Tag Archives: personally identifiable information

New Legislation Would Make Companies Inform Customers When Calls Outsourced Outside U.S.

By Thomas Ahearn, ESR News Staff Writer

Ever wonder if the customer service call center at the other end of your phone is located in the U.S., or what foreign country it is located in if outside of the U.S.?

Newly proposed legislation would make companies inform customers when their calls are being transferred outside the United States and charge companies for those transferred calls in an effort to maintain call center jobs currently in the United States and provide a reason for companies that have already outsourced call center jobs to bring them back.

According to a press release on Senator Charles E. Schumer’s (D-NY) website, the new legislation would require companies that transfer calls to foreign call centers to disclose to the caller that their call is being transferred to a particular country. The disclosure requirement would also force companies to annually certify to the Federal Trade Commission (FTC) that they are fully complying with this requirement or otherwise be subject to civil penalties that the FTC would prescribe.

In addition, since 800 numbers are often transferred overseas without the caller’s knowledge, the bill would impose a $0.25 excise tax on any customer service call placed inside the United States which is then transferred to an agent in a foreign location, with the fee being assessed on the company that transferred the call.

While the bill’s major aim would be to reduce the outsourcing of U.S. jobs, another benefit could be greater protection against identity theft, since the personally identifying information (PII) of American consumers — such as names, birth dates, addresses, social security numbers, and financial information — would not be offshored as often to call centers in foreign countries beyond the reach of U.S. identity theft and privacy laws.

Employment Screening Resources (ESR) — a member of Concerned CRAs, a group of Consumer Reporting Agencies (CRA) concerned that certain data practices place the personal information of consumers at risk — does not outsource domestic background screening services outside of the U.S. in order to protect the PII contained in background screening reports. ESR believes that sending such personal information offshore places both applicants and employers at risk and should be avoided when possible. If PII is sent to countries outside the U.S., applicants and employers should be made aware of this practice. 

For more information on personally identifiable information, offshoring, and identity theft, visit Employment Screening Resources (ESR) at http://www.esrcheck.com.



Study Finds Identity Theft and Fraud Increased 12 Percent in 2009, Affecting Over 11 Million Americans

By Thomas Ahearn, ESR Staff Writer

As further proof that identity theft and fraud is a fast-growing crime that shows no sign of slowing down, a recent survey found that the number of identity theft and fraud victims in the United States increased 12 percent to affect 11.1 million adults in 2009, while the total annual fraud amount in the country increased by 12.5 percent to $54 billion.

The recently released 2010 Identity Fraud Survey Report — independently produced by Javelin Strategy & Research for the past seven consecutive years — also found that protection of data by consumers and businesses helped identity theft victims decrease the time needed to resolve fraud while also reducing or eliminating costs for consumers.

According to the survey, the average fraud resolution time dropped 30 percent to 21 hours. In addition, nearly half of identity theft and fraud victims filed police reports, which doubled the reported arrests, tripled the prosecutions, and doubled the percentage of convictions associated with identity theft and fraud in 2009.

Other key survey findings included the following:

  • Small business owners should exercise caution since they suffered identity fraud at one-and-a-half times the rate of other adults, mostly due to the fact that small office and home office business owners use personal accounts when making business transactions and make more transactions than typical adults.
  • Javelin believes the 12 percent increase in the number of identity fraud incidents from 2008 to 2009 — the highest level since the survey started in 2003 — may be due to the recent Great Recession since, historically, higher rates of fraud occur during tough economic times.
  • Data breaches continued to compromise personal information, with the Full Name (63 percent) and Physical Address (37 percent) continuing to be the identification most likely to be compromised in a data breach. Health Insurance Information, with a year-over-year increase of 4 percent, is increasingly being targeted.
  • Consumers between the ages of 18 and 24 (also known as “Millennials”) are the slowest to detect identity theft and fraud, taking nearly twice as many days to detect identity theft and fraud compared to other age groups. They are also the least likely to monitor their accounts and are victims for longer periods of time.

Overall, the number of identity theft and fraud victims in the U.S. in 2009 grew to nearly 5 percent of the population. Since businesses are helping to prevent identity theft, protect consumer identities, and respond to fraud incidents, consumers are benefitting as a result and out of pocket costs reached an all-time low of $373 in 2009, according to the survey.

Along with businesses, consumers can play a key role in preventing, detecting, and resolving identity theft and fraud committed against them. Recommendations for prevention, detection, and resolution of identity theft and fraud include:

  • Preventing criminal access to paper documents;
  • Preventing high-tech criminal access to information online;
  • Detecting unauthorized activity in existing information;
  • Detecting fraudulent establishment of new accounts, and;
  • Reporting problems immediately and taking advantage of loss protection offers.

