Trap for the Unwary: Choosing a Screening Firm (Data and Privacy Protection)

Despite significant attention in the U.S. on data and privacy protection, there is a major hole that most American consumers are not aware of: that a great deal of Personal and Identifiable Information (PII) is sent offshore for processing where there is no real protection. As a practical matter, once data on a U.S. resident is sent abroad, it is beyond the protection of U.S. privacy laws, and there is very little, if any, protection for the consumer.

A couple of years ago, there was a news story about a California hospital that outsourced its medical transcribing, and the work ended up in Pakistan. A medical transcriber in Pakistan got into a dispute with her employer about wages and threatened to publish the medical records of thousands of Americans on the Internet. Needless to say, the hospital suffered through a great deal of negative publicity and the privacy and confidentially of medical records for numerous Americans was endangered because their personal information was sent offshore, beyond the reach of U.S. privacy laws. Of course, even after the matter was settled with appropriate payments, no one knows for sure what information the offshore worker may have decided to keep or for what reason.

Some background firms, in order to make more money, send information offshore for data processing, or use foreign operators to contact past employers or schools in the U.S. The offshore agent is completely beyond U.S. privacy rules and there is little control over what they do with the information. As the California hospital found out, sending private data abroad for processing is risky business. Recent news articles have revealed that call center workers in foreign countries are actively engaged in the theft of consumer information from call centers in order to commit identity theft. When data is stolen, a U.S. resident has no practical means of contacting a foreign police department or obtaining the services of a foreign attorney to file a lawsuit.

In order to protect consumers and employers, ESR has a very simple policy—information is not sent offshore for processing. Although it is substantially cheaper to utilize offshore workers, that is inconsistent with a basic duty to protect confidential data. When there is an international verification of employment or education and the information being obtained is outside of the U.S., ESR still does not send out personal information unless it is impossible to obtain information otherwise. Even then, strict controls are maintained.

The bottom-line: protection of PII is mission critical for any screening firm. Routinely sending PII offshore creates a substantial and entirely unnecessary risk with no justification other than a desire to make more money. By using ESR, employers can rest assured that their applicants’ data is safe. Any employer that is concerned about the privacy of their applicants’ personal information should ask their background firm if data is being sent outside of the U.S. for processing, and if so, what information is being sent, what country is involved and what protections are in place.