Accredibase
Checking Facts Building Trust

Verifile

About Us...



Memberships and Registrations



Data sources



Who we are



Quality Policy



Link to us



News



International Newsletters



Follow us on Twitter

Find us on LinkedIn

Investors In People

ISO Accrediation



Verifile International Newsletter Issue #14

24 Nov 2015

Welcome to our November edition of the International Newsletter 2015 which we hope you find helpful in keeping up to date.

We'd like to take this opportunity to thank you all for your valued support during 2015 and we hope you have a joyful festive season!

In this issue of the International Newsletter:

WORLDWIDE NEWS

- EU-US UMBRELLA AGREEMENT ABOUT TO BE CONCLUDED: TOWARDS A TRANSATLANTIC APPROACH TO DATA PROTECTION?

- DPAS TO ANNOUNCE NEW COOPERATIVE ARRANGEMENT

- DATAGUIDANCE RELEASES 2015 GLOBAL PRIVACY ENFORCEMENT
REPORT

ASIA PACIFIC  
INDIA

- ALMOST 1 IN 3 LAWYERS IN INDIA ARE 'FAKE', CLAIMS TOP BAR OFFICIAL

- TENANT SCREENING BEGINS TO WEED OUT ANTI-SOCIALS

ISRAEL

- SAFE HARBOR DECISION TRICKLES DOWN: ILITA REVOKES PRIOR AUTHORIZATION

SOUTH KOREA

- PIMS AND PIPL MERGED INTO 'LESS BURDENSOME' OPTION

EUROPE

- IMPORTANT DECISION ON APPLICABLE DATA PROTECTION LAW

- ADVOCATE GENERAL OF THE EUROPEAN COURT OF JUSTICE ISSUES OPINION REGARDING SAFE HARBOR

- EU COMMISSIONER SAYS PROTECTION OF PERSONAL DATA MORE THAN A "EUROPEAN" FUNDAMENTAL RIGHT

- UNEMPLOYMENT FALLS TO A 3.5 YEAR LOW

GEORGIA

- DATABASE OF FOREIGN WORKERS TO BE CREATED

GERMANY

- GERMAN DPA FINES DATA CONTROLLERS FOR INADEQUATE DATA PROCESSING AGREEMENT

- SAFE HARBOR FALLOUT: COMMISSION, COUNCIL DEBATE PARLIAMENT; GERMAN DPA TAKES NEXT STEP

NORTH AMERICA  
CANADA

- AMENDMENTS TO FIPPA/MFIPPA TO COME INTO FORCE

- DIGITAL PRIVACY ACT IS NOW LAW

- ALCOHOLIC EMPLOYEE REINSTATED AFTER EMPLOYER'S
COMPASSIONATE APPROACH PUT IN QUESTION SERIOUSNESS OF PREVIOUS WARNINGS

- MARIJUANA IN THE WORKPLACE: A HAZY ISSUE FOR EMPLOYERS

- “ZERO TOLERANCE” POLICY ON DRUGS IN WORKPLACE UPHELD
BY HUMAN RIGHTS TRIBUNAL

- HUMAN RIGHTS RULING SAYS MANITOBA WOMAN WAS ADDICTED
TO ALCOHOL, UNJUSTLY FIRED

- DRUG AND ALCOHOL POLICIES IN ALBERTA

CARIBBEAN

- SUPREME COURT OF PUERTO RICO REAFFIRMS THAT VIOLENCE
IN THE WORKPLACE JUSTIFIES FIRST OFFENSE TERMINATION

RUSSIA & EASTERN BLOC  
RUSSIA

- A PRIMER ON RUSSIA’S NEW DATA LOCALIZATION LAW

- RUSSIAN DATA LOCALIZATION: TWO MONTHS IN

SOUTH AMERICA  
BRAZIL

- SNAPSHOT OF GOOD PRACTICE GUIDANCE

UNITED STATES

- WILL WE SEE A "SAFE HARBOR 2.0" SOON?

- MODEL CONTRACT CLAUSE GAP ASSESSMENT

- TECH GIANTS URGE CONGRESS TO GIVE PRIVACY RIGHTS TO EU
CITIZENS

- FOOD LION PARENT COMPANY SETTLES MULTI-MILLION DOLLAR FCRA BACKGROUND SCREENING CLASS ACTION

- THE FAIR CHANCE ACT AND STOP CREDIT DISCRIMINATION IN EMPLOYMENT ACT - NEW INTERPRETATIONS FROM THE NYCCHR

- KOHL'S HIT WITH BACKGROUND CHECK CLASS ACTION LAWSUIT

- THE LESSONS OF EEOC V. FREEMAN - "KNOW WHEN TO HOLD 'EM. KNOW WHEN TO FOLD 'EM."

- GOODLATTE, SENSENBRENNER AND CONYERS PRAISE HOUSE PASSAGE OF LEGISLATION TO STRENGTHEN PRIVACY PROTECTIONS FOR INDIVIDUALS