For more information about the fast-growing problem of identity theft and fraud, visit http://www.esrcheck.com/wordpress/tag/identity-theft to read the latest news on the subject. Employment Screening Resources (ESR) will post additional information in the future on how to prevent and protect against identity theft and fraud.

Source: https://www.javelinstrategy.com/news/831/92/Javelin-Study-Finds-Identity-Fraud-Reached-New-High-in-2009-but-Consumers-are-Fighting-Back/d,pressRoomDetail

Off shoring IT jobs lead to dramatic increases in Data Breaches per survey

By Les Rosen, Employment Screening Resources

A recent survey quoted in Security Management Magazine demonstrates the risk to privacy and data protection when it comes to “off shoring.”  According to a new survey, of the firms that outsourced IT jobs to other counties, about half indicted that their security has been negatively impacted. And 61 percent indicated their company had experienced a data breach.  The study noted data breaches occurred in just 35 percent of the companies that do not send IT jobs outside of the U.S.  The story, and more information about the study,  is available at:  http://www.securitymanagement.com/article/outsourcing-risk-006564 

This survey naturally raises questions as to the safety of sending Personally Identifiable Information (PII) of American job applicants off shore in order to prepare background checks.  A group  called ConcernedCRA now has more than 120 screening firms that have signed on to a standard that opposes sending Personally Identifiable Information (PII) offshore beyond U.S. privacy laws to be processed.  See http://www.concernedcras.com/.  A bill was introduced into Congress in June 2009 that would limit the offshoring of data without notice in the financial sector.  A shocking undercover investigation by the BBC in 2009 showed just how easy it was to purchase PII from a call center in India. Of course, identity theft can occur in the U.S., but once data physically goes beyond U.S. privacy laws, consumers have less resources and recourses. 

Employment Screening Resources (ESR) does NOT send U. S. applicant information outside of the U.S. for processing.  ESR takes the position that once data leaves the U.S., the data is beyond the reach of U.S. privacy laws and there is no meaningful recourse for a U.S. consumer.  ESR does all processing and preparation in the U.S.  in order to protect applicants and employers.  In some countries, it is a well known fact that U.S. identities are stolen and used for identity theft.  As a practical matter, someone in the U.S. has no ability to hire a lawyer in a foreign country to pursue legal action or contact a foreign police authority to get any action taken.  The only exception is where ESR is asked to perform an international verification and the information resides outside of the U.S.  Even in that situation, ESR goes to great length to protect applicant data. 

The bottom-line:  Before selecting a screening firm determine if that firm is processing information outside of the U.S. The risk is significant, even if the off shore facility is wholly owned or a subsidiary of a U. S. firm. An employer needs to have a full understanding of how data and privacy is protected once it leaves the U.S., and what duty is owed to job applicants in terms of notice that their data is going abroard.

2010 Trend is focus on privacy and data protection

By Les Rosen, Employment Screening Resources

2010 Trends in Screening–Trend Three:

Employment Screening Resources (ESR), a leading national online employment screening background firm, is releasing the ESR “Third Annual Top Ten Trends in the Pre-Employment Background Screening Industry” for 2010.   This is the THIRD of the ten trends ESR will be tracking in 2010.  The ten trends will be released over the next three weeks:

3. Focus on privacy and data protection

Heating up even further in 2010 will be issues surrounding data protection and privacy.  The issues are moving beyond network security  and there is beginning to be an examination about where the data is actually going for processing. 

 The two top issues — sending data offshore or to home workers.  A group  called ConcernedCRA now has more than 120 screening firms that have signed on to a standard that opposes sending Personally Identifiable Information (PII) offshore beyond U.S. privacy laws to be processed.  See http://www.concernedcras.com/  A bill was introduced into Congress in June  2009 that would limit the offshoring of data without notice in the financial sector.  A shocking undercover investigation by the BBC in 2009 showed just how easy it was to purchase PII from a call center in India. 

Of course, identity theft can occur in the U.S., but once data physically goes beyond U.S. privacy laws, consumers have less resources and recourses.  Equally of concern to applicants is the use of home workers, where a consumer’s PII may be spread across kitchen tables and dorms rooms throughout America and be visible to who knows who.  Because of concerns over identity theft and data protection, employers will start to be more concerned with where applicant data is physically located. Part of this trend will be continued state efforts to remove or protect private information.  An example in 2009:  There was a new law in Utah that prohibits PII from being required too early in the hiring process.

