Earlier this month, Connecticut Governor M. Jodi Rell signed into law An Act Concerning Consumer Privacy and Identity Theft (P.A. 09-239 (S.B. 838), L. 2009, effective Oct. 1, 2009), which is sure to have repercussions for employers in that state. Broadening the definitions of identity theft and “personal identifying information,” the legislation requires private employers to strengthen the security of job applications. In accordance with Section 10, each employer shall obtain and retain employment applications in a secure manner and shall employ reasonable measures to destroy or make unreadable such employment applications upon disposal. Such measures shall, at a minimum, include the shredding or other means of permanent destruction of such employment applications in a secure setting. Employers violating these provisions will be subject to a civil penalty of at least $500, not to exceed $500,000 for any single violation.
Do you know the record-retention laws that apply to your company? For starters, different state laws or operational requirements may have varying record-retention guidelines. Complicating the issue are questions like: How does an employer define an “applicant?” What exactly constitutes personnel records? Also, do the rules differ for unsolicited resumes or Internet applicants?
Many states have laws that require employers to retain particular records for a specified period of time; however, unsolicited resume retention is not specifically addressed in the laws of each individual state. For example, in Illinois, employers are required to maintain, among other things, resumes for one year from the date of application. Pennsylvania law requires all documents relating to employment including the applications of both successful and unsuccessful applicants must be preserved for 120 days following the filing of the forms. Wisconsin requires even longer retention: five years for all records relating to an applicants employment, including the original application.
Who is considered an "applicant?" The concept of an applicant is that of a person who has indicated an interest in being considered, through submission of a resume or otherwise, for hiring, promotion, or other employment opportunities. In an effort to address the difficulties federal contractors face in dealing with the often overwhelming amount of expressions of interest submitted via the Internet or related electronic data technologies in the context of OFCCP compliance, the OFCCP developed the Internet Applicant Rule, which employs the following criteria: (1) the job seeker has submitted an expression of interest in employment through the Internet or related electronic data technologies; (2) the employer considers the job seeker for employment in a particular position; (3) the job seeker's expression of interest indicates the individual possesses the basic qualifications for the position; and, (4) the job seeker does not remove himself or herself from further consideration or indicate that he or she is no longer interested in the position (41 C.F.R. §60-1.3). For paper submissions, however, the traditional applicant rule applies.
Disposal of employee records. Before complying with identity theft legislation, many questions should be resolved concerning the destruction of employee records. Can you be certain that data has been rendered unreadable before recycling or disposal? What really happens to your company’s old computer hard drives? If you used a vendor to shred documents, do you know details of their security?
Obviously, these are all complicated issues that cannot be easily addressed, so it is imperative that employers take a thorough look at their compliance with both state and federal laws to adequately define both their record-retention and disposal requirements. In cases where federal and state requirements overlap, the employer is expected to adhere to the stricter requirement.
5 hours ago
No comments:
Post a Comment