Memberships and Registrations
Who we are
Link to us
Verifile International Newsletter Issue #9
16 Feb 2015
This month we would like to share with you, a few facts, figures and guidelines around the use of UK criminal records checks, in addition to our usual round up of news from around the world. In addition we are extremely excited about a major system release which offers a new way of checking identity in the UK.
UK Identity Checks
Last week we released a new service on our online platform. The new service offers a new way to instantly validate identity online. A number of our clients already use this service as part of their packages and screening policies but so far it was delivered offline with a delayed response. Now the check is fully integrated within our platform so clients can order it as part of their package and get the results with all other checks. Clients who order this check as a standalone will get the response on their screen within seconds. Such instant results open new possibilities such as checking the identity even before an interview is arranged. Those whose identity hasn’t been confirmed online could then be asked to bring additional documentation to the interview. Focusing on getting the identity right from the start of the process can help save a lot of time and money later on.
Unfortunately some candidates do use forged documents to prove that they have the right to work in the UK. If an online identity check finds no trace of the candidate, it raises questions about why there was no trace. The online identity check uses a wide range of databases to establish if the candidate’s identity is used in the UK. Here are some of them:
- Electoral roll
- Telephone directory
- Court and insolvency records
- Bank accounts, credit cards and other lenders
- Fraud database
- Deceased register
We offer the check in two formats: Standard and AML (Anti-Money Laundering). The main difference between these two options is the use of the full electoral roll under the AML version. The price is the same but to be able to use the AML version the client must be subject to Anti-Money Laundering legislation. As a result of this, clients that also need to verify their own clients’ identity such as lawyers and accountants can use this service with this aim in mind and not just for employment purposes. If you wish to use the AML version please get in touch and ask for it as we will only make it available to those clients that have legal justification.
Clients who currently do not have this check as part of their package are welcome to get in touch and ask us to incorporate it into their package. A sample report for this check can be seen here.
UK Criminal Records Checks
We have analysed all the orders we processed for UK criminal records in 2014, across all 3 levels and found the following conviction rates and turnaround times:
No. of candidates with conviction(s) (%)
With conviction(s) (actual days)
Without conviction(s) (actual days)
Basic level (Disclosure Scotland)
Standard level (DBS)
Enhanced level (DBS)
The turnaround time was calculated from the moment the relevant government agency accepted the order (i.e. DBS or DS).
As some of you know and may have experienced first-hand, DBS is putting ever increasing pressure on us as an Umbrella Body to reduce the number of applications our clients make for the regulated levels, Standard and Enhanced. This is a government policy which DBS are executing.
The roles that are eligible for the Standard level are well defined. The biggest area of difficulty is with the Enhanced level. The rules allowing the Enhanced level are open to interpretation. We hope the guidance in this email will assist some clients going forward.
The Enhanced level can be ordered in one of four ways:
- Enhanced with adult barred list (people barred from working with vulnerable adults)
- Enhanced with children barred list (people barred from working with children)
- Enhanced with both barred lists
- Enhanced without any barred lists
The Enhanced level can only be ordered for roles that relate to vulnerable adults (Adult Workforce), children (Child Workforce) or both. These are roles which give the opportunity to interact with these vulnerable groups or require a direct relationship with them.
We appreciate that many clients get confused by the legal terminology and as a result we are working on a new system enhancement which will allow us to review each job description and record it on our system. When a client places an order, they will be able to choose one of the pre-defined roles (for which we previously reviewed a job description) as the base for the DBS check. The system will already have the correct check configuration for this role (eg. the correct barred list etc.) and the process will go smoothly to the DBS without the need for any delay. It means that we will not need to review every single order and check its eligibility. Even if DBS will query the order later on, because we will have the job description on file, it will be easier and quicker for us to respond to them and assist in getting the check through. We hope to be able to release this new feature over the coming weeks as it is being developed with high priority.
To be able to order the barred lists as part of the Enhanced level, the role has to include regulated activity. Here are the definitions for a role with regulated activity:
Regulated activity for vulnerable adults
Those who provide:
- Healthcare: if they are a regulated health care professional or are acting under the direction or supervision of one, for example doctors, nurses, healthcare assistants and physiotherapists.
- Personal care: assistance with washing and dressing, eating, drinking and toileting or teaching someone to do one of those tasks.
- Social work: provision by a social care worker of social work which is required in connection with any health services or social services.
- Assistance with a person’s cash, bills or shopping because of their age, illness or disability.
- Assistance with the conduct of an adult’s own affairs, for example, lasting or enduring powers of attorney, or deputies appointed under the Mental Health Act.
- Conveying: conveying adults for reasons of age, illness or disability to, from or between places where they receive healthcare, personal care or social work. This would not include friends or family or taxi drivers.
Regulated activity for children - Activities
The new definition of regulated activity relating to children comprises only:
(i) Unsupervised activities: teach, train, instruct, care for or supervise children, or provide advice/guidance on well-being, or drive a vehicle only for children;
(ii) Work for a limited range of establishments (‘specified places’), with opportunity for contact: for example, schools, children’s homes, childcare premises. Not work by supervised volunteers;
(iii) Relevant personal care, for example washing or dressing; or health care by or supervised by a professional;
- Healthcare: if they are a regulated health care professional or are acting under the direction or supervision of one, for example doctors, nurses, health care assistants and physiotherapists
- Personal care: assistance with washing and dressing, eating, drinking and toileting or teaching someone to do one of these tasks
(iv) Registered childminding; and foster-carers;
(v) Moderating a public electronic interactive communication service likely to be used wholly or mainly by children, carried out by the same person frequently (once a week or more often), or on 4 or more days in a 30-day period.
Work under (i) or (ii) is regulated activity only if done regularly i.e. carried out by the same person frequently (once a week or more often), or on 4 or more days within a 30-day period, or overnight.
Definition of “overnight”: In relation to teaching, training or instruction; care or supervision; or advice or guidance, it is also regulated activity if carried out (even once) at any time between 2am and 6am and with an opportunity for face-to-face contact with children.
