Privacy

NOTICE OF UPDATES TO OUR TERMS AND CONDITIONS AGREEMENT, PRIVACY POLICY AND NEW GDPR NOTICE OF RIGHTS

Data privacy is our top priority at Scherzer International (“SI”).  SI has undertaken diligent efforts to ensure our compliance with the GDPR which became effective May 25, 2018.  Here are some of the things that we’ve done:

  • We added a clause about GDPR* compliance setting forth our respective obligations under this regulation to our Terms and Conditions Agreement (the “Agreement”), which now – unless superseded by another agreement – governs SI’s provision of background screening reports (“Reports”). The Agreement can be accessed here and is applicable to all Reports ordered from SI on or after May 25, 2018 (“Effective Date”).
  • We revised our Privacy Policy by adding information about our compliance with the GDPR requirements regarding the processing of personal data of individuals located in the European Economic Area (EEA) covered by the GDPR and made some wording changes for clarity.  Please note that as before, our website does not use cookies or otherwise track any personal data.
  • We posted a “GDPR Notice” on our website, which informs EEA individuals of their rights in connection with their personal data.

There is no need for you to take any action. By continuing to interact with SI and using our services after the Effective Date, you agree to these terms.

Of course, you can opt out at any time, by contacting Joann Gold, Executive Vice President/Chief Compliance Officer, at jgold@scherzer.co.

WE APPRECIATE YOUR BUSINESS!

*“GDPR” means Regulation 2016/679 of the European Parliament and of the Council of the European Union, and the European Commission of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation.

Additional Guidance and Forms Issued for City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

As reported in our previous alert, effective January 22, 2017, the Fair Chance Initiative for Hiring (“LAFCIH”) ordinance prohibits employers (with 10 or more employees) from inquiring about an applicant’s criminal history until a conditional job offer has been extended and imposes significant compliance obligations. The Department of Public Works Bureau of Contract Administration (the “BCA” or the “Department”), which bears administrative responsibilities for the LAFCIH, in addition to its rules and regulations published In February, has now provided forms and further guidance to help covered employers (and city contractors/subcontractors) meet their compliance requirements.

The forms and guidance include the following:

It is recommended that all covered employers and city contractors/subcontractors review the materials provided by the BCA.  Penalties and fines for violations of the LAFCIH will be imposed starting July 1, 2017.

New Guidance Regarding City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

 

 

What is this about:

As reported in our previous alert, effective January 22, 2017, the Fair Chance Initiative for Hiring (“LAFCIH”) ordinance prohibits employers from inquiring about an applicant’s criminal history until a conditional job offer has been extended and imposes significant compliance obligations.

The Department of Public Works Bureau of Contract Administration, which bears administrative responsibilities for the LAFCIH, in addition to its rules and regulations (the “Regs”) to guide covered employers (and city contractors/subcontractors) in meeting compliance requirements published last month, has now posted an “individualized assessment and reassessment form.” It is unclear whether the Department expects employers to use this form as provided or whether modifications are permitted. Certain other items in the Regs also remain unclear, and the Department has yet to issue anticipated further guidance.

 

Notable amplifications and clarifications:

  1. “Applicant” means an individual who submits an application or other documentation for employment to an employer regardless of location.
  2. “Employee” means any individual who performs at least two hours of work on average each week within the geographic boundaries of the City for an employer. Average week is determined by the last four complete weeks before the position is advertised
  3. An individual who lives in the City and performs work for an employer from home, including telecommuting, is an employee.
  4. An individual who works from a home that is outside of the City is not an employee even if he/she works for a Los Angeles-based company, unless the individual also works at least two hours on average per week within the geographic boundaries of the City.
  5. The LAFCIH applies to employees regardless of an employer’s designation of an employee as an independent contractor, and labeling a worker as an independent contractor is not conclusive for the purpose of the LAFCIH.
 

Criminal history:

According to the Regs,

“A conviction shall include a plea, verdict, or finding of guilt regardless of whether sentence is imposed by the court. In the State of California, an employer is prohibited from asking about any arrest information, unless it results in a conviction, and otherwise specified.”

