Issue: Beginning June 1, a new federal law requires you to properly dispose of personally identifiable background-check data.
Risk: One mistake can result in actual damages, up to a $2,500 civil fine and class-action lawsuit pain.
Action: Rev up the shredder, and rewrite your recordkeeping policy based on the advice below.
What do you do with applicants' or employees' credit-record information when you're done with it? Starting this month, you'd better answer that question correctly. Reason: A new federal law that kicked in June 1 requires you to properly dispose of background-check information that you gather for employment-screening purposes.
The so-called "disposal rule," included in last year's Fair and Accurate Credit Transactions Act, requires your organization to properly dispose of "any record about an individual, whether in paper, electronic, or other form that is a consumer report or is derived from a consumer report" that can identify that person individually.
The law doesn't mandate any specific type of disposal method, but suggests shredding paper files, erasing electronic files or some other "reasonable" means. The new rule applies to every business, regardless of size or number of employees.
Fines can be stiff: If your employees' identities are stolen, your organization could be subject to actual damages, civil fines of up to $2,500 per employee and class-action lawsuits. (Read more about the rule at www .ftc.gov/os/2004/11/041118disposalfrn.pdf.)
What must you do now? Write a stricter policy detailing how your organization safeguards, stores and discards employees' identifying information. Ensure that documents containing personal information are being properly shredded or erased. If you outsource the task to a third party, confirm that your vendor complies with the law.
It's not enough to issue a policy saying documents containing Social Security numbers (SSNs) must be protected. Instead, detail how to carry out proper safeguarding and destruction.
Explain that employees with access to such information must shred the documents before discarding them. State clearly who has access to such documents, plus where and when that access should occur. Also, avoid using SSNs on employee documents.
Personnel Records: What to Keep
Learn the legally safe ways to separate and store rÈsumÈs, I-9s, credit data and other records (and how long to retain them) at our audioconference, Personnel Records: What to Keep, What to Toss, on Tuesday, June 28, 1 p.m. to 2:15 p.m. EST. To register, go to www.nibm.net/records.
- 4 employment law lessons from the courts
- Federal court: Government employees can't go it alone when making due process claims
- Ex-employees: Gone but not forgotten Courts' broader definition of 'employee' expands your liability
- Personnel files: Identifying vulnerable record-keeping practices
- How to make sure you wind up in court: Block worker's return from medical leave