- CHIPOTLE FACES POTENTIAL FCRA CLASS ACTION LAWSUIT

- AMAZON HIT WITH ANOTHER BACKGROUND CHECK CLASS ACTION LAWSUIT

- CHILD'S DEATH PROMPTS LAWSUIT AGAINST CHILDCARE REFERRAL COMPANY

- CALIFORNIA LAWS ON EMPLOYER USE OF ARREST AND CONVICTION RECORDS

- INFINITY STAFFING BACKGROUND CHECK CLASS ACTION

- SUITS PILE UP AFTER U.S. REVEALS DATA BREACH AFFECTED MILLIONS

- 'REASONABLE SUSPICION' A PREFERRED OPTION TO RANDOM DRUG TESTING

- REASONABLE SUSPICION OF ALCOHOL TEST OF EMPLOYEE WAS JUSTIFIED AFTER BAR FIGHT AND DIAGNOSIS OF ALCOHOLIC PANCREATITIS

- MARIJUANA IN THE WORKPLACE: A HAZY ISSUE FOR EMPLOYERS

- EMPLOYEES UNDER THE INFLUENCE: DISABLED BUT NOT UNFIREABLE

- MEDICAL MARIJUANA IN THE ARIZONA WORKPLACE

- NEARLY ONE IN THREE FEDERAL AGENCIES LOST DATA TO INSIDER THREATS IN THE LAST YEAR

- HERNANDEZ BILL TO PREVENT RETALIATION CAUSED BY MISUSE OF E-VERIFY SIGNED BY GOVERNOR BROWN

 

World wide news

DATA PROTECTION & PRIVACY

EU - US UMBRELLA AGREEMENT ABOUT TO BE CONCLUDED: TOWARDS A TRANSATLANTIC APPROACH TO DATA PROTECTION?

 

According to the European Commissioner for Justice, Consumers and Gender Equality, Véra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement. This is a remarkable breakthrough after the first calls for such an agreement back in March 2009, when the European Parliament called for an "EU - US agreement ensuring adequate protection of civil liberties and personal data protection". The Umbrella Agreement will complement existing EU-US and Member State-US agreements in the area of law enforcement and put in place a comprehensive high-level data protection framework. It will cover all personal data exchanged by the EU and the US for the purpose of prevention, detection, investigation and prosecution of criminal offences - including obviously terrorism.

 

Read more

 

DPAS TO ANNOUNCE NEW COOPERATIVE ARRANGEMENT AT CONFERENCE THIS MONTH

 

During their “Fireside Chat” at Dentons’ offices in London, UK Information Commissioner Christopher Graham and former Interim Canadian Privacy Commissioner Chantal Bernier previewed details of a new cooperation agreement amongst global data protection authorities that will be announced at the Data Protection and Privacy Commissioners Conference in Amsterdam later this month. The Arrangement, as it’s being referred to, creates a common understanding of the obligations of DPAs as they work together, so that separate memorandums of understanding don’t have to be negotiated and signed each time DPAs coordinate on a case. The Arrangement will speed up the ability for DPAs to co-investigate and share information, Bernier noted. This kind of coordination, along the lines of what GPEN has been doing with its privacy sweeps, is something you’ll see much more of in the future, Graham and Bernier agreed, in addition to groups like the Article 29 Working Party and APEC.

 

Read more

 

DATAGUIDANCE RELEASES 2015 GLOBAL PRIVACY ENFORCEMENT REPORT

 

This year's Enforcement Report, prepared by DataGuidance's team of Privacy Analysts in collaboration with their network of legal experts has now launched. Building on their previous two Reports, DataGuidance has expanded its coverage to include a truly global breakdown of the enforcement action taken by national regulators during 2014 in Europe, Asia Pacific, Latin America, North America and the Commonwealth of Independent States (CIS). As each jurisdiction is unique in terms of legislation and the powers that are afforded to the regulator responsible for privacy compliance, this year's Report includes detailed insight from leading privacy lawyers, selected for their specialised knowledge of the enforcement regimes in place. In addition, it provides analysis into significant DPA decisions and case law, in an effort to unearth the practical reality of privacy risk at a local level.

 

Read more

 

Asia Pacific

India

EMPLOYMENT SCREENING NEWS

OCCUPATIONAL FRAUD, DIPLOMA MILLS, FAKE DEGREES, FAKE REFERENCES, & FAKE RESUMES

ALMOST 1 IN 3 LAWYERS IN INDIA ARE ‘FAKE,’ CLAIMS TOP BAR OFFICIAL

Nearly a third of all lawyers in India are “fake,” the head of the country’s legal regulator has said. Manan Kumar Mishra, the chairman of the Bar Council of India (BCI), made the startling revelation during a recent speech. “Thirty percent of all lawyers are fake, who either hold fraudulent degrees or are nonpracticing persons and 20% of those who sport lawyers’ robes do not have proper degrees,” Mishra said. “Fake lawyers and nonpracticing law graduates are degrading the standards of the profession.” The spread of “fake” lawyers, Mishra added, was also causing disruptions in the legal system. “Strikes on petty issues have become a regular phenomenon due to such persons,” he said, “We are serious about this and will take stiff action.”

Read more

TENANT SCREENING

TENANT SCREENING BEGINS TO WEED OUT ANTI-SOCIALS

Anti-social elements attempting to take refuge in Tirupur will now have a tough time hiding from the police, thanks to a tenant information system being put in place by the city police. Police officials have managed to gather data pertaining to 12,000 tenants to date. The database, second of its kind after Chennai, will have mobile numbers, family details, previous address, work details and an identity proof of the tenant. The tenant information system would also include a photocopy of the tenant's driving license, ration card or voter ID card, passport, PAN card or Aadhaar card. The idea of a tenant information system was mooted after frequent incidents of anti-social elements finding a safe haven in Tirupur. Police commissioner S N Seshasai, who initiated the process, said he didn’t want to force the public to hasten the preparation of the database.

