Safe Harbor Struck Down – What’s the impact to U.S. Background Check Providers?

October 20, 2015 Leave a comment

storm-370x290Terry Corley discusses the implications of complying with the EU Data Protection Directives post Safe Harbor.

The dramatic decision on October 6, 2015 by the Court of Justice of the European Union (CJEU) striking down the Safe Harbor Agreement between the U.S. and European Union following the ruling in the case of Maximilian Schrems v. Irish Data Protection Commissioner (C-362.14) has created a monumental seismic event for many U.S. multinational organizations to say the least.

Privacy experts across many sectors continue to reel from the announcement and are still evaluating its full implications to U.S. businesses that regularly collect, process, and transfer personal data across the Atlantic. For those that handle sensitive personal information such as contained within employment related background checks as well as human resource data the challenges are even greater. Instead of the simplified self-certification program as provided within the Safe Harbor option companies that regularly handle sensitive personal information will now have to individually register and or gain approval from each European data protection authority it plans to transfer data from.

To further complicate the matter Article 29 Working Party (WP29)[1] released, on October 16, a statement following the ruling that coordinated enforcement actions by EU data protection authorities (DPAs) against companies failing to implement appropriate data transfer protocols will start at the end of January 2016, just over three months away.

All data transfers under the now invalidated Safe Harbor framework that take place after the ECJ’s ruling are now considered illegal. Put simply, there is no grace period for transition to another data transfer mechanism. All personal data transfers from the EU to the US, from October 6, 2015 forward, must have a separate legal basis. Other data transfer mechanisms are still in play such as Binding Corporate Rules (BCRs) and Standard Contractual Clauses as alternate data transfer mechanisms, but even these are still subject to European data protection authorities’ investigative and enforcement powers.

Background screeners are highly encouraged to undertake an organizational/business wide privacy impact assessment. Penalties for non-compliance and or violations as an example can range from monetary fines ranging from several thousand dollars to up to 2% of gross revenues not to mention criminal sanctions. Time is not on your side.

Terry Corley helps organizations navigate global employee screening, privacy and data protection, employment, and regulatory compliance and is the Managing Principal of Aletheia Consulting Group.

[1] The Working Party was set up by the European Parliament and Council as an independent advisor on issues concerning the protection of individuals in the processing of their personal data and on the free movement of such data.

Categories: Uncategorized

Brazil – Snapshot of Good Practice Guidance in Employee Screening

September 17, 2015 Leave a comment

brazil

Brazilian law places non-statutory limitations on an employer’s ability to seek background checks for employment purposes, including criminal record checks, consumer credit checks, or driving record checks. Denial of employment based on information solely contained in a background check, however, is warranted only if that information suggests a candidate’s working capacity, safety, or reliability would be materially impaired. A 2004 ruling by the 2nd Regional Labor Court determined that no worker may be fired solely based on the fact that they have an open file in a Credit Protection Service. Otherwise, an employer could face liability for discrimination. A candidate must expressly consent to undergo a background check. For example, an offer letter stating that employment is contingent upon the successful completion of a background check, signed by an applicant, and could indicate their consent. An applicant who refuses to consent to a medical examination however may lawfully be denied employment. The individual right of intimacy guaranteed by the Brazilian Constitution obligates employers to safeguard the confidentiality of all records relating to background checks.

Governing Legislation

  • Federal Constitution of 1988
  • Brazilian Consolidated Labor Laws (CLT), enacted in 1943
  • Federal Law No. 8.078, Article 43, September 11, 1990 (Consumer Protection Law)
  • Law 12.846, Anti-Corruption Law

For more information about Good Practice Guidance in designing a country background screening policy that complies with local legal and cultural norms for Brazil please feel free to contact Aletheia Consulting Group and ask about our Country Essential Guides.

Categories: Uncategorized

We’re not in Kansas anymore.

September 15, 2015 Leave a comment

NotKansas_4978Once an organization recruits from outside the U.S. a close understanding of a country’s local legal and cultural environment is needed before undertaking any sort of background check. The fact is, the concept of background screening candidates outside the U.S. is still very much a new business concept and the legal and cultural landscape varies from one country to another. What is legal in one country doesn’t necessarily mean that it’s legally permissible or even culturally acceptable in another.

There are very few specific laws governing background screening around the globe today, however various pieces of legislation cover parts of the background check process. These areas include privacy, employment, consumer reporting, human rights, legal access to and use of criminal records, financial data, and rehabilitation of ex-offenders, sex, family discrimination, and disabilities to name a few.

Country Level Background Screening Essentials provide the information today’s global HR and compliance professionals need when implementing global background screening programs.

Categories: Uncategorized

Workplace Medical Examinations & Drug Testing in Mexico

September 4, 2015 Leave a comment

Flag_of_Mexico_(reverse)The following excerpt from our Mexico Country Essential Guide provides an overview of the legal landscape related to workplace medical examinations and Drug Testing.

