Employment Screening Resources® (ESR)
NOTE: ESR does NOT send U. S. applicant information outside of the U.S. for processing. Once data leaves the U.S., the data is beyond the reach of U.S. privacy laws and there are no meaningful privacy protections. ESR believes that firms that send data outside the U.S. put applicants and employers at great risk, for no other reason than to make a little more money. In some countries, it is a well known fact that U.S. identities are stolen and used for identity theft. As a practical matter, someone in the U.S. has no ability to hire a lawyer in a foreign country to pursue legal action or contact a foreign police authority to get any action taken. The only exception is where ESR is asked to perform an international verification and the information resides outside of the U.S. Even in that situation, ESR goes to great length to protect applicant data by going directly to the school or employer. If it is necessary to have a researcher do research in a foreign country, ESR only releases the minimum information absolutely necessary.
ESR strongly advises all employers to ask a screening firm if they send data outside of the U.S. and to seriously consider the dangers to their hiring processes and to their applicants.
- This web site collects personally identifiable information online from individuals in the following ways: a.) A potential customer has the opportunity to e-mail this site in order to obtain information about our services. Any information given to this site is completely in the control of the third party who chooses to do so. b.) A person may choose to sign-up for a newsletter that explicitly requires opt-in. Each newsletter provides the ability of a person to opt-out very easily by hitting a button at the bottom of each newsletter.
- This site does not engage in any passive information techniques.
- No information provided to this site through e-mail or any other method is ever released, utilized or shared with anyone else, including, but not limited to, third parties or affiliates.
- The ESRnet online system is a separate web site that is only available to ESR customers and is utilized as a means for ESR to receive orders from authorized employers and to transmit information to and from authorized users. However, all such usage is strictly between ESR and business entities whose legitimate need for the information and permissible purpose has been verified pursuant to section 607(a) of the FCRA which states: (a) Identity and purposes of credit users. Every consumer reporting agency shall maintain reasonable procedures designed to avoid violations of section 605 [§ 1681c] and to limit the furnishing of consumer reports to the purposes listed under section 604 [§ 1681b] of this title. These procedures shall require that prospective users of the information identify themselves, certify the purposes for which the information is sought, and certify that the information will be used for no other purpose. Every consumer reporting agency shall make a reasonable effort to verify the identity of a new prospective user and the uses certified by such prospective user prior to furnishing such user a consumer report. No consumer reporting agency may furnish a consumer report to any person if it has reasonable grounds for believing that the consumer report will not be used for a purpose listed in section 604.
- All data on the ESR system is protected by secure access, ensuring "for-your-eyes-only" data exchange. Viewing of information is restricted to the users and customers that should have it with state of the art security, including 128-bit SSL encryption and strong password protection. Our software has been certified by SecureWorks, which is an approved third party certification agency for the major credit bureaus for the purpose of online retrieval, transmittal and storage of credit information. Physical security of servers is state of the art and has undergone state of the art auditing by third parties. The Privacy and Integrity of all information is fully protected. All employees who have access to any information from this site have signed privacy agreements and are regularly trained in privacy practices and procedures. ESR maintains a Written Information Security Policy (WISP) in conformity with Massachusetts requirements under 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH. In the event of a data breach, ESR acts in conformity with appropriate data breach laws.
- Information is retained pursuant to the FCRA for a minimum of six (6) years. The method for a consumer to opt-out of ESR obtaining information is to not consent to a pre-employment background screening with a prospective or current employer. Once a consumer has consented to such a screening, ESR must retain information on file for US residents for the six (6) year period.
- Any consumer may exercise their right to inspect any data about them and to object to any data pursuant to the FCRA and applicable state law. See "A Summary of Your Rights Under the Fair Credit Reporting Act" (Spanish Version) prepared by the Consumer Financial Protection Bureau (CFPB). Also, learn about your right to request a copy of your data on the FACT Act Compliance page.
- Any questions or concerns about Privacy should be directed to firstname.lastname@example.org ESR will make all reasonable efforts to address a consumer's concerns. If the matter cannot be resolved by ESR, then a consumer has additional rights. See "A Summary of Your Rights Under the Fair Credit Reporting Act" (Spanish Version).
- In the event ESR destroys any information provided by employers, applicants, or third parties during the course of its work the destruction is accomplished in accordance with the approved document disposal rules formulated by the Federal Trade Commission (FTC). For more information, read the FTC Guidance 'Disposing of Consumer Report Information? Rule Tells How.'