Read more

Israel

SAFE HARBOR DECISION TRICKLES DOWN: ILITA REVOKES PRIOR AUTHORIZATION

In a new development demonstrating the ripple effect of the European Court of Justice (ECJ) Schrems decision, the Israeli Law, Information and Technology Authority (ILITA) revoked its prior authorization to transfer data from Israel to the U.S. that rely on Safe Harbor. The announcement will present a significant barrier to data flows from Israel’s surging technology sector, which comprises large local operations of global powerhouses such as Intel, Microsoft, Google, Facebook and HP, as well as Israeli “unicorns” such as Waze, which was acquired by Google for more than $1 billion. The decision attempted to avoid rupturing the borders of the Euro “data zone,” which Israel effectively belongs to under its adequacy decision. At the same time, the adequacy of Israel’s regime itself may be called into question, together with other adequacy mechanisms, based on the reasoning of the ECN.

Read more

South Korea

PIMS AND PIPL MERGED INTO 'LESS BURDENSOME' OPTION

The Korean Communications Commission (KCC) and the Ministry of Interior (MOI) proposed merging the Personal Information Management System (PIMS) and the Personal Information Protection Level (PIPL) System into an integrated Personal Information Protection Management System Certification (the proposed Certification). The proposed Certification will also amend the related auditing scheme. According to a press release by the KCC, the merge aims to alleviate the confusion and 'bottle neck' effect caused by current overlapping certification schemes. "The merged certification scheme will certainly benefit businesses planning to apply for the certifications," said Kyoung Yeon Kim and Yong Yun, Partner and Foreign Attorney respectively at Yulchon LLC. The proposed Certification will eliminate confusion [...], reduce costs and encourage applications for certification.

Read more

Europe

DATA PROTECTION & PRIVACY

IMPORTANT DECISION ON APPLICABLE DATA PROTECTION LAW

After the controversial Google Spain decision (which besides the right to be forgotten also dealt with applicable law rules), the Court of Justice of the EU (CJEU) handed down another important – and yet again rather controversial – decision on 1 October 2015. The decision on applicable data protection law, the test at law for determining which national data protection law or laws apply to processing of personal data, comes from Hungary and concerns Slovak company Weltimmo s.r.o. and the Hungarian data protection authority. The Weltimmo case addresses two important questions: What is the threshold for an establishment and how do the rules on applicable law apply to Internet companies? Which data protection authority has competence to impose sanctions? The Weltimmo judgment is potentially far-reaching and may make data protection compliance for some businesses offering services/products or otherwise operating across multiple Member States more difficult and burdensome.

Read more

ADVOCATE GENERAL OF THE EUROPEAN COURT OF JUSTICE ISSUES OPINION REGARDING SAFE HARBOR

On September 23, 2015, Advocate General of the European Court of Justice Yves Bot issued his Opinion in the case of Max Schrems, which is currently pending before the Court of Justice of the European Union (The CJEU). In the opinion, the Advocate General provided his views concerning two key issues related to the U.S.-EU Safe Harbor Framework: (1) the powers of national data protection authorities to investigate and suspend international data transfers made under the Safe Harbor Framework and (2) the ongoing validity of the European Commission’s Safe Harbor adequacy decision. It is yet to be seen whether the CJEU will reach the same conclusions as the Advocate General. In the interim, it is likely that this Opinion will increase the pressure on U.S. and EU government authorities to reach agreement on a revised U.S.-EU Safe Harbor Framework.

Read more

EU COMMISSIONER VERA JOUROVÁ SAYS PROTECTION OF PERSONAL DATA MORE THAN A “EUROPEAN” FUNDAMENTAL RIGHT

EU Commissioner, Vera Jourová, told the 37th International Privacy Conference in Amsterdam that the ECJ’s decision in the Schrems case “reaffirms once more that personal data protection is a fundamental right and that it applies also when personal data is transferred to third countries. The Commission respects the Court's ruling and will abide by it. And so must all stakeholders!” She continued: “Too many Internet users today do not trust the Internet. Two thirds of them in the EU do not feel in complete control of their personal data. Another 42% worry that their online payments are not safe. We must always bear in mind that a strong economy and a thriving society rest primarily on one powerful human feeling, trust. This is why we launched in 2012 the data protection reform. The negotiations are now in the final stages, and I confident that a final result will be reached by the end of this year.”

Read more

DATA PROTECTION & PRIVACY

UNEMPLOYMENT FALLS TO A 3.5 YEAR LOW

Eurozone unemployment has fallen to a three and a half year low of 10.9% in July, as the recovery in the single currency trading bloc continues to boost jobs. The drop in unemployment surprised economists, who had been forecasting no change from the 11.1% of unemployment seen in June. The number of people unemployed fell 232,000 from June in the EU and by 213,000 in the Eurozone. The drop in unemployment comes after data from the Markit Eurozone manufacturing purchasing managers’ index (PMI) showed the manufacturing sector continued to expand in August, although it follows disappointing second quarter GDP data that showed the Eurozone's largest economies grew less than economists had expected. The lowest rates of unemployment in the EU were 4.7% in Germany and 5.1% in the Czech Republic and Malta.

Meanwhile the highest rates of unemployment were 25% in Greece and 22.2% in Spain.

Read more

Georgia

DATABASE OF FOREIGN WORKERS TO BE CREATED

Georgia’s Ministry of Labour, Healthcare, and Social Affairs has announced plans to create a database of foreigners employed in the country, in order to ensure that only those with the legal right to work in Georgia are able to do so. Elza Jgerenaia, Head of the Ministry’s Labour and Employment Department, commented: “Information on who is a labour immigrant, what post he or she occupies, what are his or her qualifications will have a positive impact on the development of a competitive labour environment.” The data will also provide information on positions and skills that are in particular demand from Georgian employers. This in turn will support the development of a new employment policy. “We will know what professions are in demand and in what sectors we need to retrain manpower, so that employers will not have to allocate additional funds seeking labour from abroad,” Jgerenaia explained.