Note: the definition above cites California Labor Code §432.7(a)(1). The first sentence is correct; however, the second sentence is not, as that statute expressly allows inquiries about pending cases,stating that “nothing

[in this section] shall prevent an employer from asking… about an arrest for which the employee or applicant is out on bail or on his or her own recognizance pending trial.”

Nevertheless, the Regs, in a section titled “Employer Assessment of Criminal History,” go on to state that “arrests cannot be considered in employment decisions.”

 

Other guidance items:

The Regs amplify other definitions and aim to explain the various employer requirements. This includes, but is not limited to: the application and interview procedure, assessment of criminal history, the “Fair Chance” process, notice and posting, record-keeping, enforcement and exceptions.

See above the above post for links regarding this new guidance.

The Swiss-U.S. Privacy Shield Framework is approved

The Swiss-U.S. Privacy Shield Framework (the “Framework”) made its debut on January 12, 2017 without much fanfare when Swiss federal councillor Johann Schneider-Ammann announced the Framework’s approval as a valid legal mechanism to comply with Swiss requirements for transferring personal data from Switzerland to the United States. The Framework, designed by the U.S. Department of Commerce (the “DOC”) and the Swiss government to align with the EU-U.S. Privacy Shield, will immediately replace the U.S.-Swiss Safe Harbor. The DOC will begin accepting self-certifications starting April 12, 2017 to give organizations ample time to review the new Framework’s principles and compliance requirements. For more of Scherzer International’s coverage of the EU-U.S. Privacy Shield, click here.

California expands privacy protections for state residents

A perennial trendsetter with regard to data security and privacy, California has updated its state law with tweaks that expand the scope of the privacy protections for state residents.

A.B. 1710 made three changes to existing law that go into effect January 1, 2015: first, businesses that maintain “personal information” about California residents must “implement and maintain appropriate and reasonable security procedures and practices” to protect the data from “unauthorized access, destruction, use, modification, or disclosure.” Personal information is defined to include an individual’s first name or first initial and last name, Social Security number, driver’s license number, as well as medical and financial account information.

Second, if a person or business was “the source” of a data breach and offers to provide identity theft prevention and mitigation services to affected individuals, the business must offer the services at no cost for at least 12 months. Some controversy has swirled around this provision, with debate on whether the language actually requires businesses to provide one year of free identity theft protection and mitigation services or if the law simply requires that if the services are offered, they last for 12 months and are provided gratis. Additional guidance may be forthcoming.

Finally, the new legislation prohibits a business from “selling, offering for sale, or advertising for sale” Social Security numbers. Limited exceptions were noted in the bill, including “if the release

[not necessarily a sale] of the Social Security number is incidental to a larger transaction and is necessary to identify the individual in order to accomplish a legitimate business purpose” or “for a purpose specifically authorized or specifically allowed by federal or state law.”

The law’s scope reaches well beyond the borders of California, as it applies to businesses that maintain any personal information about a state resident. Companies would be well advised to familiarize themselves with the new requirements.

To read AB 1710, click here.

December 3rd, 2014|Legislation, Privacy|

California passes two new data privacy laws

Effective January 1, 2014, California will have two new data privacy laws: AB 370, which mandates disclosure of “do not track” and other tracking practices in online privacy policies, and SB 46, which amends the state’s data security breach notification law.

AB 370 adds to the California Online Privacy Protection Act (“CalOPPA”) a requirement for companies that collect personally identifiable information online to include disclosures regarding (1) how they respond to a web browser’s “do not track” (DNT) signal, and (2) if third-parties can collect personal information across a network of sites. The law does not require websites to honor browser DNT signals or block third-party tracking; it simply tries to increase transparency about the site’s practices.

SB 46 adds a new category of data triggering California’s breach notification requirements, to wit: “a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.” The new law requires notification of unauthorized access to user credential information even if that information is encrypted.

October 25th, 2013|Educational Series, Legislation, Privacy|
Go to Top