Tag Archives: personally identifiable information

Controversial and Discriminatory Use of Job Applicant Credit Reports by Employers Tops Background Screening Trends List for 2011

By Lester Rosen, Employment Screening Resources (ESR) President & Thomas Ahearn, ESR News Editor

For the past four years, Employment Screening Resources (ESR) – a leading background check provider to employers accredited by the National Association of Professional Background Screeners (NAPBS®) – has compiled a “Top Ten Trends in Background Screening” list of emerging and influential trends in employment background screening predicted by ESR founder and President Lester Rosen, an Attorney at Law and author of ‘The Safe Hiring Manual,’ the first comprehensive guide for background screening.

For the Fourth Annual ‘Top Ten Trends in Background Screening’ for 2011, Rosen chose the controversial, and potentially discriminatory, practice of employers checking credit reports of job applicants as the number one background screening trend for the year ahead. Articles detailing the top background screening trends for 2011 were published on ESR News starting in December 2010. Below is a list of the background screening trends with a brief summary and links to the full article:

A great deal of misinformation about the basics of credit reports, background checks, and job hunting exists in the current economic climate. The topic has been in the news and states have passed laws or are considering laws to restrict the use of credit reports and employment. Furthermore, the U.S. Equal Employment Opportunity Commission (EEOC) is looking closely at this area and has filed lawsuits alleging discriminatory use.

Most employers are not using credit reports to find ways to eliminate people from jobs. A background check that includes a credit report is usually run only after an employer has gone through the time, cost, and effort to find the right candidate. Employers initiate background checks because they are interested in hiring the applicant and are conducting due diligence to make sure there is no reason not to hire. Under the rules of the federal Fair Credit Reporting Act (FCRA), a credit report is only obtained after the applicant has given consent and after a legally required disclosure has been given. If the employer utilizes the credit report in any way not to hire, applicants are entitled to a copy of their credit report, a pre-adverse action notice, as well as a statement of their rights. Before any employment decision becomes final, applicants also have the right to challenge the credit report before any denial of employment is made final.

However, employers should approach credit reports with caution when using them for employment background checks, and must articulate a clear rationale as to why a credit report is related to a particular job. Employers should also be aware of the potential for errors in credit reports. A debt may be reported incorrectly for various reasons or the applicant could be the victim of identify theft which can also lead to incorrect data. In addition, negative entries may well not be a valid predictor of job performance especially since many job applicants have faced a long period of unemployment that may lead to larger debts.  An overly broad use of credit reports by employers could lead to claims of discrimination from a disparate impact on protected groups such as Blacks and Latinos. The idea that credit reports can be used in a discriminatory manner in the eyes of the EEOC means employers will continue to face controversy with discrimination over using credit reports for employment screening.

To read the full article on Trend #1, please visit: http://www.esrcheck.com/wordpress/2011/01/11/controversy-over-whether-employers-using-credit-reports-for-employment-screening-is-discriminatory-increases/.

Employers have become increasingly aware of the importance of knowing if a job applicant has a criminal record since they have a legal duty to make reasonable inquiries about who they hire in order to provide a safe workplace. An employer who hires a person with a criminal record can be found liable for negligent hiring if the hiring decision results in harm and could have been avoided by a simple criminal record check. Checking criminal records demonstrates due diligence and is also an important preventative measure to protect against workplace violence. One of the most effective tools an employer has is the use of an employment application form in the hiring process which enables employers to directly ask applicants if they have a criminal record. The advantage is that an employer can use a well worded application form to discourage applicants with something to hide while also encouraging applicants to be open and honest regarding questions about past criminal convictions.

However, the issue of whether employers can use a job application to ask about a job applicant’s criminal record is becoming more complicated. Many states, counties, and local governments have joined the “ban the box” movement removing the “box” job applicants are asked to check next to the question asking about past criminal convictions. In addition, more employers are facing lawsuits accusing them of violating Title VII of the Civil Rights Act of 1964 by rejecting or firing qualified individuals with criminal records even when the criminal history has no bearing on the ability to perform their job. Due to these factors, questions about criminal records of job applicants are becoming much more difficult for employers to ask.

To read the full article on Trend #2, please visit: http://www.esrcheck.com/wordpress/2011/01/06/questions-about-criminal-records-of-job-applicants-become-more-difficult-for-employers-to-ask/.

According to an age old platitude, “If something looks too good to be true, it probably is,” so employers should be wary of fast and cheap online criminal background checks that promise accurate and legal information on job applicants at the click of a mouse or the touch of a screen. The need for accurate and reliable information should be obvious to anyone dealing with background checks. Even so, numerous internet sites have sprung up recently promising cheap, almost instant background checks that deliver criminal information to anyone, anywhere, and in seconds. These sites utilize a so-called “national criminal database” and vendors of such databases typically claim to have compiled millions of records from every state so users can know instantly if someone is a criminal at a very low price.

Although a multi-state records database can be a powerful tool when used by a qualified employment screening firm as part of an overall background check, employers who think they are getting a real criminal background check can be in for a rude awaking when they discover that such searches are far from the real thing. Applicants with criminal records can easily be missed, while people without records can be incorrectly identified as criminals. Both results carry negative financial and legal implications for employers. Employers using these databases for employment purposes need to understand the limitations and legal exposure associated with using them or risk finding themselves embroiled in litigation. Employers are quickly discovering that fast and cheap online background checks using criminal databases not always accurate or legal.

To read the full article on Trend #3, please visit: http://www.esrcheck.com/wordpress/2011/01/03/employers-discover-fast-and-cheap-online-background-checks-using-criminal-databases-not-always-accurate-or-legal/.

Many employers do not realize they potentially face the same exposure from vendors, independent contractors, and temporary employees from staffing firms as they do from their own full-time employees when it comes to negligent hiring lawsuits. Risk management controls of employers often do not take into account the “need to know” through background checks of workers who are not on their payroll but are on their premises, with access to computer systems, clients, co-workers, assets, and the general public. The law is absolutely clear that if a vendor, independent contractor, or temporary worker harms a member of the public or a co-worker, the employer can be just as liable as if the person were on the employer’s full-time payroll. All of the rules of due diligence – which include background checks – apply with equal force to vendors, temporary workers, or independent contractors. A business can be liable if, in the exercise of reasonable care, the business should have known that a vendor, temporary worker, or independent contractor was dangerous, unqualified, or otherwise unfit for employment. An employer has an absolute obligation to exercise due diligence not only in whom they hire on payroll, but in whom they allow on premises to perform work. Employers can also be held liable under the legal doctrine of “co-employment,” which means that even though the worker is on someone else’s payroll, the business that uses and supervisees the worker can still be held liable for any misconduct.