Under Mexican law, employers may condition employment upon the satisfactory completion of medical examination. However, such request must precede any offer of employment. A pre-employment medical exam requires the consent of the applicant and must be conducted by the employer’s authorized physician (when made in house) or by an authorized laboratory or physician (if outsourced). Any proof of consent must contain specific language indicating that the candidate agrees to submit to medical testing. The purposes of collecting such sensitive personal data and a candidate’s authorization for having such data transferred to the employer must be included in the privacy notice. A candidate’s refusal to consent to medical examination provides grounds to deny employment, if such conditioning is justified by the job characteristics and responsibilities.

The results of employee medical examinations must be treated as strictly confidential by any of the parties that are part of the information processing and according to the privacy notice. Such information must be kept and retained by the laboratory or authorized physician for a period of at least five years; regarding the employer, the information must be discarded when it is no longer necessary.

Drug Testing

Employment offers may be made contingent upon negative drug test results. As with medical examinations, any request for a drug screen must be made prior to extending an offer of plant. An employer may elect not to hire a candidate if he or she refuses to consent to a drug test. Records of employee drug screens are highly confidential and must be processed according to the terms and conditions of the corresponding privacy notice, and discarded by the employer as soon as they are no longer necessary.

Aletheia Consulting Group provides expert cost-effective global advisory solutions for multinational organization human resource, compliance, privacy, and security risk management resource needs. Our primary focus is on companies that have overseas operations that seek to navigate the sometimes challenging sea of international risk management involving the people, processes, technology and organization. If you’d like to learn more about our Services for Multinational Employers please feel free to contact us at Terry.Corley@me.com.

Categories: Uncategorized

A Slippery Slope – Global Background Screening and Data Privacy


Slippery-Slope

A colleague in Europe recently asked why some U.S., in-country local, regional, and even global employee screening firms purport to offer or present services for some products like criminal and credit reports that are either illegal to access or not permissible for employment purposes in a number of countries?

The answer, unfortunately can be rather complex and sometimes conflicting with what may be permissible in the U.S. as compared to a given geography. The challenge is that there are very few specific laws governing background screening in many countries around the globe today. Legal opinions vary depending on how familiar counsel may be on the topic and their interpretation of current legislation within local and international employment and privacy contexts. It may be further complicated by whether an applicant or employee is an expatriate (i.e. is a person temporarily or permanently residing in a country other than that of their citizenship.). There are however various pieces of legislation as it relates to the background check process. These areas may include, but are not limited to personal privacy, human rights, employment legislation, regulations governing access to criminal and credit data, consumer reporting, and rehabilitation of ex-offenders, sex, family, religion, discrimination, and disabilities to name just a few.

The reality is that the business practice and the industry at the global level as compared to the US and UK market is still very much at an emerging stage. Even with advances in high-technology that occur at lightning fast speed laws and regulations governing technology and background screening develop at what seems like a snail’s pace. This is highlighted by the on-going legal issues related to social media sites like Facebook, Google, and the online taxi service Uber and Lyft. These advances quickly outdated many slowly developing legal doctrines around the globe.

Companies operating in the Global Background Screening space today often struggle to strike a balance between finding a source of information that’s cost effective for a client’s request versus performing adequate due diligence of local environments before offering service. To further compound the situation, employers and buyers of these services are seeking to streamline global recruitment and procurement processes and save money by automating and centralizing the human resource function, while at the same time looking to the background screening provider for best practice advice as it relates to local background screening practices.

The first step to working through any of these issues is to understand the questions that must be asked whether as a screening provider or a multinational or global employer and then to develop a method of examining the issues we’ve discussed to find solutions that are practical for each particular organization. There is no “right” answer or “no magic bullet” to global background screening and data privacy / security compliance. Each organization must find a solution that works within its culture, technology, and business and then based on the resources as well as the level of risk the organization is willing to accept.

As providers of global background screening services we have a duty and an obligation that if we are to offer such services for any number of geographies that we undertake the necessary due diligence in finding out the right answers to all of these questions versus telling a client what we think they want to hear. Be certain that screening providers demonstrate much more than just a passing knowledge of local legal and cultural environments related to background screening.

Copyright © 2015 Aletheia Consulting Group

Aletheia Consulting Group provides expert cost effective global advisory solutions for multinational organization human resource, compliance, privacy, and security risk management resource needs. Our primary focus is on companies that have overseas operations that seek to navigate the sometimes challenging sea of international risk management involving the people, processes, technology and organization. If you’d like to learn more about our Services for Multinational Employers please feel free to contact us at Terry.Corley@me.com.

Categories: Uncategorized

Drug Screening across Europe


EUDrug and alcohol abuse is a global problem, so it’s natural for U.S. and global companies expanding their workforce program internationally to include screening as part of their hiring process. However, those looking to implement drug and alcohol screening in Europe need to be very mindful of local laws and customs. What is possible in the U.S. may run afoul of privacy laws in Europe, where the rights and protections for employees (and potential employees) are more guarded.

