EmployeeScreenIQ Blog

We are intrigued by how quickly and stealthly (word? we’ll add that to the “Nicktionary”) the March 1st deadline for complying with the new Massachusetts Data Security Regulations came and went.  We also think that there isn’t a whole lot of information out there about exactly who this affects and how they can comply; not even from the state’s attorney general.  So we sought the expert advice of Massachusetts attorney Michael S. Kraft to help educate us.  Check out our podcast below which highlights what the regulations entail, who they affect and how companies can get in compliance.  While the regulations are fairly sweeping and apply to more than just human resource practices, we focused on the personal data employers receive from job applicants and their employment applications and background check releases.

Also, Michael offered the following compliance checklist for employers:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

Continue Reading

Massachusetts attorney Michael S. Kraft was kind enough to correct me on the entry I posted last week about the state’s new data security regulations.  According to Mr. Kraft, not only do organizations based in the state of Massachusetts need to draft a policy to protect personal information, but any business that has any employee or consumer customer located in Massachusetts.

I checked out his blog and also found other helpful advice for how employers can comply with these guidelines.

The new Massachusetts data security regulation goes into effect on Monday, March 1. If you have not yet begun to plan for the deadline, then likely either you are unaware of the requirements, or you are feeling overwhelmed by them. And who would blame you in light of the seemingly endless list of tasks:

• Develop a written information security plan (WISP);
• Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
• Implement security policies and procedures and train your employees
• Secure all paper and electronic records; provide encryption
• Obtain written assurances from all vendors that they are compliant
• Regularly monitor and review to insure compliance

You know that it is vitally important, both because it’s legally required and because it’s the right thing to do to protect your customers.  But where to begin? Do you need professional assistance – a lawyer or specialized IT firm to accomplish this task?  That really depends on the size and nature of your business, the data that requires protection and how much time and energy you are willing to devote to the process.  Many businesses are probably capable of accomplishing a lot on their own. For the most part, the regulation is a straightforward recitation of the tasks needed to comply. But is that the best use of your time? Noted author and business consultant Andy Birol would caution business owners to judge very carefully those tasks that they choose to do by themselves and those that are properly delegated.

More

Continue Reading

I’ve recently realized that over the past several years we’ve spent a lot of time discussing and analyzing the latest background screening trends and stories of the day.  We’ve kind of gotten away from the basics and so I thought we could dedicate some time to freshening up some of the old issues in a way that applies to today’s human resource environment.

We just published an article entitled “Applicant Release Form (Consumer Authorization): Back to Basics Series” on EmployeeScreen University and encourage you to read it.  See excerpt below.

It might seem like a no-brainer these days that employers are mandated by the Fair Credit Reporting Act (FCRA) to obtain an applicant’s written consent to conduct an employment background check.  And by and large we find that most employers are aware of this.  But have you taken a look at your release lately and wondered if the form that was created for you 10 years ago is still working for your organization?

Defining the Scope

The applicant release is designed to notify your candidate that you and, or your background screening provider will be performing a background check to determine if they are eligible for hire.  The release should include the scope of the search.  Most companies opt for a more generic scope, while others will specifically detail exactly what will be searched.  An example of a generic scope would be the following:

You may be the subject of a “consumer report” and/or an “investigative consumer report” which may include information about your character, general reputation, personal characteristics, driving record, and/or mode of living, and which can involve personal interviews with sources such as your current and past employers, friends, or associates.

Now, upon consent you as the employer may not choose to exercise your right to request all of the information detailed above, but the fact that you have included it allows you to do so if you deem it appropriate or germane to the candidate.

Other companies choose to include specific language about what will be checked which is fine, however unless they modify the language, the scope of their search should never include other information.

What if I want to Re-Screen the Candidate or Conduct Another Check Throughout Their Employment?

If you want to avail yourself of this option, and most companies do, you must include it in the applicant release.  Otherwise, you’ll have to get a new consent form each time you want to run a background check.  This can be pretty awkward with existing employees, particularly if you want to conduct the check because you have reason to believe there might be some adverse information out there.  An example of language that allows for this is below.  Once you have the authorization signed, just rinse, lather and repeat.

These reports may be obtained at any time after receipt of your authorization and, if you are hired, throughout your employment.

