Accredibase
Checking Facts Building Trust

Verifile

About Us...



Memberships and Registrations



Data sources



Who we are



Quality Policy



Link to us



News



International Newsletters



Follow us on Twitter

Find us on LinkedIn

Investors In People

ISO Accrediation



Verifile Newsletter #33

27 Feb 2019

 

Verifile
newsletter

February 2019 / Issue #33

+44 (0) 1234 339 350 / www.verifile.co.uk / service@verifile.co.uk


Hello

Welcome to our February 2019 newsletter designed to help you stay up to date.

 

Verifile News

  • Our CEO recently shared his thoughts on accreditations, quality data, client experience and, of course, what we’re about as a firm with Risk Xtra magazine. Read all about it here
  • Verifile is growing! Whilst our existing office has served us well, to cope with increasing demand and expediential growth, Verifile has expanded to the building next door. Our referencing and processing teams have moved to this new building. We now have extra space to house all our new recruits.
  • In our latest product update, our candidate portal now has up to a 40% improvement in loading times and form dynamics, helping improve candidate experience.

UK Criminal Checks
Important Process Change – Disclosure Scotland

Recent changes implemented by Disclosure Scotland could result in substantially increased turnaround times for any businesses that order their criminal record checks incorrectly.

As recently as 2017, applicants anywhere in the country could apply for a Basic criminal record check via Disclosure Scotland. This ended once the Disclosure and Barring Service (DBS) began offering a Basic check which was to be used for all checks in England, Wales, the Channel Islands and the Isle of Man. Most companies adjusted their processes accordingly at the time. However, some confusion evidently still remains - which Disclosure Scotland are now trying to combat.

Therefore, to push employers to order the correct check, Disclosure Scotland will now request further documentation if the home address of an individual being checked is not in Scotland.

Please be aware that we will have to ask you to provide this documentation if we are asked to do so by Disclosure Scotland. This will likely increase turnaround times and add to your administrative burden so we strongly advise that you order the correct check.

Clearing up the confusion

As many employers will know, ordering the right criminal check can be a confusing undertaking – so we thought we’d take the opportunity to clear this all up.

There are three different levels of criminal records disclosure certificates in the UK – Basic, Standard and Enhanced.

The Basic check is generally available for any purpose and will reveal whether an individual holds any unspent convictions. Cautions and certain convictions become ‘spent’ after a specified period of time known as the rehabilitation period; the length of which is determined by several factors outlined in the Rehabilitation of Offenders Act 1974. Spent convictions will not be revealed on a Basic level check.

The Act contains a list of professions and activities within which individuals are eligible for a Standard check. These include people working with children or vulnerable adults as well as legal, financial and medical professionals. Unlike the Basic check, spent convictions will be revealed on a Standard check.

An Enhanced check goes further still, revealing any relevant information held by local police authorities on the individual in question. Employers also have the option of adding a barred list check here, if legally permitted; checking whether an individual appears on any list barring them from working with children or vulnerable adults. Eligibility for an Enhanced check depends on a role or activity being included in both the Rehabilitation of Offenders Act and the various Police Act 1997 (Criminal Records) regulations.

In Scotland, a further Protection of Vulnerable Groups check is mandatory for anyone working with children or protected adults. 

These checks are overseen by three different government agencies. DBS is responsible for England and Wales; Disclosure Scotland is responsible for Scotland; while Access NI is responsible for Northern Ireland.

It’s important that any checks are ordered from the correct agency. When checks are requested for personal reasons (i.e. in support of anything unrelated to employment or volunteering), a person’s place of residence will determine which agency they should apply to. However, for checks ordered for employment purposes, the place of work is the location that determines the correct agency.

If an individual works in two UK jurisdictions, then the jurisdiction where they spend most time should be used to determine the check.

Choosing the correct agency and level of check is essential. The legislation is different across the three jurisdictions so ordering the check from the correct agency is necessary to ensure the right information is provided.

If you order the wrong check - and the Rehabilitation of Offenders Act that applies in that jurisdiction does not apply to the position applied for – you could receive more information than you are legally entitled to. If that extra information results in someone being refused employment, the implications could extend as far as criminal proceedings being brought against you.

An alternative scenario here is that ordering the wrong check could result in you not receiving as much information as you are entitled to; something which could also have damaging implications for the integrity of your screening process.

For individuals working or volunteering in the United Kingdom, the checks process is conducted as follows:

Working or volunteering in:

Should have:

The process is:

England and Wales

Criminal record checks via the Disclosure and Barring Service (DBS)

Online, using Verifile’s portal.

Scotland

Criminal record checks via Disclosure Scotland

Online, using Verifile’s portal, for Basic disclosure. Paper forms for all other checks.

Northern Ireland

Criminal record checks via AccessNI

Online, using AccessNI’s portal.

Guernsey

 

Please contact us for further information.

Jersey

Isle of Man

Remembering that the choice of agency is determined by either the employer’s location or an individual’s place of residency, the process can become more complicated when a check is required (a) for someone working or volunteering outside the UK; or (b) for personal purposes by someone living outside the UK.

In such instances, applications can be made via any of the three national agencies, as above. However, our recommendation is to make such applications via Disclosure Scotland as this provides the most conviction information and is the simplest process to navigate.

Checks in Northern Ireland via AccessNI

For Enhanced checks and when a role includes regulated activity with children, AccessNI routinely requests information on foreign nationals from a number of EU Member States. Offered free of charge, this is part of their service to provide a more comprehensive picture of an individual’s criminal background; something that can prove useful when dealing with individuals who have so far spent little time within the UK.

As of December 3rd last year, AccessNI added Bulgaria, Hungary and Latvia to its list of countries from which it will request criminal record information. However, they have also informed us that Poland and Romania remain suspended from their list, due to ongoing delays in obtaining information from these countries.

Securing a comprehensive understanding of an individual’s criminal records across multiple countries is a valuable undertaking. Verifile can do exactly that, for any role, across a large number of countries, both in Europe and further afield. Please do contact us for further information on this service.

FCA References

We have recently reviewed our processes for requesting, chasing and receiving references for individuals going into roles regulated by the Financial Conduct Authority (FCA). Feedback from clients has been extremely helpful during this review.