A manager/supervisor of a person who is undertaking regulated activity, (or an activity which would be considered regulated activity if they were not adequately supervised), would also be regulated activity, if they manage/supervise the individual on a regular basis.
The following types of care for children, (even if done only once) are also regulated activity:
Relevant personal care
(a) Physical help in connection with eating or drinking, for reasons of illness or disability;
(b) Physical help for reasons of age, illness, or disability, in connection with:
(i) toileting (including re menstruation)
(ii) washing, bathing, or dressing;
(c)-(d) Prompting with supervision, in relation to (a)-(b), where the child is otherwise unable to decide to do this without prompting or supervision;
(e)-(f) Other training or advice in relation to (a)-(b).
All forms of health care relating to physical or mental health including palliative care and procedures similar to medical or surgical care by, or directed or supervised by, a health care professional, This includes health care provided to a child by any person acting on behalf of an organisation established for the purposes of providing first aid.
Regulated activity in relation to children – Establishments
An activity is regulated activity in relation to children if carried out (subject to exceptions) in one of the following establishments:
(a) Schools (including Academies) (all or mainly full time, for children);
(aa) Pupil referral units (also known as Short Stay Schools) not falling within the above;
(b) Nursery schools;
(d) Institutions for the detention of children;
(e) & (f) Children’s homes;
(fa) Children’s centres in England;
(g) Childcare premises (including nurseries)
The activity must be carried out:
- Frequently (once a week or more often), or on 4 or more days in a 30-day period;
- By the same person, engaged in work for or in connection with the purposes of the establishment; and
- Gives the person the opportunity, in their work, to have contact with children. Day to day management or supervision on a regular basis of a person providing the above regulated activity, (or an activity which would be considered regulated activity if they were not adequately supervised) for children is regulated activity for children.
Exceptions for regulated activity in relation to children - establishments (these are not regulated activities and would therefore not qualify for the children barred list)
- Activity by a person contracted (or volunteering) to provide occasional or temporary services (not teaching, training or supervision of children).
- Volunteering, under day to day supervision of another person engaging in regulated activity.
- Activity by a person in a group assisting or acting on behalf of, or under direction of another person engaging in regulated activity.
- Childcare premises which are the home of a parent etc. of at least one child to whom the childcare or child minding is provided.
- For activity undertaken regularly in a number of different establishments, but only infrequently in each: each establishment is only arranging the activity infrequently, so each establishment is not a regulated activity provider in relation to that activity.
Supervision means day to day supervision as is reasonable in all the circumstances for the purpose of protecting any children concerned. The Department for Education have provided Statutory Guidance to describe the considerations an organisation should make when determining whether or not an individual is supervised to a reasonable level for the role.
Enhanced without any barred lists
To be able to order Enhanced level without the barred lists, the role has to offer the opportunity to be alone with the vulnerable groups even if it is not regulated by itself. Here are the definitions for such roles that offer the opportunity with vulnerable adults:
The provision of any form of teaching, training, instruction, assistance, advice or guidance provided wholly or mainly for adults who receive a health or social care service or a specified activity in line with the period condition (once a week or more or 4 times a month or more or overnight).
A health or social care service is defined as:
a) residential accommodation provided for an adult in connection with any care or nursing he requires;
b) accommodation provided for an adult who is or has been a pupil attending a residential special school, where that school is—
(i) a special school within the meaning of section 337 of the Education Act 1996;
(ii) an independent school within the meaning of section 463 of that Actwhich is in England and is specially organised to make special educational provision for pupils with special educational needs (within the meaning of section 312 of that Act) or is in Wales and is approved by the Welsh Ministers under section 347 of that Act;
(iii) an independent school within the meaning of section 463 of that Act not falling within sub-paragraph (b)(ii) which, with the consent of the Welsh Ministers, given under section 347(5)(b) of that Act, provides places for children with special educational needs (within the meaning of section 312 of that Act);
(iv) an institution within the further education section (within the meaning of section 91 of the Further and Higher Education Act 1992) which provides accommodation for children; or
(v) a 16 to 19 Academy, within the meaning of section 1B of the Academies Act 2010, which provides accommodation for children;
c) sheltered housing;
d) care of any description or assistance provided to an adult by reason of his age, health or any disability he has, which is provided to the adult in the place where he is, for the time being, living, whether provided continuously or not;
e) any form of health care, including treatment, therapy or palliative care of any description;
f) support, assistance or advice for the purpose of developing an adult's capacity to live independently in accommodation, or sustaining their capacity to do so;
g) any service provided specifically for adults because of their age, any disability, physical or mental illness, excluding a service provided specifically for an adult, with one or more of the following disabilities (unless that person has another disability)—
(iv) Irlen syndrome;
(vi) auditory processing disorder;
h) any service provided specifically to an expectant or nursing mother in receipt of residential accommodation pursuant to arrangements made under section 21(1)(aa) of the National Assistance Act 1948 or care pursuant to paragraph 1 of Schedule 20 to the National Health Service Act 2006.
