In recent years, many states have taken measures to prevent the misuse of personal and identifiable information (PII) in order to fight the rising tide of identity theft. The federal government has also taken measures. The main federal protections are contained in Gramm-Leach-Bliley Act ("GLBA") and Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The federal Fair Credit Reporting Act (FCRA) was amended in 2003 to also provide additional measures to protect against identity theft. 

Unfortunately, all such protections as a practical matter cease to exist once PII leaves the shores of the United States.  Although some countries have extremely strong data and privacy protection laws, such as the European Union (EU) states, many places where information is sent off-shore for processing have very little if any protection. These countries are selected because they offer a way to cut costs. However, many of these counties have little or no practical data protection. In addition, as a practical matter, American job applicants have no ability to enforce their privacy rights overseas. In many counties, there is little practical or cost-effective access to courts and it is extremely difficult for an American consumer to contact a foreign police department to lodge a complaint or to obtain assistance. The lack of any meaningful protection once U.S. data is sent off-shore is a major gap in the effort to combat identity theft and to protect privacy. In some countries, for example, private data can be purchased very cheaply.

Of course, data theft can also occur in the U.S. However, in the U.S., there are legal protections, resources and recourse mechanisms to help victims of identity theft. Once the data goes off-shore, that protection dissipates rapidly. 

Although there are economic advantages to a screening firm to off-shore, a Consumer Reporting Agency (CRA) that chooses to display the "No Off-Shoring” seal subscribes to the belief that risking a consumer's  personal and identifiable information to make more money is not justified by the risk to the consumer and the employer. 

Furthermore, when PII is off-shored, it is typically done without the employer or the consumer being told it is happening, what country the data is going to, or what data protection is in place. 

Some of the tasks being performed off-shore include:

1. Off-shore call centers calling US employers or schools to verify employment or education.
2. Off-shore centers entering orders into the screening firm's systems or other data entry tasks.
3. Off-shore data centers accessing databases to look up information about a consumer.

Each of these tasks is highly risky and can potentially place a consumer at risk.   

A CRA that chooses to display the “No Off-Shoring” seal is self-certifying that they subscribe to the following standards:

1. Domestic Background Screening: Where a CRA is providing background screening services for consumers in the United States based upon information available in the U.S., a firm displaying this seal certifies it does not send data outside the U. S. or its territories for processing or preparation of a background report or for any other reason. All work is done in the U.S.
2. International Screening: Where there is an international background check for verification of employment education or a professional degree, or for a criminal record check, some information may have to go off-shore by necessity since the information being sought is off-shore. However, firms displaying this seal have taken measures to protect personal and confidential data:
   1. Documentation or information such as passport numbers or unique identification numbers and date of birth are not sent to anyone overseas other than the actual verification provider, e.g. employer or school registrar, whenever possible.
   2. Where it is necessary to utilize a local firm, the local firm will first be asked to provide local contact information so that the CRA can contact the foreign verifying party directly.
   3. If due to infrastructure or other issues in a foreign country a foreign research firm must perform the verification, then the CRA or its agent has properly vetted the local firm, and will redact any unnecessary information.
3. Where a CRA utilizes a third party service to perform domestic or international services in connection with providing background reports, firms that adopted this standard have made reasonable inquires to ensure that any provider is also following this standard.
4. This is a self-certification standard. There is no process of enforcement or accreditation. Employers relying upon the seal should still take appropriate measures to ensure that consumer data is protected in the screening process.
5. The exception to off-shoring data is where the CRA has clearly disclosed to the end-user employer that such off-shoring may occur along with a disclosure of the potential risks involved and the employer in turn clearly discloses to the  consumer that their personal information may go offshore for processing along with a disclosure of the potential risks involved.  

If you agree with these terms, Click Here to get our Self-Certification Application. Fill it out online, print, sign and fax it in and we will get back to you about your certification shortly.