Notifying Applicants of Their Rights

Of course protecting ourselves by protecting our applicants is in everyone’s best interest.  A good release will ask the candidate to acknowledge that they have received a notice that a background check will be conducted (aka the release you are asking them to sign).  And if you plan to utilize employment and, or education verifications and, or reference interviews (these services are part of what is referred to as an “Investigative Consumer Report”), you should also provide them with a copy of a document called “A Summary of Your Rights Under the FCRA” and have them acknowledge receipt as part of your release.  Even if you do not choose to conduct an Investigative Consumer Report, it might make sense to include the language and give them the notice, just in case your policies ever change.  Again, this will save you from having to obtain a new release if you choose to utilize these services at a later date and time.

Read More

Continue Reading

Greetings from the exhibit floor of the 61st Annual SHRM Conference in NOLA.  Believe it or not, this place is rocking.  Attendance is down a bit, but you wouldn’t notice it judging from the crowds at the general sessions and in the exhibit hall.

We chose to release our Annual Top 10 Background Screening Trends list at the conference list year.  Check it out!

Hiring Controversies, Social Networking and Falsified Resumes Top EmployeeScreenIQ’s Annual List of Background Screening Trends

Global employment screening company shares 10 insights about hot topics that hiring professionals need to watch during 2010

EmployeeScreenIQ, a global leader in employment screening, has announced its 2010 list of 10 background screening trends.

Since 2007, the company has developed an annual list to be unveiled at the Society for Human Resource Management (SHRM) Annual Conference and Exposition. This year’s trends were announced at SHRM’s New Orleans conference and are designed to equip hiring professionals with advance information on crucial screening topics before they become everyday news.

EmployeeScreenIQ’s top background screening trends for 2010 include:

1. Greater hiring controversies due to social networking. Social networking has exploded in popularity and changed America’s culture. A recent CareerBuilder study found one in five employers used social networks such as Twitter and Facebook to influence hiring decisions. However, many sites have no verification process and several can be edited by anyone with access to the Internet. Sites such as YouTube and MySpace have few content requirements, and nearly all sites allow users to make up a profile in someone else’s name. At risk are FCRA (Fair Credit Reporting Act) regulations and EEOC (Equal Employment Opportunity Commission) guidelines.

2. Contractor and PEO background checks rise in importance as temporary labor gains widespread use. As the economy regains its footing, employers will turn to temporary labor such as onsite vendors, contract employees and PEO workers. When a contractor is on-site at an employer’s business, which party is responsible for screening the contractor’s workforce? And how can all those involved be sure the contractor has chosen a screening provider who employs best practices? Addressing these issues before signing a contract will be critical for employers in 2010, and their diligence will be tested. A primer for employers is available at: http://university.employeescreen.com/articles/Contractor_Performed_Check

3. Increased hiring in 2010. Integrating a background screening program with applicant tracking systems (ATS) will enable companies to save time and money in the onboarding process. This will help speed the inevitable hiring upswing in 2010, as companies realize that the recent mass layoffs cut too deeply into their workforce. Key employees will be rehired and job vacancies will need to be filled.

4. Fewer employers will respond to requests for resume verifications. Mass layoffs have left HR departments short-staffed and spread thin in managing responsibilities. As a result, employers are either slow or unable to assist with background checks and verifications. The reality is that former employers don’t make money providing verifications, and many are outsourcing the verification process to a third party provider. However, such companies simply provide payroll data that their client – the candidate’s former employer – uploaded to their system, and information is lost about the candidate’s performance, attitude, skills and experience. http://university.employeescreen.com/articles/Employment_Verifications_Layoffs

More

Continue Reading

Need to draft a company policy on background checks?  How about some legal advice on the use of Social Networking Sites?  Or maybe you want some advice for how to navigate the labor law mine field that now exists with COBRA, E-Verify and Ledbetter Fair Pay Act.

Molly DiBianca from the Delaware Employment Law Blog recently put together a list of the Top 100 Employment Law Blogs.  This is a great resource for those with questions about employment law.  Check out some of our favorites below.

1. Delaware Employment Law Blog
2. Ohio Employer’s Law Blog
3. Connecticut Employment Law Blog
4. HR Legal News

Check out the remainder of Molly’s list.

Continue Reading

We wanted to remind all employers in the state of New York that as of February 5, 2009 you must comply with the New York State Correction Law Article 23-A, Section 753“Licensure and Employment of Persons Previously Convicted of One or More Criminal Offenses”.

Generally, this law requires employers to post a copy of Article 23-A in place of business in a conspicuous area. They must present a copy of this document to the subject of a background check when consent to conduct a background check is requested. Furthermore, the document must be given to the subject of a background check once again in the event that a criminal conviction is revealed on the background check.

