European Union (EU) Stands Up for Employee Privacy
Recently, some of our clients have asked about the EU’s stance on employee privacy and the transmission of personal identifying data between EU countries and the U.S. Our clients that have asked have contracts or corporate facilities in Europe.
The EU "rules" on the transmission of personal identifying data are only recently developing as is the enforcement of these emerging rules. By the way, these "rules" apply to the transfer of all employee related data between EU countries and the "outside world", not just background check data. Historically, the development of these rules has lagged behind ours in the U.S., and to date the EU has basically achieved an on-par status with our own privacy rules. Nevertheless, we believe it is important for all clients who transmit personal identifying data back and forth to EU nations to stay on top of this issue through communication with their foreign offices and business partners.
Appointing a "Privacy Officer" to coordinate the collection of information regarding these new rules is not a bad idea. We hesitate to say that if you are in tight compliance with our own FCRA standards and practices that you should be in good shape for the meantime, because we all know that those Europeans have their own nuances. But this is primarily a correct assessment. The main issues are consent, disclosure, and data security - as they are here. Also, it is important that you begin to put your privacy policy and procedures in writing so that you can produce them if necessary.
Asset Control is in the process of investigating just how the EU rules diverge from our own at this time. For now, I would say that if you are doing the following you should be OK, for the moment: 1) when you transfer data make sure you are using industry standard SSL encryption methods; 2) avoid fax transmission of personal identifying information between EU countries and the U.S; 3) make release forms available in their native languages if applicants cannot read English; and, 4) make sure applicants have a way to obtain written "consumer" reports that may contain derogatory information.
In our opinion, the most critical thing at the moment is to understand the laws surrounding the use of background information in Europe. This is the one area where litigation or criminal penalties are most likely to be assessed. Some of the more liberal countries in Europe (like Sweden, Denmark, Germany, France, and others) may place a different value on certain behaviors than we do in the states. Therefore, I wouldn't be surprised if they have barred discrimination in employment for certain convictions, where we have not. Remember, even in California there are laws which prohibits employers from considering certain drug convictions in the employment process.
Asset Control will keep our clients posted as we learn more.
The EU "rules" on the transmission of personal identifying data are only recently developing as is the enforcement of these emerging rules. By the way, these "rules" apply to the transfer of all employee related data between EU countries and the "outside world", not just background check data. Historically, the development of these rules has lagged behind ours in the U.S., and to date the EU has basically achieved an on-par status with our own privacy rules. Nevertheless, we believe it is important for all clients who transmit personal identifying data back and forth to EU nations to stay on top of this issue through communication with their foreign offices and business partners.
Appointing a "Privacy Officer" to coordinate the collection of information regarding these new rules is not a bad idea. We hesitate to say that if you are in tight compliance with our own FCRA standards and practices that you should be in good shape for the meantime, because we all know that those Europeans have their own nuances. But this is primarily a correct assessment. The main issues are consent, disclosure, and data security - as they are here. Also, it is important that you begin to put your privacy policy and procedures in writing so that you can produce them if necessary.
Asset Control is in the process of investigating just how the EU rules diverge from our own at this time. For now, I would say that if you are doing the following you should be OK, for the moment: 1) when you transfer data make sure you are using industry standard SSL encryption methods; 2) avoid fax transmission of personal identifying information between EU countries and the U.S; 3) make release forms available in their native languages if applicants cannot read English; and, 4) make sure applicants have a way to obtain written "consumer" reports that may contain derogatory information.
In our opinion, the most critical thing at the moment is to understand the laws surrounding the use of background information in Europe. This is the one area where litigation or criminal penalties are most likely to be assessed. Some of the more liberal countries in Europe (like Sweden, Denmark, Germany, France, and others) may place a different value on certain behaviors than we do in the states. Therefore, I wouldn't be surprised if they have barred discrimination in employment for certain convictions, where we have not. Remember, even in California there are laws which prohibits employers from considering certain drug convictions in the employment process.
Asset Control will keep our clients posted as we learn more.
posted by Bill Dolphin @ 2:02 PM
0 comments
0 Comments:
Post a Comment
<< Home