However, many employers have found out the hard way that workers from a vendor or staffing firm or hired as an independent contractor without proper background checks can also cause damage. When an employer is the victim of theft, embezzlement, or resume fraud, the harm is just as bad regardless of whether the worker is on their payroll or someone else’s payroll. No employer would dream of walking down the street and handing the keys to the business to a total stranger, yet many employers across America essentially do exactly that everyday when engaging the services of vendors and temporary workers with proper background checks. So-called “temporary” workers can cause permanent problems for employers without the background checks that are performed on full-time employees. As hiring of temporary workers increases – and since the hiring of temporary workers is usually an indication of hiring full-time workers in the future – employers will become increasingly more concerned with background checks of temporary workers in the coming year.

To read the full article on Trend #4, please visit: http://www.esrcheck.com/wordpress/2010/12/28/background-checks-of-temporary-workers-cause-for-concern-for-employers-as-hiring-increases/

In 2011, due to the mobility of workers across international borders in a global economy making it no longer adequate to conduct background screening checks just in the United States, a major trend will be the necessity of international background screening since an increasing number of workers will have spent part of their professional careers abroad. Employers in the U.S. have long recognized that conducting due diligence on new hires with background screening is a mission critical task that can help them avoid being the subject of negligent hiring lawsuits if they hire someone that they should have known – through the exercise of due diligence – was dangerous, unfit or unqualified.

However, with the increased mobility of workers across international borders it is no longer adequate to conduct these background screening checks just in the United States. Background screening also must be done internationally since an increasing number of workers have spent part of their professional careers abroad. The number of foreign countries from which U.S. employers may seek information about applicants with international background screening is expansive, and includes Australia, Brazil, Canada, Chile, China, France, Germany, India, Ireland, Israel, Japan, Malaysia, Mexico, Nigeria, Pakistan, Philippines, Russia, Singapore, South Africa, and the United Kingdom (U.K.).

To read the full article on Trend #5, please visit: http://www.esrcheck.com/wordpress/2010/12/23/international-background-screening-more-necessary-due-to-mobility-of-workers-in-global-economy/.  

A background screening trend that recently emerged where employers used social network sites such as Facebook – the most popular social networking site with over 500 million active users worldwide – to run ‘Social Network Background Checks’ on job candidates should become even more prevalent in 2011, and increase the legal risks for employers. No discussion about background screening these days is complete without an analysis of how the Internet is used for hiring. From social network sites such as Facebook and Twitter to blogs, videos on YouTube, and business connection sites like LinkedIn, employers focus with laser-like intensity on how to use the Internet for background screening job candidates. What is sometimes overlooked in the rush to use the Internet for background screening is the one question employers need to ask: What are the legal risks in using the Internet for hiring? The answer involves issues of discrimination, authenticity, and privacy. If employers insist on using social network sites for background screening, then they must realize that much of the ‘new media’ available to them for background screening is still covered by current employment regulations.

To read the full article on Trend #6, please visit: http://www.esrcheck.com/wordpress/2010/12/21/esr-background-screening-trend-6-for-2011-using-social-network-sites-such-as-facebook-to-screen-job-candidates-increases-legal-risk-for-employers/.   

A background screening trend that gained much attention in 2010 that will continue to do so in 2011 will be increased workplace violence prevention education to help protect both employers and employees. While the term “workplace violence” is appropriate for a quick definition or diagnosis of a problem, fully defining all aspects of “workplace violence” can be nebulous at best. Many employers loosely define workplace violence as: Assaults, other violent acts, or threats which occur in or are related to the workplace and entail a substantial risk of physical or emotional harm to individuals, or damage to company resources or capabilities. The Occupational Health and Safety Administration (OHSA) defines “workplace violence” as “violence or the threat of violence against workers” that involves any physical assault, threatening behavior, or verbal abuse occurring in, or related to, the workplace, and includes behaviors ranging in aggressiveness from verbal harassment to murder. According to the U.S. Bureau of Labor Statistics (BLS), there were 521 workplace killings in the United States in 2009, 420 of them committed by gunfire.

To read the full article on Trend #7, please visit: http://www.esrcheck.com/wordpress/2010/12/16/esr-background-screening-trend-7-for-2011-more-workplace-violence-prevention-education-helps-protect-employers-and-employees/.

A new background screening trend emerging in 2011 will be the increased concern over the “offshoring” of Personally Identifiable Information (PII) of U.S. consumers. A recently signed California law appears to be the first in the United States to regulate the “offshoring” of Personally Identifiable Information (PII) of U.S. consumers collected for background checks, a controversial practice where private data of U.S. citizens – such as names, dates of birth, addresses, and Social Security numbers (SSNs) – is sent overseas, outside the United States and its territories, and beyond the reach of U.S. privacy laws. In September 2010, Governor Arnold Schwarzenegger signed into law California Senate Bill 909 (SB 909), which addresses the issue of personal information being sent offshore. SB 909 – which takes effect January 1, 2012 to allow time for background check firms to provide new releases to employers or modify online language – amends the California Investigative Consumer Reporting Agencies Act (ICRA) that regulates background checks in California and requires that a consumer must be notified as part of a disclosure before the background check of the web address for “information about the investigative reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories.”

To read the full article on Trend #8, please visit: http://www.esrcheck.com/wordpress/2010/12/14/esr-background-screening-trend-8-for-2011-increased-privacy-concerns-over-offshoring-of-personally-identifiable-information-pii/.

