Information Handling Standards
International Screening Solutions (“ISS”) strives to respect the information privacy needs of consumers and clients while providing information services that help those parties realize their mutual goals. Our policy is to preserve the confidentiality of all private Personally Identifiable Information (“PII”) that is submitted to us in writing or electronically regardless of whether that information is provided to us by a consumer or by one of our clients in connection with employment background screening—including credential verification and credit information—fraud and regulatory risk management or other services. The ISS Website is not used to collect consumer PII.
This statement explains (a) how ISS collects, uses and transfers PII for operation, (b) how ISS maintains privacy in the performance of our international services, and (c) the rights of consumers and clients on whose behalf we may maintain personal information.
ISS strives to adhere to the following principles, which combine domestic and international expectations in privacy regulation, as much as is reasonable in light of the specific purposes:
- Notice: need to provide clear and accessible language to clients and individuals about ISS’s practices and policies with respect to PII.
- Choice: respect for individual’s ability to grant and revoke express consent to collection, use, retention, and disclosure of personal information for defined purposes as permitted by law.
- Onward Transfer: need to disclose regarding how personal information may be transferred to third parties, particularly when information crosses national borders.
- Security: need to maintain safeguards and adequate protection of personal information.
- Data Integrity: making commercially reasonable efforts to maintain accurate, complete, relevant, and reliable information.
- Access: respecting individuals’ rights to access and to challenge the accuracy of information relating to them.
- Enforcement: maintaining reasonable procedures to protect and enforce the various rights that consumers have regarding the PII that ISS handles.
When ISS collects PII from individuals, individuals are informed about the purposes for which the information is being collected and used, how to contact ISS with inquiries or complaints, the types of third parties to which it discloses the information, and any mechanisms in place to allow consumers to exercise choice for limiting use or disclosure outside the original scope and purpose of collection, among other things. Notice is provided in clear and conspicuous language either when individuals are first asked to provide PII or as soon thereafter as is practicable, but in any event before ISS uses the information for a purpose other than that for which it was originally collected or processed by the transferring organization, or discloses it for the first time to a third party (other than the agents acting under our instructions). The remainder of this section describes how ISS collects and/or uses PII.
The scope of this notice covers PII that ISS has obtained on behalf of employers and their agents by manually or electronically contacting or searching the appropriate sources of the data (public record holders, educational institutions, law enforcement agencies, etc.), and/or directly from consumers, employers or their agents, or other entities to which the consumer has or seeks a connection. The PII collected may include standard PII (like name and address information) or sensitive categories of information (like personal information specifying racial or ethnic origin, political opinions, religious or philosophical beliefs or criminal records); what data is considered sensitive information may vary depending on jurisdiction.
Upon request, ISS gathers consumer and other data that it then provides to employers or their agents (such as recruiters, staffing firms, or background screening companies and consumer reporting agencies) in the form of information products (such as background reports) for use in making employment-related decisions regarding hiring, retention, promotion or re-assignment. Generally ISS’s clients are agents acting on behalf of other companies. ISS does not make decisions on behalf of employers or their agents and the information gathered on behalf of any such entities is not subsequently sold, reused, or otherwise disclosed to third parties by ISS for marketing or other reasons outside the scope and purpose of the collection.
Below are some examples of ways that employers commonly use data provided by ISS:
- to complete background checks on applicants and current employees
- to verify education and other credentials presented by applicants and current employees
- to investigate reports or suspicion of job-related wrongdoing
- investigation of employee compliance with applicable laws and regulations
ISS also gathers and maintains PII provided directly by you, your employer or other entities with which you have or are seeking employment or a business relationship in order to perform services like those listed above as well as other services related to fraud prevention and regulatory compliance, such as for assessing compliance with anti-corruption/anti-bribery laws.
It is important to note that in most cases ISS will act as a processor or agent of another company and consequently will not have direct contact with consumers. In these cases ISS does not provide consumers with direct notice, but will not process PII until the client or third party certifies its use of consumer notices mandated by applicable laws or gives proof of a legitimate reason why such notice is not required.
More information regarding the nature and scope of consumer data inquiries is available by contacting ISS in writing to the address identified in the section of this policy called “Our Contact Information”.