As a result, we have improved how we request references from organisations regulated by the FCA and how we check the references received back from those organisations. We have also enhanced how we display results within the final report by adding a list of employers from which we have sought references, whether the employer is regulated by the FCA and whether we received a ‘regulated reference’ from them. This list is located after the contents section of the final report (see below example).

Additional Information - Firm name - Regulated firm: Yes, Regulated reference received: Yes

When you place your order, to help us fulfil your requirements correctly, please do continue to tick the FCA references box on step 1 (see below).

 FCA/PRA approved person?

FCA references will only be sought if you have a package of background checks agreed with Verifile that includes FCA references. To set up a package or for any further information, please contact your Account Manager.

 


Verifile International Product Changes

We would like to bring the following changes to our international product offering to your attention. If you would like us to send you current documentation for any of the checks listed, please request via​ service@verifile.co.uk.

  • Canada Criminal Record Check
    A new instruction is in place to reflect simplified requirements.
  • Venezuela Criminal Litigation Search
    We are no longer offering the Criminal litigation Search from Venezuela as Supreme Court of Justice no longer provide this information.

  • Malaysia Certificate of Good Conduct
    A new instruction is now in place containing a new website link for the official online form.
  • Spain Criminal Record Extract
    This search is no longer available. This is now only available as a Subject Access Request.

  • Botswana Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.
  • Lesotho Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.
  • Swaziland Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.

  • Tanzania Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.

  • Uganda Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.

  • Zambia Police Certificate
    This search is no longer available. This is now only available as a Subject Access Request.

 

International news

Below are a selection of international headlines, click the links below to view the stories in full for your region.

Worldwide

Africa and Middle East


Egypt

Read more
  • Data Privacy and Security Requirements Starting to Make their Way into Egyptian Laws

Zimbabwe

Read more
  • Zimbabwe is in the Process of Creating a Criminal Digital Fingerprint Database

Asia Pacific

  • Australia and Chinese Taipei Join APEC's CBPR System

Australia

Read more
  • Singapore Airlines Pilot Fails Alcohol Breath Test

China

Read more
  • Busting the Myth: Compliance with the 'Gold Standard' of the GDPR Does Not Buy You a 'Free Pass' Under China's New Personal Information Guidelines
  • Collection, Storage and Transfer of Data in China

Indonesia

Read more
  • Indonesia Proposes Amendments to Its Data Localisation Requirement

Japan

Read more
  • Japan's Data Protection Framework is Not Yet Adequate, Say EU Legislators

Malaysia

Read more
  • University Consortium Set Up to Authenticate Degrees Using Blockchain Technology

Philippines

Read more
  • NPC to Intensify Monitoring of Data Privacy Act Compliance

South Korea

Read more
  • South Korea Passes Bill Legalizing Cannabis for Medical Purposes

Europe

Europe

Read more
  • GDPR: New Guidelines On Territorial Scope
  • No Application of the GDPR in B2B
  • When Does GDPR Apply to a Non-EU Entity? EDPB Provides Guidance

Austria

Read more
  • Austrian DPA Issues Blacklist
  • First Supreme Court Decision on GDPR: Austrian Supreme Court Rules on Prohibition of Consent

Belgium

Read more
  • Belgian DPA Provides First Status Update After Six Months of GDPR

Germany

Read more
  • First Data Protection Authority Issues GDPR Fine
  • Data Protection authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

Hungary

Read more
  • The Hungarian DPA Issues Data Protection Impact Assessment Blacklist

Ireland

Read more
  • Data Protection Commission Confirms List of Processing Operations Requiring a DPIA

Italy

Read more
  • The Italian Data Protection Authority has Drafted the List of Processing Operations Subject to a DPIA - Practical Implications and Accountability Considerations

Luxembourg

Read more
  • New Law on Monitoring at the Workplace

Serbia

Read more
  • Serbia Catches Up with the GDPR: New Data Protection Law Adopted

Spain

Read more
  • Spanish Senate Signs-Off New GDPR-Compliant Data Protection Act

Turkey

Read more
  • Turkey DPA Announces Starting Dates for Registration Obligation

United Kingdom

Read more
  • Careers of People Working with Children Being Destroyed By 'Misleading Police Checks', Teachers Warn
  • Guide to the General Data Protection Regulation (GDPR): Controllers and Processors
  • UK Government Issues Data Protection Guidance in the Event UK Leaves EU with "No Deal"
  • Third in HR Fail to Delete Personal Data
  • Why it's Important to Check New Recruits' References

North America & Carribean

Canada

Read more
  • How to Test Employees for Cannabis Impairment
  • Saying No to Cannabis
  • The Human Rights Tribunal of Ontario Dismisses Discrimination Claim Made by Medical Pot User
  • Legalization of Cannabis: A Guide for Employers
  • Five Steps to Compliance with Privacy Consent Guidelines
  • GDPR Territorial Scope - Draft Guidelines Released that May Help Canadians Established Outside the EU Understand Whether They Must Comply
  • The 5 Hottest Human Resources Questions About Cannabis

Cayman Islands

Read more
  • Cayman Islands Data Protection Law Update

United States

Read more

LEGAL

  • Black, Latino Drivers Sue Amazon Over Firings Based on Background Checks
  • Reminder: Confusing Background Check Disclosures can get an Employer in FCRA Hot Water!
  • Court Grants Final Approval of 41.2M FCRA Class Action Settlement Against PETCO
  • Some Clarity: Court Holds Screening Reports on Independent Contractors Not Subject to the FCRA Employment Purpose Requirements
  • How to Ward Off the Rising Number of Background Check Class Actions Summary
  • Social Security Administration 'No Match' Letters to Employers Make Another Comeback
  • Can an Outside Investigation Constitute a "Consumer report" Under FCRA? The Seventh Circuit Appears Skeptical
  • Eastern District of Pennsylvania Dismisses FCRA Claims for Lack of Standing
  • FCRA Disclosures: Too Much Information, Not Enough or Just Right?
  • University Faculty Background Checks to be Reviewed by Court
  • Vermont AG Issues Guidance on New Data Broker Regulation

DATA PROTECTION & PRIVACY

  • Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data
  • Eu-US Privacy Shield undergoes Second Review by EU Commission and (Re)Passes the Test - For Certifying Companies, Santa Has Come to Town

SALARY HISTORY

  • New Suffolk County, NY, Bill Bans Inquiry into Salary History

IMMIGRATION STATUS

  • Surge in I.C.E. Immigration Enforcement is Wake-Up Call to U.S. Employers

DRUG SCREENING

  • 9th Cir: Montana Law Doesn't Prevent Employers from Banning Marijuana
  • Marijuana Sows Seeds of Conflict for San Francisco employers, But Maybe Not for Utah Employers
  • Say What? The Employee Who Failed His Post-Accident Drug Test Gets Workers' Comp.?