Read more

Germany 2

DATA PROTECTION & PRIVACY

GERMAN DPA FINES DATA CONTROLLER FOR INADEQUATE DATA PROCESSING AGREEMENT

The Bavarian Data Protection Authority (DPA) issued a press release stating that it imposed a significant fine on a data controller for failing to adequately specify the security controls protecting personal data in a data processing agreement with a data processor. The DPA stated that the data processing agreement did not contain sufficient information regarding the technical and organizational measures to protect the personal data. The press release said the agreement was not specific enough and merely repeated provisions mandated by law. According to the DPA, the law provides some flexibility for companies to determine which contractual obligations are appropriate for a particular engagement. The DPA stated that this choice may depend on the data security plan of the data processor and related data processing systems used.

Read more

SAFE HARBOR FALLOUT: COMMISSION, COUNCIL DEBATE PARLIAMENT; GERMAN DPA TAKES NEXT STEP

The ramifications of the European Court of Justice (ECJ) decision in the Schrems case, invalidating Safe Harbor, have continued. First, the European Parliament announced it will have EU commissioners and councilors address its plenary. Second, the data protection commissioner from the German state of Schleswig-Holstein has taken the step that many have predicted and issued a position paper that follows the ECJ’s logic to declare model contract clauses, even consent, to likely be invalid ways of transferring data to the U.S. The release from Parliament notes that MEPs are “likely to ask the Commission to clarify the legal situation following the (Safe Harbor) ruling and demand immediate action to ensure effective data protection for EU citizens.” Businesses in Schleswig-Holstein that transmit personal data to the U.S. should review its procedures as quickly as possible and consider alternatives for the processing of personal data.

Read more

North America

 

Canada 2

DATA PROTECTION & PRIVACY


AMENDMENTS TO FIPPA/MFIPPA TO COME INTO FORCE JANUARY 1, 2016

Schedule 6 of the Public Sector and MPP Accountability and Transparency Act, 2014, which amends the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, has been proclaimed into force effective January 1, 2016. The amendments will: require institutions to ensure that reasonable measures are put into place for the preservation of records within the custody and control of the institution, in accordance with any recordkeeping or records retention requirements applicable to the institution; create a new offence in cases where a person alters, conceals or destroys, or causes any other person to do so, a record with the purpose of denying a right to access the record or the information in it; and in a prosecution for an offence under the statute, permit a court to take precautions to avoid the disclosure by the court or any person of certain specified information.

Read more

DIGITAL PRIVACY ACT IS NOW LAW

The Digital Privacy Act (Bill S-4) passed into law, introducing (among other things) significant fines and mandatory breach notification (not yet in force) into the Personal Information Protection and Electronic Documents Act (PIPEDA). Organizations which handle personal information in the course of their commercial activities will want to undertake a review of their privacy policies and security safeguards. In light of the new power to levy significant monetary penalties, boards of directors may want to review their organization’s allocation of risk around these issues. There are four areas that will be of significant concern to organizations: consent, mandatory breach notification, penalties and confidentiality. The Digital Privacy Act modernizes the “business contact” carve-out from the definition of personal information.

Read more

ALCOHOL & DRUG SCREENING

ALCOHOLIC EMPLOYEE REINSTATED AFTER EMPLOYER'S COMPASSIONATE APPROACH PUT IN QUESTION SERIOUSNESS OF PREVIOUS WARNINGS

In the case, an adjudicator reinstated an alcoholic employee who was dismissed after he was found to be under the influence of alcohol at work. The employee had previously been disciplined for alcohol consumption, lateness/absenteeism and abandoning his shift, and on one occasion had entered into a "last chance agreement". The adjudicator held that the employee, as an alcoholic, suffered from a "disability" for the purposes of human rights legislation. The adjudicator expressed concern that the employer’s compassionate approach created the general impression in the mind of the employee that the threat of dismissal was not serious. Further, there was no aggressive behaviour from the employee in the incident that led to his dismissal. As such, the adjudicator held that the dismissal was excessive and that the employer had not yet approached the point of "undue hardship" in accommodating the employee's alcoholism.

Read more

MARIJUANA IN THE WORKPLACE: A HAZY ISSUE FOR EMPLOYERS

With all the changes to state laws now permitting recreational and medical marijuana use, HR professionals are understandably feeling dazed and confused. Employers with employees who use medical marijuana will have to do some studying into the employee's job requirements. Generally speaking, an employer does not have to allow for an employee to be actively under the influence while at work. But an accommodation may be necessary, depending on the nature of the job and the safety and other sensitivities of the position. Once an employer is provided notification that an employee is a medical marijuana user, that employer needs to be especially careful how it uses that information and how far it goes in asking for more. Employers in states allowing for the use of medical marijuana should familiarize themselves with the relevant statutes and, in particular, determine whether their state statute requires that accommodations be made.

Read more

“ZERO TOLERANCE” POLICY ON DRUGS IN WORKPLACE UPHELD BY HUMAN RIGHTS TRIBUNAL WHERE EMPLOYEE DID NOT HAVE “MARIJUANA CARD”

An employee who smoked marijuana on the job without legal and medical authorization was not discriminated against when dismissed under his employer’s “zero tolerance” policy, the British Columbia Human Rights Tribunal has held. The employer had a policy of “zero tolerance for drugs on the work site” and gave the employee a letter stating that “if you can’t stop taking drugs on the work site” and don’t attend at work, then the employee would be considered to have quit. In summary, the Human Rights Code did not require the employer to accommodate the employee by permitting him to smoke marijuana in the workplace without legal and medical authorization. The employee’s human rights complaint was therefore dismissed.

