|
| |
   |
| Privacy |
|
Privacy issues
have always been a fundamental concern for those dealing with
sensitive information. Those issues are increasing in both
public visibility and impact on employment screening practices.
One issue employers must consider is that of confidentiality.
Whether using a CRA or not, the pre employment screening process
inherently allows the employer (and its employees) access
to personal information of a confidential nature. As such,
the employer’s process must contemplate the proper management
of that information and under what circumstances its employees
(i.e., applicant screeners and interviewers) may access and
use that information. Employers need to establish policies
for record storage and security. Data security and access
control are key responsibilities of employers that perform
background screens when such screens involve the use of personal
information of a confidential nature. (See also Section 13.5,
FCRA Document Destruction Rules above.)
Increasing concerns about identity theft and identity fraud
are causing state and federal legislators to pass more laws
that regulate what personally identifiable information is
available, and impose new security requirements on what
holders of that information, including those who collect
or use background screening reports, must do to safeguard
such information against unauthorized access. Some of those
laws include:
|
| |
| Driver’s
Privacy Protection Act (18 U.S.C. §2721 et seq.) |
| Establishes that a driver’s license information
needs to be protected against unauthorized disclosure, and establishes
permissible purposes for authorized disclosure. |
| |
| Financial
Modernization Act of 1999, also known as the Gramm-Leach Bliley
(GLB) Act |
| Protects customers’ non-public personal
financial information held by financial institutions. The
GLB Act gives authority to eight federal agencies and the
states to administer and enforce the Financial Privacy Rule
and the Safeguards Rule. The Safeguards Rule requires all
financial institutions to design, implement and maintain safeguards
to protect customer information. The Safeguards Rule applies
not only to financial institutions that collect information
from their own customers, but also to financial institutions
– such as credit reporting agencies – that receive
customer information from other financial institutions. |
| |
| Health
Insurance Portability and Accountability Act (HIPAA) |
| If the employer is a Covered Entity or Business
Associate, as defined in HIPAA, it establishes that particular
identifiable health information is “protected health
information” and may not be used without permission.
|
| |
| International
Privacy and Data Transfer Laws |
| International privacy and data transfer laws
also impact the definition, availability, and transfer of
personal information used in screening. The U.S. Department
of Commerce tracks international privacy laws, and for those
companies involved in the transfer of private information
from the European Union (EU), can assist them in getting certified
as a safe harbor in compliance with EU data protection laws |
| |
| Canadian
Privacy Act |
| The federal Privacy Act, in place since 1983,
protects the personal information collected by government
institutions. Essentially, the Privacy Act is a code of ethics
for the government's handling of our personal information.
The Privacy Act ensures that Canadians can access information
collected about them, and can challenge the accuracy of the
information. Under its provisions, such information should
be:
- Collected by government institutions in relation to operating
programs or activities
- Collected from the individual personally
- Accurate and up to date
- Subject to correction by the individual
- Used only for the purpose for which it was originally
collected
The Privacy Act is overseen by the Privacy Commissioner
of Canada, which has the authority to investigate complaints.
|
|