An October 2010 press release from the Department of Homeland Security (DHS) announced record-breaking immigration enforcement statistics achieved under the Obama administration, which included issuing more financial sanctions on employers who hired unauthorized workers than during the entire previous Bush administration. Since January 2009, when President Barack Obama took office, U.S. Immigration and Customs Enforcement (ICE) – the principal investigative arm of DHS – has audited more than 3,200 employers suspected of hiring workers not legally eligible to work in the U.S., debarred 225 companies and individuals, and imposed approximately $50 million in financial sanctions, according to the DHS. A summary of fines and penalties from ICE reveals that this surge in enforcement of a legal U.S. workforce included a 500 percent increase in penalties from worksite enforcement actions (over $5 million), a nearly two-fold increase in I-9 audits (2,200), a record-breaking 180 criminal prosecutions of employers, and the debarring of more than 97 businesses, compared to 30 last fiscal year, with average fines exceeding $110,000. Due in large part to increased scrutiny on employers from ICE through I-9 audits – where employee information on Employment Eligibility Verification Forms (“I-9 forms”) is checked for accuracy by Government agents – penalties from worksite enforcement inspections have increased recently.

To read the full article on Trend #9, please visit: http://www.esrcheck.com/wordpress/2010/12/09/esr-background-screening-trend-9-for-2011-e-verify-and-i-9-audits-help-government-find-employers-with-illegal-workers/.

Before this year, employers were largely on their own when selecting a background screening firm. With hundreds upon hundreds of background screening firms to choose from, employers faced a bewildering landscape of competing claims that touted any number of bells and whistles that made it hard to distinguish one background screening provider form another. Some background screening firms had ISO (International Organization for Standardization) certification, but as noted in the article “Backgrounds to the Foreground” in the December 2010 issue of HR Magazine, the ISO designation is not specific to background screening and does not guarantee quality of products or services. Employers were also faced with “commercial” rankings published by private “for-profit” publications, which only added to the confusion. The problem for employers is that background screening is a critical function subject to intense legal regulation, and so the stakes are high. In 2010, the National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) took significant steps towards solving this perplexing problem with the creation of the Background Screening Agency Accreditation Program (BSAAP) that covers all areas related to the background screening process and, most important, is professional and objective and not based upon any commercial considerations. The BSAAP advances professionalism in the background screening industry through the promotion of best practices, awareness of legal compliance, and development of standards that protect consumers.

To read the full article on Trend #10, please visit: http://www.esrcheck.com/wordpress/2010/12/06/employment-screening-resources-top-ten-trends-in-background-screening-for-2011-no-10-new-accreditation-standards-help-employers-select-background-screening-firms/.

The Employment Screening Resources (ESR) Fourth Annual ‘Top Ten Trends in Background Screening’ for 2011 is available at: http://www.esrcheck.com/Top-Ten-Trends-In-Background-Screening-2011.php.

For more information on background screening or to purchase background checks, visit Employment Screening Resources (ESR) at http://www.ESRcheck.com.

Founded in 1996 in the San Francisco Bay area, Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. Employment Screening Resources is accredited by The National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). ESR was the third U.S. background check firm to be ‘Safe Harbor’ Certified for data privacy protection. To learn more about ESR’s Leadership, Resources, and Solutions, visit http://www.ESRcheck.com or contact Jared Callahan, ESR Director of Client Relations, at 415.898.0044 or jcallahan@ESRcheck.com.

ESR Background Screening Trend 8 for 2011: Increased Privacy Concerns Over Offshoring of Personally Identifiable Information (PII)

By Lester Rosen, Employment Screening Resources (ESR) President & Thomas Ahearn, ESR News Editor

Employment Screening Resources (ESR) Fourth Annual ‘Top Ten Trends in Pre-Employment Background Screening’ for 2011

Trend No. 8: Increased Privacy Concerns Over Offshoring of Personally Identifiable Information (PII)

A new background screening trend emerging in 2011 will be the increased concern over the “offshoring” of Personally Identifiable Information (PII) of U.S. consumers.

A recently signed California law appears to be the first in the United States to regulate the “offshoring” of Personally Identifiable Information (PII) of U.S. consumers collected for background checks, a controversial practice where private data of U.S. citizens – such as names, dates of birth, addresses, and Social Security numbers (SSNs) – is sent overseas, outside the United States and its territories, and beyond the reach of U.S. privacy laws.

In September 2010, Governor Arnold Schwarzenegger signed into law California Senate Bill 909 (SB 909), which addresses the issue of personal information being sent offshore. SB 909 – which takes effect January 1, 2012 to allow time for background check firms to provide new releases to employers or modify online language – amends the California Investigative Consumer Reporting Agencies Act (ICRA) that regulates background checks in California and requires that a consumer must be notified as part of a disclosure before the background check of the web address for “information about the investigative reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories.” In addition:

  • If a background check company does not have a web site, then the background check company must provide the consumer with a phone number where the consumer can obtain the same information.
  • The background check company’s privacy policy must contain “information describing its privacy practices with respect to its preparation and processing of investigative consumer reports.”
  • Background check companies in California (and firms that do business in California) must have a statement in their privacy policy entitled “Personal Information Disclosure: United States or Overseas” that indicates whether the personal information will be transferred to third parties outside the United States or its territories through the process of offshoring.
  • “Third parties” are defined in SB-909 as including, “but not being limited to, a contractor, foreign affiliate, wholly owned entity, or an employee of the investigative consumer reporting agency” and also requires a “separate section that includes the name, mailing address, e-mail address, and telephone number of the investigative consumer reporting agency representatives who can assist a consumer with additional information regarding the investigative consumer reporting agency’s privacy practices or policies in the event of a compromise of his or her information.”
  • In the event a consumer is harmed by virtue of a background check company negligently sending data offshore, SB-909 provides for damages to the consumer.

The practice of offshoring – whether personal information or jobs – can have a negative impact on network security since, for all intents and purposes, once Personally Identifiable Information (PII) is sent offshore outside the U.S. it is beyond the reach and protection of U.S. laws in cases involving identity theft or privacy issues. As reported earlier on ESR News, other states besides California have data privacy laws in effect, in legislation, or have voiced concerns over data privacy. For example:

As for the definition of Personally Identifiable Information (PII), the following are often used for the express purpose of distinguishing individual identity, and thus are clearly PII under the definition used by the U.S. Office of Management and Budget:

  • Full name
  • Birthday
  • Birthplace
  • Social Security Number (SSN)
  • Vehicle registration plate
  • Driver’s license number
  • Credit card number
  • National identification number
  • IP ( Internet Protocol) address
  • Face, fingerprints, or handwriting
  • Digital identity
  • Genetic information

In addition, according to a 2009 security survey of 350 network administrators and IT executives executed by Amplitude Research and commissioned by VanDyke Software, offshoring of Information Technology (IT) jobs can lead to increases in data breaches. The survey more than two-thirds (69 percent) of respondents felt outsourcing technical jobs offshore had a negative impact on network security, and 61 percent of workers at companies outsourcing IT jobs said their company had experienced a data breach.