Read more

HUMAN RIGHTS RULING SAYS MANITOBA WOMAN WAS ADDICTED TO ALCOHOL, UNJUSTLY FIRED

A human rights adjudicator has ruled a Manitoba woman who was fired for alcohol consumption was discriminated against because she was addicted to alcohol. The adjudicator has ordered the woman to be reinstated, given three years back pay and an additional $10,000 for injury to her dignity and self-respect. The case involves Linda Horrocks, who worked as a healthcare aide. Evidence presented at a human rights board hearing shows Horrocks was frequently absent from work in 2011 and was suspended after being intoxicated on the job. Her employer made Horrocks sign an agreement to abstain from alcohol both on and off the job, and she was fired a year later when she was suspected of drinking outside of work. The adjudicator's ruling says the regional health authority discriminated against Horrocks because it did not accommodate her alcohol addiction or consult with experts about conditions for her returning to work.

Read more

DRUG AND ALCOHOL POLICIES IN ALBERTA

In Stewart v Elk Valley Coal Corporation, 2015 ABCA 225, the Alberta Court of Appeal upheld the decision of the Human Rights Tribunal that the termination of a safety sensitive employee involved in a workplace incident while under the influence of cocaine did not constitute discrimination. This decision remains good news for employers. Unlike most Canadian jurisdictions, Alberta employers can still rely on provisions in an alcohol and drug policy that require safety sensitive employees to stop drug use or disclose dependencies in advance of a workplace incident. Employers should carefully examine their alcohol and drug policies to assess whether there are remedial steps to accommodate those with dependency issues before termination becomes the only option.

Read more

Caribbean

SUPREME COURT OF PUERTO RICO REAFFIRMS THAT VIOLENCE IN THE WORKPLACE JUSTIFIES FIRST OFFENSE TERMINATION

In a unanimous decision, the Supreme Court of Puerto Rico recently reaffirmed its previous position that an act of aggression by an employee towards a coworker is sufficient to establish just cause for termination under Puerto Rico's Unjustified Dismissal statute, Act No. 80 of May 30, 1978 (Act 80), even when the aggression is a first-time offense. After granting the employer's petition for a writ of certiorari, the Supreme Court of Puerto Rico reversed the appellate court's decision, holding that the termination was supported by just cause. This reasoning was echoed by the concurring opinion, which cautioned that courts should not approach such cases as if they were human resources departments instead of courts of law. Although this case deals with workplace violence, its reasoning may be extrapolated to other serious offenses warranting immediate termination.

Read more

Russia and Eastern Bloc

 

Russia

DATA PROTECTION & PRIVACY

A PRIMER ON RUSSIA’S NEW DATA LOCALIZATION LAW

Russia’s new data localization law, Federal Law No. 242-FZ, an amendment to Russia’s On Personal Data Law goes into effect on September 1, 2015 and it may have wide reaching implications on firms that collect personal information from Russian citizens, even if those companies are not located in Russia. The law requires “operators” to collect, store, and process Russian citizens’ personal data using databases located within Russia. Since the law does not explicitly exempt foreign companies from its requirements, companies outside of Russia should assume that Russia’s Roskomnadzor, the state body that oversees telecommunications, information technology, and mass communication will interpret the law to apply equally to foreign companies that collect, store, and/or process the personal data of Russian citizens.

Read more

RUSSIAN DATA LOCALIZATION: TWO MONTHS IN

We are now almost two months into the era of Russia’s Data Localization Law, which came into force on 1 September. While some expected immediate enforcement, the Russian Data protection Authority, Roskomnadzor, has not yet taken any action for a violation of data localization requirements. Last month, Roskomnadzor did take formal enforcement action to block a website and add it to register of violators of data subject rights (link in Russian) for maintaining an illegal Internet database containing the contact details of over 1.5 million Russian citizens. This enforcement, however, was not for violation of the data localization law, but rather for the illegal collection and dissemination of personal data under other Russian data protection laws. In addition to the enforcement action, Roskomnadzor has published a handful of other updates on its website about compliance with data protection law and localization requirements.

Read more

South America

Brazil

SNAPSHOT OF GOOD PRACTICE GUIDANCE IN EMPLOYEE SCREENING

Brazilian law places non-statutory limitations on an employer’s ability to seek background checks for employment purposes, including criminal record checks, consumer credit checks, or driving record checks. Denial of employment based on information solely contained in a background check, however, is warranted only if that information suggests a candidate’s working capacity, safety, or reliability would be materially impaired. A 2004 ruling by the 2nd Regional Labor Court determined that no worker may be fired solely based on the fact that they have an open file in a Credit Protection Service. Otherwise, an employer could face liability for discrimination. A candidate must expressly consent to undergo a background check. An applicant who refuses to consent to a medical examination however may lawfully be denied employment. The individual right of intimacy guaranteed by the Brazilian Constitution obligates employers to safeguard the confidentiality of all records relating to background checks.

Read more

United States

DATA PROTECTION & PRIVACY

WILL WE SEE A "SAFE HARBOR 2.0" SOON?

Schrems will take part in the breakout session, “Safe Harbor Postmortem: Schrems Reflects,” during the IAPP Europe Data Protection Congress in Brussels. He’ll be joined by European Parliament Senior Policy Advisor Ralf Bendrath, American Express Global Privacy Officer Kasey Chappelle, Hogan Lovells Partner Eduardo Ustaran, CIPP/E, and the IAPP’s Omer Tene. It will be very hard to come up with a solution that addresses all problems identified by the Court, given the U.S. position. It also seems questionable if a "Safe Harbor 2.0" will have real benefits for U.S. controllers in practice compared to transfer methods under Art 26 of Directive 95/46. Minding that the two parties have debated for two years to not even get the very weak “13 recommendations” program by the European Commission done, it seems a switch to “alternative” transfer methods under Art 26 will be more reasonable than hoping for a Safe Harbor 2.0.

