Avoid Sharing Consumer Reports


Access to Consumer Reports Restricted to End-Users Only; Consumer Reports May Not be Shared with Any Third Parties

At EmployeeScreen IQ, we always keep an eye toward the future of the employment screening industry. There has been a clear and distinct trend over the last several years as technology has broken down barriers to information and greatly increased the potential for privacy violations and identity theft. As these trends continue we have seen much stricter enforcement of privacy rules and procedures at all levels. Credit bureaus and state motor vehicle departments are leading the way in placing restrictions on obtaining, using, handling, and disposing of personal information. These organizations do not hesitate to deny access to Consumer Reporting Agencies and other end-users who fail to follow mandated and comprehensive precautions in handling confidential and private information.

As a Consumer Reporting Agency (CRA), EmployeeScreen IQ is frequently asked by clients and potential clients about sharing Consumer Reports with third parties who are not formal end-users (only the DIRECT CLIENT of a CRA is considered an authorized end-user of Consumer Report information). The most common scenario is employment staffing agencies inquiring about sharing the Consumer Report with their client, for whom the subject will be working. Frequently the cost of the Consumer Report is billed to the client by the staffing agency, so there is a false perception that they have a “right” to access the report as well. Other common scenarios include child/elderly care and residential contracting businesses who wish to make Consumer Reports available to their customers, as the subject employee will have access to the homes or loved ones of their customers.

Consumer Reports may not be viewed by or shared with anyone outside the CRA that assembled the report, the subject of the report her/himself, or the end-user organization (direct client of the CRA). Credit information and Motor Vehicle Record information is STRICTLY forbidden from being viewed by anyone other than the direct end-user. Given the clear trends over the past several years, every business should take the cue from these data sources and ensure that all Consumer Report information is protected from any unauthorized party. Speaking from a best practice perspective, the only end-user personnel that should have access to Consumer Reports are end-user Human Resources and Loss Prevention/Security personnel who have a clear understanding of privacy and data security laws and protocols, and those that are directly involved in the hiring decision. Anyone within the end-user organization that is given access to Consumer Reports should be briefed on the importance and responsibility of keeping the information confidential and secure, as well as proper document disposal procedures to comply with recent enforcement of the FACT Act Document Disposal provision.

The responsibility for protecting Consumer Report information (i.e. the individual’s privacy) lies with the CRA and the end-user of the Consumer Report, who (again) must be the direct client of the CRA. Organizations that use a CRA for their employment screening needs must agree to abide by the requirements of the FCRA in protecting consumer information and individual privacy. Clients and other third parties of the end-user are party to no such agreement. Disseminating Consumer Report information to any third party other than the subject of the report itself is a violation of that subject’s privacy rights.

Similarly, when a CRA takes on a new client, there are several steps of due diligence required to ascertain 1) a permissible use for the information, 2) that the end-user is indeed a legitimate hiring enterprise, and 3) that the end-user’s business location(s) offer sufficient security to house and safeguard the information. CRAs that do not conduct this due diligence or allow their end-users/clients to share or resell Consumer Reports to third parties may find their privileges to obtain information revoked by one or many record sources if their policies do not uphold sufficient data security and privacy standards.

The best takeaway is always to err on the side of caution when it comes to handling confidential/private information, and never share it with anyone who is not member of your end-user organization, and who does not have a clear understanding of the importance and responsibility to protect individual confidentiality and privacy rights.

Rob Thomson is Communications Manager and Senior Account Executive for Cleveland-based EmployeeScreen IQ, a best practices provider of pre-employment screening services throughout the U.S. and worldwide. Rob can be reached at (800) 235-3954 ext. 438 or rthomson@employeescreen.com . EmployeeScreen IQ is a 2005 Weatherhead 100 Award Winner.*