curtail the ability of plaintiffs to bring Fair Credit Reporting Act (FCRA) class action lawsuits. The Supreme Court will consider the question of whether Article III of the Constitution or the Federal Rules of Civil Procedure permit a “damages class action where the vast majority of the class suffered no actual injury, let alone an injury anything like what the class representative suffered.” The case arises from a class action brought against TransUnion in the Ninth Circuit involving its reporting of Office of Foreign Asset Control (OFAC) information. In the case, the class representative was found to have suffered actual injuries due to the reporting of inaccurate OFAC information, while many other members of the class arguably suffered no injury because TransUnion never issued a consumer report about them. The Supreme Court is scheduled to hear oral arguments in the case on March 30, 2021. Click here to read more.
- The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued a joint opinion making recommendations for revisions to the draft Standard Contractual Clauses (SCCs) issued by the European Commission (EC). As a reminder, the draft SCCs were issued in November 2020 by the EC in an attempt to rectify some of the shortcomings identified in the CJEU’s Schrems II decision from July 2020. Originally the SCCs were expected to be finalized in Q1 of 2021, but with this joint opinion suggesting significant revisions, it looks like it might be a bit longer before we see a final version. Once they are adopted, businesses will have 1 year to implement the new SCCs. Click here to read more. As a note, the “new” SCCs are intended to eventually replace the SCCs currently found on the EC’s website (click here). SCCs are used for data transfers between the European Union (EU) and non-EU countries.
- The Department of Homeland Security (DHS) announced it will delay the effective date of its new H-1B Selection final rule, which changes the process by which U.S. Citizenship and Immigration Services (USCIS) prioritizes selection of H-1B cap-subject petitions by replacing the current random lottery with prioritizing selection of H-1B cap-subject petitions based on the highest Occupational Employment Statistics prevailing wage level. DHS is delaying the effective date of this final rule from March 9, 2021, to December 31, 2021. Thus, for the upcoming H-1B cap season, USCIS will apply the current lottery system to any registration period that takes place before Dec. 31, 2021. USCIS states that the delay will give USCIS more time to develop, test, and implement the modifications to the H-1B registration system and selection process. Click here to read more.
- Virginia looks like it will be the second state, behind California, to pass comprehensive data privacy legislation. The Virginia House passed HB 2307 and the Virginia Senate passed an identical companion bill, SB 1392. Similar to California’s CCPA and CPRA, Virginia’s legislation would give consumers the right to access, correct, and delete the data that businesses collect about them, as well as the ability to opt out of data collection. The bill does not give consumers the ability to sue companies for violations, known as a private right of action. Instead, the bill will be enforced exclusively by Virginia’s Attorney General. Whether to include a private right of action has been a sticking point for a number of similar privacy bills. If enacted, the legislation would take effect January 1, 2023. Click here to read the Virginia bill.
- The Federal Trade Commission (FTC) has finalized its settlement with Zoom Video Communications, Inc., (“Zoom”) over allegations it misled consumers about the level of security it provided for its Zoom meetings. The final order requires Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release, and ensure the updates will not hamper third-party security features. The company must also obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve, and notify the FTC if it experiences a data breach. Click here to read more.
 |
Montserrat C. Miller |
 |
Erin E. Doyle |
The information presented provides a general summary and/or recent legal and regulatory developments. It is not intended to be, and should not be relied upon as legal advice.