International background checks and data and privacy protection

An important consideration when U.S. screening firms do international background checks are the application of foreign privacy laws regarding the manner in which information is obtained, transmitted, and utilized. The central issues are data privacy and protection. The European Union (EU) has extensive privacy laws that affect U.S. employers and screening firms.  These rules went into effect in 1998. The European privacy rules impact the transmissions of “personally identifiable data” from offices in EU countries to businesses in the U.S.

Firms that acquire data on individuals from EU member countries without compliance with the EU rules can be in violation of EU law. This can have a serious impact on international firms or firms that do business in an EU country.

 However, American firms that develop a privacy policy may enter what is called a “Safe Harbor” by certifying a privacy policy that includes adequate mechanisms to protect confidential personal data. The program is administered by the U.S. Department of Commerce. 

A firm can become Safe Harbor certified by following the guidelines listed at the Department of Commerce.  Information can be obtained at http://www.export.gov/safeharbor/ 

Employment Screening Resources was just the third background screening firm in the U.S. to receive Safe Harbor Certification from the Department of Commerce.  

ESR provides international background checks all over the world, including criminal records, and employment and education verifications.  ESR’s president Lester Rosen was the keynote speaker at the first international background screening conference held in India in 2007, and has traveled to a number of countries to investigate background screening. ESR also published the first comprehensive white paper on international background checks as part of the book, “The Safe Hiring Manual.”   

For more information on international employee screening services, see, see: http://www.esrcheck.com/international.php

Privacy and Data Protection in Background Check Screening Reports

Because background reports and background release forms contains sensitive and confidential information, efforts must be made to keep the contents private and confidential and only available to decision-makers directly involved in the hiring process.

The Report itself, along with the Release and Authorization forms signed by the applicant, should be maintained separately from the employee’s personnel file. They should be kept in a relatively secured area, in the same fashion that medical files or sensitive employee matters are kept. These reports should definitely not be made available to supervisors or managers other than those in the hiring approval process. For example, during periodic performance appraisals, an employer would not want a supervisor to have access to a non-performance-related confidential background report.

For screening firms with advanced internet systems, there is no need to physically download the report. It is available online. However, an employer needs to be assured that the screening firm has appropriate internet and data security, and the employer needs to maintain a system of strong password protections. It is important that authorized users do not share passwords with those not authorized, nor reveal the password in any manner. Some screening firms require the user to change passwords periodically as a security measure and to sign security agreements.

Typically, reports are returned to either Human Resources or Security Departments. Reports are reviewed for any negative information. If the report is clear, then the hiring manager is notified and the hiring proceeds. If there is a red flag or derogatory information, then the information itself is shared with the appropriate decision-makers. The physical report, however, should normally stay with HR or Security. This protects against confidential information wrongfully being made known generally within the company if reports are transmitted between departments either by means of a paper copy or electronically.

The question arises as to how long records and documents should be maintained after separation. Unlike Canada where privacy laws encourage the destruction of confidential data when no longer needed, there are no U.S. requirements that materials related to background screening be destroyed.  In fact, there are a number of state and federal laws that control document retention, and labor attorneys will typically advise employers on how long various documents must be retained. However, for purposes involving safe hiring and background screening, the recommendation by ESR is six years. The FCRA was amended in 2003 to lengthen the statue of limitations under the act to as long as five years. In addition, state laws often allow a one-year period to file and serve a lawsuit. As a workable general rule, a six-year retention period should serve employers, with the six years running from the termination of employment or, if not hired, from the time the decision was made not to hire the applicant.

Many screening firms now store reports indefinitely, and if the applicant used an online system, the consent and disclosure can also be retained indefinably.  However, if an employer downloads any data, or used a paper based consent and disclosure, then consider six years as the minimum.  Although technically there is no maximum period under federal law, it is still a best practice to periodically purge old data in order to minimize the amount of Personal and Identifiable Information (PII) that is available in the work environment.  After all, most identity theft occurs in the workplace.

If disposing of any information in a consumer report, it is important to follow regulations set out by the FTC pursuant to FCRA Section 628. Paper or electronic reports must be destroyed, pulverized or erased so it cannot be read or reconstructed. an employer must show due diligence when a shredding firm is hired. See:  www.ftc.gov/bcp/conline/pubs/alerts/disposalalrt.shtm.

