What you need to know about the new EU-U.S. Agreement for Transatlantic Data Flows: Privacy Shield

On February 2, 2016, the European Commission (EC) and United States Department of Commerce agreed on a new framework for the transfer of personal data from the European Union (EU) to the United States.  This new framework, named the EU-U.S. Privacy Shield, replaces the EU-U.S. Safe Harbor Framework that was invalidated by the European Court of Justice on October 6, 2015.   Key provisions of the Privacy Shield Framework are as follows:

  • Strong Obligations and Robust Enforcement: U.S. companies that commit to the Privacy Shield must commit to “robust obligations” on personal data collection and processing and guarantee individual rights.  These commitments will be published and enforced by the Federal Trade Commission (FTC).
  • Clear Safeguards and Transparency Obligations: The U.S. government has provided written assurances regarding protections from indiscriminate mass intelligence surveillance on the personal data transferred to the United States.  Additionally, any access to data must be necessary and proportionate to the need for such access.
  • Annual Joint Review: The EC and the Department of Commerce will conduct an annual review to monitor the functioning of the Privacy Shield.
  • Effective Protection of EU Citizens’ Rights: U.S. companies will have deadlines to reply to any complaints and European DPAs can refer complaints to the U.S. Department of Commerce and the FTC.  To address complaints of access by national intelligence authorities, the U.S. agreed to establish an ombudsperson position.  To ensure redress in U.S. courts, a recently passed Judicial Redress Act has been sent to the president for his signature that would allow EU citizens to sue the U.S. government as a final resort for an alleged privacy violation.

What Happens Next?

The EC will draft an adequacy decision and will then send the decision to the Article 29 Working Party (WP29) for consideration.  The College of EU Commissioners will then need to adopt it, taking into consideration the opinion of the WP29 and consulting with a committee composed of representatives of the member states.  On the US side, the Judicial Redress Act needs to be signed by the president and an ombudsperson needs to be appointed.  All of this will likely take months.  In the meantime, it is the understanding of the Department of Commerce (DOC) that EU Data Privacy Authorities (DPAs) will suspend enforcement for Safe Harbor compliant companies until all the details are resolved and published.  The DOC recommends that currently Safe Harbor certified companies maintain their certification, renewing if necessary, until the final guidelines are published.  The DOC expects to send an email to all the currently certified Safe Harbor companies with detailed guidance about how the privacy policies need to be revised and how a company certifies EU-U.S. Privacy Shield compliant.  Those details are expected to be released the first week of March 2016.

Judge denies Sprint’s request to dismiss class action for FCRA violations

 

Sprint logo      On February 18th, an Illinois federal judge denied Sprint Corp.’s motion to dismiss a putative class action accusing the company of violating the Fair Credit Reporting Act (FCRA). 

According to the original complaint, Sprint presented job applicants with unlawful background check disclosure forms that said applicants were required to give the company access to private data held by the government, health care  providers, and schools.

Sprint moved to dismiss the case based on lack of consumer harm. However, the judge denied Sprint’s motion and ruled that, “Congress enacted the FCRA to protect consumer control over personal information the exposure of which, though often necessary in the modern economy, can result in a significant invasion of privacy and can jeopardize a consumer’s personal, reputational and financial well-being. The statute provides that when a person or entity willfully violates a mandate of the FCRA that is designed to protect these interests, the aggrieved consumer may recover statutory damages.”

Rodriquez Jr. v. Sprint Corp et al., case number 1:15-v-10641, in the U.S. District Court for the Northern District of Illinois.

 

CASE STUDY: Web-based System Developed for Major Cable Provider with 30,000+ Annual Applicants

???????????????????????????????????????
 Situation

When the country’s largest provider of cable services (“the Cable Company”) needed help managing the tracking and screening for the 30,000+ applicants they reviewed annually, they looked to CARCO to provide a user-friendly, web-based system that could be used from both their headquarters and in their many field offices across the United States.

Actions
CARCO worked with the Cable Company to develop and implement a background screening program for the 30,000+ annual applicants that also tracked and managed the 350,000+ lead elements associated with those applicants. Because the Cable Company provides services in 39 states and the District of Columbia, the best-in-class, web-based Onboarding Solution provided by CARCO was customized to accommodate screening law variations for each state while providing the following standardized services:

  • Credit history check
  • Social Security number trace
  • Criminal history record check
  • Motor vehicle driver history report
  • Employment verification
  • Professional credential and licensing check
  • Automated notification of applicant’s progress through the system
  • Automated generation of subject notification
  • Customized management reports
  • Electronic invoicing

 

Results
CARCO’s Onboarding Solution helped the Cable Company streamline their tracking and screening processes in such a manner that recruiters were able to concentrate more on talent acquisition, thus leading to the recruitment and ultimate hiring of more qualified employees.