The security survey naturally raises questions as to the safety of offshoring Personally Identifiable Information (PII) of American job applicants in order to prepare background checks. ConcernedCRAs, a group of more than 120 Consumer Reporting Agencies (CRAs), opposes the practice of offshoring Personally Identifiable Information (PII) of U.S. citizens outside the country to be processed beyond U.S. privacy laws.

A member of ConcernedCRAs, Employment Screening Resources (ESR) does not offshore Personally Identifiable Information (PII) and all domestic background checks are performed exclusively in the United States. ESR does all processing and preparation in the U.S. in order to protect applicants and employers, the only exception being when performing an international verification using information residing outside the U.S. ESR was also the third U.S. background screening firm to become “Safe Harbor” Certified for data privacy protection. See: https://safeharbor.export.gov/companyinfo.aspx?id=9239.

Before selecting a U.S. background check firm, employers should determine if that firm is processing information outside of the country. The risk is significant, even if the offshore facility is wholly owned or a subsidiary of a U.S. firm. An employer needs to have a full understanding of how data and privacy is protected once it leaves the U.S., and what duty is owed to job applicants in terms of notice that their PII is being sent abroad.

To read more about ‘Offshoring’ and ‘Personally Identifiable Information’ on ESR News, visit articles tagged at http://www.esrcheck.com/wordpress/tag/offshoring/ and http://www.esrcheck.com/wordpress/tag/personally-identifiable-information/.

Employment Screening Resources (ESR) is releasing the ESR Fourth Annual ‘Top Ten Trends in Pre-Employment Background Screening’ for 2011 throughout December. This is the Eighth of the Top Ten Trends ESR will be tracking in 2011. To see an updated list of ESR’s ‘Top Ten Trends in Pre-Employment Background Screening’ for 2011, visit: http://www.esrcheck.com/Top-Ten-Trends-In-Background-Screening-2011.php.  

Founded in 1996 in the San Francisco Bay area, Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. Employment Screening Resources is accredited by The National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). ESR was the third U.S. background check firm to be Safe Harbor’ Certified for data privacy protection. To learn more, visit http://www.ESRcheck.com or contact Jared Callahan, ESR Director of Client Relations, at 415.898.0044 or jcallahan@ESRcheck.com.

New CA Law Regulates Offshoring Personally Identifiable Information (PII) of Consumers Used in Background Checks

By Thomas Ahearn, ESR News Editor

A recently signed California law appears to be the first in the United States to regulate the “offshoring” of Personally Identifiable Information (PII) of U.S. consumers used during background checks – such as names, dates of birth, addresses, Social Security numbers (SSNs), and financial data – overseas and outside the U.S. and its territories.

In September 2010, Governor Arnold Schwarzenegger signed into law California Senate Bill 909 (SB 909), which addresses the issue of personal information being sent offshore. SB 909 – which takes effect January 1, 2012 to allow time for background check companies to provide new releases to employers or modify online language – amends the California Investigative Consumer Reporting Agencies Act (ICRA) that regulates background checks in California and requires that a consumer must be notified as part of a disclosure before the background check of the web address for “information about the investigative reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories.”

If a background check company does not have a web site, then the background check company must provide the consumer with a phone number where the consumer can obtain the same information. In addition, the background check company’s privacy policy must contain “information describing its privacy practices with respect to its preparation and processing of investigative consumer reports.” Specifically, background check companies in California (and firms that do business in California) must have a statement in their privacy policy entitled “Personal Information Disclosure: United States or Overseas” that indicates whether the personal information will be transferred to third parties outside the United States or its territories through the process of offshoring.

SB-909 defines “third parties” as including, “but not being limited to, a contractor, foreign affiliate, wholly owned entity, or an employee of the investigative consumer reporting agency” and also requires a “separate section that includes the name, mailing address, e-mail address, and telephone number of the investigative consumer reporting agency representatives who can assist a consumer with additional information regarding the investigative consumer reporting agency’s privacy practices or policies in the event of a compromise of his or her information.” In the event a consumer is harmed by virtue of a background check company negligently sending data offshore, SB-909  provides for damages to the consumer.

As reported earlier on ESR News, the practice of offshoring – whether personal information or jobs – can have a negative impact on network security since, for all intents and purposes, once personal information is sent offshore outside the U.S. it is beyond the reach and protection of U.S. laws in cases involving identity theft or privacy issues. Also, offshoring of Information Technology (IT) jobs can lead to increases in data breaches.

According to a 2009 security survey of 350 network administrators and IT executives executed by Amplitude Research and commissioned by VanDyke Software, more than two-thirds (69 percent) of respondents felt outsourcing technical jobs offshore had a negative impact on network security while only 9 percent felt it had a positive impact. In addition, the security survey found:

  • 25 percent of respondents in the survey belonged to companies that outsourced IT jobs to other countries.
  • Of these outsourcing firms, about half said their security had been negatively impacted and 61 percent said their company had experienced a data breach.
  • In contrast, only 35 percent of companies not outsourcing reported a data breach.

The security survey naturally raises questions as to the safety of sending Personally Identifiable Information (PII) of American job applicants offshore in order to prepare background checks. A group of more than 120 Consumer Reporting Agencies (CRAs) called ConcernedCRAs opposes the practice of offshoring Personally Identifiable Information (PII) of U.S. citizens outside the country to be processed beyond U.S. privacy laws.

A member of ConcernedCRAs, Employment Screening Resources (ESR) does not offshore Personally Identifiable Information (PII) and all domestic background checks are performed exclusively in the United States. ESR does all processing and preparation in the U.S. in order to protect applicants and employers, the only exception being when performing an international verification using information residing outside the U.S.

To read more about offshoring on ESR News, visit articles tagged ‘offshoring’ at: http://www.esrcheck.com/wordpress/tag/offshoring/.

To read California Senate Bill 909, visit: http://www.leginfo.ca.gov/pub/09-10/bill/sen/sb_0901-0950/sb_909_bill_20100929_chaptered.pdf.