South America

Argentine

Read more
  • Argentina DPA Approves Guidelines for Binding Corporate Rules

 

Worldwide

wcc_africa

Egypt

Data Privacy and Security Requirements Starting to Make Their Way Into Egyptian Laws

Recently, Egypt has adopted two new laws on cyber crime and consumer protection which can be seen as the first attempt by Egypt to regulate data privacy and security.

Specifically, the Law No. 175/2018 on Combating Information Technology Crimes and Law No. 181/2018 on Consumer Protection were adopted. The National Telecom Regulatory Authority (NTRA) and the Egyptian Consumer Protection Agency respectively will be enforcing the new rules, and the Executive Regulations (ER) that will be issued soon will be explaining the exact procedures of implementation.

Read more


Zimbabwe

Zimbabwe Is In The Process Of Creating A Criminal Digital Fingerprint Database

The Zimbabwe government has acquired an electronic machine for digitizing fingerprints found at crime scenes. The machine will be used to create a criminal digital fingerprint database that will automate the fingerprint check process and ultimately to reduce crime. The database will also allow Zimbabwepoliceto quickly determine whether two crimes were committed by the same person and help create a suspect pool.

Read more

Asia Pacific

Australia and Chinese Taipei Join APEC's CBPR System

Australia and Chinese Taipei have joined the Asia-Pacific Economic Cooperation's Cross-Border Privacy Rules System. The CBPR system is a voluntary, accountability-based framework that serves to facilitate data flow across the APEC region. As members of the CBPR system, Australia and Chinese Taipei join the U.S., Mexico, Japan, Canada, Singapore and the Republic of Korea. APEC-CBPR certified companies must implement data privacy policies consistent with the APEC Privacy Framework and are approved by an independent third-party verifier, known as an Accountability Agent, of which there are two so far. To date, the APEC website lists 23 businesses that participate in its compliance directory, including Apple, Hewlett-Packard, IBM and Merck.

Read more


Australia

Singapore Airlines Pilot Fails Alcohol Breath Test

A Singapore Airlines pilot was barred from leaving the Melbourne airport after he failed a random alcohol breath test. In Australia, testing pilots for blood alcohol limits is not compulsory before each flight, unless specified in the pilot’s contract. Yet, the Australian Federation of Pilots has united with other international organizations to help the aviation community deal with substance abuse problems. Some airlines in other countries, such as China, require testing, which sometimes includes medical checks that includes an interview process to test for fatigue, general well-being, and the presence of alcohol and drugs.

Read more


China

Busting the Myth: Compliance with the 'Gold Standard' of the GDPR Does Not Buy You a 'Free Pass' Under China's New Personal Information Guidelines

The Standardization Administration of China, with the PRC General Administration of Quality Supervision, Inspection and Quarantine, has issued the Information Security Technology – Personal Information Security Specification, which assists businesses to comply with data protection found in China’s PRC Cyber Security Law, the Law on the Protection of Consumer Rights and Interests, the e-Commerce Law, and other enactments. The introduction of the Specification comes at a time when public awareness of data protection is on the rise in China, with consumers more likely to demand that their personal data rights are respected.

Read more

Collection, Storage and Transfer of Data in China

Mayer Brown answers key questions about the collection, storage and transfer in China’s Cybersecurity Law including under what circumstance personal data can be collected, stored and process; retention of records, individual’s rights to access personal information about them, the information that must be provided to individuals when their personal data is collected, consent requirements, consent requirements and much more.

Read more


Indonesia


Indonesia Proposes Amendments to its Data Localisation Requirement

There has always been uncertainty around the data localisation requirement in Indonesia, which refers to the requirement in Government Regulation No. 82 of 2012 on Implementation of Electronic System and Transaction (“Regulation No. 82”).

Under Regulation No. 82, an electronic system operator that provides a public service must place its data center and disaster recovery center in Indonesia. However, Regulation No. 82 does not define “public service,” meaning that it has been difficult for electronic system operators in Indonesia to determine whether or not they are subject to the requirement.

The Ministry of Communication and Information Technology (“MOCIT”) has recently issued a draft amendment to Regulation No. 82 (“Draft Amendment”) which, amongst other things, amends the data localisation requirement.

The proposed new data localisation requirement would allow any electronic data other than strategic electronic data to be placed and processed offshore by the electronic system operators if the Draft Amendment becomes law.

Read more


Japan


Japan's Data Protection Framework is Not Yet Adequate, Say EU Legislators

Two key European Union bodies have told the European Commission that they will not approve its draft adequacy decision on the protection of personal data afforded by Japan until their concerns are addressed.

In an opinion adopted on 5 December 2018 and released on 14 December, the European Data Protection Board (“EDPB”) — the group composed of EU national data protection regulators — stated that “a number of concerns, coupled with the need for further clarifications, remain” with regard to the draft adequacy decision and Japan’s data protection framework. The European Parliament also called for clarifications in a resolution adopted by members of parliament (“MEPs”) on 12 December, by 516 votes to 26.

Read more


Malaysia

University Consortium Set Up to Authenticate Degrees Using Blockchain Technology

The Education Ministry announced the setting up of a University Consortium on Blockchain Technology and launched the e-Scroll system – a university degree issuance and verification system based on blockchain technology. The program is focused on combatting the trade in fake degrees available internationally. “

“Currently, Malaysian universities receive thousands of requests globally to verify their genuine graduates. Such verification is still largely done via telephone and emails which contribute to its inefficiency,” it added.

The current plan calls for a verification process that can be done from anywhere in the world as long as there is Internet connectivity, and the process takes only a few seconds.

Read more


Phillipines

NPC to Intensify Monitoring of Data Privacy Act Compliance

The National Privacy Commission (NPC) in the Philippines has intensified its monitoring efforts to ensure strict compliance to the country’s Data Privacy Act of 2012. The Commission has developed guidelines to ensure compliance, and will focus on monitoring specific sectors where personal data gathering and processing are critical, such as schools and banks. There will be three modes of compliance checks: privacy sweep, documents submission, and on-site visits.

