Global Screening Compliance Update- November 2010


It’s a pervasive trend: more and more companies are establishing offshore operations and also hiring overseas’ talent for their U.S. operations.  These candidates still need to undergo a background check before they can qualify for employment and organizations look to companies like EmployeeScreenIQ to help with their global screening efforts. As this practice matures, employers must take a strict approach to developing best practices and understanding the individual laws and guidelines of each country.

We’ve enlisted the help of the Pre-Employment Directory’s Barry Nixon to help us keep you apprised of notable legislation and other compliance that takes place on a global level.  This month’s installment includes information about the European Union, France, Germany, India and Mexico.


Big Changes in EU Privacy Law Coming?

Out of Brussels comes the news that the European Commission has circulated a document containing a draft strategy for improvements in data protection, including a long-awaited set of proposals for revamping of the EU Data Protection Directive. The proposals are prompted by the changes in technology and changes in the ways in which people share information since the adoption of the Directive in the 1990’s. It appears that the Commission intends to propose changes in the law and non-legislative steps to bring about the changes that are being discussed. According to Bloomberg, “[c]hanges could be made to the document before regulators discuss it on Dec. 4. They will then ask for support from national governments and EU lawmakers before they draw up draft legislation in mid-2011.”


French DPA Releases New Guidance on Personal Data Security

On October 7, 2010, the French Data Protection Authority (the “CNIL”) released its first comprehensive handbook on the security of personal data (the “Guidance”). The Guidance follows the CNIL’s “10 tips for the security of your information system “ issued on October 12, 2009, which were based on the CNIL’s July 21, 1981 recommendations regarding security measures applicable to information systems. The Guidance reiterates that data controllers have an obligation under French law to take “useful precautions” given the nature of the data and the risks associated with processing the data, to ensure data security and, in particular, prevent any alteration or damage, or access by non-authorized third parties (Article 34 of the French Data Protection Act). Failure to comply with this requirement is punishable by up to five years imprisonment or a fine of €300,000.


German Government Moves on Draft Law Regarding Employee Data Protection

On August 25, 2010, the German government approved a draft law concerning special rules for employee data protection , originally proposed by the Federal Ministry of the Interior. A background paper on the draft law was published on August 25, 2010. The draft law would amend the German Federal Data Protection Act (the Bundesdatenschutzgesetz or “BDSG”) by adding provisions that specifically address data protection in the employment context. Currently, employee data protection is regulated by (1) general provisions in the BDSG, (2) the new Section 32 of the BDSG introduced by the most recent reform in September 2009 , (3) the Works Constitution Act, (4) guidance from state data protection authorities, and (5) comprehensive case law from federal and local labor courts.

The approved draft law now goes before the German Parliament, where it is expected to undergo further
discussions and may be amended. The first reading is expected in November 2010, leaving open the possibility that the law may be passed this year.


Employers Urged To Check Candidates’ Qualifications

Employers are being urged to verify employee qualifications directly with education establishments after a bogus dentist with no qualifications managed to work as a dentist for nine years.Vinisha Sharma used a forged degree certificate from the Sri Guru Ram Das Institute of Medical Sciences and Research in Amritsar, India to claim she had a Bachelor of Dental Surgery degree. The bogus degree enabled her to register with the General Dental Council (GDC) and then secure employment in seven NHS hospitals.Lastweek, Sharma admitted forging qualifications and earning £230,000 by deception. She admitted one count of using a forged degree and four counts of obtaining a pecuniary advantage. Sharma also admitted a charge of fraud by false representation relating to the Queen Victoria Hospital in East Grinstead.


Mexico Elected to Lead the Ibero-American Data Protection Network

Following its recent enactment of an omnibus data protection law , Mexico has been unanimously elected to lead the Ibero-American Data Protection Network, a consortium of the governments of Spain, Portugal, Andorra and 19 Latin American countries. The group’s mission is to foster, maintain and strengthen an exchange of information, experience and knowledge among Ibero-American countries through dialogue and collaboration on issues related to personal data protection. The IFAI announced on September 29, 2010, that Jacqueline Peschard, head of Mexico’s Federal Institute for Access to Information and Data Protection (the “IFAI”), will represent Mexico during its two-year term.