Founded in 1996 in the San Francisco Bay area, Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. Employment Screening Resources is recognized by The National Association of Professional Background Screeners (NAPBS®) as Background Screening Credentialing Council (BSCC) Accredited for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit http://www.ESRcheck.com or contact Jared Callahan, ESR Director of Client Relations and Business Development, at 415.898.0044 or jcallahan@ESRcheck.com.

Ohio Governor Issues Executive Order Prohibiting Use of Public Funds for Practice of Offshore Outsourcing Known as Offshoring

By Thomas Ahearn, ESR News Blog

Ohio Governor Ted Strickland has issued an executive order that prohibits the expenditure of public funds for services provided offshore and beyond the boundaries of the United States and its territories – a practice known as Offshore Outsourcing or “Offshoring” – a move that is a reaction to public outcry after a El Salvadoran call center was used for Ohio’s appliance rebate program, according to a report on Cleveland.com.

A press release on the Office of the Governor website at Governor.Ohio.gov reveals that the state’s Department of Development awarded a $357,300 contract to a Texas-based service provider in March 2010 to assist with the agency’s implementation of the $11 million federal stimulus-funded appliance rebate program which rewarded consumers with federal stimulus dollars when they bought energy-efficient appliances.

Despite state procurement requirements designed to restrict service providers from using public funds for offshore labor – in particular, an Ohio Department of Administrative Services (DAS) directive that requires agencies to ask potential vendors to list all locations where the services will be performed – the contract was awarded to a company that practiced “offshoring” and used offshore labor.

The company in Texas never told state officials in Ohio it would use a foreign call center, and the state did not require the information with bids. State officials learned about the call center from an Ohio resident who asked a call center employee where the operation was located, according to the press release.

“Ohio’s policy has been – and must continue to be – that public funds should not be spent on services provided offshore,” Strickland states in the Executive Order.  “Throughout my Administration, procurement procedures have been in place that restrict the purchase of offshore services.”

In June 2008, Strickland signed an executive order (E.O. 2008-12S) that implemented Think Ohio First practices promoting economic development by maximizing the use of Ohio businesses when agencies conduct purchases. 

The full text of the governor’s Executive Order 2010-09S “Banning the Expenditure of Public Funds for Offshore Services” appears in the press release:

  • 1. Ohio’s Economic Vitality Necessitates Constant Vigilance in State Job Creation Efforts.  State officials and employees must at all times remain passionately focused on initiatives that will create and retain jobs in the United States in general and in Ohio, in particular, and must do so especially during Ohio’s continuing efforts to recover from the recent global recession.
  • 2. No Public Funds Should be Spent on Services Provided Offshore.  Allowing public funds to pay for offshore services undermines economic development objectives and any such offshore services carry unacceptable quality and security risks. a. The Purchase of Offshore Services with Public Funds Undermines Economic Development and Other Job Creation and Retention Objectives.  The expenditure of public funds for services provided offshore deprives Ohioans and other Americans critical employment opportunities.  It also undermines efforts to attract businesses to Ohio and retain them in Ohio, initiatives in which the State has invested heavily. b. The Purchase of Offshore Services Has Unacceptable Business Consequences.   The use of offshore service providers could pose unacceptable data security, and thus privacy and identity theft risks.  There are pervasive service delivery problems with offshore providers, including dissatisfaction with the quality of their services and with the fact that services are being provided offshore.  It is difficult and expensive to detect illegal activity and contract violations and to pursue legal recourse for poor performance or data security violations.  The State’s use of offshore service providers ill-serves the people of Ohio who are the primary consumers of the services provided by the State.
  • 3. Ohio’s Policy Has Been – and Must Continue To Be – That Public Funds Should Not Be Spent on Services Provided Offshore. Throughout my Administration, procurement procedures have been in place that restrict the purchase of offshore services.  Despite these requirements, federal stimulus funds were recently used to purchase services from a domestic company which ultimately provided some of those services offshore.  This incident was unacceptable and has caused me, through this Order, to redouble my commitment to ensure that public funds are not expended for offshore services.
  • 4. Additional Steps Will Ensure that Public Funds Are Not Spent on Services Provided Offshore.  In order to ensure that the State of Ohio makes no expenditures for services provided offshore, I hereby order the following: a. No Cabinet Agency, Board or Commission (Executive Agency) shall enter into any contract which uses any funds within its control to purchase services which will be provided outside the United States.  This Order applies to all funds in the custody of an Executive Agency, be they from state, federal, philanthropic or private sources.  It applies to all purchases of service made directly by an Executive Agency and services provided by sub-contractors of those providing services purchased by an Executive Agency. b. This Executive Order will be personally provided, by the Director, Chair or other chief executive official of each Executive Agency, to the Chief Procurement Officer or other individual at that entity responsible for contracts for services. c. The Department of Administrative Services, through Ohio’s Chief Procurement Officer (OCPO), shall have in place, by August 31, 2010, procedures to ensure all of the following: i. All agency procurement officers, or the person with equivalent duties at each Executive Agency (APOs), have standard language in all Executive Agency contracts which: (a) Reflect this Order’s prohibition on the purchase of offshore services. (b) Require service providers or prospective service providers to: (i) Affirm that they understand and will abide by the requirements of this Order. (ii) Disclose the location(s) where all services will be performed by any contractor or subcontractor. (iii) Disclose the locations(s) where any state data associated with any of the services they are providing, or seek to provide, will be accessed, tested, maintained, backed-up or stored. (iv) Disclose any shift in the location of any services being provided by the contractor or any subcontractor. (v) Disclose the principal location of business for the contractor and all subcontractors who are supplying services to the state under the proposed contract. ii. All APOs are ensuring that all quotations, statements of work, and other such proposals for services affirm this Order’s prohibition on the purchase of offshore services and include all of this Order’s disclosure requirements. (a) Any such proposal for services lacking the affirmation and disclosure requirements of this Order will not be considered. (b) Any such proposal where the performance of services is proposed to be provided at a location outside the United States by the contractor or any sub-contractor, will not be considered. iii. All procurement manuals, directives, policies, and procedures reflect the requirements of this Order. iv. All APOs have adequate training which addresses the terms of this Order.
  • 5. Exceptions.  Nothing in this Order is intended to contradict any state or federal law.  In addition, this Order does not apply to: a. Services necessary to support the efforts of the Department of Development Global Markets Division to attract jobs and business to the State of Ohio, including incidental services for the support of trade missions, payment of international staff, and services necessary for the operation of international offices. b. Academic, instructional, educational, research or other services necessary to support the international missions of Ohio’s public colleges and universities.
  • 6. I signed this Executive Order on August 6, 2010 in Columbus, Ohio and it will not expire unless rescinded.                                    

