Rivera v. Commonwealth Edison Co.
145 N.E.3d 677
Ill. App. Ct.2019Background
- Rivera received a conditional offer (temporary part‑time CSR) from ComEd contingent on background/credit/drug screens; offer rescinded after a consumer report.
- CSRs work in customer care, handle ~100 calls/day, and enter/view customer data in ComEd’s Customer Information Management System (CIMS).
- CIMS stores sensitive data (SSNs, driver’s license numbers, bank/credit card numbers); access is restricted to employees whose duties require it (~2,000 employees have some access; ~500 CSRs).
- CSRs can view partially redacted SSNs/IDs routinely; in certain situations they may see full SSNs and they transmit some full numbers to other departments (revenue, bankruptcy) where they remain viewable until resolved.
- Rivera sued under the Illinois Employee Credit Privacy Act, §10(a), alleging unlawful inquiry/use of her credit report in hiring; defendants invoked the §10(b)(5) exemption for positions that “involve access to personal or confidential information.”
- The trial court granted summary judgment for defendants, finding a satisfactory credit history was a bona fide occupational requirement because CSRs have access to customers’ personal/confidential information; the appellate court affirmed.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Does §10(b)(5) exemption apply to the CSR position (i.e., does CSR work “involve access to personal or confidential information”)? | Rivera: CSR does not fall under the exemption; credit history inquiry prohibited. | ComEd: CSR duties involve access to customers’ personal/confidential information, so exemption applies. | Exemption applies; CSR position involves access to personal/confidential information. |
| Does the customer data meet the statute’s definition of “personal or confidential information”? | Rivera: Genuine dispute whether data meets statutory alternatives (stored in secure repositories, entrusted to a select few, or explicitly authorized by customer). | ComEd: Data (SSNs, IDs, bank/card numbers) is sensitive and stored in secure CIMS, not publicly accessible. | Data satisfies the definition as “sensitive information” stored in secure repositories not accessible by the public or low‑level employees. |
| Do CSRs have “access” (vs. being mere conduits) to that information? | Rivera: CSRs merely input and pass along info; they cannot view full data and thus are conduits like sales associates in Ohle. | ComEd: CSRs routinely view partial identifiers and use customer data to perform duties; they sometimes see full SSNs and transmit/retain info. | CSRs have ongoing ability to view and use partial (and sometimes full) customer identifiers; they are not merely conduits—so they have “access.” |
| Was summary judgment appropriate? | Rivera: Facts create disputes about “access” and whether info fits the statutory definition. | ComEd: Undisputed evidence supports the exemption and entitles defendants to judgment as a matter of law. | Yes—no genuine material facts in dispute on the exemption; summary judgment for defendants affirmed. |
Key Cases Cited
- Williams v. Manchester, 228 Ill. 2d 404 (standard of review: de novo on summary judgment)
- Hall v. Henn, 208 Ill. 2d 325 (summary judgment standards)
- Forsythe v. Clark USA, Inc., 224 Ill. 2d 274 (summary judgment and when to deny)
- Elementary School District 159 v. Schiller, 221 Ill. 2d 130 (statutory "or" construed as alternatives)
- General Motors Corp. v. State of Illinois Motor Vehicle Review Board, 224 Ill. 2d 1 (statutory‑interpretation principles)