Read more


South Korea


South Korea Passes Bill Legalizing Cannabis for Medical Purposes

The Republic of Korea became the first East Asian nation to legalize medicinal cannabis. The move was surprising, as the country has been a vocal opponent of the legalization of recreational cannabis in other countries. The law will allow the import of cannabidiol (CBD), one of many cannabinoid molecules produced by cannabis, which contains no THC and has no intoxicating effect. It will be strictly controlled by the Korea Orphan Drug Center. The law will also allow cannabidiol to be recommended by physicians for a variety of ailments, including treating withdrawal symptoms associated with drug and alcohol abuse.

Read more

Europe

Europe

GDPR: New Guidelines on Territorial Scope

The European Data Protection Board has adopted new draft guidelines on the territorial scope of the GDPR that provide clarification for both EU and non-EU based companies to assess whether all or parts of their activities fall under the scope of the GDPR and to what extent they are subject to the application of the GDPR. The guidelines also clarify aspects that were controversial or misinterpreted in the six months since GDPR went into effect. The guidelines are subject to a public consultation before final adoption.

Read more

No Application of the GDPR in B2B

Brussels, 26th November 2018: In draft Guideline 3/2018 on the scope of application of the GDPR, the European Data Protection Committee specifies that the DSGVO covers those who offer goods and services to individuals. This means that the provision of goods and services to companies, i.e. B2B, is clearly not covered.

For a long time it was not clear how far the geographical scope of the DSGVO extends. Art. 3 DSGVO seemed to be in need of concretization.

The European Data Protection Authority (EDPB) therefore decided to issue a new draft for a guideline on the geographical scope of application. It is intended to ensure a uniform interpretation of the territorial scope of application of the EU DSGVO.

Until now, Art. 3 para. 2 lit. a) in particular left open the scope of interpretation that the DSGVO is not applicable to companies not established in the EU if they do not serve end customers (no B2C). The European Data Committee has now clearly specified this in its guideline.

Read more

When Does GDPR Apply to a Non-EU Entity? EDPB Provides Guidance

European Data Protection Board (“EDPB”) published on 16 November 2018 the long-awaited Guidelines 3/2018 on the territorial scope of the General Data Protection Regulation (“GDPR”). As those with even a cursory interest in the matter knew, a company not established in the EU can still be within the reach of GDPR’s strict rules. But exactly when that is the case was not entirely clear from GDPR’s provisions and recitals. With these guidelines EDPB aims to clarify the criteria for determining the territorial scope of GDPR.

Read more


Austria

Austrian DPA Issues Blacklist

The Austrian Data Protection Authority issued a list stipulating data processing operations that in all cases require a data protection impact assessment (DPIA). Under the GDPR, a controller must carry out a DPIA if certain criteria under Article 35 are met. The so-called “blacklist” issued by national data protection authorities will further specify all relevant scenarios that trigger a DPIA obligation without prejudice to the provisions of the GDPR.

Read more

First Supreme Court Decision On GDPR: Austrian Supreme Court Rules On "Prohibition Of Consent

In the case at hand, a consumer protection organisation filed an action against a company stating that the company uses inadmissible clauses in its general terms and conditions and claiming injunctive relief (i.e. prohibiting the company from using these clauses vis-à-vis customers going forward). The clauses in question also comprised of consent declarations for certain marketing measures which are not required for the performance of the contract. Without granting such consent, customers cannot conclude the relevant contract. The court proceedings were already initiated in 2017. The court of first instance rendered its decision in 2017, the appellate court in May 2018; both decisions were rendered before the GDPR became applicable and both courts considered the consent clauses as inadmissible already under the old data protection regime. Not surprisingly, the Austrian Supreme Court found the consent clauses at hand to be in violation of said prohibition of consent bundling. Further, the Supreme Court's ruling also contained more general statements on (the voluntariness of) consent declarations:

Read more


Belgium

Belgian DPA Provides First Status Update After Six Months Of GDPR

In what circumstances can personal data be collected, stored and processed in Belgium? Thomas Daenens and Steven De Schrijver from Astrea discuss how the collection of personal data must be transparent. The person wishing to collect the data must clearly state the exact purpose for which the data will be collected and the data controller cannot obtain more data than is required for that purpose. They also discuss the limits or restrictions on the period for which an organization may (or must) retain records; and more.

Read more


Germany

First Data Protection Authority Issues GDPR Fine

The State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) was the first German data protection authority to impose a fine under the GDPR. A social media has been fined €20,000 ($22,600) for not ensuring data security of processing of personal data pursuant to Article 32 GDPR. The company had contacted the LfDI with a data breach notification following a hacker attack in which passwords and email addresses of approximately 330,000 users were stolen and published. The company did not hash its customers’ passwords, but stored them in plain text and thus violated Art. 32 GDPR.

Read more

Data Protection Authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of Bavaria within the non-public sector. The authority’s intensified monitoring activities will, in general, concern cybersecurity vulnerabilities and GDPR information duties.

Read more


Hungary

The Hungarian DPA Issues Data Protection Impact Assessment Blacklist

The Hungarian Data Protection Authority has issued its data protection impact assessment blacklist that places regulations on data collection. Specifically, it requires a DPIA for several data processing activities, including the processing of biometric data for systematic monitoring for the purpose of identifying a natural person; processing of a natural person’s genetic data for the purpose of evaluation or scoring; monitoring of employees at work; large scale processing of personal data for law enforcement purposes; and more.

Read more


Ireland

Data Protection Commission Confirms List of Processing Operations Requiring a DPIA

The Irish Data Protection Commission (DPC) has published a list of processing operations that requires a Data Protection Impact Assessment (DPIA). The list encompasses both national and cross-border data processing operations, and requires a DPIA for several types of processing operations, to include profiling vulnerable persons for marketing or online services; systematically monitoring, tracking or observing individuals’ location or behavior; profiling individuals on a large-scale; where a type of processing is likely to result in a high risk to the rights and freedoms of individuals; and more.

Read more


Italy

The Italian Data Protection Authority has Drafted the List of Processing Operations Subject to a DPIA – Practical Implications and Accountability Considerations

On October 11, 2018, the Italian Data Protection Authority issued, pursuant to Article 35(4) GDPR, the the list containing further processing activities [i.e. processing activities additional to those provided for in art. 35(3)] that require a Data Protection Impact Assessment (“DPIA”) to be carried out prior to the processing. The list was adopted after having positively implemented the opinion and instructions of the European Data Protection Board (“EDPB”) published on September 25, 2018 (see ICT Insider of October).