Click here for more information on this new law

Click here to view Article 23-A

Continue Reading

Yesterday, the FTC announced a 6 month delay in enforcing their “Red Flags” Identity Theft Guidelines.  In reading through the release, it was unclear as to how this would affect employers.  Well, we’ve been in touch with the FTC and we now know that this delay only pertains to Financial Institutions and Creditors.  Employers still must be in compliance with the these guidelines as they relate to developing and implementing a policy to handle “Red Flag” Address Discrepancy Notifications from National Consumer Reporting Agencies (primarily credit bureaus) when conducting background checks.

For more information about these guidelines, please refer to the articles listed below.

Users of Consumer Reports Have New Responsibilities as of November 1, 2008

employeescreenIQ Offers Free Webinar on New FTC Identity Theft Guidelines

FTC Enforcement Policy: Identity Theft Red Flags Rule

Continue Reading

The FTC has just announced that they were delaying enforcement of their “Red Flag” rules on Identity Theft until May 1, 2009.  However, it is important to note that these rules are different from the Address Discrepancy Rules we recently conducted a Webinar on with Seyfarth Shaw attorney, Pam Devata.

I just spoke with Pam and it is still her position that employers who are using credit reports should still comply with the November 1, 2008 deadline for having a written policy in place.

We’ll keep you posted as we learn more.

Continue Reading

The new FTC Identity Theft “Red Flags” guidelines take affect on November 1, 2008.  Are you aware of your obligations under these new provisions?  If your organization conducts background checks, these regulations affect you.  All users of consumer reports must implement procedures to deal with any notices of address discrepancies they receive from a nationwide consumer reporting agency (mainly credit bureaus such as Experian, Equifax and TransUnion). These policies and procedures must be designed to help the user confirm that the consumer report and the consumer match.

If you weren’t aware of these guidelines or how to comply, you’ve come to the right place.  We just produced a free webinar with Seyfarth Shaw labor and employment attorney, Pam Devata.

The webinar can be downloaded by clicking here.  Simply fill out the information requested and you’re good to go.

Continue Reading

FCRA guru Pam Devata, Labor and Employment Attorney for Seyfarth Shaw, was kind enough to draft an exclusive article for employeescreen University about the new FACT Act regulations aimed at curbing the affects of identity theft. While many of the regulations are aimed at the Big Three Credit Bureaus, Experian, Trans Union and Equifax, there are some compliance issues that will affect employers and other financial institutions. See excerpt from the article below:

Users of Consumer Reports Have New Responsibilities As of November 1, 2008 Under the Federal Trade Commission’s Identity Theft Red Flag Regulations

It is no secret that identity theft has become a problem for consumers in recent years, costing millions of dollars in fraudulent purchases, credit fixes and litigation. As a result, the legislature and many government agencies including the Federal Trade Commission have taken measures to curb this rising trend. Indeed, recent regulations issued by the FTC and mandated by The Fair and Accurate Credit Transactions Act of 2003 (FACTA) have specific directives for users of consumer information that are aimed at uncovering and preventing incidents of identity theft. These new regulations go into effect on November 1, 2008 and require the creation of a number of new policies and procedures for specified entities. Some of the regulations apply to all users of consumer reports, where others are specific to financial institutions and creditors.

The Law
FACTA or the FACT Act as it is sometimes referred to went into effect in December 2003 and amended the federal Fair Credit Reporting Act (FCRA) in a number of ways. As it relates to identity theft prevention, FACTA instituted a procedure to help users of consumer reports combat identity theft by creating a notion of “red flags” when identity theft was suspected. In FACTA, a “Red Flag” is defined as a pattern, practice, or specific activity that indicates the possible existence of identity theft. A “user” of a consumer report includes entities such as employers who obtain consumer reports for the purpose of making employment (hiring, promotion, firing, etc.) decisions, as well as financial institutions, and granters of credit who use the information contained in consumer reports to issue credit cards, loans or mortgages, and other such activities.

FACTA’s identity theft prevention sections require various federal agencies to implement regulations describing exactly what users must do to comply with the law. Two sections of the Act, 15 U.S.C. § 1681m (FACTA section 114), and 15 U.S.C. 1681c (FACTA section 315), refer specifically to the creation of such regulations. FACTA section 114, which addresses procedures users must implement in the case of an address discrepancy between themselves and a consumer reporting agency (CRA), applies to all users. FACTA section 315, which requires the implementation of an Identity Theft program pursuant to the Red Flags rule, is applicable only to financial institutions and creditors, as described below.

Because the law itself does not provide a lot of guidance on exactly what users need to do to be in compliance with the identity theft red flags, employers and other users should be aware of their responsibilities under these new regulations.

Click here to view the full article

Continue Reading