A specified activity is defined as:
a) the detention of an adult in lawful custody in a prison (within the meaning of the Prison Act 1952), a remand centre, young offender institution or a secure training centre (as mentioned in section 43 of that Act) or an attendance centre (within the meaning of section 53(1) of that Act);
b) the detention of a detained person (within the meaning of Part 8 of the Immigration and Asylum Act 1999) who is detained in a removal centre or short-term holding facility (within the meaning of that Part) or in pursuance of escort arrangements made under section 156 of that Act;
c) the supervision of an adult by virtue of an order of a court by a person exercising functions for the purposes of Part 1 of the Criminal Justice and Court Services Act 2000;
d) the supervision of an adult by a person acting for the purposes mentioned in section 1(1) of the Offender Management Act 2007;
e) the provision to an adult of assistance with the conduct of their affairs in situations where—
(i) a lasting power of attorney is created in respect of the adult in accordance with section 9 of the Mental Capacity Act 2005 or an application is made under paragraph 4 of Schedule 1 to that Act for the registration of an instrument intended to create a lasting power of attorney in respect of the adult;
(ii) an enduring power of attorney (within the meaning of Schedule 4 to that Act) in respect of the adult is registered in accordance with that Schedule or an application is made under that Schedule for the registration of an enduring power of attorney in respect of the adult;
(iii) an order under section 16 of that Act has been made by the Court of Protection in relation to the making of decisions on the adult's behalf, or such an order has been applied for;
(iv) an independent mental capacity advocate is or is to be appointed in respect of the adult in pursuance of arrangements under section 35 of that Act;
(v) independent advocacy services (within the meaning of section 248 of the National Health Service Act 2006 or section 187 of the National Health Service (Wales) Act 2006 are or are to be provided in respect of the adult; or
(vi) a representative is or is to be appointed to receive payments on the adult's behalf in pursuance of regulations made under the Social Security Administration Act 1992;
f) payments are made to the adult or to another person on the adult's behalf under arrangements made under section 57 of the Health and Social Care Act 2001;
g) payments are made to the adult or to another person on the adult's behalf under section 12A(1) or under regulations made under section 12A(a) of the National Health Service Act 2006or under regulations made under section 12A(4) of that Act.
In this issue of the International Newsletter:
| WORLDWIDE NEWS
- 1 in 5 Employees Going Rogue with Corporate Data
- Belgian and Moroccan DPAs Agree Cross Border
- Top Ten Things You Think You Know About Data Privacy
| AFRICA & MIDDLE EAST
- Update on South Africa’s Data Protection Regime
- Unique’ Draft Bill Applies to Both Controllers and Processors
| ASIA PACIFIC
- Asian Accountability-Compliance Study
- Drug and Alcohol Testing at the Workplace
- Welder Sues Changan Ford, Faulty Background Check
- Guam Legalizes Medical Marijuana
- Hong Kong Privacy Commissioner Issues Guidance
- Criminal Police Verification Checks: Blatant Loopholes
- Background Checks Yet to Begin in Most Schools
- The Secret Behind Background Checks in India
- Police Do Away with Legwork for School Checks
- India's 2015 Data Privacy Agenda
- Singapore Sees Increase in False Credentials
- EU Mulls Conferring Binding Powers
- EU Data Protection Regulation: Tipping Point Reached
- Adverse Media Screening and the Right to be Forgotten
- EU Commits to Single Data Protection Law for Continent
- WP29 Seeks Reform of Cross Border Crime Data Sharing
- Europe-Wide Data Protection Requirements -
- European Data Protection Regulators Release Statement
- CNIL Accountability Standard May Become European Model
- No Presumption of Good Assessments in References
- DPA Gets Power to Fine Controllers and Processors
- Optional DPO Proposal ‘Advantageous to Larger Entities’
- Can Romania Become New European Tech Startup Scene?
- The Rules on Employing Ex-Offenders
- Enforced Subject Access Requests to Be a Criminal Offence
- Half of British Businesses to Expand Workforce in 2015
|RUSSIA & EASTERN BLOC
- Insights from the Russian Data Protection Authority
- Russian Data Localization Law May Now Come into Force
- Five Things to Know About Drug Testing in Canada
- Advantages of Mexico’s Self-regulatory Certification System
- Criminal Records Could Be Having a Huge Impact on Labor-Force Participation
- Federal Agency Launching Commerical Driver Clearinghouse
- Genisis Healthcare imporperly uses background checks, federal lawsuit charges
- Heightened Scrutiney of Brokers - SEC Approves
- Misrepresentation of Employment application May Override State Criminal Background Check
- Michigan Protects Employers from Negligent Hiring and Retention Claims
- Act 153 of 2014: Criminal Background Checks and Child Abuses Clearances
- Paramount Slapped With Class Action Over Credit Reports For Job Applicants
- New Minnesota Expungement Law Helps Protect Employers from Liability
- Rhode Island Tops In Use of Marijuana and Illicit Drugs, Survey Finds/Interactive
- District of Columbia Bans Pot Testing of Job Applicants
- Politician's Fingerprint Cloned From Photos by Hacker
- Form I-9 Verification Process Update
- USCIS myE-Verify Programme Now Available in More States
-DATA PROTECTION & PRIVACY-
1 in 5 Employees Going Rogue with Corporate Data
Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information. In fact, 1 in 5 employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company. The SailPoint survey also found a clear disconnect between cloud usage across the business and existing IT controls with an alarming 66% of users able to access those cloud storage applications after leaving their last job. Despite that 60% of employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company, 1 in 4 admitted they would take copies anyways.
Belgian and Moroccan DPAs Agree Cross Border Cooperation Framework
The Moroccan data protection authority and the Belgian data protection authority (the DPAs) signed, on 29 November 2014, a protocol (the Protocol) establishing a framework of cooperation on cross border data protection issues including data transfer authorisations, complaints handling and compliance audits. This represents the first international co-operation agreement signed by the Moroccan DPA. Wim Nauwelaerts, Partner in Hunton & Williams' Brussels office, stated, "The DPAs have agreed to co-operate on the creation of blanket authorisations for certain industry sectors, which will make it easier for companies in those sectors to transfer personal data between Belgium and Morocco."
Top Ten Things You Think You Know About Data Privacy Compliance (But Maybe Don’t)
Business opportunities are increasingly arising overseas, whether you’re a fledgling start-up or a Fortune 500. As you venture into the larger world, it’s worth to remember that at last count, over 80 countries have adopted data privacy laws. Laws and local attitudes about data privacy may be very different from your business as usual, wherever you call home.
Update on South Africa’s Data Protection Regime
Data protection in South Africa is regulated under the broad constitutional right to privacy, the common law, and a few pieces of legislation that contained interim provisions relating to data protection. Until very recently, South Africa did not have data protection-specific legislation. With the increase in electronic commerce globally, large industries managing computerized databases of millions of individuals’ records and the surveillance potential of computer systems, prompt demands for specific rules governing the collection and handling of personal information arose.
The South African Law Commission finalized an investigation into privacy and data protection in South Africa, and recommended the creation of the Protection of Personal Information Act.