In short, each national Supervisory Authority (“SA”) was required to draw up a draft list containing the types of processing activities that would require a Data Protection Impact Assessment to be carried out prior to their initiation and implementation. The draft list had then to be sent to the EDPB with a view to scrutinise the use of the margin of discretion left to the SAs, in order to ensure a consistent application of the GDPR throughout the Union.

Hence, the final version of the list published today is the outcome of the implementation process of the Board’s opinion and views on the indicated processing types, as means of guaranteeing a uniform application of the GDPR.

Read more


Luxembourg

New Law on Monitoring at the Workplace

Following the entry into force of the General Data Protection Regulation ("GDPR") on 25 May 2018, the Law of 1 August 2018 implements the provisions of the EU regulation into Luxembourg Labour Law. This Law entered into force on 20 August 2018. Article L.261-1 of the Labour Code now contains specific provisions regarding the processing of personal data for monitoring purposes in the context of the employment relationship.

The scope within which employers may process personal data for monitoring has been extended. The monitoring of employees is only permissible:

  • if the employee gives their written consent to the processing of their personal data;
  • if the processing of personal data is necessary for the performance of the employment contract;
  • if the employer is subject to a legal obligation to process personal data; or if the processing of personal data is justified by a legitimate interest


Read more


Serbia

Serbia Catches Up With the GDPR: New Data Protection Law Adopted

After a public hearing that lasted more than a year, the National Assembly of the Republic of Serbia adopted the new Data Protection Law (the "Law") on 9 November 2018. Until the Law comes into force on 21 August 2019, the currently valid law will apply except for the provisions on the Central Register of Databases, which are no longer in force. Nevertheless, according to the published Notice of the Commissioner

for Personal Data Protection (the "Commissioner"), the obligation to establish or register in already established databases still exists under Articles 48, 49 and 51 of the currently applicable law, as does the obligation to submit records of databases to the Commissioner. The provisions of the Law itself have been modelled after and largely comply with the provisions of the GDPR, as part of the wider process of harmonising the national law of Serbia with EU law, which was one of the main reasons for the adoption of the new Law. Besides many novelties, the new Law elaborates certain procedures, rights, obligations and competences in more detail.

Read more


Spain

Spanish Senate Signs-Off New GDPR-Compliant Data Protection Act

The Spanish Senate has approved the GDPR-compliant Spanish Data Protection Act, which contains a special regime for personal data of deceased people, includes additional duties for controllers and processors regarding the accuracy and confidentiality of the data, makes processing of criminal records information more flexible, and approves new rules to determine when a data agent is a data controller and not a data processor. The Act also establishes the divide between children and standard data subjects at 14 years, provides extensive additional regulation regarding CCTV systems and whistleblowing schemes, and more.

Read more


Turkey

Turkey DPA Announces Starting Dates for Registration Obligation

Turkey’s DPA has announced registration dates for the Data Controllers Registry. They include: data controllers that employ more than 50 employees must register before September 2019; data controllers established outside of Turkey must register before September 2019; data controllers that employ less than 50 employees, but whose core business includes the processing of sensitive personal data must before March 2020; and public institutions and organizations that act as data controllers must register before June 2020.

Read more


United Kingdom

Careers of People Working with Children Being Destroyed by ‘Misleading Police Checks’, Teachers Warn

“Misleading” criminal record checks are allegedly destroying the careers of people who want to work with children in the UK. Delegates at a recent Liverpool conference raised concerns that the Disclosure and Barring Service (DBS), which checks criminal records of those applying to work with children, is not fit for purpose. In response, DBS said “Each year we issue around four million certificates to help employers make safer recruitment decisions. What is included on our certificates is either set out in legislation or provided to us by the police. Any non-conviction information disclosed on a DBS certificate has been subject to a decision by a police force in accordance with a statutory test and with regard to statutory guidance.”

Read more

Guide to the General Data Protection Regulation (GDPR): Controllers and Processors

The Information Commissioner UK offers a checklist for data controllers and processors to understand the role they play in data processing. The checklist offers indicators to assist in deciding whether an employee is a controller, a processor or a joint controller. The checklist also discusses what’s new under the GDPR, how to determine whether you are a controller or processor, and more.

Read more

UK Government Issues Data Protection Guidance in the Event UK Leaves EU with “No Deal”

The UK Government has issued guidance regarding how the country’s data protection law will work in the event the UK leaves the EU without a deal. Regulations and more detailed guidance will soon be published that would preserve EU GDPR standards in domestic law, transitionally recognize all EEA countries and Gibraltar as ‘adequate’ to allow data flows from the UK to Europe to continue; preserve existing EU adequacy decisions on a transitional basis; recognize EU Standard Contractual Clauses in UK law and give the ICO the power to issue new clauses; maintain the extraterritorial scope of the UK data protection framework, and more.

Read more

Third in HR Fail to Delete Personal Data

One third of HR teams admit to breaching the General Data Protection Regulation (GDPR) by failing to delete personal data about employees, leavers and job candidates after data-retention periods expire, according to a survey by CIPHR. Although 83% of HR professionals have set retention periods for employee, leaver and job candidate data, only 69% put the policies into practice and deleted the data when the periods expired. The study also found that HR professionals have ignored the Information Commissioner's Office recommendation of enabling self-service access to data. Only one third of respondents said they had enabled self-service access to personal data for employees.

Read more

Why It’s Important to Check New Recruits’ References

A recent employment tribunal ruling highlights the importance of having a robust recruitment and selection process. In Francis-McGann v West Atlantic UK Ltd, an airline pilot successfully applied for a position as a captain, but resigned after the airline discovered that he lied on his application. He sued for three months’ pay, but lost the case. Homa Wilson, an employment law partner at Hodge Jones & Allen, offers precautions all organizations can take to minimize risks due to improper background checks.

Read more

North America & Caribbean

Canada

How to Test Employees for Cannabis Impairment

Recent legal cases clarify the do’s and don’ts of cannabis testing, including one that revolved around the lack of correlation between the amount of cannabis in a person’s system and impairment. Employers should be aware of some of the main issues around their right to test, in addition to need to understand the importance of updating drug and alcohol policies to deal with the potentially greater presence of cannabis in the workplace. In addition, new technologies promise improved measurement, such as the Draeger DrugTest 5000 that has been used in some European countries for several years and has just been approved for use in Canada.

