Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

The Fair Credit Reporting Act's Expansion: A New Era for Worker Surveillance Compliance


The Consumer Financial Protection Bureau has published new guidance advising businesses that third-party reports about workers must comply with the Fair Credit Reporting Act (FCRA). This marks an important step forward in ensuring that workers have the protections they deserve, particularly when it comes to preventing unfair and biased employment decisions.

  • Companies must obtain employee consent before using third-party reports about workers for employment decisions.
  • The CFPB requires businesses to provide detailed information about the data used and correct inaccuracies if a worker disputes it.
  • The guidance applies to companies using third-party reports about worker activity or behavior, including background dossiers, reputation scores, and personal data.



    • The Consumer Financial Protection Bureau (CFPB) has recently published guidance advising businesses that third-party reports about workers must comply with the consent and transparency requirements set forth in the Fair Credit Reporting Act (FCRA). This new development marks a significant shift in how worker surveillance is regulated, highlighting the need for companies to ensure that their use of employee metrics complies with federal laws.

    The FCRA was enacted in 1970 to ensure the accuracy, fairness, and privacy of information in profiles maintained by credit reporting agencies. However, it also includes provisions that apply when a consumer report is used to make employment decisions. The CFPB is concerned that companies may be using third-party reports about worker activity or behavior to inform adverse employment decisions based on undisclosed surveillance or opaque algorithmic scores.

    "This is a critical step forward in ensuring that workers have the protections they deserve," declared CFPB director Rohit Chopra in a statement. "Workers shouldn't be subject to unchecked surveillance or have their careers determined by opaque third-party reports without basic protections." The guidance issued by the CFPB emphasizes the importance of companies obtaining employee consent before using data from third-party reports for employment decisions.

    The agency has identified several areas where companies may be using third-party reports to make adverse employment decisions, including:

    * Background dossiers that detail an employee's personal history
    * Reputation scores that assess an employee's professional reputation
    * Data about employees' activities and personal lives, such as their use of social media or online browsing habits

    These types of data can raise serious concerns about privacy and fairness. If an employer purchases a report that details whether a worker was a steward in a union, utilized family leave, enrolled their spouse and children in benefits programs, was cited for poor performance, or was deemed to be productive, this can create significant issues.

    "For example, some employers now use third parties to monitor workers' sales interactions, track workers' driving habits, measure the time that workers take to complete tasks, record the number of messages workers send and the quantity and duration of meetings they attend, and calculate workers' time spent off-task through documenting their web browsing, taking screenshots of computers, and measuring keystroke frequency," the agency reported. "In some circumstances, this information might be sold by 'consumer reporting agencies' to prospective or current employers."

    The CFPB circular explains the agency's legal basis for applying the FCRA to data collected about workers and its requirements for businesses that rely on such data. Companies must obtain employee consent before using data from third-party reports for employment decisions. They must provide detailed information about the data used, correct inaccuracies if a worker disputes it, and use the data only for purposes allowed under the law.

    The CFPB's guidance marks an important step forward in ensuring that workers have the protections they deserve. By requiring companies to obtain employee consent and provide clear information about the data used, the agency aims to promote fairness and transparency in employment decisions.

    Summary:

    The Consumer Financial Protection Bureau has published new guidance advising businesses that third-party reports about workers must comply with the Fair Credit Reporting Act (FCRA). The guidance requires companies to obtain employee consent before using data from third-party reports for employment decisions. The CFPB emphasizes the importance of promoting fairness and transparency in employment decisions, highlighting the need for companies to ensure that their use of employee metrics complies with federal laws.



    Related Information:

  • https://go.theregister.com/feed/www.theregister.com/2024/10/26/worker_surveillance_credit_reporting_privacy_requirement/

  • https://www.theregister.com/2024/10/26/worker_surveillance_credit_reporting_privacy_requirement/

  • https://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-to-curb-unchecked-worker-surveillance/


    • Published: Sat Oct 26 10:52:20 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us