by Nick Fishman

FCRA guru Pam Devata, Labor and Employment Attorney for Seyfarth Shaw, was kind enough to draft an exclusive article for employeescreen University about the new FACT Act regulations aimed at curbing the affects of identity theft. While many of the regulations are aimed at the Big Three Credit Bureaus, Experian, Trans Union and Equifax, there are some compliance issues that will affect employers and other financial institutions. See excerpt from the article below:

Users of Consumer Reports Have New Responsibilities As of November 1, 2008 Under the Federal Trade Commission’s Identity Theft Red Flag Regulations

It is no secret that identity theft has become a problem for consumers in recent years, costing millions of dollars in fraudulent purchases, credit fixes and litigation. As a result, the legislature and many government agencies including the Federal Trade Commission have taken measures to curb this rising trend. Indeed, recent regulations issued by the FTC and mandated by The Fair and Accurate Credit Transactions Act of 2003 (FACTA) have specific directives for users of consumer information that are aimed at uncovering and preventing incidents of identity theft. These new regulations go into effect on November 1, 2008 and require the creation of a number of new policies and procedures for specified entities. Some of the regulations apply to all users of consumer reports, where others are specific to financial institutions and creditors.

The Law
FACTA or the FACT Act as it is sometimes referred to went into effect in December 2003 and amended the federal Fair Credit Reporting Act (FCRA) in a number of ways. As it relates to identity theft prevention, FACTA instituted a procedure to help users of consumer reports combat identity theft by creating a notion of “red flags” when identity theft was suspected. In FACTA, a “Red Flag” is defined as a pattern, practice, or specific activity that indicates the possible existence of identity theft. A “user” of a consumer report includes entities such as employers who obtain consumer reports for the purpose of making employment (hiring, promotion, firing, etc.) decisions, as well as financial institutions, and granters of credit who use the information contained in consumer reports to issue credit cards, loans or mortgages, and other such activities.

FACTA’s identity theft prevention sections require various federal agencies to implement regulations describing exactly what users must do to comply with the law. Two sections of the Act, 15 U.S.C. § 1681m (FACTA section 114), and 15 U.S.C. 1681c (FACTA section 315), refer specifically to the creation of such regulations. FACTA section 114, which addresses procedures users must implement in the case of an address discrepancy between themselves and a consumer reporting agency (CRA), applies to all users. FACTA section 315, which requires the implementation of an Identity Theft program pursuant to the Red Flags rule, is applicable only to financial institutions and creditors, as described below.

Because the law itself does not provide a lot of guidance on exactly what users need to do to be in compliance with the identity theft red flags, employers and other users should be aware of their responsibilities under these new regulations.

Click here to view the full article

by Nick Fishman

This E-Verify update comes us from our good friends at Greenberg Traurig. Evidently, the federal government is getting ready to mandate the use of E-Verify for all federal contractors.  You might recall that E-Verify (formerly known as the “Basic Pilot Program” is designed to allow employers to confirm employment eligibility and right to work status.  See excerpt from their alert below:

Major changes are on the way for federal contractors, who will soon be required to use
the Department of Homeland Security’s (DHS) E-Verify system to electronically verify
the employment eligibility of many of their employees. Although Congress is in the
process of evaluating the integrity and future of the E-Verify Program as it considers
reauthorizing the program, the Administration pushed on with its enforcement agenda.

On Friday, June 6, President Bush issued an executive order that will require all federal
contractors to use the E-Verify employment verification system once they enter into a
contract with an Executive Department or Agency. Also, on June 9, DHS Secretary
Chertoff announced that the Office of Management and Budget (OMB) had completed
review of a rule-making that will amend the Federal Acquisition Regulations (FAR) to
impose the same requirement on all federal contractors. While it is not unusual for
federal contractors to be held to different or higher standards than other U.S.
employers, this is a major development and will have significant effects on federal
contractors. This GT Alert discusses some of the issues raised by the executive order. A
future Alert will discuss the new rule once it is published.

Read the full article here:

GT Alert on E-Verify

by Nick Fishman

This just in from our friends at Seyfarth Shaw: New York Employers Face Penalties if The Fail To Secure Employee Social Security Numbers. This law new law affects New York employers who collect Social Security Numbers on their job applicants and employees; in other words, every New York employer. Employers obviously need this information for a variety of reasons including its importance when conducting background checks. This article references a rather shocking stat: “In a 2006 survey conducted by the Identity Theft Resource Center (ITRC), a not-for-profit organization which provides information and support to identity theft victims, 12% of those surveyed reported that their personal information had been stolen at the workplace.”

We took this off the State of New York’s website:

Confidentiality of Social Security Numbers – General Business Law §399-DD
Places limits on the use and dissemination of Social Security Numbers (SSN) beginning January 1,
2008. The law prohibits the intentional communication of an individual’s SSN to the general public;
restricts businesses’ ability to print a SSN on mailings or on any card or tag required to access
products, services or benefits; prohibits businesses from requiring an individual to transmit his or her
unencrypted SSN over the Internet; and requires businesses possessing SSN to implement safeguards
and limit unnecessary employee access to the data.

According to Seyfarth Shaw, the New York Social Security New York Protection Law (NY Gen. Bus. § 399-dd) prohibits the following:

• Intentionally communicating an employee’s social security number to “the general public or otherwise make [it] available to the general public”;
• Printing an employee’s social security number on any card or tag required to access services or benefits provided by the employer;
• Requiring an employee to transmit his or her social security number over the Internet unless “the connection is secure or the social security account number is encrypted”;
• Requiring an employee to use his or her social security number to access an Internet web site unless “a password or unique personal identification number or other authentication device is also required to access the Internet website”;
• Printing an employee’s social security number on any materials to be mailed unless state or federal law requires that this information be on the document.