Read more

Saying No to Cannabis

Nearly one in five managers (19 percent) are at least somewhat likely to consume cannabis for recreational purposes before going to work, while 14 percent said it’s somewhat likely they will consume cannabis during work hours. As for workers, seven percent said they are likely to use cannabis before work, while four percent will consume it during work hours, according to a recent survey by ADP Canada. Over the next 18 or 24 months, HR managers can expect litigation in civil and criminal courts over the arbitrariness of cannabis use, and it’s important for employers to be as proactive as possible, and to create policies or amend policies to reflect the new legalization of cannabis.

Read more

The Human Rights Tribunal of Ontario Dismisses Discrimination Claim Made by Medical Pot User

The Human Rights Tribunal of Ontario has found a litigant failed to claim that her employer-sponsored insurance plan discriminated against her disability by refusing to pay for her medical cannabis. Lisa Cabel, a lawyer Norton Rose Fulbright Canada LLP, who represented the insurance company and employer sponsor, says the case shows that while the political climate around recreational marijuana has shifted, the terms of medical marijuana insurance contracts remain in effect. Therefore, employers need to ensure that all company cannabis regulations are up to date and in compliance under the Ontario Human Rights Code.

Read more

Legalization of Cannabis: A Guide for Employers

With the legalization of recreational cannabis as of October 17, 2018, Canadian employers must be prepared to understand their rights and responsibilities vis-à-vis their employees. Employers are encouraged to adopt or amend their substance and drug use policies to conform to cannabis legalization.

First, employers' drug policies should clearly stipulate that they apply to cannabis use, notwithstanding its legalization.

Second, regardless of the particular rules employers wish to adopt, it is advisable to institute policies that are clear with regard to the behaviors that are forbidden and the consequences of violating the policies. These policies should also be applied in a consistent and uniform manner to every employee (subject, of course, to any duty to accommodate, as discussed below).

The implementation of cannabis use policies should be accompanied by training on the various issues surrounding cannabis and the workplace, particularly for managers who will have to apply these policies.

It should be noted that the other provinces and territories of Canada can adopt their own rules regarding the use of cannabis in the workplace, and they may differ from the rules adopted in Québec and Ontario.

Read more

Five Steps to Compliance with Privacy Consent Guidelines

On January 1, 2019, the Privacy Commissioner of Canada will begin enforcing Guidelines for obtaining meaningful consent, which impose requirements for obtaining legally valid privacy consents. This bulletin summarizes five steps to compliance with the Guidelines.

In May 2018, the Office of the Privacy Commissioner of Canada and the Offices of the Information and Privacy Commissioners of Alberta and British Columbia jointly issued Guidelines for obtaining meaningful consent (the "Guidelines") to help private sector organizations obtain legally valid consents to the collection, use and disclosure of personal information. The Guidelines criticize "the use of lengthy, legalistic privacy policies", and explain that the requirements and best practices summarized in the Guidelines are intended to "breathe life" into the ways that consent is obtained.

The Guidelines detail seven principles for private sector organizations to follow to obtain legally valid privacy consents.

Read more

GDPR Territorial Scope – Draft Guidelines Released that May Help Canadians Established Outside the EU Understand Whether They Must Comply

Canadian businesses, particularly those with no physical presence in the EU, have been struggling to manage their compliance efforts with respect to the GDRP. These Guidelines should help organizations better understand when they may be subject to the GDPR. The Guidelines are in draft form and comments must be submitted before January 18, 2019

Read more

The 5 Hottest Human Resources Questions about Cannabis

The holidays bring lots of holiday joy – and some holiday headaches for human resources professionals and employers. And this year's legalization of recreational cannabis use is fuelling lots of HR questions. The hottest one of the season: do employers that offer alcohol at holiday work parties also have to offer cannabis? Here's the answer to that question and to four other burning cannabis questions employers are asking us this season. Also, since this is a rapidly evolving area, employers are well-advised to continue to monitor the science and the criminal law standards for cannabis impairment, and to implement more frequent policy reviews and updates. And all employers, especially those that can't test any or all of their employees, should still train managers and supervisors to watch for and to recognize indicators of impairment.

Read more


Cayman Islands

Cayman Islands Data Protection Law Update

The Cayman Islands Government has announced that the date on which the Data Protection Law 2017 (“DPL”) will be brought into force is now 30 September 2019. The DPL was previously anticipated to be brought into force at the end of January 2019.

In order to assist the many public and private entities which will be affected by DPL, the supervisory body for data protection in the Islands, the Office of the Ombudsman, has released a draft document titled “Data Protection Law 2017 Guide for Data Controllers” which will serve as a practical manual for the way that systems, procedures and documents can be implemented and/or updated to ensure compliance.

Read more


United States

LEGAL

Black, Latino Drivers Sue Amazon Over Firings Based on Background Checks

A lawsuit, filed in Suffolk Superior Court, is a class action suit of black and Latino former drivers for Amazon who have sued the online retailer, alleging that Amazon discriminated against them when it fired them based on a background check policy. Originally filed as a complaint with the Massachusetts Commission Against Discrimination, the drivers claim that in 2016, Amazon began implementing an overly strict background check policy, which highlighted old and minor offenses without taking job performance into consideration. One employee had been delivering packages for the retailer for 60 to 70 hours each week when he was terminated for an old charge of driving after a license suspension.

Read more 

Reminder: Confusing Background Check Disclosures can get an Employer in FCRA Hot Water!

The Ninth Circuit Court of Appeals recently granted a dismissal for lack of standing in Mitchell v. Winco Foods. The Fair Credit Reporting Act (FCRA) case was dismissed when the Ninth Circuit agreed that Mitchell failed to establish the requisite standing because she alleged that WinCo’s job application forms were not FCRA-compliant, however she failed to demonstrate how those alleged violations harmed or presented the risk of harm to her protected interests. When discussing the possibility that Mitchell was simply confused by the disclosure, the court referenced its own decision in the case of Syed v. M-I, LLC, in which it held that “the [FCRA] disclosure requirement at issue … creates a right to information by requiring prospective employers to inform job applicants that they intend to procure their consumer reports as part of the employment application process.”

