Utah is the latest state to pass tough new privacy laws with it come to Personally Identifiable Information (PII).Â
Utah passed a new law effective May 12, 2009 called, â€œThe Employment Selection Procedures Act.â€Â See: Â http://le.utah.gov/~2009S1/bills/hbillenr/hb1002.htmÂ Â
The new law prohibits an employer above 15 employees from collecting an applicantâ€™s social security number, date of birth or driverâ€™s license number before a job offer or before the time when a background check is requested.Â In addition, if the person is not hired, the employer will not keep the information beyond two year, the An employee also may not use the information for any other purposes and must maintain a â€œspecific policy regarding the retention, disposition, access, and confidentiality of the information.â€ An applicant has the right to view the policy.Â Â Â
The idea appears to be to limit the flow of personal data before or unless it is needed and to destroy it if no longer needed.Â For employers using paper applications, it creates an administrative burden since the employer needs to add another step to get the data required for a background check if an applicant moves forward in the hiring process.Â However, electronic hiring procedures, such as the Applicant Generated Report system offered by ESR solves this issue, since an applicant is only asked to provide confidential data only if the employer decides to perform a background check and the information only goes to the screening firm.Â Â Â
ESR provides Utah employers with a sample policy in the ESR proprietary 50 state guide available after logging onto the ESRnet system.Â
Â The Utah law is part of a growing trend to restrict access to PII in order to prevent identity theft.Â Some courts have attempted to restrict access to identifying information in public records, which makes it harder for employers to receive accurate reports on a timely basis.Â State legislatures are also getting involved in privacy issues.Â Â Â Â Future blog posts will cover other states.