Employment Screening Services (ESS) recognizes our clients and consumers’ right to privacy, and we are committed to the safekeeping of consumers’ personal information. ESS takes all reasonable procedures to protect both on-line and off-line all personal and identifiable information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We adhere to the data protection principles that personal data must be:
- Processed fairly and lawfully;
- Obtained only for one or more specific and lawful purposes;
- Adequate, relevant and not excessive in relation to the purpose(s) for which they are processed;
- Accurate and where necessary kept up to date;
- Not kept for longer than necessary;
- Processed in accordance with the rights of consumer;
- Protected by appropriate security (technical and physical)
- Not transferred outside the EEA (European Economic Area) without adequate protection.
All consumers’ personally identifiable information (PII) is restricted to our offices, and only employees who need the information to perform a specific job are granted access to PII. Strong password protection protocols are used on all computers, and the servers that are used to store personally identifiable information are maintained in a secure environment. This policy outlines the standard for all ESS employees in the collection, use, sharing, retention, and security of individual client information provided to ESS through the internet, fax, telephone, e-mail or mail. Prior to ordering and sending ESS any consumer PII, all clients must sign a Consumer Report User’s Agreement agreeing to legal compliance with the Fair Credit Reporting Act in obtaining PII, ordering searches and using report information.
Purpose of Collection Consumer Information – As a Consumer Reporting Agency (CRA), ESS receives consumer PII from vetted clients and their consumers for specific, legitimate, permissible purposes according to the provisions of the Fair Credit Reporting Act (FCRA) to be used in the assembling or evaluating of consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties.
Use of Consumer Personally Identifiable Information – ESS and its service providers are entrusted with Personally Identifiable Information (PII) on individual consumers in the course of providing services to our clients. We collect consumer PII and disseminated information for specific, legitimate purposes and information will only be processed in accordance with the consumer’s legal rights in compliance with the Fair Credit Reporting Act and/or as applicable by Federal and state law guidelines and regulations. ESS will furnish consumer reports only as outline in the Fair Credit Reporting Act.
How Consumer Information Is Shared – ESS limits the collection, retention and use of individual consumers information to the minimum amount of information required to conduct the search requested by the client. Consumer information is shared with clients and with vetted public record researchers, who assists in the background investigation, through our secured on-line web-based system which can be viewed and retrieved only by authorized client users and researchers using a secured password. Clients may also communicate consumer information to ESS by telephone, secured fax or e-mail.
Storing of Consumer PII – Consumer personal identifiable information is retained for a minimum of six (6) years. Information is stored in the ESS secure software systems and can only be accessed by client authorized users that possess the password protected access and by ESS employees whose job responsibilities dictate a need to access stored consumer PII.
Data Security – ESS is committed to focusing on controlling against internal and external unauthorized access or disclosure of data and to ensure that all consumer data is protected in all of its forms, on all media, during all phases of its life cycle. Any personal data transmitted to or from our web site is protected by a secure socket layer key which encrypts the data transmitted over the internet. ESS has extensive physical and electronic security operating procedures and protocols in place regarding network security and data storage to ensure the protection of consumer information.
Destroying of Consumer Personally Identifiable Information – All consumer personal identifiable information is destroyed in compliance with ESS’ Disposal of Documents and Information Policy which states that ESS complies with the FCRA Disposal Rule and complies with FACT ensuring the proper disposal of consumer information. All electronic media (computer disc or hard drives) are appropriately disposed of by ESS third party technology vendor. When computers are replaced, the vendor removes the internal hard drive, shreds the drive and disposes of the shredded drive. All paper files with personally identifiable information are disposed of by placing the information in one of the secured bins which are emptied and shredded on site by a national disposal company specializing in shredding with which ESS has contracted. An employee of ESS witnesses the disposal service employee shredding the information. The disposal services disposes of the shredded information.
Employee Access to PII – ESS employee access to consumers’ PII is limited to those with a business reason to have access. All ESS employees have a background check prior to hiring, and all employees are trained regarding the lawful and intended purposes of processing PII; the need to protect and keep PII accurate and up-to-date; and the need to maintain the confidentiality of any PII employee may have access to.
Personal Information Disclosure: United States or Overseas – Personal information is not transferred to third parties outside the United States with the exception of when conducting an international background check. Any personal information transferred for international background checks is transmitted and stored in a secure manner.
Compliance Officer, Employment Screening Services, 2500 Southlake Park, Birmingham, Alabama 35244