Read more

Court Grants Final Approval of $1.2M FCRA Class Action Settlement Against Petco

In November, the United States District Court for the Southern District of Columbia granted final approval of a $1.2 million Fair Credit Reporting Act (FCRA) class action settlement against Petco Animal Supplies, Inc. The putative class action was filed in June 2016, alleging that the company’s background check disclosure was hidden among other pages of fine print and went against the “stand alone” disclosure required by law. The Disclosure Class includes 37,279 members, who each will receive about $20 each, while the Adverse Action Subclass includes 52 class members, who each will receive an additional $150.

Read more

Some Clarity: Court Holds Screening Reports on Independent Contractors Not Subject to the FCRA Employment Purpose Requirements

In the case of Smith v. Mutual of Omaha Insurance Company, a court in the United States District Court for the Southern District of Iowa, ruled that the protections applicable when consumer reports are obtained for “employment purposes” under the Fair Credit Reporting Act (FCRA) do not extend to reports obtained for independent contractors. In the case, the plaintiff alleged he applied to contract with the business as an insurance salesperson, but was not hired due to a falsely reported felony on his background check. Claiming he was not provided with the statutorily-mandated prior notice, Mutual of Omaha moved to dismiss the claim on the basis that Smith was only applying to work as a contractor, stating that the pre-adverse action notice requirement did not apply.

Read more

How to Ward Off the Rising Number of Background Check Class Actions Summary

Companies are increasingly faced with class actions for alleged violations of the Fair Credit Reporting Act (FCRA). FCRA claims related to background checks have grown since last year.

Most companies perform background checks on employees as part of the employment application or new hire process.

Lyft was successful in convincing a federal judge to dismiss a FCRA class action and order the Plaintiff to submit his claims to arbitration. When he was hired the Lyft driver had accepted Lyft’s terms of service which included a mandatory arbitration agreement. Lyft used these terms to compel the matter to arbitration.

To avoid FCRA class actions, employers should consider having all applicants sign an arbitration agreement, at least before or at the same time the background disclosure / authorization forms are given to the applicant. Having an arbitration agreement with a class action waiver will go a long ways in defending against a FCRA class action.

Read more

Social Security Administration ‘No Match’ Letters to Employers Make Another Comeback

Social Security Administration (SSA) has begun notifying employers that the information reported on an individual employee’s W-2 form does not match the SSA’s records with “Request for Employer Information” letters, known as “No-Match” letters.

In July 2018, probably in response to President Donald Trump’s Buy American, Hire American Executive Order, SSA re-started the practice by sending “informational notifications”

to employers and third party providers telling them of mismatches on their 2017 Forms W-2 and explaining where to find helpful resources.

A mismatch does not necessarily mean that there is any wrongdoing. It can be caused by an administrative error or several other factors. If the issue is not easily resolved, the employer should contact legal counsel. There are no “safe harbors.” Each case is different and must be analyzed individually to avoid missteps and penalties from either SSA, ICE, or IER.

Read more

Can an Outside Investigation Constitute a “Consumer Report” Under FCRA? The Seventh Circuit Appears Skeptical

The Seventh Circuit Court of Appeals, in the case of Rivera v Allstate Ins. Co., 907 F.3d 1031 (7th Cir. 2018), recently wrestled with a novel question under the FCRA – whether an investigation conducted by third party into employee misconduct could be considered a consumer report under the FCRA. Ultimately, the Court did not rule on the issue, but it appeared skeptical that the FCRA would apply.

The Seventh Circuit overturned the FCRA verdict on Spokeo grounds, but not before expressing great skepticism for the applicability of the FCRA in these circumstances. It noted that this appeared to be a novel question of law and was an “odd application” of FCRA. Specifically, the Court questioned whether an investigation could be a “consumer report,” largely because it was conducted by a law firm which did not appear to be a “credit reporting agency.”

Read more

Eastern District of Pennsylvania Dismisses FCRA Claims for Lack of Standing

A Pennsylvania district court recently dismissed a complaint due to the plaintiff’s lack of standing to assert violations of the Fair Credit Reporting Act. In Harmon v. RapidCourt, LLC, Case No. 17-5699 (E.D. Pa. Nov. 20, 2018), consumer plaintiff Icarus Harmon asserted violations based on a stale criminal history that RapidCourt had provided to a consumer reporting agency.

Relying on the U.S. Supreme Court’s decision in Spokeo, Inc. v. Robins, the Court found that these allegations were insufficient to confer standing “because the disclosure of information to another consumer reporting agency, does not constitute a concrete harm.” The Court assumed, without finding, that RapidCourt itself was a consumer reporting agency, but was “unwilling to find that the transmission of allegedly prohibited information from one consumer reporting agency to another is a concrete injury that is ‘real and not abstract.’

Read more

FCRA Disclosures: Too Much Information, Not Enough, or Just Right?

The Northern District of California recently considered a case where a plaintiff alleged that her employer’s FCRA disclosure both had too much information and too little. The plaintiff in Soman v. Alameda Health Sys., applied for a job with the defendant. The defendant-employer provided written disclosures describing the nature and scope of the background check and plaintiff’s rights under FCRA. The FCRA disclosure contained three text boxes that advised applicants of their rights under the laws of four states to obtain a copy of their consumer reports. The FCRA disclosure also contained the contract information for the employer’s vendor who conducted the background investigation, but omitted a digit in the zip code for the vendor. The plaintiff filed suit against the employer alleging FCRA violations.

Given that the plaintiff failed to establish any concrete harm, the plaintiff lacked standing and thus the Court dismissed her claims. The Court essentially ruled that the employer’s FCRA disclosure contained the ‘right’ amount of information and dismissed her FCRA claims with prejudice.

Read more

University Faculty Background Checks to be Reviewed by Court

Pennsylvania’s highest court will decide whether the system of state-owned universities trampled on faculty union rights by unilaterally requiring criminal background checks and reports of arrests for serious crimes within 72 hours.

The policy, enacted in response to the Jerry Sandusky child molestation scandal at Penn State, was limited in an April decision by Commonwealth Court so that many professors would not be covered by it. The Supreme Court said it will review that decision and consider the schools’ argument that the policy “served the public interest in protecting minors.”

The universities have argued it was within their managerial powers to make all employees follow the policy, not just those who are likely to encounter children on campus. The unions say any such policy should be hammered out as part of contract negotiations.