Generally, individuals have a right to choose whether their PII will be disclosed to a third party (other than our agents) or will be used for a purpose incompatible with the original purpose of collection or subsequent authorization by the individual (opt-out). For sensitive information an individual must “opt-in” by granting explicit written consent authorizing disclosure to non-agent third parties or by some other reasonable mechanism of exercising and recording the individual’s choice.
ISS generally seeks to ensure that individuals are provided an opportunity to opt-in regardless of whether the information is sensitive or not, and encourages its clients to do the same, but there may be situations where specific choice is not required as in the case of due diligence using public records, information processing related to certain types of regulatory investigation, or certain matters of public interest (for example: mandatory disclosure of PII pursuant to laws regarding national security or law enforcement).
It is important to note that in most cases ISS will act as a processor or agent of another company and consequently will not have direct contact with consumers. In these cases ISS is not directly responsible for offering choice; however, we will not process PII unless a client has provided, at the very least, a certification that consumers have been provided adequate choice to the extent that it is required by applicable laws.
III. Onward Transfer to Third Parties
The principles of “Notice” and “Choice” also apply to transfers of PII made to third parties that are not our agents. Therefore, PII is only provided to third parties for purposes described in the “Notice” section above or otherwise disclosed to consumers. Authorization (opt-in) is obtained before transfers when it is appropriate to do so (such as for transfers of sensitive information); where required by law, no information will be disseminated to a third party if a consumer has exercised the right of choice either by opting-out (for non-sensitive information) or by failing to opt-in (for sensitive information).
ISS may disclose PII to its agents, as well as its clients who enter written agreements with ISS, in which both parties agree to follow practices that offer privacy protection that is (i) reasonable in light of the nature, scope and purpose of the information processing and (ii) consistent with the Privacy Principles and applicable law. ISS may disclose PII in response to a lawful request by public authorities if required to do so by laws regarding national security or law enforcement or in good faith belief that such disclosure was required by law. ISS does not disclose data to third parties for marketing purposes.
ISS takes reasonable steps to protect PII from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Access to information maintained in our systems is restricted to authorized personnel who have a need to access that information in order to complete their jobs. If we transmit PII through the Website or ISS controlled networks we utilize industry standard encryptions, including 256-bit Secure Sockets Layer (SSL) protocol.
PII is destroyed by shredding or electronic erasure that is done in a manner such that the information cannot be practicably read or recovered.
V. Data Integrity and Limited Purpose
ISS processes information, including PII, in ways that are compatible with the purposes for which it has been collected (as identified in the Notice section above) or as otherwise authorized by the consumer and for no other purposes. To the extent necessary for those purposes, ISS takes reasonable steps to ensure that information is reliable for its intended use, and that it is accurate, complete, and current. ISS does not use consumer PII for marketing purposes or sell PII to third parties.
A consumer may make a written request for access to all PII that ISS has collected and maintains about him or her, if any. ISS will give consumers reasonable opportunity to correct, amend, or delete incomplete or inaccurate information about them as well as information that is proven to have been processed in violation of the Privacy Principles and applicable laws, unless (i) the burden or expense of providing access would be disproportionately high compared to the risks to the individual’s privacy, or (ii) the rights of persons other than the individual would be violated.
ISS has the right to request and obtain sufficient information to allow it to confirm that the identity of the person making the access request matches the identity of the consumer. ISS will make reasonable efforts to confirm the identity of the requestor to ensure that information is only provided to the subject of the information.
To request information relating to his or her PII, a consumer may contact ISS in writing. Consumers may do so by sending a letter or downloading and mailing an Access Request Form to the address identified in the section of this policy called “Our Contact Information”.
If a consumer’s initial writing did not provide sufficient evidence of identity, the consumer will be asked to provide sufficient evidence of his or her identity to ensure that information is only released to the correct individual. If ISS is unable to grant access to the consumer’s PII or to correct the data, we will notify the consumer.
ISS is committed to addressing problems arising out of an identified failure to comply with the Privacy Principles. We will verify that assertions made in this document are true and implemented via annual self-assessment of our privacy policies and procedures. Individuals who have a complaint or dispute related to our handling of their PII are encouraged to first contact ISS directly in writing by sending a letter or downloading and mailing a Notice of Consumer Dispute Form to the address identified in the section of this policy called “Our Contact Information.”
Our Contact Information
International Screening Solutions, Inc.
114 TownPark Drive, Suite 540
Kennesaw, GA 30144
Effective: January 20, 2017