‘Unique’ Draft Bill Applies to Both Controllers and Processors
The Government of Uganda opened a public consultation, on 15 November 2014, regarding the country’s draft Data Protection and Privacy Bill 2014 (the Bill). If passed by the Ugandan Parliament, the Bill would become Uganda’s first piece of legislation, which focuses exclusively on privacy and data protection. “A unique aspect of the Bill is that it makes both the data controller and data processor responsible to data subjects and the privacy authority, for non-compliance with the data protection law, compared to most jurisdictions where responsibility falls solely on the data controller,” commented Nerushka Deosaran, Associate at Norton Rose Fullbright South Africa. Members of the public have until 12 December 2014 to submit their views.
Asian Accountability-Compliance Study Recognizes the Nymity Privacy Management Accountability Framework™
Nymity, speaking at the 42nd APPA Forum, commits to making recommended changes to Nymity's Accountability Framework contained in a recent study entitled, "Privacy Accountability Management Framework for Data Controllers Operating across Asia". While speaking on accountability metrics, Terry McQuay, Nymity's President and Founder, introduced the Asian accountability-compliance study and announced that although Nymity was not involved in the research, Nymity will take action based on the recommendations. The study selected the Nymity Accountability Framework as the most creditable, practical, and relevant framework to address the data protection laws of nine Asian jurisdictions.
-ALCOHOL & DRUG SCREENING-
Drug and Alcohol Testing at the Workplace - Emerging Trends
Drug and alcohol policies have been in the spotlight in 2014. There have been a number of key developments and trends that are worth noting: There is a growing consensus that urine based testing for drugs is not the FWC’s preferred method for testing for impairment; However, there has been a small shift towards recognising the reasonableness of policies that allow businesses, in some cases, to test for, and take disciplinary action in respect of, evidence of drug use generally - regardless of whether the use has caused any impairment at work; Increasingly, governments are seeking to regulate in this space. The combination of government and regulator interest coupled with the potential consequences of inaction, means that for many employers, doing nothing is no longer an option.
Welder Sues Changan Ford, Saying Faulty Background Check Cost Him Job
Li Gang, has filed a lawsuit in Hangzhou against U.S. auto giant Ford Motor Co.’s China claiming the company refused to employ him even after offering him a job because he failed a background check. This is the first time a court in China has formally accepted an employment discrimination case of this kind. The plaintiff, Li Gang, said Changan Ford Automobile Co.’s Hangzhou subsidiary tested and interviewed him for an experienced welder position, then offered him the job. He resigned from his previous job and moved to the city from a neighboring area in June to take the new post, but then the company refused to hire him because of an “unclean background check.”
Guam Legalizes Medical Marijuana
Voters in Guam approved a ballot initiative that would legalize marijuana for "debilitating medical conditions" such as epilepsy, HIV, cancer and glaucoma. The bill, which passed by more than 56 percent, makes Guam the first U.S. territory to legalize medical pot. The decision marks the first victory in a flurry of marijuana-related ballot measures this Election Day. Tom Angell, chairman of the advocacy group Marijuana Majority, told HuffPost, "People all across the world are ready to move beyond failed prohibition laws, especially when seriously ill patients are criminalized just for following their doctors' recommendations"
Hong Kong Privacy Commissioner Issues Guidance on Cross-Border Data Transfers
Hong Kong's Privacy Commissioner for Personal Data (the Commissioner) published a guidance note concerning the potential implementation of section 33 of the Personal Data (Privacy) Ordinance (the PDPO), which would restrict the export of personal data from Hong Kong. At present it is unclear whether section 33, would be brought into force in its present form, the wording upon which the guidance is based. These uncertainties mean that the guidance has a very unusual status as a guide to compliance with the PDPO. The Commissioner's view is that publication of his guidance will help businesses prepare for the eventual implementation of section 33 and that, in any event, businesses should comply with the guidance as a matter of their corporate governance responsibilities.
-EMPLOYMENT SCREENING GENERAL-
Criminal Police Verification Checks: A Tale of Blatant Loopholes
In India, criminal police verification reports are often the main, if not the only, component of a criminal background check. Ideally, they should help verify if an individual has been involved in any criminal activity and has pending criminal cases in jurisdictional police offices records.
These reports involve checking records at the commissioner of police office/superintendent of police office and the local police station, as applicable, based on a candidate’s address and local or state regulations. However, there are specific challenges with these reports that render them less effective, often inaccurate, and potentially non-compliant with a variety of local, regional, and international regulations and guidelines.
Background Checks Yet to Begin in Most Schools
A majority of the schools in the city say the police are yet to begin the verification process for their staff members, despite being given all the details. After the sexual assault of a girl student in a Bangalore East school, police had made background verification mandatory. The school managements were told to provide details of staff members along with their addresses to the police. This would be scrutinized and the files sent to the jurisdictional police station, from where the police would visit their homes. However, schools say that the process is yet to be completed.
The Secret Behind Background Checks in India - and Why They Fail
In a growing economy like India, companies are often seen in a mad rush to hire in the hundreds. Tight timelines for hiring and cost-consciousness often tempt recruiters to go easy on checks and verification. And it is not hard to get fake documents in the country. There are close to 7,500 companies in India, which operate just for providing fake employment and educational certificates. In India, the prevalent norm is for HR to conduct a reference check from past employment based on the information provided by a candidate. The authentication of residential addresses, educational and criminal records is typically outsourced to third party background verification companies.
Police Do Away with Legwork for School Background Checks
Faced with a deluge of applications, Alok Kumar, Additional Commissioner of Police, announced that the city police have simplified the procedure of verifying the background of school staff. After a spate of child sexual abuse cases, the police made it mandatory for teaching and non-teaching staff to produce police no-objection certificates when they seek employment. "Earlier, the police had to visit each home and do their background verification. Now, once we receive an application, we will check our database. If the name does not figure on the list, we will issue a no-objection certificate," he said. The simplified procedure will help them clear pending applications quickly.