For best practices when it comes to privacy in the workplace, see the recommendations from the Privacy Rights Clearinghouse available at: www.privacyrights.org/ar/SDCountyIT.htm

Court Case on Use of Social Networking Sites

As ESR has noted in numerous presentations on the use of social networking sites, such as Facebook or MySpace for employment, this is an evolving area of law that is still waiting for lawsuits to wind their ways through courts resulting in published judicial opinions. Continue reading

Annual Top Ten Trends in the Background Screening Industry

ESR has identified the following trends for 2009 in its second annual report on trends in the screening industry and safe hiring.  The full report is online at:  http://www.esrcheck.com/2009-trends-backgroundscreening-industry.php

  1. Increased Governmental Mandates: The federal and state governments for 2009 are likely to require more background checks, especially in sensitive industries.  In addition, right-to-work verification under the E-verify program will be a hot topic for 2009.
  2. Privacy and Accuracy:  Privacy advocates in 2009 will be focused on resolving instances of noncompliance with the Fair Credit Reporting Act’s requirements for accuracy and dispute investigations.  A leading cause of inaccuracies comes from matching innocent job applicants to criminal records based upon the same, or a similar, name in a database, without re-verification of the record at the courthouse.  A new organization called Concerned CRA’s (www.concernedcras.com) has taken a stance against utilizing such databases without taking proper measures to ensure accuracy of criminal records.
  3. Second Chance for Ex-Offenders: Unless as a society we want to build more prisons than schools or hospitals, something must be done to reduce recidivism and find employment for applicants with criminal records.  The State of New York, for example, to deal with this issue directly, has passed new â second chance” laws that became effective this year. The laws place a greater emphasis on employers analyzing a past criminal record to determine whether there is a business justification to not hire a person, including providing job applicants with notice of these various new rights.
  4. Consumer Protection Litigation:  As the screening industry matures, and applicants and their lawyers become much more informed about their consumer rights, it is likely that there will be an increase in litigation in 2009.  These lawsuits, including class action lawsuits, will be filed against screening firms, particularly when it comes to various notices required under the federal Fair Credit Reporting Act and accuracy requirements for the Background Screening Report results.
  5. Impact of the Recession: As a result of the recession and higher unemployment, it is likely that employers will need to scrutinize applications even more carefully, to be on the watch for fraudulent credentials, such as inflated or fictional employment or education history.
  6. Data Security, Data Breaches, and Off-shoring Data: Since identity theft continues to be a national and international problem, expect even more emphasis in 2009 on data security and protection.  Closely related is the continuing issue of employers and screening firms sending confidential consumer data offshore for processing to places such as India for cost savings.  Once data leaves the United States, it is beyond U.S. privacy protections.  Concerned CRR’s (www.concernedcras.com) has also taken a stance against off-shoring such data without notification to consumers.  The use of home-operator networks also presents an unnecessary risk to privacy as well.  There is no justification for personal information to be spread across kitchen tables and dorm rooms across America.
  7. Accreditation by the NAPBS: The non-profit trade organization for the Screening Industry, the National Association of Professional Background Screeners (www.napbs.com) has announced the introduction of an accreditation program.  NAPBS has gone through an exhaustive process to develop “Best Practices” for the industry, and it is anticipated that firms will start going through the accreditation process this year.
  8. Social Network Sites:  The use of social networking sites as a pre-employment screening device will continue to be a hot topic in 2009, as more recruiters and HR professionals go online to satisfy their curiosity about candidates.  The problem: contrary to popular belief, just because it is online does not mean that it’s a good idea to utilize it without developing policies and procedures.  Online material can be inaccurate, discriminatory, and under certain circumstances, its use can be an invasion of privacy.  Stay tuned as more courts give their opinions on this issue.
  9. Integration of Services:  With the advent of Web 2.0, it is likely that technology will play an even bigger role in the coming year.  Seamless integrations with Applicant Tracking Systems allow paperless background screening systems at the click of a mouse.
  10. International Background Checks: With mobility of workers across international borders, Due Diligence is no longer limited to just what an applicant has done in the United States and there will be stronger demand in 2009 for International Criminal, Education, and past Employment checks.


ESR will place its Third Annual Top Ten Trends in January, 2010.

The Use of Home Operators

Some screening firms use home based operators to perform employment and education verifications.  That of course represents a big financial advantage for the screening firm.   They get cheap labor, and may even classify them as independent contractors in order to get even additional savings by not paying workers’ compensation, benefits or other costs associated with employees.    However, it does very little to help employers.  Below are the top 10 reasons NOT to utilize a background firm that sends your applicants’ personal data to home operators working from kitchen tables and dorm rooms across America.