Personal Information Disclosure: United States or Overseas
Employment Screening Resources (ESR) opposes the “offshoring” of Personally Identifiable Information (PII) of consumers – such as names, dates of birth, and Social Security numbers (SSNs) – sent overseas outside of the United States and its territories and beyond the protection of U.S. Privacy laws. ESR’s mission is to protect the PII of consumers, which is best done by keeping all such information in the United States.
Employment Screening Resources does not transmit, share, or transfer personal and identifiable information outside the United States or its territories for the purposes of processing or preparing consumer reports. The sole exception occurs where there is a request for an international background checks and the information needed for the report is located outside of the US or its territories. Even in that situation, ESR does not transfer personal information unless absolutely required and would only transfer the minimum information needed to prepare the report.
ESR belongs to ConcernedCRAs (http://www.concernedcras.com/) a group of Consumer Reporting Agencies (CRAs) dedicated to protecting consumer privacy by not offshoring PII. ESR has adopted the policy of ConcernedCRAs and operates in as follows:
- Domestic Background Screening: Where a CRA (background screening firm) is providing background screening services for consumers in the United States based upon information available in the U.S., a firm displaying the ConcernedCRAs seal certifies that it does not send data outside the U. S. or its territories for processing or preparation of a background check report or for any other reason. All work is done in the U.S.
- International Screening:Where there is an international background check for verification of employment, education, or a professional degree, or for a criminal record check, some information may have to go offshore by necessity since the information being sought is offshore. However, firms displaying the ConcernedCRAs seal have taken measures to protect personal and confidential data: a.) Documentation or information such as passport numbers, or unique identification numbers and date of birth, are not sent to anyone overseas other than the actual verification provider (e.g. employer or school registrar) whenever possible. b.) Where it is necessary to utilize a local firm, the local firm will first be asked to provide local contact information so that the CRA can contact the foreign verifying party directly. c.) If, due to infrastructure or other issues in a foreign country, a foreign research firm must perform the verification, then the CRA or its agent has properly vetted the local firm, and will redact any unnecessary information. Where a CRA utilizes a third party service to perform domestic or international services in connection with providing background reports, firms that adopted this standard have made reasonable inquires to ensure that any provider is also following the Concerned CRAs standard.
How Consumers Dispute Information in a Consumer Report
If consumers are the subject of a consumer report prepared by Employment Screening Resources (ESR) and find incorrect or incomplete information, they have the right under federal law to dispute it. Consumers may contact ESR by calling 888-999-4474 and asking to speak with a Dispute Resolution Specialist. For more information, visit http://www.esrcheck.com/Resource-Center/How-To-Dispute-Consumer-Report/.
The following links will take consumers to the document 'A Summary of Your Rights Under the Federal Fair Credit Reporting Act' provided by the Consumer Financial Protection Bureau (CFPB):
- 'A Summary of Your Rights Under the Federal Fair Credit Reporting Act'
- 'A Summary of Your Rights Under the Federal Fair Credit Reporting Act' (Spanish Version)
Employment Screening Resources (ESR) complies with the U.S.-European Union (EU) Safe Harbor Framework and the U.S.-Switzerland Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Employment Screening Resources (ESR) has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Click on the link below to learn more about the European Union (EU) and Switzerland Safe Harbor Privacy Policies.
To learn more about the Safe Harbor program, and to view the Employment Screening Resources (ESR) certification, please visit http://www.export.gov/safeharbor/.
UPDATE: EU-U.S. Privacy Shield
In a ruling on October 6, 2015, the European Court of Justice (ECJ) invalidated the Safe Harbor agreement that allowed companies to transfer the digital data of individuals between the European Union (EU) and the United States (U.S.). In February 2016, the EU Commission and the U.S. agreed on a new framework for data transfers called the EU-U.S. Privacy Shield to replace the invalidated Safe Harbor pact. The full text of the EU-U.S. Privacy Shield Framework issued by the European Commission to govern data transfers between the EU and the U.S. while providing a set of robust and enforceable protections for the personal data of EU individuals is available on the U.S. Department of Commerce website at https://www.commerce.gov/privacyshield. Follow the latest developments with the EU-U.S. Privacy Shield on the ESR News Blog at http://www.esrcheck.com/wordpress/tag/privacy-shield/.
President and Chief Compliance Officer (CCO)
Employment Screening Resources (ESR)