-DATA PROTECTION & PRIVACY-
India's 2015 Data Privacy Agenda
Ever since the 2012 release of the AP Shah Committee report looking into privacy issues in India, thought-leaders have been increasingly focused on the topic. Nevertheless, it's unlikely that India will go the way of the EU with a central data protection authority, says Kamlesh Bajaj, CEO of the Data Security Council of India. "The report does not recommend a European-style data protection authority," Bajaj says, "although some regulator will have to be there - likely sector-wise, like the RBI has done for the banking sector. Self-regulation within verticals is also a possibility." The idea is to ensure flexibility, so that as technology moves forward, the law can keep pace by focusing on the principles rather than by getting prescriptive and compliance oriented, stymieing effectiveness, Bajaj says.
Singapore Sees Increase in Foreign Workers Using False Credentials to Get Work Passes
Singapore’s Ministry of Manpower (MOM) prosecuted an estimated 150 foreign workers between 2012 and the first half of this year for providing false credentials, according to Manpower Minister Tan Chuan-Jin, reports The Straits Times. All were jailed, had their work passes revoked, and were barred from working in Singapore in future, Tan advised. He added that his Ministry had tightened requirements and also supplements its checks with third-party overseas screening agencies and verifies the authenticity of certificates directly with issuing educational institutions.
-DATA PROTECTION & PRIVACY-
EU Mulls Conferring Binding Powers on Body of Data Privacy Regulators
A new body of European data protection authorities could have the power to adopt legally binding decisions in cross-border disputes over a company’s misuse of personal data, according to a draft document seen by Reuters. Under a mechanism originally proposed in reforms of Europe’s data protection laws, businesses operating across the 28-nation European Union would have to deal only with the data protection authority in the country where they are headquartered - even if alleged mishandling of data affects citizens in another country. A new proposal by Italy, which holds the rotating European presidency, gives all concerned authorities the chance to intervene in all stages of the decision-making process. A failure to reach an agreement between the authorities concerned, or even conflicts over which regulator should take the lead, would then be arbitrated by the European data protection Board, with legally binding powers.
EU Data Protection Regulation: A Tipping Point Has Been Reached
The proposed EU General Data Protection Regulation will be finalized in 2015. That was the conclusion of leading lights of the EU data protection scene at a standing-room-only event in Brussels on Wednesday. It appears that a tipping point in the negotiations has been reached. The Council of the European Union (the 28 EU member states) needs to finalize its version of the draft regulation before negotiations can enter their final stage, but it has made incremental progress in the last 12 months. Enrico Costa, Italy’s deputy minister for justice, has now confirmed that the Italian Presidency, which runs until the end of this year, intends to present agreed proposals on the public sector and the regulatory one-stop shop (OSS) at the meeting of the Justice and Home Affairs Council (Council of Ministers) on 5 December. If agreement can be reached on these two areas it will represent a remarkable achievement, as these have been seen as insurmountable obstacles to progress.
Adverse Media Screening and the Right to be Forgotten
Screening for adverse media can be a challenge. However, with the E.U. commission ruling that many items can be removed from Google, this challenge has become harder. As such, there is greater benefit for proprietary databases that are not subject to such regulation. To illustrate the point consider that recently, according to several news sources, details of a case reporting that Mohamed Alie Barrie, 38, of Pinewood Close, Dartford, being charged with conspiracy to defraud, conspiracy to money launder and money laundering were removed from Google’s searches - meaning that such search results are no longer discoverable within Google.
EU Commits to Creating Single Data Protection Law Across the Continent
The new European commissioner with responsibility for data protection has outlined her desire to introduce the Data Protection Regulation that would create a single law covering the entire continent. During a speech at the fifth Annual Data Protection and Privacy Conference in Brussels, the new commissioner for justice, consumers and gender equality, Vera Jourová, outlined her wish to continue the initiative begun by previous justice commissioner Viviane Reding. "The proposed Data Protection Regulation will do away with 28 differing national laws, and provide a single set of rules on data protection valid across the EU," she said. "The consensus is that the odds of Europe adopting the Regulation in 2015 are very high, which will trigger the countdown to transposition," he said.
WP29 Seeks Reform of Cross Border Crime Data Sharing Treaties
The Article 29 Data Protection Working Party (WP29) recently sent a letter (the Letter) to the Council of Europe (CoE) outlining its views on transborder access to personal data in criminal investigations. The Letter forms a response to concerns about the data protection implications of cross-jurisdictional exchange of information for law enforcement purposes. Reform of the mutual legal assistance treaties (MLATs), which set out the procedures for these information exchanges, was suggested by the WP29 as a solution to these concerns. 'We consider that MLATs must be compliant with fundamental rights and, therefore, with data protection requirements,' read the Letter. ‘We recall our availability to help advise European Governments improving or inserting data protection clauses in MLATs to ensure that a minimum of data protection safeguards are complied with when exchanging personal data between law enforcement authorities.'
Europe-Wide Data Protection Requirements Could Hit Recruitment in 2015
2015 could be the year that new European data protection requirements, backed by the threat of costly fines if not followed, will finally emerge after several years of debate and negotiation – and potentially have a major impact on the recruitment industry. If finalised this year, the Data Protection Regulation (DPR) will have a two-year implementation provision, meaning that it would take effect in 2017. Crucially the new rules will give individuals the statutory right to be forgotten. This will allow people to have personal data erased by organisations should they request it. Another major development would be that organisations processing or holding data on individuals will need consent to transfer details about them to other parties.
European Data Protection Regulators Release Joint Statement on European Values
The Article 29 Working Party released a short joint statement containing a series of declarations on: (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.” The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies to perform their duties, and the fundamental importance of European data protection rights more generally. These affirmations are particularly significant in the context of both the Snowden revelations and the ongoing Transatlantic Trade and Investment Partnership (TTIP) negotiations. The Working Party provides a dedicated web page for the submission of comments on the joint statement from all interested stakeholders, which it will take into account in its activities during 2015.