  1. Privacy: A screening firm would be directly responsible for making private information viewable and printable on people’s home computers.
  2. Professionalism: A screening firm would have difficulty accurately claiming that at-home researchers are “professionals” when they are unsupervised, unregulated and acting as cheap substitutes for what is supposed to be a professional service. Ask yourself how the sound of barking dogs, crying babies and television sets in the background may strike those asked to provide verifications.
  3. FCRA Defensibility: A screening firm would  have difficulty defending the practice of using at-home researchers against a claim under FCRA section 607(b) concerning reasonable procedures for accuracy.
  4. IC Classification: A screening firm cannot classify someone as an Independent Contractor (IC) when they work only for you, when you tell them exactly how to do their job, and when they are providing the same core services provided by your in-house staff.
  5. Training/QC: A screening firm cannot train and discuss production issues in real time. It is also difficult for at-home researchers to learn from each other when everyone is working in isolation. Furthermore, since everyone works alone it is harder to enforce quality rules across the entire organization.
  6. Supervision: Unsupervised at-home researchers are very difficult to supervise. In addition, since they are paid by the completed verification, they may be more tempted to fake orders since there is no one supervising them in real-time.
  7. Reliability: A screening firm would  be dependent entirely on the researcher’s priorities, which may not be your own. They may put a hair appointment ahead of your forty new verifications that have to be called today. You want load balancing to be under your control and not secondary to at-home researcher’s personal schedules.
  8. Hidden Costs: There are hidden costs to managing and maintaining multiple remote researchers as opposed to a central pool of talent. Take, for instance, the time lost to the unreliable performance of at-home researcher’s internet connections, home computers and printers.
  9. Due Diligence: A screening firm and employer could face significant legal exposure if the  at-home researcher’s performance falls below a professional standard of care due to lack of training and supervision.
  10. Disclosure: Would you want to disclose to your applicants that the sensitive, personal data and professional service they’ve entrusted you with was being performed by unsupervised home workers?


ESR does not utilize any home based or offshore operators in order to  provide you with critical employment and education verifications.  All work is done in a professionally supervised call center dedicated to the highest level of customer service, privacy, accuracy and speedy turnaround time.

Employment Screening Expert Lester Rosen interviewed on privacy

Employment screening expert Lester Rosen will be the guest on a leading radio show dedicated to privacy on September 2, 2009.  The show, “Privacy Piracy,” is broadcast Wednesday afternoon from 5-6 PM, line, Pacific Time on 88.9 FM in Irvine and WORLDWIDE live audio streaming at www.kuci.org   See: http://www.kuci.org/privacypiracy/

The show is hosted by Mari Frank, an attorney and privacy consultant, and the creator of The Identity Survival Kit.  Ms. Frank has testified many times on privacy and identity theft issues in the California legislature and in the US Congress. In May 1999, she was summoned to the White House to a press conference to speak on Consumer Privacy, and the speech was broadcast on C-SPAN. In December 2004, and March 2005, Mari’s ninety-minute PBS Television special, “Identity Theft: Protecting Yourself in the Information Age,” aired nationwide and aired again in June 2005. Both of her new books were featured as gifts for viewers who pledged support for local PBS stations.

Mr. Rosen will be discussing background checks and privacy right, including the federal Fair Credit Reporting Act (FCRA) and the impact of identity theft. 

The guest, Lester S. Rosen is an attorney at law and President of Employment Screening Resources (www.ESRcheck.com), a national background screening company located in California and a recognized expert on background checks.
He is the author of, “The Safe Hiring Manual–Complete Guide to Keeping Criminals, Imposters and Terrorists Out of Your Workplace.” (512 pages-Facts on Demand Press), the first comprehensive book on employment screening. He has also authored “The Safe Hiring Audit.” In addition, he has produced a DVD training top showing a negligent hiring mock trial, and has produced an online 20 hour training course in he area of safe hiring and background checks. See: http://www.backgroundchecktraining.com/

He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Courts as an expert witness on issues surrounding safe hiring and due diligence.

He is a former deputy District Attorney and criminal defense attorney and has taught criminal law and procedure at the University of California Hastings College of the Law. His jury trials have included murder, death penalty and federal cases. He graduated UCLA with Phi Beta Kappa honors, and received a J.D. degree from the University of California at Davis, serving on the Law Review. He holds the highest attorney rating of A.V. in the national Martindale-Hubbell listing of American Attorneys.

Mr. Rosen was the chairperson of the steering committee that founded the National Association of Professional Background Screeners (NAPBS) a professional trade organization for the screening industry, which now has over 500 members. He was also elected to the first board of directors and served as the first co-chairman in 2004.  For more information on Employment Screening Resources, see: www.ESRcheck.com