Read more

MODEL CONTRACT CLAUSE GAP ASSESSMENT

With the October 6th ruling in which the European Court of Justice (ECJ) invalidated the US–EU Safe Harbor framework, many US companies are searching for an alternative mechanism enabling the transfer of EU citizen personal data to the US. During this period of uncertainty, companies are now weighing their options and developing implementation plans in the event that a new overarching framework does not emerge in the near–term. Many companies view the alternative options in the context of the following timeframe and approaches: Introducing Model Contract Clauses for data transfers into your contracts: Immediate. Waiting for a new Safe Harbor 2.0 to be introduced: Mid–Term. Starting the process to apply for Binding Corporate Rules Longer–Term. Companies should consider a combination of these approaches in parallel. TRUSTe provides solutions for all three approaches and, in particular, leverages a company’s existing US–EU Safe Harbor Assessment to streamline process implementation.

Read more

TECH GIANTS URGE CONGRESS TO GIVE PRIVACY RIGHTS TO EU CITIZENS

A group of tech giants is pressing House leadership to pass a bill giving key Privacy Act rights to European Union citizens, following a high court decision that damned the U.S. approach to online privacy. The Judicial Redress Act would give European citizens the right to sue in U.S. courts if their personal data is mishandled. “Now more than ever, passage of [the Judicial Redress Act] is crucial to restoring public trust in our government and the U.S. technology sector,” the group wrote in a letter to Speaker John Boehner (R-Ohio) and Democratic Leader Nancy Pelosi (D-CA). Earlier this month, the European Court of Justice (ECJ) invalidated a 15-year-old data flow pact — the Safe Harbor agreement — on the grounds that U.S. law doesn’t offer individuals sufficient privacy protections. Although some critics have called the ECJ decision overly political, others see it as an unfortunate result of systemic European distrust of the American approach to privacy.

Read more

FOOD LION PARENT COMPANY SETTLES MULTI-MILLION DOLLAR FCRA BACKGROUND SCREENING CLASS ACTION

On March 2, the plaintiff's counsel in Brown v. Delhaize America, LLC submitted an unopposed motion for preliminary approval, seeking Court approval of another FCRA class action settlement. Employers should treat this settlement as another reminder to verify their compliance with the FCRA. According to the parties' settlement paperwork, the Brown case involved two claims that appear frequently in FCRA-based background check litigation. In Brown, the plaintiff claimed that the defendants failed to provide class members with a clear and conspicuous disclosure, consisting solely of the disclosure that a consumer report would be obtained for employment purposes, prior to obtaining the consumer report. After the defendants filed a motion to dismiss and the parties engaged in a two-day mediation, the parties reached a $3 million settlement.

Read more

THE FAIR CHANCE ACT AND STOP CREDIT DISCRIMINATION IN EMPLOYMENT ACT - NEW INTERPRETATIONS FROM THE NYCCHR

Earlier this year, the New York City Council passed two laws which place limitations on an employer's ability to use background checks including credit checks in employment decisions: the Fair Chance Act (FCA) and the Stop Credit Discrimination in Employment Act (SCDEA). On September 28, 2015, the New York City Commission on Human Rights' (NYCCHR) staff attorney, Paul Keefe, held a question and answer forum for management counsel and employers to inquire about how the NYCCHR will interpret and apply these laws. Employers are encouraged to monitor for upcoming proposed rules, additional guidance on the FCA (including the sample individualized assessment form to be issued), and keep an eye out for updates on the Frequently Asked Questions section of the NYCCHR's website. These new interpretations likely will require employers to consider revising their processes and forms to comply.

Read more

KOHL'S HIT WITH BACKGROUND CHECK CLASS ACTION LAWSUIT

A class action lawsuit alleging improper background checks on job applicants was filed in federal court in California against the retail giant Kohl's Department Stores Inc. Lead plaintiff, Kayonie Coleman, alleges in her class action lawsuit that Kohl's conducted illegal background checks on her in October 2012 and June 2013, prior to employment with the department store. She alleges Kohl's used ambiguous and misleading language to obtain credit reports from a class of job applicants in violation of the FCRA. Kohl's joins yet even more retailers who have been hit with FRCA class actions recently, including Whole Foods Market Inc., Dollar General Corp, and Publix Super Markets.

Read more

THE LESSONS OF EEOC v. FREEMAN - "KNOW WHEN TO HOLD 'EM. KNOW WHEN TO FOLD 'EM."

World-renowned poker expert Kenny Rogers once sagely advised, "You've got to know when to hold 'em. Know when to fold 'em. Know when to walk away." In the EEOC v. Freeman opinion, the court explained the company, Freeman, held the royal flush and the EEOC held nothing. Continuing the analogy throughout the introduction, the court found that, "Like the unwise gambler, it did so at its peril. Because the EEOC insisted on playing a hand it could not win, it is liable for Freeman's reasonable attorneys' fees." Here, the court found it was unreasonable for the EEOC to continue its investigation with the lack of proper analysis demonstrating disparate analysis and, instead, choosing to rely on flawed investigative reports. Ultimately, the court awarded over $938,000 in attorneys' fees to Freeman.

