Tag Archives: personally identifiable information

New California Background Check Laws Impacting Employers Take Effect January 1 2012

With the new year fast approaching, employers in California – and employers doing business in California – need to be aware of two new laws taking effect on January 1, 2012 that will change the way they conduct employment screening background checks in the state: California Assembly Bill 22 (CA AB 22), which relates the use of credit report checks of job applicants and current employees for employment purposes, and California Senate Bill 909 (CA SB 909), which relates to the “offshoring” of the Personally Identifiable Information (PII) of consumers who are the subjects of background checks. Continue reading

Offshoring Personally Identifiable Information Outside of US Increases Concern Over Privacy and Identity Theft

A new California law due to take effect January 1, 2012 – Senate Bill 909 (SB 909) – appears to be one of the first in the nation that addresses the growing concerns over the controversial practice of “offshoring” personally identifiable information (PII) collected during background checks of job applicants by sending the data outside of United States and its territories and beyond the protection of U.S. privacy and identity theft laws. This is Trend Number 9 of the fifth annual Employment Screening Resources (ESR) ‘Top 10 Trends in Background Checks’ for 2012. To view the list of trends, visit http://www.esrcheck.com/ESR-Top-10-Trends-in-Background-Checks-for-2012.php. Continue reading

New Research Reveals Warning Signs of Intellectual Property Theft Committed by Corporate Insiders

Corporate insider intellectual property (IP) thieves are usually males under 40 holding technical positions, have a new job ready at the time of the theft, and steal information they were authorized to access, according to the findings of a new report “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall” from leading information security solutions provider Symantec. To download the free report – which helps employers recognize the early warning signs, as well as motivations and behaviors, of insider intellectual property thieves – click here. Continue reading

Social Network Service Facebook Settles Federal Trade Commission Charges over Privacy Practices

According to a news release on the Federal Trade Commission (FTC) website, social network service Facebook has agreed to settle FTC charges of failing to keep promises of privacy after the company “deceived consumers by telling them they could keep their information on Facebook private and then repeatedly allowing it to be shared and made public.” The FTC’s eight-count complaint against Facebook – part of the agency’s ongoing effort to ensure companies live up to the privacy promises they make to American consumers – charged that the claims that Facebook made “were unfair and deceptive and thus violated federal law.” Continue reading

Keeping IDs Safe Act Introduced to Prevent Identity Theft of Social Security Numbers of Deceased Americans

To better protect the Social Security numbers (SSNs) of deceased Americans from identity theft, the “Keeping IDs Safe Act” was recently introduced in the U.S. House by Representative Sam Johnson (R-Texas), according to a press release on Johnson’s website. Also known as the “KIDS Act,” the legislature would make it harder for identity thieves to steal SSNs of deceased children and others by limiting access to the Death Master File publicly released by the Social Security Administration (SSA). Continue reading

Black Friday and Cyber Monday Shoppers Given Tips to Avoid Identity Theft and Fraud

With the arrival of Thanksgiving, shoppers are constantly warned to avoid identity theft and fraud during “Black Friday,” the day after Thanksgiving considered the official kick-off to the holiday shopping season. For “Cyber Monday,” the Monday after Thanksgiving weekend when shoppers return to work and start their holiday shopping online – and which became the biggest online shopping day in history and the first to surpass the billion-dollar threshold in November 2010 – nonprofit consumer information and advocacy organization Privacy Rights Clearinghouse (PRC) offers the following 10 tips to protect online shoppers from identity theft and fraud. Continue reading

Lawsuit Alleges Offshoring of Call Center Services Outside US by Financial Institution Puts Customer Information at Risk

Alleging that the practice “offshoring” puts the financial information of customers at risk, a consumer class action lawsuit recently filed against the largest bank holding company in the United States (by assets) is challenging the financial industry’s standard business practice of offshore outsourcing – also known as “offshoring” – customer services to call centers located outside of the United States that are staffed with foreign nationals. Continue reading

Part 2 of 2011 ESR Background Check Trends Review: Offshoring PII and Workplace Violence Prevention

The second of five installments of the Employment Screening Resources (ESR) Background Check Trends of 2011 Review features the number eight trend, offshoring Personally Identifiable Information (PII) outside the U.S., and the number seven ranked background check trend of the year, workplace violence prevention. To view previous installments of the ESR Background Check Trends of 2011 Review, visit Part 1.

  • Number 8 ESR Background Check Trend for 2011: Increased Privacy Concerns Over Offshoring of Personally Identifiable Information (PII).
  • Number 7 ESR Background Check Trend for 2011: More Workplace Violence Prevention Education Helps Protect Employers and Employees.

Continue reading

New Data Confirms Trend of Outsourcing Jobs Outside of US with Offshoring Affects Unemployment

Adding to the debate over whether globalization negatively affects the U.S. economy, new data from the U.S. Commerce Department shows that multinational corporations in the United States – familiar big brand-name companies which employ nearly 20 percent of all American workers – reduced their domestic workforce by 2.9 million jobs during the last decade while at the same time increasing their overseas workforce by 2.4 million jobs, the Wall Street Journal reports in the article ‘Big U.S. Firms Shift Hiring Abroad.’ Continue reading

Three Credit Report Resellers Settle FTC Charges for Not Protecting Personal Information of Consumers

By Lester Rosen, Employment Screening Resources (ESR) President & Thomas Ahearn, ESR News Editor

In the Federal Trade Commission’s (FTC) first cases against credit report resellers for the data security failures of their clients, three companies that resell credit reports of consumers have agreed to settle FTC charges that they did not take reasonable steps to protect personal information of consumers and allowed computer hackers to access that personal information, according to a recent news release from the FTC.