In Europe, local laws vary widely a great deal. It’s really only in Finland (2003), Ireland (2005) and Norway (2005) that clear legislation exists regarding drug testing in the workplace. Elsewhere, much of the legal framework, where it exists at all comes from interpretations of a combination of various national laws, including those on Labor Codes, privacy, data protection, and health and safety at work.

All members of the European Union do abide by The European Convention of Human Rights as well as EU directives on data protection and health and safety at work. Therefore, there is some degree of harmonization on basic principles. There is often a clearly qualified level of risk/response, though qualified in various different ways: many countries state that testing can take place when there is a health, safety, or security risk, or when it is “necessary,” “proportionate,” “justified,” or “reasonable,” or when there is suspicion of drug abuse. In Europe, the emphasis is generally placed on health aspects, rather than the possible illegality of drug use: in many countries, occupational doctors can only inform the employer whether an employee is “fit for work,” rather than revealing the full results of the test.

Obtaining the consent of employees to be screened via their employment contract is useful in some countries like the U.K. However, Belgium and Finland believe that fundamental rights such as the right to privacy are indivisible and therefore an individual cannot consent to waive such rights.

Countries also vary considerably in their emphasis on testing before or during employment. Pre-employment testing for screening purposes is actually illegal in the Netherlands; however testing is permitted for job applicants in some countries in certain situations.

At the end of the day, close consultation with local counsel as well as background screening experts familiar with the local environment is highly recommended as organizations look to incorporate drug screening into their global background screening programs.

Copyright © 2015 Aletheia Consulting Group

Aletheia Consulting Group provides expert cost-effective global advisory solutions for multinational organization human resource, compliance, privacy, and security risk management resource needs. Our primary focus is on companies that have overseas operations that seek to navigate the sometimes challenging sea of international risk management involving the people, processes, technology and organization. If you’d like to learn more about our Services for Multinational Employers please feel free to contact us at Terry.Corley@me.com.

Categories: Uncategorized

Fraudulent Matric Certificates on the rise in South Africa


CVBackground screening company, EMPS says that the highest cases of fraudulent CV’s is related to matric certificates, followed by trade certificates.

It said that 2015 is proving to be a record year for credentials cheats, with criminal record checks for prospective employees now topping 12%.

The announcement by rail agency Prasa that it had suspended chief engineer Daniel Mtimkulu over what it said was the fact that “he lacked the necessary qualifications” and that he would be subjected to a disciplinary hearing once again showed how widespread the problem of degree fraud was in South Africa, it said.

Claiming a Ph.D. degree from a German university that proved to be false as well as a claim that he had started his studies at Wits at the age of 17 which also turned out to be untrue, Mtimkulu’s fall from grace showed just how important it was for employers to do a thorough qualifications check before they employed staff.

Kirsten Halcrow, MD at EMPS, said 7.62% of all qualifications verified by her company so far this year turned out to be “problematic”.

This compared with a 6.8% average for last year.

In a statement, Prasa confirmed that a full-blown investigation was underway to check Mtimkulu’s qualifications. Mtimkulu has since been suspended.

Last week, Netwerk24 reported that Mtimkulu was not officially registered with the profession’s statutory body.

In 2006, the Engineering Council of South Africa (Ecsa) rejected Daniel Mtimkulu’s application to register with it, according to the report.

Prasa has faced questions over the purchase of new diesel locomotives from Spain, and over a R51 billion tender for the purchase of 600 trains for its fleet renewal programme.

The agency had reportedly ignored warnings from engineers that the 13 Afro 4000 locomotives, imported from Spain for R600 million, were too high for local railways and could damage overhead cables.

EMPS said it uncovered the highest level of international qualification fraud ever last year.

“By far the most fraud was committed with matric certificates while trade certificates came in second with fraud levels rising from 5% the previous year to close on 7% this year.”

Halcrow said 7.6% of tertiary qualifications submitted to her company for verification in the first half of 2015 were unverifiable.

She said so-called degree mills continued to pose a problem as many employers took their fake certificates at face value.

A degree mill is an unaccredited higher education institution that offers illegitimate academic degrees and diplomas for a fee.

“Technically they have made great strides in producing degrees and diplomas that look almost exactly like the real thing,” she said.

Halcrow said that a person with a fake qualification can ruin a company. “Apart from being unable to do the job they were hired for, they could also do severe damage to the reputation of a company.”

EMPS pointed to other recent notable instances of degree fraud including former SABC chairwoman Ellen Tshabalala, who was discovered to have lied about having a BCom from Unisa.

The Former ambassador to Japan, Mohau Pheko was also found to have lied about her PhD, EMPS said.

Source: BusinessTech: http://businesstech.co.za/

Categories: Uncategorized
%d bloggers like this: