The Modern Slavery Act 2015 is new legislation introduced in the UK with the intention of combatting slavery and human trafficking. Continuing the trend for legislation to have extra-territorial reach, as illustrated by the UK Bribery Act, it can apply to entities based outside of the UK. To read more click here.
Employers often run background checks on their applicants and employees in order to protect the workplace and to assemble a good and trustworthy workforce. For U.S.-based employers with operations overseas, the legal requirements governing the background check process in the United States can vary from the requirements of the process abroad. This post examines some cross-border differences and offers practical guidance for U.S. multinational employers.
Background Checks in the United States
Whether on their own accord or through a third-party vendor, it is common practice for employers in the United States to run background checks on their prospective and current employees. For years, as part of the due diligence process, employers have inquired into a range of records regarding an applicant’s or employee’s credit, criminal, driving, educational, and employment history. In recent years, however, a growing number of federal, state, and local laws have imposed a series of requirements and restrictions on U.S. employers both before running a background check and before taking adverse action based on the results.
In the United States, employers typically rely on a third-party vendor known as a consumer reporting agency (“CRA”) to perform a background check. For decades, federal law (specifically, the Fair Credit Reporting Act (“FCRA”)) has regulated this process, requiring employers to disclose to applicants and employees when they intend to have a CRA run a background check, and to obtain the applicant’s or employee’s consent before doing so. Several states have levied similar obligations on employers.
U.S. employers face other restrictions under various state and local laws regardless of whether they run a background check through a CRA or on their own initiative. For instance, jurisdictions across the country have limited when an employer can ask about an applicant’s criminal history—a movement better known as “ban the box.” To date, in seven states and about a dozen localities, private employers cannot ask an applicant to divulge his or her criminal history on the initial employment application and, in some cases, until after a conditional offer of employment.
Even when permitted to make criminal history inquiries, employers may not ask about certain types of criminal records in certain jurisdictions. For example, D.C. prohibits questions about arrests that are no longer pending, San Francisco outlaws queries about convictions more than seven years old, and New York nixes inquiries concerning youthful offender adjudications. Employers also face limitations when asking about credit history, as ten states and at least four localities forbid credit checks for employment purposes, with limited exceptions.
Taking Adverse Action
Employers in the United States also are subject to increasing regulation whenever they intend to take adverse action (e.g., rescind a job offer, terminate employment) based on the results of a background check. For instance, before taking adverse action against an applicant or employee based on the results of a background check report prepared by a CRA, federal law requires the employer to first send a notice of intent to take adverse action and allow the applicant or employee at least five business days to contest the results or provide additional information. If, after considering any corrective or mitigating information, the employer still intends to take adverse action, it must send the applicant or employee a final notice of adverse action. Certain states require employers to follow a similar process.
In addition to these notice obligations, some employers may not take adverse action on the basis of certain criminal offenses or credit history, regardless of whether they use a CRA. For instance, several states prohibit employers from considering arrests or sealed or expunged convictions in hiring and other employment decisions. A growing number of states and localities also only permit employers to take adverse action based on criminal offenses that reasonably relate to the job. And, some jurisdictions limit employer use of certain types of convictions (e.g., drug offenses) for purposes of employment.
International Background Checks
Prior to conducting background checks in foreign jurisdictions, U.S.-based employers should first consider the nature of their business presence. Indeed, whether an employer “does business” in a given jurisdiction can impact the extent of its obligations to comply with the employment laws of that jurisdiction. Oftentimes, U.S.-based parent companies will conduct background checks on individuals seeking work at an international subsidiary of the parent company. In such cases, international privacy laws may restrict the free transfer of personal information. Where, in fact, the parent company is not technically the individual’s employer, the company still should consult with local counsel on the extent of its legal obligations before proceeding with the background check.
Unlike the process in the United States, employers may not be able to utilize third-party vendors to conduct background checks in certain jurisdictions. Indeed, sometimes, local rules may block access of third-party vendors to certain information – including credit history and criminal records – and require that the individual employee or applicant obtain the records directly from the source (e.g., the credit bureau or law enforcement agency headquarters). The employer may be able to request that the individual obtain the records and turn them over to the employer, but in certain circumstances, it may not be able to condition prospective or continued employment on the individual’s compliance with such directives.
As noted earlier, certain U.S. states restrict the ability of employers to ask questions about an applicant’s criminal history. The same can be said in countries abroad. As an initial matter, certain countries do not keep centralized criminal records and, therefore, it may prove difficult – if not impractical – for the individual to even obtain his or her criminal history. Moreover, in some countries, conditioning employment on the successful completion of a criminal background check, particularly where not job-related, may run afoul of applicable anti-discrimination laws, as well as an employee’s right to privacy and/or right to work.
In jurisdictions that allow employers to conduct background checks, at the very least, the consent of the applicant or employee often is necessary. Certain countries may restrict the ability of employers to obtain consent through an electronic signature, and employers should consult with local counsel to determine if a hard copy signature is necessary. In addition, as a practical matter, employers often need to provide the background check consent forms in the jurisdiction’s national language.
Taking Adverse Action
Employers that operate internationally also often face significant restrictions when taking adverse action based on the results of a background check. Generally speaking, the employer must demonstrate “just cause” before taking an adverse action against an employee, and terminating employment based on the results of a background check may not rise to that level. And while the hurdle may be lower in cases where an employer decides not to hire a prospective employee based on the results of a background check, in cases where the employer is considering terminating a current employee, it should consult the applicable anti-discrimination and employment laws in that jurisdiction and/or seek the advice of local counsel.
Given the growing patchwork of laws, when running background checks in the United States, employers should remember to:
- ensure that hiring guidelines regarding employment of individuals with criminal records are consistent with federal, state, and local law;
- conduct individualized assessments of candidates and employees when possible;
- train managers on the appropriate use of criminal and credit history in hiring, promotion, and separation; and
- adhere to FCRA and other state and local requirements before conducting background checks and when considering or taking adverse actions against applicants or employees based on the results.
And, when running background checks internationally, employers should remember to:
- “know your business presence” in a given country;
- obtain consent to retrieve any given number of background check records;
- ensure compliance with applicable privacy and anti-discrimination laws; and
- consult with local counsel both before running a background check or before taking adverse action based on the results.
Daniel Saperstein is Co-Chair of Proskauer’s Hiring & Background Checks Group and a member of the firm’s International Labor Group. David Reid is a member of the firm’s International Labor Group.
A brief rundown of developments in recent weeks in the area of EU data protection law:
EU Data Protection Regulation
On Monday, June 15, the EU Council (comprised, for purposes of data protection reform, of the justice ministers from each of the EU member states) reached an agreement on a draft data protection regulation, marking an important milestone in the ongoing effort to reform and modernize data protection law in the EU. (This development follows the European Commission’s publication of a proposed regulation in January 2012 and the European Parliament’s official agreement to a “compromise” version in March 2014.) Beginning this week, these bodies will begin negotiations to reconcile the three versions with a stated goal of promulgating a final regulation by the end of the year. The regulation will replace the 1995 Data Protection Directive and, once it comes into force, will apply directly in each of the EU member states, creating greater uniformity across the EU in respect of data protection standards.
Check back here next week for an overview of the key differences (and, thus, areas for negotiation) among the positions promulgated by the Commission, Parliament and Council.
As we recently reported, the US and EU continue to negotiate reforms to the US-EU Safe Harbor. It was announced earlier in June that progress is being made, and one EU official told the Wall Street Journal at that time that US officials were being given “another month” to address the EU’s concerns. As we’ve reported in the past, US government access to personal data appears to remain a sticking point.
Concurrent with these negotiations, the European Court of Justice (“ECJ”) also has been considering a broad challenge to the Safe Harbor in the case of Schrems v. Facebook Ireland Ltd. The plaintiff in that case has argued that, given the NSA/Snowden revelations, the Safe Harbor (upon which Facebook—like many other US-based companies—relies to transfer and hold users’ personal data in the US) could not provide adequate protection as a matter of EU law. The ECJ is considering, among other questions, whether a data protection authority can investigate an individual’s claim that the US does not adequately protect data transferred from the EU or whether it must accept as a matter of law that Safe Harbor compliance means data is adequately protected. The case has the potential to have far-reaching effects if the ECJ were to reach the merits of the sufficiency of the Safe Harbor program (as opposed to simply addressing whether the Irish data protection authorities may investigate and/or punting in light of the ongoing reform negotiations). An opinion was originally scheduled to be issued on June 24, 2015, but it was disclosed last week that the opinion will be delayed, and no new publication date has yet been announced.
**This post also appears on Proskauer’s Privacy Law Blog.**
The US-EU Safe Harbor has been back in the news recently as Germany’s data protection commissioners met at the end of January and expressed impatience at the delay in implementing what many view as necessary reforms to the program. The European Court of Justice also recently heard a challenge to Facebook’s reliance on the Safe Harbor for the transfer of user data in what many see as an important test case; this lawsuit will be the topic of a future blog post.
Established in 1998, the Safe Harbor program provides a mechanism by which companies can publicly represent that they have established internal controls that provide an adequate level of protection, thereby permitting transfers of personal information from the EU to the US. (EU data protection law provides that – with limited exceptions – personal data can be transferred outside the European Economic Area only if an adequate level of protection is ensured, and the US is not among the countries whose laws the EU Commission has identified as providing adequate protection.)
Although there have been critics of the Safe Harbor program since its inception (particularly around issues of transparency and dispute resolution), criticism has been at an all-time high since the disclosure in 2013 of the U.S. National Security Agency’s surveillance activities. In response to these widespread concerns, the EU Commission issued a report in November 2013 setting forth 13 specific recommendations aimed at promoting transparency, ensuring effective dispute resolution and enforcement, and limiting access to personal information by U.S. authorities. Notable recommendations include:
- Notify the Department of Commerce regarding contracts with subcontractors, including cloud computing services, that will involve the transfer of personal data and make publicly available information regarding the privacy safeguards that are included in such contracts;
- Addressing affordability concerns with respect to alternative dispute resolution mechanisms and increased monitoring of ADR providers;
- Random audits by US authorities to ensure companies are in compliance with their privacy policies and investigation of false claims of Safe Harbor compliance; and
- Inclusion in privacy policies of information regarding the extent to which US law would allow US authorities to access data transferred under the Safe Harbor.