New CNIL Accountability Standard May Become European Model
Chairwoman of the French data protection authority (the CNIL), Isabelle Falque-Pierrotin, has long been an outspoken proponent that companies should have internal accountability mechanisms for data protection compliance. On January 13, 2015 the CNIL published a standard defining what accountability means in practice. Companies that demonstrate that they comply with the new standard will be able to obtain an “accountability seal” from the CNIL. The primary purpose of the CNIL’s new accountability standard is to prepare companies for the day when accountability will become a legal obligation under the future EU General Data Protection Regulation. The CNIL’s standard can help companies move forward in developing accountability programs that are likely to be in compliance with the EU Regulation, even before the Regulation’s adoption.
No Automatic Presumption of Good Assessments in Employment References in Germany
Good news for all employers: The German Federal Labour Courthas recently reversed the disastrous judgment of the Regional Labour Court of Berlin-Brandenburg concerning the allocation of the burden of proof with regard to assessments in employment references.
In Germany, upon termination of the employment relationship employees can claim for a written employment reference that contains information about the nature and duration of their employment as well as about their performance and behavior. Normally, the overall assessment of the employee’s performance is made by using a common “school-grade system” (very good resp. A - good resp. B - satisfactory resp. C - adequate resp. D - inadequate resp. E). The overriding principle that employers have to take into account when creating an employment reference is the principle of truthfulness.
DPA Gets Power to Fine Controllers and Processors
A bill was sent to Parliament giving the Dutch Data Protection Authority (CBP) the power to fine controllers and processors for violation of the Dutch Personal Data Protection Act and any other laws containing data protection rules on Monday, 24 November. Interestingly, the bill also allows the CBP to fine individual employees for failure to meet their confidentiality obligations (Art. 12 PDPA). This may be the case where employees intentionally disclose personal data to unauthorized persons, an act also punishable under criminal law, but also where employees have been grossly negligent causing a data breach. Last but not least, the Dutch CBP (College Bescherming Persoonsgegevens) will change its name to the Personal Data Authority (Autoriteit Persoonsgegevens).
Optional DPO Proposal ‘Advantageous to Larger Entities’
The Polish Parliament (‘the Parliament’) adopted, on 7 November 2014, an act on facilitation of performance of business activity (‘the Amendment’) to the Personal Data Protection Act of 1997 (‘the Act’), which, among others, would make the appointment of a Data Protection Officer (DPO) optional while strengthening the role, as businesses would have to ensure that DPOs perform their tasks independently and report directly to the CEO. In particular, companies, which appoint a DPO and notify them to the Polish Data Protection Authority (GIODO), would be released from the notification obligation. However, companies that do not appoint a DPO will still need to perform the DPO’s tasks.
Can Romania Challenge London’s Silicon Roundabout to Become New European Tech Startup Scene?
There are signs that the growing Romanian technology startup scene has started to attract a lot more international attention and it could take as little as two years for it to be seen as a true rival to London thanks to the strong startup and tech culture that already exists there. The country has the highest number of terms of technology workers per capita in Europe, whilst recent successful exits from the likes of Avangate and UberVu are fuelling the new tech startup boom. The tech industry further benefits from an attractive level of taxation compared with much of the rest of the Europe. Whilst it may never overtake London, the future is definitely bright for the Romanian startup scene.
-EMPLOYMENT SCREENING NEWS- The Rules on Employing Ex-Offenders
The Rehabilitation of Offenders Act 1974 introduced the concept that ex-offenders sentenced to less serious penalties should, after a period of time, be considered rehabilitated and not obliged to disclose previous convictions which would be regarded as ‘spent’. The Act also stated that some occupations would be exempt from its protection, meaning that even spent convictions for those wishing to undertake such roles would continue to be disclosable. In March last year the Act was amended so that most convictions now become spent in a shorter period of time. The amendments also increased the number of sentences, which could become spent. Read more -DATA PROTECTION & PRIVACY- Enforced Subject Access Requests to Be a Criminal Offence From 1 December 2014
On 1 December 2014, section 56 of the Data Protection Act 1998 (DPA) will be brought into force, which will make it a criminal offence to request an enforced subject access request. Currently, such requests can be used to reveal details of any criminal convictions that the individual has, which includes information to which employers would not otherwise have access. Both the Information Commissioner and the Disclosure and Barring Service have expressed concern that enforced subject access requests not only represent an abuse of an individual’s rights but also potentially undermine important public policies. Read more -EMPLOYMENT OUTLOOK- Half of British Businesses Are Planning to Expand Their Workforce in 2015
One half of British businesses are planning to expand their workforce in 2015, with jobs projected to be created in all UK regions, and permanent jobs outstripping temporary work, according to a new survey conducted by the CBI and Accenture. There is concern, however, that skills gaps could prevent some of those jobs being filled and threaten UK competitiveness. It is also feared that new regulation may damage job creation in the UK’s flexible labour market. Additionally, the survey reveals that pay rises are anticipated in 2015, though at a cautious rate, reflecting weak productivity and competitive pressures. The research underlines also the vital role played by the UK’s flexible labour market in underpinning growth and job creation, which the CBI is urging the next Parliament to preserve. Read more
-DATA PROTECTION & PRIVACY- Insights from the Russian Data Protection Authority’s Conference on Personal Data Protection
On 5 November 2014, the Russian Data Protection Authority, Roskomnadzor, held its fifth annual conference on “Personal Data Protection.” The conference provided insight into the motivations prompting the enactment of Russia’s data localization law - which requires the personal data of Russian citizens to be stored within the territory of the Russian Federation. The conference was well attended. Roskomnadzor officials stated that the purpose of the law is to ensure the storage of personal data of Russian citizens within Russia in order to better protect the data. He pointed out that the law contains no express prohibition on cross-border data transfers, but cautioned that in each case, such transfers should be conditioned on and connected with a legitimate purpose under Russian data protection law beyond mere storage. Read more
Russian Data Localization Law May Now Come into Force One Year Ahead of Schedule, in September 2015
On 17 December, the State Duma (the lower chamber of the Russian Parliament) passed legislation that would change the effective date of Russia's new law requiring the local storage in Russia of the personal data of Russian citizens (Data Localization Law) from 1 September 2016 to 1 September 2015. The legislation currently is subject to the Federation Council's (the upper chamber of the Russian Parliament) and president's approvals. While impacted businesses had hoped that the Data Localization Law's effective date would remain 1 September 2016, after having various consultations with IT specialists, legislators decided to set a compromise date of 1 September 2015 The State Duma adopted the new date. Read more
Five Things to Know About Drug Testing in Canada
In June2013, the Supreme Court of Canada ruled against an employer’s random alcohol testing program, concluding that it was unreasonable. In the 6-3 decision, the Court side with the Communications, Energy and Paperworkers Union of Canada, which brought a grievance against Irving Pulp and Paper. The Court based much of its decision on the earlier finds of an arbitration board and the fact that there were zero positive test results over a 22 month period at the company’s St. John, New Brunswick mill. ON behalf of the majority, Justice Rosalie Abella wrote as reported by CTV News: “In the end, the expected safety gains to the employer in this case were found by the board to range “from uncertain . . . to minimal at best” while the impact on employee privacy was found to be much more severe. “Consequently, the board concluded that the employer had not demonstrated the requisite problems with dangerousness or increased safety concerns as workplace alcohol use that would justify universal random testing.
