Compliance News Flash – September 23, 2019

The Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) will host a workshop on December 10, 2019 to discuss issues related to the accuracy of credit and background screening reports. Consumer advocates, industry representatives, and regulators will be in attendance. A list of discussion topics has been posted online and public comments will be accepted until January 10, 2020. The workshop is free and open to the public and will take place at the FTC’s Constitution Center conference facility in Washington, D.C. with a live webcast streaming on the Commission’s event page. Click here for more details.

The California legislature voted to approve several amendments to the California Consumer Protection Act (CCPA) in the final days of its 2019 legislative session. The amendments now await action from Governor Newsom who has until October 13, 2019 to sign them into law. We are also expecting the California Attorney General to issue guidance sometime this fall that will offer clarity on business’ obligations under the law. The CCPA will come into effect on January 1, 2020. Some of the amendments we are looking at will:

Expand the exception for activities under the Fair Credit Reporting Act (FCRA). We reported about this amendment in last week’s News Flash. (click here)
Exempt certain employee information for one year. The definition of “personal information” includes “professional or employment-related information.” Certain information will be exempt, until January 1, 2021, from all provisions of the CCPA, except the private civil action provision and the obligation to inform the consumer as to the categories of personal information to be collected. Exempt information includes “information collected from a natural person by a business in the course of the natural person acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of that business.” (click here)
Limit the definition of personal information to information that is “reasonably” capable of being associated with a particular consumer or household; remove language in the original CCPA indicating that “publicly available” information would not include public record information if that information was used for a purpose that was not “compatible” with the purposes for which the public records are maintained; and clarify that de-identified or aggregate consumer information is not considered “personal information.” (click here)
Revise the CCPA’s discrimination prohibition to permit businesses to treat consumers differently for exercising certain CCPA rights “if the differential treatment is reasonably related to the value provided to the business by the consumer’s data.” (click here)

The Federal Motor Carrier Safety Administration (FMCSA) is not a consumer reporting agency under the FCRA according to a new case decided by the United States District Court for the District of Columbia. The case was brought by two truck drivers against the DOT and the FMCSA claiming that a prospective employer had accessed inaccurate information about them in FMCSA driving records. The drivers claimed the FMCSA had not followed reasonable procedures to protect the accuracy of driver data and fix inaccuracies as mandated by the FCRA. However, the court found that the FMCSA is not a consumer reporting agency under the FCRA for purposes of the records at issue because, while they do provide consumer data to the motor carrier industry for a fee, the data is assembled “for the purpose of ensuring transportation safety and not for the purpose of furnishing consumer reports to third parties.” Click here to read more.

The EU-U.S. Privacy Shield Framework has reached over 5,000 active company participants according to a recent announcement from the U.S. Secretary of Commerce. Privacy Shield allows U.S. companies to receive transfers of personal data from the European Union (EU) in accordance with the EU’s General Data Protection Regulation (GDPR). Click here to read more.