In the ESR April, 2009 Newsletter, ESR suggested that employers should consider a yearly due diligence check on the firms that provide due diligence.   An essential element of any due diligence plan is a yearly audit of your current practices.  In the event of a worst case scenario, and an employer hires someone that is unfit, unsafe or unqualified, the best defense is that the employer exercised due diligence in its hiring practices, including the choice of a screening firm.  ESR has developed a checklist that can be used to send to a screening provider every year to document your due diligence and to measure the effectiveness of your current screening program. 

Number 2 on the list:  Is all work performed in the USA to protect privacy and control quality (i.e., nothing sent offshore to India or other places)?  If not, please explain in detail how privacy is protected. (See: http://www.concernedc

This is a critical consideration.  Once private data on Americans go offshore, it is beyond U.S. privacy laws. Even if the offshore facility is owned or operated by a U.S. firm, there is still the potential for identity theft.  Of course, identity theft can occur in the U.S. as well, but at least consumers have recourse and protection. How can a U.S. worker possibly contact the police in India or some other country to ask for an investigation of identity theft?  It is also difficult sometimes to prove how identity theft occurred, so the fact the foreign operation center was opened or operated by a U. S. firm is not of much help to an identity theft victim who may not be able to prove that is where it occurred.

The bottom line:  There is no good reason to offshore personal data for processing except to make more money for the firm that offshores. 

The entire list is located at:

For a Word version, contact Jared Callahan at 415-898-0044 or email him at [email protected]


Comments are closed.