Seyfarth offers the following compliance tips:

• Have a written privacy policy (that includes disposal procedures that are consistent with accepted industry practice and satisfy legal requirements);
• Lock up and limit access to employee personal information;
• Conduct background checks on employees who will have access to personal information;
• Limit retention of personal information to only that which is essential;
• Train employees on privacy and document disposal policies;
• Encourage employees to report any possible security breaches;
• Avoid using or disclosing an employee’s social security number for any purpose other than that required by law or legitimate and necessary business purpose; and
• Take proper security precautions when terminating employees who have access to personal information (e.g., changing computer access codes).

Read the full article here . . .

I definitely can’t and won’t argue that this is a bad law. In fact, it’s probably good for both employers to have some direction on how to comply and for consumers to have this protection. However, those performing background checks in New York have had a lot on their plate lately with the increase in the OCA fee.

by Jason Morris

Today I will begin a twenty part series entitled “Employment Screening 101”. Well, we just launched the employeescreen University initiative so the 101 title is only fitting. This series will explore each of the services offered by employment screening companies and dissect the components and the outcome of that particular search. I have been in the employment screening industry for about 15 years; in 1999 we founded Background Information Services, Inc. which last year became employeescreenIQ. I do believe there has been an evolution in the services consumer reporting agencies provide, however the principles have remained the same; we help clients to confidently make intelligent hiring decisions.

The first element of any background check should be the Social Security Number Trace (SSN Trace). The SSN Trace is an incredibly valuable tool if used properly. Typically a SSN Trace is conducted using one of two sources, a trace using one of the three major credit bureaus; Experian, Transunion and Equifax or a database that aggregates from several different sources the aforementioned bureaus.

Using SSN Trace information, we are able to authenticate that the Social Security Number provided by your applicant is associated with an individual of the same name, that the approximate date of issue range of the SSN equates with your applicant’s birth date, and that the address history associated with that SSN corresponds with the areas of the country where your applicant has lived, worked, attended school, or spent other significant time. The SSN Trace is a crucial component of criminal history research as the address history is the roadmap used to select court jurisdictions that should be researched for criminal records. Additionally, the SSN Trace will provide any alias names that have been associated with that SSN; the same courts should be checked under all relevant and/or unique alias names. Any effective, reliable, and FCRA-compliant criminal background check begins with a SSN Trace.

Be sure to check back tomorrow for Part 2, The Countywide Felony and Misdemeanor Search!

by Jason Morris

The American Society for Industrial Security (ASIS) has re-posted their Pre-employment Background Screening Guidelines for public comment through April 16th 2008. I had the honor of working on the original committee that published these guidelines in 2005 and 2006. Currently NAPBS is working with ASIS on these revisions. It appears that comments are not limited to ASIS members are are open to the public. employeescreenIQ staff members will be reviewing these guidelines and commenting on any issues we feel are outdated in regard to Background Screening, FCRA and, or State Law Compliance. It is still unclear whether or not international screening will be included in the updates.

by Jason Morris

By JIM PROVANCE
BLADE COLUMBUS BUREAU CHIEF

More

by Jason Morris

Not sure how to describe this one, but a recent headline in the Cleveland Plain Dealer could pose a nightmare for us all. Summit County Cases Proceeded Without Formal Charges. My wife actually found this one this morning reading our edition of the Plain Dealer, this one hits closer to home because we live in Summit County! When the prosecution virtually ignores the Grand Jury and Prosecutions Nolle Prosequi status and charges the individual anyway, where is the Due Process? How in the world would an employment screening company and, or an employer adjudicate the results of a background check when the case should not have been indicted in the first place? Food for thought, I know the answer but its a good starting point for some good old fashioned commenting to this post!! Comment away!

by Nick Fishman

We’ve just released the latest edition of our Quarterly Newsletter, The Verifier. Please feel free to check it out.

http://theverifier.net/index.php

by Nick Fishman

The on-again off-again drama with the DHS No Match initiative continues according to this legislative update from Seyfarth Shaw.

On Friday, November 23, the Department of Homeland Security (DHS) requested that a federal judge stay the litigation regarding its new Social Security “no match” rule. Rather than proceed with the litigation, DHS plans to revise the rule to address the court’s concerns about the rule’s legality. DHS intends to begin a new rulemaking process in December. More

Will this political game of hot potato ever end?

by Jason Morris

Just found a great informative article about identity theft. Linda Foley is quoted from the Identity Theft Resource Center. I have met Linda several times most recently at the National Association of Professional Background Screeners (NAPBS) Conference. While Linda is not an expert in Pre-employment Screening, she is in expert in identity theft and privacy. Kudos to Linda and all the great work she is doing.

Holiday Forecase: More e-scams

By Richard Burnett | Tribune Newspapers: The Orlando Sentinel November 26, 2007

ORLANDO - Just in time for “Cyber Monday” and the online holiday shopping rush: A new round of bogus e-mail, identity-theft experts say.

Have you won $2 million in a Christmas sweepstakes held by Coca-Cola in the United Kingdom? Can you make big bucks just by cashing checks for an Irish researcher, Chinese exporter or rich oil consultant in Dubai? Is there a problem with your account at Bank of America, JPMorgan Chase, eBay or PayPal?

No. But you might think so if you fall for some of the recent e-mail scams infesting the Internet.

More