Source: IFDAT Global Insider, Fall 2014
Advantages of Mexico’s Self-regulatory Certification System
Foreign multinational companies doing business in Mexico, or with Mexican companies, and wishing to streamline their international data transfer flows should take note of a recent development. A sophisticated self-regulatory system is being implemented, and will be deployed from the end of this year. This will benefit all companies seeking a flexible way to comply with the Mexican data protection legal framework from next year's first quarter.
Criminal Records Could Be Having a Huge Impact on Labor-Force Participation
For years, we've seen a decline in the labor force participation rate (LFPR). That's the number of people available for work as a percentage of the total population of working-age people. JP Morgan's David Kelly has a post on the five reasons he thinks the LFPR is declining. "While some of this decline may be cyclical, we believe most of it is structural," Kelly writes. "In particular, the aging of the baby boomers, a rise in the number of Americans receiving disability benefits, and an increase in criminal records and background checks all seem to have played a role in depressing the employment rate."
If the LFPR really is being depressed by companies that won't hire people with criminal records, that cuts a huge chunk of the population off from a lot of job options — they are more likely to get discouraged, and more likely to never return to the labor force if they are unemployed.
Just how many people does it affect?
Based on recent Justice Department data the number of people with some sort of criminal record that may be impacted is now likely above 70 million when filtered for a number of factors. That count includes people with all types of criminal records, from violent felonies to minor charges. In some cases, even people who were arrested but never convicted still have a criminal record.
Federal Agency Launching Commercial Driver Clearinghouse
Commercial truck drivers who had a blood alcohol concentration at or above 0.08 g/dL, which is currently the legal threshold for individuals to be considered driving while drunk throughout the nation cause 78 completely preventable deaths and 2,080 completely preventable injuries annually.
To prevent this kind of tragedy from occurring each year, the Federal Motor Carrier Safety Administration has proposed that a commercial driver clearinghouse be created. It would monitor drivers and ensure that they are not engaging in risky behaviors like drinking and using drugs before or during their employment as a commercial driver. Although federal laws have been in place for years prohibiting these practices, no system has been created to allow trucking companies the ability to find whether or not their drivers or potential hires have been guilty of breaking the laws.
Genesis Healthcare improperly uses background checks, federal lawsuit charges
Genesis Healthcare hired plaintiff Doris Ramos in July 2014 to work as an occupational therapist, then rescinded the job offer after a background check, the complaint states. Ramos contends that Genesis never provided her with a copy of the background check and a statement of her rights, as called for by the FCRA, Law360 reported. The FCRA governs the collection and distribution of consumer information, including background checks as well as credit reporting.
Ramos also claims that the background check inaccurately said that she had a felony conviction. Because of this alleged error, Ramos also has brought a claim against General Information Services Inc., charging that the consumer reporting firm contracted by Genesis does not take reasonable steps to ensure accuracy.
Heightened Scrutiny of Brokers – SEC Approves
In recent years, questions have been raised in many quarters about how brokers with questionable backgrounds have been able to move among firms and remain in the industry. FINRA has responded by enhancing a broker dealer’s obligations for reviewing the backgrounds of its newly hired brokers.
The SEC recently approved proposed FINRA Rule 3110(e), which requires FINRA member firms to verify the information in Form U4 within 30 calendar days of filing. The proposed rule, which will take effect on July 31, 2015, is intended to improve the information that winds up in FINRA’s Central Registration Depository (CRD) and BrokerCheck. FINRA’s 2015 Regulatory and Examinations Priorities Letter (January 6, 2015) discusses its concern with “high-risk and recidivist brokers,” including firms’ due diligence on prospective hires, and highlights the proposed rule with respect to investor protection.
Misrepresentation on Employment Application May Override State Criminal Background Check Law
Most employers understand the importance of compliance with the federal Fair Credit Reporting Act (FCRA) as it applies to background checks and applicant records. However, employers also must recognize the interplay of state law restrictions on the use of background checks in the application and employment process.
Recently, a federal district court in Pennsylvania granted summary judgment in favor of an employer who withdrew an offer of employment after that employer found a discrepancy between background check records and information reported directly by the applicant to the company. McCorkle v. Schenker Logistics, Inc., MDPA, 1:13-cv-03077, October 8, 2014.
Michigan Protects Employers from Negligent Hiring and Retention Claims
On January 1, a new Michigan law took effect to protect companies that hire ex-offenders who go on to cause damage or injury during the course of their employment. Louisiana, Georgia, Tennessee, and Texas recently passed similar laws.
The Michigan law specifically provides that, in an action seeking damages for personal injury, property damage, or wrongful death, a “certificate of employability” may be introduced as evidence of an employer’s due care in hiring or retaining an ex-offender (so long as the employer knew of the certificate at the time of the decision). And, where the claim requires proof that the employer was negligent in hiring by disregarding a prior criminal conviction, a certificate of employability conclusively establishes that the employer was not negligent (so long as the employer knew of the certificate at the time of hire).