Read more

GOODLATTE, SENSENBRENNER AND CONYERS PRAISE HOUSE PASSAGE OF LEGISLATION TO STRENGTHEN PRIVACY PROTECTIONS FOR INDIVIDUALS

The House of Representatives approved the Judicial Redress Act of 2015 (H.R. 1428) by voice vote. Introduced by Subcommittee on Crime, Terrorism, Homeland Security, and Investigations Chairman Jim Sensenbrenner (R-Wis.) and House Judiciary Committee Ranking Member John Conyers (D-Mich.), the Judicial Redress Act of 2015 would strengthen partnerships with our allies and ensure continued law enforcement cooperation between the United States and Europe by giving covered foreign citizens the ability to seek judicial redress in U.S. courts to ensure that their privacy is protected. The bipartisan legislation would extend certain privacy protection rights to citizens of European countries, as well as other allied nations, if the federal government willfully discloses information in violation of the Privacy Act.

Read more

CHIPOTLE FACES POTENTIAL FCRA CLASS ACTION LAWSUIT

A woman who applied for a job at Chipotle Mexican Grill Inc. has filed a putative class action lawsuit against the national restaurant chain. According to the class action lawsuit, Chipotle has violated the FCRA in their application documents by asking applicants to sign their consent for background checks embedded and essentially "hidden" within a general consent agreement. According to the FCRA class action lawsuit, Chipotle's disclosure was surrounded by other language pertaining to additional information Mejia was required to consent to on the application. FCRA requires that the disclosure form be solely for purposes of disclosure and not "encumbered by any other information ... in order to prevent consumers from being distracted by other information side-by-side with the disclosure."

Read more

AMAZON HIT WITH ANOTHER BACKGROUND CHECK CLASS ACTION LAWSUIT

A recent class action lawsuit against Amazon is at least the second of its kind to be filed against the company in the last six months. Plaintiff Theo Feldstein alleges he was initially offered a job working for Amazon but the offer was withdrawn after the company received a negative background check conducted as part of the employment process. Feldstein alleges that Amazon violated the FCRA when they did not warn him about the negative report and when they neglected to allow him to fix any potential errors on the record. Feldstein seeks to represent a Class of employees or applicants at Amazon who had a background check conducted and who did not receive a copy or did not receive an email saying the report was confidential.

Read more

CHILD'S DEATH PROMPTS LAWSUIT AGAINST CHILDCARE REFERRAL COMPANY

Hiring the right person to care for your kids and elderly parents is one of the most difficult decisions to make. And now a popular website that connects families and caregivers is facing questions about the thoroughness of its background checks. In March of 2014, former nanny Sarah Cullen was convicted of felony child abuse leading to the death of 4-month old, Cash Bell. Cullen was sentenced to spend up to 70 years in prison. Cash's parents filed a wrongful death lawsuit against Cullen's previous daycare employer and Care.com. The lawsuit alleges that the background check Cash's parents paid for through Care.com did not reveal a drunk driving conviction. The Bells claim had they known about the conviction, they would never had hired Cullen as their nanny. The case has raised questions about how Care.com goes about screening potential caregivers.

Read more

CALIFORNIA LAWS ON EMPLOYER USE OF ARREST AND CONVICTION RECORDS

If you are among the estimated one in four Americans with a criminal record, you might face an uphill battle in your job search. Surveys show that a majority of employers (92%) perform criminal background checks when hiring for at least some positions. If a prospective employer finds out that you have an arrest or conviction record, you might find it difficult tocompete, especially in today's tight job market. Job seekers with criminal records have some legal rights. Federal and state laws place some limits on how employers can use these records in making job decisions. California has a number of legal protections in place for job seekers and places more restrictions on employers than many others. There are also two federal laws that protect applicants with criminal records, at least in some situations: The FCRA and Title VII of the Civil Rights Act of 1964.

Read more

INFINITY STAFFING BACKGROUND CHECK CLASS ACTION SETTLEMENT

Infinity Staffing Solutions LLC d/b/a Lyneer Staffing Solutions has agreed to settle a class action lawsuit alleging it violated the FCRA with regard to background checks it obtained on job applicants. The background check class action lawsuit was filed by plaintiff John Giddiens on behalf of consumers who applied for jobs with Infinity Staffing Solutions and Lyneer Staffing Solutions. Giddiens alleges the companies violated FCRA by embedding a release and waiver of rights in the consent and disclosure document they require job applicants to sign prior to ordering a background check, and that they improperly used the background checks to make adverse employment decisions without providing the job applicant with a copy of the report. The defendants deny any wrongdoing but agreed to settle the class action to avoid the distraction, risk and expense of ongoing litigation.

Read more

SUITS PILE UP AFTER U.S. REVEALS DATA BREACH AFFECTED MILLIONS

Labaton Sucharow filed a class action on behalf of about 21.5 million federal employees, contractors and job applicants whose personal information was exposed in an epic breach of security at the U.S. Office of Personnel Management, which screens applicants for federal government jobs and conducts security clearance on employees and contractors. Labaton's complaint is at least the seventh class action against OPM and its private contractor, KeyPoint Government Solutions, including two suits by government employee unions and one with a federal administrative law judge as the lead plaintiff. Although there is some variation in the alleged causes of action, the suits mostly assert violations of the Privacy Act and the Administrative Procedures Act, as well as negligence against KeyPoint. It's going to be very interesting to see which court plaintiffs ask the JPML to send the OPM litigation to.