            Ted Strickland, Governor

Banning the practice of offshoring where public funds are concerned – like the governor of Ohio issuing an executive order prohibiting use of public funds for outsourcing – may seem like a no brainer to many, but according to a blog on The Economic Populist the use of taxpayer dollars to offshore outsource jobs happens every day, from food stamp and unemployment support to large software design projects.

The Economic Populist blog also notes that as a result of the State awarding a stimulus contract to support the appliance rebate program to a contractor that practiced offshoring, workers in El Salvador were able to come into contact with the personal and sensitive financial data – also known as Personally Identifiable Information (PII) – of people from Ohio.

The controversial practice of “offshoring” has come to the attention of other states as well. As reported earlier on the ESR News Blog, California Governor Arnold Schwarzenegger recently signed into law California Senate Bill 909 (SB 909), which appears to be the first law in the nation that addresses the issue of personal information being sent offshore outside the United States or its territories.

SB 909 amends the California Investigative Consumer Reporting Agencies Act (ICRA) that regulates background checks in California and requires that a consumer must be notified as part of a disclosure before the background check of the web address where a consumer “may find information about the investigative reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories.”

While SB 909 does not prohibit offshoring when it comes to background checks, the law will require a disclosure in the privacy statement of the background check firm’s website, as well as a link to that privacy statement.

Employment Screening Resources (ESR) does not offshore information contained in background check reports and is a member of Concerned CRAs, a group of Consumer Reporting Agencies (CRAs) that oppose the practice of offshoring information of U.S. citizens outside the country.

For more information, visit the ESR News Blog articles tagged “offshoring” at http://www.esrcheck.com/wordpress/tag/offshoring/.

Employment Screening Resources (ESR) is the company that wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. ESR is recognized as Background Screening Credentialing Council (BSCC) Accredited by the National Association of Professional Background Screeners (NAPBS®) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit http://www.ESRcheck.com.

Sources:
http://governor.ohio.gov/Default.aspx?tabid=1753
http://www.cleveland.com/business/index.ssf/2010/08/no_public_funds_for_outsourcin.html
http://www.economicpopulist.org/content/ohio-bans-use-public-funds-offshore-outsourcing
http://www.concernedcras.com/no_offshoring.htm
http://www.esrcheck.com/wordpress/2010/09/30/hot-off-the-press-new-california-law-on-background-checks-appears-to-be-first-law-in-u-s-to-regulate-offshoring-of-personal-data-overseas/

Senator Sends Letters to Social Networking Sites Facebook and MySpace after Wall Street Journal Reports Privacy Breach

By Thomas Ahearn, ESR News Blog

Senator John D. (Jay) Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, has sent letters to the heads of two popular social networking sites – Facebook CEO Mark Zuckerberg and MySpace President Michael Jones – requesting more information about privacy breaches recently reported in the Wall Street Journal (WSJ), according to a press release from the Senator that includes the text of both letters.

Senator Rockefeller states in both letters that he is troubled by a recent Wall Street Journal investigation report that revealed the practice of Facebook, MySpace, and affiliated applications (or “apps”) transferring user IDs and user personal information to marketing firms, tracking companies, and third-party advertisers without their knowledge. As reported by the WSJ:

  • Third-party applications have transferred Facebook users’ personal information to marketing firms, data brokers and tracking companies. This violates Facebook’s explicitly stated privacy policy.
  • MySpace has shared user IDs with third-party advertisers. This has happened after users clicked on advertisements or accessed affiliated third-party applications.

Senator Rockefeller is quoted in the press release saying that these reports “raise serious questions about social networking sites’ commitment to enforcing their own privacy policies on behalf of consumers” and that, as Chairman of the Senate Commerce Committee, he intends to “find out whether today’s social networking sites are adequately protecting their users’ personal information.”

In the letter to Facebook CEO Mark Zuckerberg, Senator Rockefeller requests answers – with specificity – to the following questions:

  • 1) How does Facebook enforce its Privacy Policy relating to affiliated application operators and websites? What logistical protocols are in place to promote maximum compliance? What resources, including the number of personnel, does Facebook dedicate to monitoring and enforcing application operators’ compliance with its Privacy Policy?
  • 2) What penalties does Facebook impose on application operators and websites that violate the company’s Privacy Policy? Are offending application operators allowed to continue to do business with Facebook?
  • 3) Does Facebook take steps to retrieve information from application operators found in violation of the company’s Privacy Policy?
  • 4) The Journal article quotes a Facebook official that asserts the company has “taken steps… to significantly limit RapLeaf’s ability to use any Facebook-related data.” What exactly does this mean?
  • 5) According to the Journal article, there appears to be a pattern of privacy infractions involving Facebook applications. Specifically, what other past problems has Facebook encountered with regard to applications, and what steps did Facebook take to rectify them? Are these applications still available on Facebook’s platform?
  • 6) To the extent that personal data has been shared in violation of Facebook’s Privacy Policy, what steps has Facebook taken to notify individual users as to the specific information that has been mishandled, and who has had access to that information?

In the letter to MySpace President Michael Jones, Senator Rockefeller requests answers – again, with specificity – to the following questions:

  • 1) Why does MySpace’s Privacy Policy place the responsibility on Members to control their personal information when interacting with affiliated apps and advertisers, when other social networking sites have more restrictive policies that better protect consumer privacy?
  • 2) Why does MySpace’s Privacy Policy assert that the company “does not control” and “cannot dictate” the actions of third-party applications on how they retrieve and use Members’ information when other social networking sites impose limits on the use of such information?
  • 3) The definition of PII is very narrow and does not capture a range of consumer information – such as user IDs – that could be used to identify MySpace Members. Please explain the rationale behind this narrow definition of PII and how it differs from personal information that is considered non-PII.
  • 4) How does MySpace reconcile the explicit terms of its own Privacy Policy with the Journal’s report that the company “had pledged to discontinue the practice of sending personal data” to ad networks and similarly prohibited third-party application operators from doing so?
  • 5) If MySpace has publicly pledged to prohibit such information transfers, how has this prohibition been enforced and what plans does MySpace have in place to effectively enforce its policy in the future?