Although the EU Commission initially hoped to finalize reforms last summer, talks continue. It was revealed in November 2013 that agreement has been reached on most of the EU Commission’s recommendations but that US government access to personal data remains a sticking point. The EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, stated in January that the EU had indicated to the US that reforms must include “sufficient guarantees on national security access” and that the EU had “recently registered concrete engagement from the US on this issue.” She indicated a goal of finalizing a reform package by May of this year.
Accordingly, although there have been calls and threats for complete cancellation or suspension of the Safe Harbor program, this remains unlikely, not least because of the extreme economic consequences that would flow from such action. However, it appears certain that reforms will be implemented, and although the full scope of such changes is not yet known, companies can and should begin to prepare. Specifically, current Safe Harbor members, and those considering certification, would be prudent to:
- Consider a self-assessment of compliance with their data privacy policies and applicable data protection requirements;
- Examine their options in respect of ADR and consider the impact of a requirement that ADR be made free for data subjects seeking to utilize it; and
- Begin to identify vendor contracts that contain (or should contain) privacy provisions to ensure that they comply with the Safe Harbor requirements and to assess the feasibility of disclosing these provisions should that requirement be implemented.
We will continue to monitor the reform negotiations and will report here of any developments.
**This post also appears on Proskauer’s Privacy Law Blog.**
India recently enacted the Sexual Harassment of Women at the Workplace (Prevention, Prohibition and Redressal Act) 2013, which protects all “aggrieved women” in the workplace from unlawful harassment. To be clear, the term “aggrieved women” includes both employees and non-employees. The Act represents a drastic shift in the law that will require all employers with a presence in India to implement the requisite policies and procedures outlined in the statute. Continue Reading
In Liu v. Siemens A.G., No. 13-cv-4385, 2014 WL 3953672 (2d Cir. Aug. 14, 2014), the Second Circuit affirmed that the anti-retaliation provision in Section 922 of Dodd-Frank does not apply extraterritorially. This post examines the Court’s reasoning and the implications of this decision—particularly for multinational employers. For more on this decision, please review our Firm’s client alert. Continue Reading
As originally published on Proskauer’s Whistleblower Defense blog, in the UK, whistleblowing law is based on a statute prohibiting a “worker” being dismissed or subjected to any other detriment because of having made a “protected disclosure”. Until recently, the general view was that the definition of “worker”, and therefore whistleblowing protection, did not extend to partners. There were many reasons for this view, such as the fact that discrimination legislation (which protects partners as well as other workers), is, in contrast to whistleblowing legislation, explicit as to its application to partners. However, this week, a landmark Supreme Court decision, Clyde & Co. LLP v. Van Winkelhof (overturning a decision of the Court of Appeal) held that partners were “workers” and therefore legislation protecting whistleblowers applies to partners in the same way that it applies to employees. This decision has some very significant consequences, especially in the financial and professional services industries where so many individuals are engaged as partners.
To read the blog post in its original entirety, please visit: UK Whistleblower Protection Extended to Partners.
Two Proskauer Labor & Employment partners Allan Bloom and Kathleen McKenna attended the Cambridge Forum’s International Forum on Employment Law held in Surrey, UK on May 14th – 16th, 2014. Practitioners from 26 countries participated, and engaged in a two-day roundtable on various issues of common interest to global employers, including the future of employment law, cross-border data protection, global mobility, labor issues in international mergers and acquisitions, restrictive covenants, and the future of industrial labor relations. The Forum’s Steering Committee welcomes up to 44 legal practitioners from across the globe, each of whom has been selected based on their experience and specialization in International Employment Law. The invitation-only aspect ensures there is a high and common standard of fluency among all participants of the issues to be discussed.
Social media around the world continues to evolve and so does the International Labor and Employment Group at Proskauer. For a third year, Proskauer and its global partners have conducted a survey of multinational businesses to learn how they are dealing with use of this new media in the workplace. Our third annual survey received more than 110 responses from a broad range of businesses, many with a global presence. The results revealed a number of notable findings and developments including:
- nearly 90% of businesses surveyed now use social media for business purposes.
- more than 70% of businesses reported having to take disciplinary action against employees for misuse (compared to 35% in previous years).
Click here to view the results of our survey, including a summary of key employment law issues, best practices and takeaways from around the world that arise as a result of social media use at work.
In the first of our new series of labor and employment updates from around the world, we focus on Germany, where there have been a number of recent and significant developments. With the help of Gleiss Lutz (a firm with offices throughout Germany), we are delighted to provide you with the latest news from Germany.
As so often happens in the aftermath of an election, the new German Government has turned its attention to labor and employment law, and has already announced new and significant legislation. On top of this, there have been some recent important judgments from the Federal Labor Court. Continue Reading