U.S. Labor Department Says 3.1 MILLION Employees Quit Their Jobs in December 2015!

I Quit Sticky Note  That’s the highest number since December 2006!  Employees are feeling confident that the job market is expanding and they can easily find another position.  High employee turnover costs businesses in time, money and productivity. (A recent CareerBuilders survey shows that 42% of respondents said that replacing an employee within the preceding year cost their company $25,000 or more.)

 What are you doing to retain your top talent? There are endless articles about employee retention that list ways to keep employees happy and engaged:  proper compensation, provide perks (Taco Tuesdays!), employee development plans, promote from within, etc., etc.

However, employee retention must start from DAY ONE by providing the new employee with a positive onboarding experience.  Your onboarding solution should be configured to manage the entire lifecycle of your employees – from dynamically created offer letters to new hire packets, I-9s, W-4s, benefit forms, direct deposit forms and training videos, straight through to exit interviews/surveys. The entire onboarding process should be completely paperless and automated.  The system should be easy, efficient, configurable and cost effective, and should engage the new hire with proactive “tasks” to ensure successful and timely onboarding. The new employee should be able to access your onboarding portal from his or her home computer or mobile device to complete the process BEFORE starting with the company.

With an automated onboarding process, on day one your new employees can be ready to start engaging in their jobs and with their new colleagues, and not be spending hours filling out paperwork. That makes for a positive first day of work!

Take a look at your onboarding process.  Then view CARCO’s Onboarding Solution demo to see if you are doing all you can to ensure employee retention from day one!

 

 

 

NEW EU/US DATA TRANSFER AGREEMENT ANNOUNCEMENT

On February 2nd, European Union (EU) Commission officials Andrus Ansip and Vera Jourova announced that the European Commission and the U.S. Department of Commerce have reached a new transatlantic data transfer agreement between the EU and the United States.

In October 2015, the European Court of Justice invalidated the Safe Harbor pact between the EU and the U.S., ruling that the U.S. did not adequately safeguard the data of EU citizens (previously reported). In his announcement of the agreement, Ansip said, “The EU and U.S. are the closest allies, and on a topic as important as this, we had to find common solutions. I believe this new arrangement… is what Europe needs. Both our citizens and our businesses will benefit from this.” Ansip also indicated that the new agreement, known as the “EU-U.S. Privacy Shield,” addresses the EU’s concerns about U.S. intelligence surveillance of European data, a major point of contention during the negotiations.

According to Ansip, “The U.S. has clarified that they do not carry out indiscriminate surveillance of Europeans.” However, the agreement does allow for a “national security exception” for surveillance .

Other provisions of Privacy Shield include a “redress scheme” that allows EU citizens who believe their data has been misused to seek redress with the Department of Commerce and the Federal Trade Commission, as well as the creation of an ombudsman within the State Department who will address complaints related to intelligence surveillance.

 Jourova announced that the agreement also includes an annual review process to allow “real-time adjustments” to Privacy Shield. The deal must now be approved by the 28 EU member states and the European Parliament, a process which could take three months.

 

http://thehill.com/policy/cybersecurity/267878-us-eu-reach-long-awaited-data-flow-agreement

 

 

CASE STUDY: How CARCO helped one of the world’s largest global courier delivery service companies gain control of their I-9 program

 ???????????????????????????????????????   A leading global courier delivery service was experiencing major compliance issues prior to having CARCO service their I-9 program. The company’s original I-9 work flow was a monthly pull of applicants that had I-9s to complete. The pull took place usually at month’s end and contained all of the applicants for that month. For instance, all the employees that were starting in the month of January were being handled by the end of January. However, employers are required to have the I-9 forms and E-Verify cases run within three days of the employee’s first day of work for pay. As you can imagine, the company’s compliance rate consistently fell short. On the re-verification end, compliance performance was even more challenging as this process was handled manually.

 

CARCO provided the client with a fully automated, active and forward leaning system where HR managers and recruiters are guided to complete the necessary steps for timely process completion. The system also advises the HR managers and recruiters of every stage of an employee’s progress.  In a very short period of time, CARCO was able to help the company’s compliance improve significantly.

 

Simply put, our client’s compliance rate was less than 25% before coming onboard with CARCO. After working with CARCO, their compliance rate now is close to 99.2%!

 

 

CARCO’s electronic I-9/E-Verify solution also provided the client with the following tools for success:

 

  • Easy to use and user friendly admin portal interface that provides quick access to employee accounts and tasks;
  • E-friendly electronic retention to replace paper retention of I-9 data;
  • Email notifications designed to trigger at all key points of the process, which is a major factor in driving high compliance rates with our clients; and
  • Daily and weekly detailed reporting designed to give an overview of any incomplete employee or employer steps of the I-9/E-Verify process.

 

For more information on CARCO’s I-9/E-Verify Solution, call a CARCO specialist at 866-557-5984 or click here.