The protection of Personally Identifiable Information (PII) of individuals – such as names, birthdates, addresses, identification such as Social Security Numbers (SSN) and driver’s licenses, and financial data – should be reflected in the Privacy Policy of every company.

Employment Screening Resources (ESR) does not re-sell or “offshore” Personally Identifiable Information (PII) of individuals and all domestic background checks are performed exclusively in the United States. Once Personally Identifiable Information is offshored and leaves the U.S., the PII is beyond the reach of U.S. privacy laws. A large number of background screening firms have also taken a position against offshoring Personally Identifiable Information at http://www.concernedcras.com/no_offshoring.htm.

For more information about Employment Screening Resources (ESR), visit http://www.ESRcheck.com.

Employment Screening Resources (ESR) literally wrote the book on background checks with ‘The Safe Hiring Manual’ by ESR founder and President Lester Rosen. ESR is recognized as Background Screening Credentialing Council (BSCC) Accredited by the National Association of Professional Background Screeners (NAPBS®) for proving compliance with the Background Screening Agency Accreditation Program (BSAAP). For more information about Employment Screening Resources, visit http://www.ESRcheck.com.

Source:
http://commerce.senate.gov/public/index.cfm?p=PressReleases&ContentRecord_id=c26b5c34-cf19-4d8a-93aa-d9a29b749337

WSJ Investigation Finds Facebook in Privacy Breach with Personally Identifiable Information (PII) of Users

 By Thomas Ahearn, ESR News Blog

A recent Wall Street Journal (WSJ) investigation (see WSJ article ‘Facebook in Privacy Breach’) has found many of the most popular “apps” (applications) on the world’s most popular social networking site, Facebook.com, have been transmitting Personally Identifiable Information (PII) of tens of millions of users – such as names and names of friends – to advertising and Internet tracking companies.

After a WSJ investigation showed that personal IDs were being transmitted to third parties via “apps” – pieces of software that let Facebook’s more than 500 million users play games or share common interests with one another – a Facebook spokesman said the social networking site would take steps to “dramatically limit” the exposure of the PII of users. The WSJ found that all of the 10 most popular apps on Facebook were transmitting PII. 

According to the WSJ investigation, the information transmitted – the unique “Facebook ID” number assigned to every user on the site –is a public part of any Facebook profile that anyone can use to look up names of users even if they have set their Facebook information to be private. For those profiles set to share information with “everyone,” the Facebook ID reveals data including age, residence, job occupation, and photos.

As defined on Wikipedia.com, “Personally Identifiable Information (PII), as used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.”

In addition, Personally Identifiable Information “has become much more important as information technology and the Internet have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to plan a person’s murder or robbery, among other crimes. As a response to these threats, many web site privacy policies specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII.”

According to Wikipedia, the following are often used for the express purpose of distinguishing individual identity, and thus are clearly PII under the definition used by the U.S. Office of Management and Budget:

  • Full name (if not common)
  • National identification number
  • IP address (in some cases)
  • Vehicle registration plate
  • Driver’s license number
  • Face, fingerprints, or handwriting
  • Credit card number
  • Digital identity
  • Birthday
  • Birthplace
  • Genetic information

The following are less often used to distinguish individual identity, because they are traits shared by many people. However, they are potentially PII, because they may be combined with other personal information to identify an individual.

  • First or last name, if common
  • Country, state, or city of residence
  • Age, especially if non-specific
  • Gender or race
  • Name of the school they attend or workplace
  • Grades, salary, or job position
  • Criminal record

For more information about PII, please visit Employment Screening Resources (ESR) News Blog for posts tagged ‘personally identifiable information’ at: http://www.ESRcheck.com/wordpress/tag/personally-identifiable-information/

For more information about background checks, visit Employment Screening Resources (ESR) at http://www.ESRcheck.com.

Sources:

http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html

http://en.wikipedia.org/wiki/Personally_identifiable_information

New California Law on Background Checks Appears to be First Law in U.S. to Regulate Offshoring of Personal Data Overseas

By Thomas Ahearn, ESR News Blog

On September 29, 2010, Governor Arnold Schwarzenegger signed into law California Senate Bill 909 (SB 909), which appears to be the first law in the nation that addresses the issue of “offshoring” where the personal information of American consumers in sent offshore and outside the United States of its territories.

Authored by State Senator Rod Wright (D – Inglewood), SB 909 amends the California Investigative Consumer Reporting Agencies Act (ICRAA) that regulates background checks in California. The bill requires that a consumer must be notified as part of a disclosure before the background check of the web address where a consumer “may find information about the investigative reporting agency’s privacy practices, including whether the consumer’s personal information will be sent outside the United States or its territories.”

If a background screening firm does not have a web site, then the background screening firm must provide the consumer a phone number where the consumer can obtain the same information. The background screening firm’s privacy policy must contain “information describing its privacy practices with respect to its preparation and processing of investigative consumer reports.”

Specifically, SB 909 requires that background screening firms in California (and firms that do business in California) must have a statement in their privacy policy entitled “Personal Information Disclosure: United States or Overseas” that indicates whether the personal information will be transferred to third parties outside the United States or its territories.

SH 909 defines “third parties” as including, “but not being limited to, a contractor, foreign affiliate, wholly owned entity, or an employee of the investigative consumer reporting agency.” The bill also requires a “separate section that includes the name, mailing address, e-mail address, and telephone number of the investigative consumer reporting agency representatives who can assist a consumer with additional information regarding the investigative consumer reporting agency’s privacy practices or policies in the event of a compromise of his or her information.”

In the event a consumer is harmed by virtue of a background screening firm negligently sending data offshore, the bill provides for damages to the consumer.

SB 909 takes effect January 1, 2012.  This will presumably allow time for background screening firms to provide new releases to employers, or to modify the language on online systems. The full text is available at: http://www.leginfo.ca.gov/pub/09-10/bill/sen/sb_0901-0950/sb_909_bill_20100929_chaptered.pdf.

ESR Does Not Offshore

Employment Screening Resources (ESR) does not offshore personal data, and all domestic background checks are performed exclusively in the United States. ESR will provide more a detailed analysis of this new law in upcoming blogs. For more information about background checks, visit http://www.esrcheck.com/.