Act 153 of 2014: Criminal Background Checks and Child Abuse Clearances
The Pennsylvania General Assembly amended the Child Protective Services Law (the CPSL) several times over the past year. The most recent changes were through Act 153 of 2014. Although there are sweeping changes made to the CPSL, even in just Act 153, this Alert only focuses on criminal background checks and child abuse clearances (collectively “clearances”).
As it relates to clearances, Act 153 requires all prospective employees, current employees, independent contractors and volunteers to get and renew criminal background checks and child abuse clearances on a three-year cycle.
Paramount Slapped With Class Action Over Credit Reports For Job Applicants
Looks like there was something prickly buried in the fine print for one prospective employee and maybe many more. Paramount Pictures has been hit with a lawsuit over allegedly not telling job applicants exactly how deep into their past it intends to look. “This class action alleges that certain policies and practices followed by Defendants Paramount Pictures Corporation and the Doe Defendants in furnishing, using, procuring, and/or causing to be procured consumer reports for employment purposes violate the provisions of the Fair Credit Reporting Act,” said the complaint from Michael Peikoff filed in federal court Wednesday (read it here).
New Minnesota Expungement Law Helps Protect Employers from Liability
A new Minnesota law that took effect on January 1 expands the opportunities for ex-offenders to expunge their criminal records. In an effort to protect employers who hire employees with expunged records, the new law provides that such records “may not be introduced as evidence in a civil litigation against a private employer . . . that is based on the conduct of the employee” (such as in a negligent hiring suit).
Rhode Island Tops In Use of Marijuana and Illicit Drugs, Survey Finds / Interactive
According to a recent annual survey made public by Rhode Island health officials Rhode Islanders use marijuana and illicit drugs at the highest rates in the nation. In the survey, Rhode Island actually edged out Colorado, which has legalized marijuana use and became the first state in the nation to allow recreational sales of the drug. In no other state did as many people report having used marijuana in the past month: 14 percent of those age 12 and older, up from 13 percent the previous year, according to the National Survey on Drug Use and Health. Rhode Island was also tops for those who reported having used marijuana in the previous year: 20 percent, up from 19 percent.
In addition, Rhode Islanders also led the nation in consuming illegal drugs, excluding marijuana. About 4.3 percent reported having taken them in the month before being surveyed.
District of Columbia Bans Pot Testing of Job Applicants
The D.C. Council unanimously passed a bill prohibiting employers from testing job applicants for marijuana until after they've made a conditional job offer. The bill would allow employers to test for pot after they offer someone a job as well as during employment. Because it's a local law, it doesn't apply to the federal government or to federal contractors.
Politician’s Fingerprint Cloned From Photos By Hacker
Jan Krissler, a member of the Chaos Computer Club (CCC) hacker network says he replicated the fingerprint of defence minister Ursula von der Leyen using pictures taken with a "standard photo camera." Mr Krissler had no physical print from Ms von der Leyen.
He told the audience he had obtained a close-up of a photo of Ms von der Leyen's thumb and had also used other pictures taken at different angles during a press event that the minister had spoken at in October.
Fingerprint identification is used as a security measure on both Apple and Samsung devices, and was used to identify voters at polling stations in Brazil's presidential election this year, but it is not considered to be particularly secure, experts say.
Form I-9 Verification Process Update
E-Verify: Employee Re-verification – At present, employers are unable to re-verify an existing employee’s work authorization in E-Verify, and in fact, must not do so. USCIS is working on developing a re-verification process for E-Verify.
E-Verify: Employee Rehire - In cases where an employee is rehired, but did not previously have his or her employment authorization verified through E-Verify or, if verified, did not receive an employment authorized result, the employer must create an E-Verify case for the rehired employee.
E-Verify: Correcting Typographical Errors – Where incorrect information is entered while creating a case in E-Verify, the employer will need to create a new case with the correct information for the employee. If the case is not yet closed, the employer should close the case by selecting the statement, “The case is invalid because the data entered is incorrect.” If the case is already closed, the employer should make a note either on the E-Verify case details page or on the employee’s Form I-9 explaining that a second case was created because the first case contained incorrect information.
Source: Shumaker, Loop & Kendrick, LLP,
The Dangers of Ignoring I-9 Due Diligence in M&A Transactions
M&A Transactional lawyers have to cover a lot of ground in their deals: employment, tax, commercial real estate, intellectual property, and ERISA laws to name a few and in many cases I-9 immigration compliance is not included.
When representing the acquirer, attorneys are advised to include an indemnification clause in the deal documents to protect their client from I-9 fines for forms they inherit that contain substantive violations. If representing the seller, be sure to add an expiration date for the indemnity clause. After the deal closes, the buyer can remediate I-9 forms with substantive violations, and you don’t want your clients on the hook indefinitely if the acquiring company fails to do so in a timely manner.
In a recent case we discovered that a manufacturing firm being purchased did not use e-Verify and had inadvertently accepted fake identity documents from hundreds of hourly employees across seven states which meant they would likely have to be terminated. The likelihood of losing hundreds of skilled employees materially affected the price our client was willing to pay for the business they were acquiring. In the end, the deal closed, but the client paid a lot less for the assets of the business than they had originally planned.
In addition to vetting I-9 compliance of a target company during the acquisition due diligence, there are other related topics worth asking a question or two about that can save your client from big headaches down the road.
USCIS myE-Verify Program Now Available in More States
The U.S. Citizenship and Immigration Services (USCIS) myE-Verify program provides a website from USCIS that gives U.S. job-seekers resources and tools to learn about and participate in the E-Verify process.
Currently, myE-Verify accounts are available in Arizona, Idaho, California, Colorado, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, Nebraska, Nevada, New Jersey, New York, Ohio, South Carolina, Texas, Utah, Virginia, Washington and the District of Columbia.
For more information about my E-Verify, please visit http://www.uscis.gov/mye-verify/about-mye-verify