Administrative complaints issued by the FTC showed the three credit report resellers bought credit reports from the three nationwide consumer reporting agencies – Equifax, Experian, and TransUnion – and added them to reports to sell to determine eligibility for credit of consumers. Because these three resellers allegedly allowed clients to access these reports without basic security measures such as firewalls and updated antivirus software, hackers accessed more than 1,800 credit reports without authorization through the computer networks of clients. The three credit report resellers also allegedly did not make reasonable efforts to protect against future security even after becoming aware of these data breaches.

The three credit report resellers are charged with violating the Fair Credit Reporting Act (FCRA) by:

  • Failing to protect their internet portals and thereby furnishing credit reports to hackers who lacked a permissible purpose to have them,
  • Failing to maintain reasonable procedures to limit the furnishing of credit reports for such purposes, and
  • Furnishing credit reports when they had reasonable grounds for believing the reports would not be used for a permissible purpose.

The failure of the three credit report resellers to protect personal information of consumers also allegedly violated the FCRA. In addition, the credit report resellers allegedly violated the Gramm-Leach-Bliley Safeguards Rule by failing to:

  • Design and implement information safeguards to control the risks to consumer information;
  • Regularly test or monitor the effectiveness of their controls and procedures; to evaluate and adjust their information security programs in light of known or identified risks; and
  • Have comprehensive information security programs.

The proposed settlement, part of the ongoing campaign of the FTC to protect the personal information of consumers, would require the three credit report resellers to:

  • Have comprehensive information security programs designed to protect the security, confidentiality, and integrity of the personal information of consumers, including information accessible to clients;
  • Obtain independent audits of their security programs, every other year for 20 years;
  • Furnish credit reports only to those with a permissible purpose; and
  • Maintain reasonable procedures to limit the furnishing of credit reports to those with a permissible purpose.

These cases show that the FTC will call for imposition of civil penalties against resellers of consumer reports who do not take adequate measures to fulfill their obligations to protect information contained in consumer reports as required by the FCRA. These cases also send a strong message that companies giving their clients online access to sensitive information of consumers must have reasonable procedures to secure that information.

Consumer protection through data security makes up a critical part of the National Association of Professional Background Screeners (NAPBS) accreditation process. Since its founding in 2003, the NAPBS has believed that there is a strong need for a singular cohesive industry standard and created the Background Screening Agency Accreditation Program (BSAAP). Governed by a strict professional standard composed of requirements and measurements, the BSAAP is becoming a widely recognized seal of approval that brings national recognition to background screening organizations – also referred to as Consumer Reporting Agencies (CRAs) – that will stand as the industry “seal” representing a background screening organization’s commitment to excellence, accountability, high professional standards, and continued improvement.

The NAPBS Background Screening Credentialing Council (BSCC) oversees the application process and is the governing accreditation body that will ensure the background screening organizations seeking accreditation meet or exceed a measurable standard of competence. To become accredited, a CRA must pass an onsite audit of its policies and procedures as they relate to six critical areas of the BSAAP:

  • ‘Section 1: Consumer Protection’ includes standards for: Information Security Policy; Data Security; Intrusion, Detection and Response; Stored Data Security; Password Protocol; Electronic Access Control; Physical Security; Consumer Information Privacy Policy; Unauthorized Browsing; Record Destruction; Consumer Disputes; Sensitive Data Masking; and Database Criminal Records.
  • ‘Section 2: Legal Compliance’ includes standards for: Designated Compliance Person(s); State Consumer Reporting Laws; Driver Privacy Protection Act (DPPA); State Implemented DPPA Compliance; Integrity; Prescribed Notices; and Certification from Client.
  • ‘Section 3: Client Education’ includes standards for: Client Legal Responsibilities; Client Required Documents; Truth in Advertising; Adverse Action; Legal Counsel; Understanding Consumer Reports; and Information Protection.
  • ‘Section 4: Product Standards’ includes standards for: Public Record Researcher Agreement; Vetting Requirement; Public Record Researcher Certification; Errors and Omissions Coverage; Information Security; Auditing Procedures; Identification Confirmation; and Jurisdictional Knowledge.
  • ‘Section 5: Service Standards’ includes standards for: Verification Accuracy; Current Employment; Diploma Mills; Procedural Disclosures; Verification Databases; Use of Stored Data; Documentation of Verification Attempts; Outsourced Verification Services; Conflicting Data; Professional Conduct; and Authorized Recipient.
  • ‘Section 6: General Business Practices’ includes standards for: Character; Insurance; Client Credentialing; Vendor Credentialing; Consumer Credentialing; Document Management; Employee Certification; Worker Training; Visitor Security; Employee Criminal History; Quality Assurance; and Certification.

Employment Screening Resources (ESR) is formally recognized as accredited by the National Association of Professional Background Screeners (NAPBS) Background Screening Credentialing Council (BSCC) for successfully proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information, visit Employment Screening Resources (ESR) at http://www.ESRcheck.com

Source:
http://ftc.gov/opa/2011/02/settlement.shtm