Sources:
http://gov.ca.gov/press-release/16089/
http://www.leginfo.ca.gov/pub/09-10/bill/sen/sb_0901-0950/sb_909_bill_20100929_chaptered.pdf

New Twist on Outsourcing in Japan: Sending Workers Offshore to Cheaper Locations

By Lester Rosen, ESR President

In a number of blogs, Employment Screening Resources (ESR) has discussed why employer should very carefully consider the dangers of utilizing an employment screening process that sends applicant data off-shore for processing.  Such a practice puts the employer at risk.  Making Personal and Identifiable Information (PII) available to off-shore operator beyond the reach of U.S. privacy laws is a completely unnecessary risk, not to mention the lack of quality control and standards.

In a new twist on off shoring, the global edition of the New York Times reported on July 22, 2010 that Japanese companies are trying to save money by off shoring Japanese workers to cheaper locations in Asia.  Some Japanese firms have found that they cannot use foreign Japanese speakers because the service quality does not match customer expectations, and even foreign workers with a good command of the Japanese language may not understand the nuisances of politeness and manners of Japanese customers.

Although the wages are lower for Japanese workers that allow themselves to be outsourced and off shored, the lower cost of living may allow worker to save money and provide an interesting experience.

It appears that U.S. firms that off shore to foreign countries have also found that even though foreign English speakers are cheaper, the customer experience may often be lacking.  Partly for that reason, many U.S. firms have brought call center work back to the U.S.

ESR does NOT send U. S. applicant information outside of the U.S. for processing.  Once data leaves the U.S., the data is beyond the reach of U.S. privacy laws and there is a lack of privacy protections.  Sending data outside the U.S. put applicants and employers at great risk with no meaningful upside for employers.  As a practical matter, someone in the U.S. has no ability to hire a lawyer in a foreign country to pursue legal action or contact a foreign police authority to get any action taken if their identity of PII is compromised.  The only exception is where ESR is asked to perform an international verification and the information resides outside of the U.S. Even in that situation, ESR goes to great length to protect applicant data by going directly to the school or employer.  If it is necessary to have a researcher do research in a foreign country, ESR only releases the minimum information absolutely necessary.

A large number of screening firms have also taken a position against off shoring data.  See:  http://www.concernedcras.com/no_offshoring.htm.

For more information on background checks and outsourcing, visit Employment Screening Resources (ESR) at http://www.esrcheck.com.

Source:

http://www.nytimes.com/2010/07/22/business/global/22outsource.html

MA Regulations Require Businesses to Have Information Security Program to Protect Personal Information

The Massachusetts Offices of Consumer Affairs and Business Regulations (OCABR) recently passed regulations that went into effect March 1, 2010 and are aimed at safeguarding the personal information of Massachusetts residents by requiring a business to have a Written Information Security Program (WISP) to protect personal information.

The STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH cover any business that “receives, stores, maintains, processes, or otherwise has access to personal information in connection with the provision of good or services or in connection with employment.”

The rules defined personal information as a Massachusetts resident’s name combined with a social security number, driver’s license or state issued ID card, or a financial account.

The regulations also apply to third parties and require that there be contracts to ensure that the regulations are implemented and maintained, although the contracts did not need to be updated before March 1, 2012. It appears that Massachusetts takes the position that the rules apply to out of state firms that handles personal information as well.

A business that is regulated by these rules must have and implement a comprehensive Written  Information Security Policy, or WISP. The rules do not specify exact policies but provides minimum requirements and indicates a business should take certain a number of factors into account such as the kind of records it maintains and the risk of identity theft.

Some of the things a business must do includes a review of foreseeable internal and external risks, evaluation and improvement of safeguards, policies for employee access outside of the business, implementing security measures such as password control and up to date firewall, employee training, ensuring that terminated employees cannot access confidential data as well as disciplinary measures for violations of the regulations.

This new law has been described as the toughest in the nation, and should go a long ways toward improving privacy and data security and fighting identity theft. A text of the new regulations can be viewed at: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf.

With these strict information security regulations now in effect in Massachusetts, employers need to ensure that their background screening firms are in compliance, Employment Screening Resources (ESR) — a leading background check provider — maintains compliance with the new private information protection in Massachusetts. For more information on privacy and data security as it relates to background checks, contact Employment Screening Resoruces at http://www.ESRcheck.com.

Source: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf

A text of the new regulations can be viewed at: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf.

Ex-School Official Fined for Running Unauthorized Background Checks on Athletes, Celebrities, and Politicians

A story from Massachusetts concerning a former school official agreeing to pay a fine for using school computers to run unauthorized background checks on celebrities, pro athletes, and politicians underscores the need for employers to have policies prohibiting workers from searching files and databases without a bona fide business necessity.

According to reports on Boston.com, a former school official in Lawrence, MA agreed to pay a $5,000 fine for his use of the school district’s computers to conduct approximately 400 unauthorized background checks on various people including major league baseball players David Ortiz and Johnny Damon, actors Michael Chiklis and Hugh Laurie, and Governor of Massachusetts Deval Patrick. In the settlement, the ex-school official admitted to violating a conflict-of-interest law by repeatedly running unauthorized background checks to access the personal information of hundreds of people in a manner not related to his job and for his own private purposes, according to the Boston Globe.

In this Age of Information, such “unauthorized browsing” by employees could lead to embarrassing stories such as this, and employers dealing with the personally identifiable information (PII) of consumers – such as names, birth dates, addresses, and social security numbers – should have written policies and procedures to instruct employees on appropriate and inappropriate use of consumer information. Such documentation should include a statement of appropriate use as being limited to business purposes only and include a prohibition on unauthorized browsing.

The acceptable use of technology is an important aspect of doing business today. Rules concerning the use of technology can protect businesses from identity theft and fraud, virus attacks, compromise of network systems and services, and legal issues. These rules would also help protect consumers, employees, partners, clients, and vendors.

Employment Screening Resources (ESR) – a leading Consumer Reporting Agency (CRA) that provides background checks – protects the personal information of consumers with an “Anti-Browsing” policy that prohibits unauthorized browsing. For information on background checks, as well as the appropriate use of consumer PII, visit ESR at http://www.esrcheck.com.

Sources:

http://www.boston.com/news/local/massachusetts/articles/2010/06/14/ex_lawrence_school_official_fined_5000/

http://www.boston.com/news/local/massachusetts/articles/2010/06/15/ex_school_aide_admits_to_snooping_on_celebrities/?camp=obinsite