Screening Firms Join Effort to Prevent Threats to Consumers from Offshoring of Personal and Private Data

ESR has joined a group of like-minded Consumer Reporting Agencies that reject the offshoring of consumer data. ESR is pleased to display the Concerned CRAs logo that represents a higher standard of consumer privacy protections. As outlined in the May, 2008 ESR newsletter, some screening firms place job applicants and employers at risk by sending personal and identifiable information (PII) offshore for processing and preparing background reports. The purpose is to take advantage of cheap offshore labor. In some instances, foreign call centers are even used to contact past employers and schools, or to search public record databases for criminal records.  See: http://www.esrcheck.com/newsletter/archives/May_2008.php .  

The problem?  Once U.S. information leaves our shores, it is completely beyond U.S. Privacy Protections. In order to process background reports, a job applicant’s date of birth and social security number are often needed, which is the key ingredients needed to commit identity theft.  Articles available on the internet document that identities stolen from foreign call centers are often sold illegally for illegitimate purposes.   That is not to suggest that data theft cannot happen here in the U.S.  However, if there is theft of PII in the U.S., there are resources and legal recourse so consumers can protect themselves.  It is impossible as a practical matter for a U.S. consumer to try to contact the police department in a foreign country to file a complaint.

Firms displaying the Concerned CRA’s symbol have self-certified that they do not send data offshore for processing.  Although there is a cost savings to screening firms who offshore consumer data to countries such as India, the risk to consumers in terms of potential identity theft is significant. What is worse is that U.S. job applicants have no idea that when they sign a consent for a background check that their personal data is at risk of going offshore.

In the alternative, the seal can be displayed if a CRA clearly discloses that data is sent offshore and explains the risks, and employers in turn clearly disclose the same to job applicants.

An exception is where an international verification is requested and the information needed is offshore. Even then, however, firms that have joined this effort have certified that they take a number of steps to minimize sending personal information being sent offshore.  For example, before sending consumer data offshore, a firm should make every effort to obtain the information directly from the past employer or school directly.  Data should only be sent offshore to a foreign research firm as a last resort.

ESR strongly advises employers to ask screening firms about their privacy and offshoring practices before risking personal information about their job applicants.  For more information, see http://www.concernedcras.com/