Read more

'REASONABLE SUSPICION' A PREFERRED OPTION TO RANDOM DRUG TESTING

Supervisors should undergo reasonable suspicion training to enforce drug-free workplace policies and ensure worker safety, speakers said during the 2015 California Workers' Compensation & Risk Conference in Dana Point, California. Employers' written substance abuse policies should state that the use, possession or sale of alcohol or illegal drugs isn't allowed on company property or during business hours, and that employees may not report to work while under the influence, said Bernadette M. O'Brien, partner at Floyd, Skeren & Kelly L.L.P. Employers should include that violating the policy can lead to disciplinary measures, such as termination, she added. Reasonable suspicion-based drug testing is a better option for employers than random drug testing, which isn't even permitted in California. Dealing with legalized medical marijuana is also proving to be challenging for workers compensation professionals, speakers said.

Read more (free registration may be required)

REASONABLE SUSPICION ALCOHOL TEST OF EMPLOYEE WAS JUSTIFIED AFTER BAR FIGHT AND DIAGNOSIS OF ALCOHOLIC PANCREATITIS

Reasonable suspicion alcohol testing of a safety-sensitive employee who was injured in a bar fight and who took medical leave for "acute alcoholic pancreatitis" was upheld by a federal court in Indiana, even though the testing did not take place until the employee returned to work after his medical leave ended. Among other things, Plaintiff argued that the disclosure of his confidential medical diagnosis for the purpose of drug and alcohol testing and termination was a violation of the ADA. The Court disagreed, finding that the employer was concerned for the safety of Plaintiff and his co-workers, especially in light of the dangerousness of Plaintiff's job. Given the evidence that the company was concerned with safety, and because the reason for the test was to ensure that Plaintiff was not working while impaired, the Court held that the alcohol test was not discriminatory.

Read more

MARIJUANA IN THE WORKPLACE: A HAZY ISSUE FOR EMPLOYERS

With all the changes to state laws now permitting recreational and medical marijuana use, HR professionals are understandably feeling dazed and confused. Employers with employees who use medical marijuana will have to do some studying into the employee's job requirements. Generally speaking, an employer does not have to allow for an employee to be actively under the influence while at work. But an accommodation may be necessary, depending on the nature of the job and the safety and other sensitivities of the position. Once an employer is provided notification that an employee is a medical marijuana user, that employer needs to be especially careful how it uses that information and how far it goes in asking for more. Employers in states allowing for the use of medical marijuana should familiarize themselves with the relevant statutes and, in particular, determine whether their state statute requires that accommodations be made.

Read more

EMPLOYEES UNDER THE INFLUENCE: DISABLED BUT NOT UNFIREABLE

The University of Southern California recently terminated Steve Sarkisian, their head football coach. The firing came after a cavalcade of headlines that Sarkisian was increasingly showing up at practices, team functions, and even games allegedly under the influence of alcohol. The way USC handled the situation with a high-profile employee offers instruction on how to handle employees with substance abuse issues out of the public eye. The disease of alcoholism meets the definition of a disability, which means that an employer can't take into account that an employee is an alcoholic when making employment decisions. However, an employer may maintain a blanket prohibition on drinking at work that applies to both alcoholics and non-alcoholics alike. An employee who can't meet those standards because of drinking may be disciplined, whether they are an alcoholic or not.

Read more

MEDICAL MARIJUANA IN THE ARIZONA WORKPLACE

With the enactment of the Arizona Medical Marijuana Act (AMMA) in 2010, the number of medical marijuana card holders in Arizona is over 65,000 and growing. Chances are your business does or will employ one of them. This article will answer the five most pressing questions facing Arizona employers with the goal of helping them avoid the legal weeds surrounding medical marijuana in the workplace. 1. Can employers discipline or refuse to hire an employee/applicant because he/she is a medical marijuana cardholder? No. The AMMA prohibits employers from discriminating against individuals who are authorized to use medical marijuana. 2. What if the employee/applicant tests positive for marijuana use? Doesn't matter. Although Arizona employers are permitted to drug test their employees or applicants, the AMMA protects medical marijuana cardholders who test positive for marijuana from adverse employment action based solely on the positive test results.

Read more

NEARLY ONE IN THREE FEDERAL AGENCIES LOST DATA TO INSIDER THREATS IN THE LAST YEAR

According to a new study from MeriTalk, 45% of all federal agencies were targeted by insider threats, with 29% losing data to an insider incident over the past year. The report also found that although 76% of federal agencies are increasing attention on combating insider threats compared to a year ago, nearly half still suffered from an insider attack. The challenge comes because, as agencies are entrusted with storing and managing a range of sensitive information, the potential channels for data loss are becoming more complex. That makes breaches perpetrated by insiders "whether malicious or unintentional" very real and growing problem. Create a formal insider threat program, with annual in-person security training; real-time alerts for inappropriate access/sharing and data loss; agency-wide security technologies; and government-wide initiatives to support the effort.

Read more

HERNANDEZ BILL TO PREVENT RETALIATION CAUSED BY MISUSE OF E-VERIFY SIGNED BY GOVERNOR BROWN

Assembly Bill (AB) 622 authored by Assembly member Roger Hernández (D - West Covina) was signed by Governor Brown. AB 622 limits the misuse of E-Verify by prohibiting employers from using E-Verify in a manner not prescribed by federal law. In addition, AB 622 creates financial and civil penalties for employers who break the law, clarifies the "tentative non-confirmation" notification process for businesses and workers, and creates grounds to prohibit employers from verifying existing workers. "AB 622 is an overdue bill to protect immigrants in California," Hernández stated. "Under federal regulations, E-Verify should not be used on job applicants and existing workers yet there are virtually no accountability measures or penalties in place for unscrupulous employers who abuse E-Verify," added Hernández.

Read more

 


Share
Share on Facebook
Share on LinkedIn




Previous Page
0


Follow us on Twitter
Follow us on Twitter
Find us on LinkedIn