Read more

Vermont AG Issues Guidance on New Data Broker Regulation

Vermont’s new Data Broker Regulation (“Regulation”) takes effect on January 1, 2019. The Regulation requires, among other things, that data brokers register with the Vermont Secretary State and protect personally identifiable information of Vermont residents. This week, the Vermont Attorney General issued guidance on the Regulation, which helps address questions on process and scope.

Read more

DATA PROTECTION & PRIVACY

Department of Commerce Updates Privacy Shield FAQs to Clarify Applicability to UK Personal Data

On December 20, 2018, the Department of Commerce updated its frequently asked questions (“FAQs”) on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”) to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019. The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after Brexit.

The deadline for implementing the steps identified in the FAQs depends on whether the UK and EU are able to finalize an agreement for the UK’s withdrawal from the EU. To the extent the UK and EU reach an agreement regarding withdrawal, thereby implementing a Transition Period in which EU data protection law will continue to apply to the UK, Privacy Shield participants will have until December 31, 2020, to implement the relevant changes to their public-facing Privacy Shield commitments described in the FAQs and below. To the extent no such agreement is reached, participants must implement the changes by March 29, 2019.

Read more

EU-US Privacy Shield Undergoes Second Review by EU Commission and (Re)Passes the Test—For Certifying Companies, Santa Has Come to Town

On December 19, the EU Commission ("Commission") published its report to the European Parliament and the Council on the second review of the functioning of the EU-US Privacy Shield (the "Report").

To the relief of the 3,850 US companies who have certified to the Privacy Shield, and those entities transferring personal data to them, the Commission concluded that the Privacy Shield framework ensures an adequate level of protection for personal data and, therefore, can still be used as one of the available transfer mechanisms under the General Data Protection Regulation ("GDPR"). Nonetheless, the review identified some immediate actions for the US government to take in order to continue to keep the Privacy Shield framework on secure footing.

Read more

SALARY HISTORY

New Suffolk County, NY, Bill Bans Inquiry into Salary History

Suffolk County has become the latest New York Jurisdiction to pass a bill that prevents employers from inquiring into the salary and benefits history of job applicants. Intended to establish pay equality and “break the cycle of wage discrimination,” the Restricting Information on Salaries and Earnings Act (RISE Act) will go into effect on or about June 30, 2019, if signed by County Executive Steve Bellone.

Read more

IMMIGRATION STATUS

Surge in I.C.E. Immigration Enforcement is Wake-Up Call to U.S. Employers

Here is a wake-up call for employers thinking about shoring up their immigration compliance process as a New Year’s resolution. U.S. Immigration and Customs Enforcement (ICE) is targeting employers and has dramatically increased the number of worksite investigations, audits, and arrests.

How much has ICE increased its enforcement activity at U.S. employers’ worksites? Worksite investigations are up more than 300% from the fiscal year 2017. I-9 audits are up 340%. Criminal worksite related arrests are up 460%. And administrative worksite arrests are up 787% over 2017. These arrests can include not only undocumented workers but also the responsible hiring manager. Unlike most employment regulatory obligations, immigration compliance laws create the potential for personal, criminal liability for hiring managers and officials. Simply put, managers and company officials can go to jail for getting immigration compliance wrong.

Read more

DRUG SCREENING

9th Cir: Montana Law Doesn't Prevent Employers From Banning Marijuana

The 9th U.S. Circuit Court of Appeals has upheld a lower court's decision to dismiss a fired marijuana user's lawsuit against his employer, Charter Communications, LLC. The Montana Supreme Court's refusal to certify a question that plaintiff Lance Carson wanted answered before the state's high court will stand.

The federal appeals court concluded that a state's legalization of marijuana won't necessarily override a company's drug-free workplace policy. The Montana Marijuana Act (MMA) doesn't "prevent employers from prohibiting their employees from using marijuana or authorize wrongful termination or discrimination suits against employers," it said.

The court also noted that the MMA doesn't violate Montana's constitution and is in line with the state's "careful regulation of access to an otherwise illegal substance for limited use by persons for whom there is little or no other effective alternative" while "avoid[ing] entanglement with federal law."

Read more

Marijuana Sows Seeds of Conflict for San Francisco Employers, But Maybe Not for Utah Employers

San Francisco, known for its forward progress in the cannabis space, has done it again. Effective October 1, 2018, employers are prohibited from “inquiring about, requiring disclosure of, or basing employment decisions on convictions for decriminalized behavior, including the non-commercial use and cultivation of cannabis.” The ordinance restricts employers from asking questions about pot convictions and, instead, authorizes the City to impose penalties on employers who violate the ordinance. Some of the penalties include a private right of action for the victim and monetary payment.

As previously reported, Utah legalized medical marijuana this midterm through Proposition 2. Proposition 2 failed to include important provisions in its initiative, including what rights employers would have. However, Utah’s House of Representatives held a special legislative session whereby lawmakers changed Proposition 2 and adopted more restrictive provisions in what is being called the medical cannabis compromise. These restrictive provisions include employer protections.

Read more

Say What? The Employee Who Failed His Post-Accident Drug Test Gets Workers’ Comp.?

Employers might assume that an injured worker’s positive post-accident drug or alcohol test will automatically defeat a related workers’ compensation claim. However, in Ohio at least, the reality is a bit more complicated. Under Ohio law, a positive, post-accident drug test raises only a “rebuttable presumption” that the injured worker’s use of drugs or alcohol proximately caused the industrial injury. Since this legal presumption is “rebuttable,” the burden then shifts back to the employee to prove that the impairment did not cause the accident. This burden-shifting “rebuttable presumption” can be a potent defense to some claims.

Read more

wcc_southamerica

Argentine

Argentine DPA Approves Guidelines for Binding Corporate Rules

The Agency of Access to Public Information has approved a set of for multinational companies to comply with international data transfer laws. The Argentine Personal Data Protection Law No. 25, 326 prohibits the cross-border transfer of personal data from Argentina to other countries or to international organizations that do not provide for an adequate level of protection. The guidelines include information on third-party beneficiaries, supervisory authority, data protection training, administrative resources and more.

Read more

 


Share
Share on Facebook
Share on LinkedIn




Previous Page
0


Follow us on Twitter
Follow us on Twitter
Find us on LinkedIn