Ten Steps to Protect Your Business in 2018

By: Christine Cunneen

With data and security breaches more frequent than ever over recent years, 2018 is the year to focus on security protection, with more effective plans to protect ourselves, our companies, and our customers.

From a small nonprofit to a large corporation–every organization is exposed, in some way, shape, or form, to sensitive personal information that identifies either employees or customers or both.  This “personal identifying information” can include names, Social Security numbers, addresses, credit card information, license information, and account data.  When this data, even something as simple as a name, falls into the wrong hands, trouble will inevitably ensue.  Crime, including identity theft, fraud, and embezzlement, is one repercussion.  Another is the potential damage to your business.  Can it withstand theft of funds or property and/or losing employee and customer trust and loyalty?  No business can afford those risks, especially when they can be minimized with some simple steps.

Here are ten steps to help protect your business:

  1. Create a Data Security Plan. Your plan may include many of the following steps, as well as those more specific to your own business and technology infrastructure.  Assess the vulnerability of any foreseeable attacks, breaches, and issues.  Then, determine the steps necessary to protect yourself in each situation.  Remember these should not be limited to electronic issues and measures only.  Rather, they should encompass basic physical protections, even as simple as locking doors and filing cabinets. 
  2. Take action now. With a plan in place, it is time to take action.  Too many times business owners and managers are overwhelmed with the day-to-day activities of the business that “have to” get done.  They tend to put implementation of policies and procedures on the backburner.  However, every day you wait is another chance for a security breach.  Planning and reacting on paper without having to face the stress of an actual breach makes sense, when emotions are not running wild. From restricting employee access to running anti-spyware programs and securing electronic information in transit over the Internet, don’t leave any stone unturned – even if it’s a basic or obvious protection step.
  3. Conduct background checks. A well-trained and screened workforce is the best defense against identity theft and data breaches. Check references and do background checks before hiring employees and contractors who will have access to sensitive data.  Investigate the background screening company of your choice to ensure that they are accredited by the National Association of Professional Background Screeners.  Such accredited firms will utilize data security practices that meet the highest possible standards.
  4. Shred and pare down your records. Dispose of credit reports, receipts, CDs and any paperwork with sensitive data printed on it, as many data compromises happen the old-fashioned way–through lost or stolen paper documents. This is not to say that electronic security is preferred, but an encrypted, e-security system managed by an independent professional is recommended.
  5. Follow state law.Because there are no federal standards for protecting personal identifying information, you should comply with your state law.  Many states require a risk-based information security program be in place and outline the proper notification steps. NAPBS has published a guide for data breach notification laws in your state.  The laws are always changing, so use this as a guide only and always check the latest laws directly with your state and/or your privacy attorney.
  6. Train your staff. Your information security plan is only as strong as the employees who will implement it. Most breaches actually happen by accident because employees do not have the information they need.  Initial and periodic training will help focus on everyday behaviors to help keep personal information secure and confidential. Be sure to have a procedure in place for what to do when workers leave your employment, such as terminating passwords, collecting keys, and ID cards.
  7. Keep business and personal accounts separate. Businesses are not the only ones getting hacked.  Individuals are subject to identity theft on a daily basis, especially with the increasing amount of “online living.”  Keep all emails, passwords, and accounts separate help to ensure that if you are victim to a breach in one area of your life, the other areas stay protected.
  8. Refer to the Federal Trade Commission (FTC).  The FTC has published a Security Guide for Business and it is a great place to start or revise your plan.  All businesses should cross-reference this guide from time to time to make sure they are staying up-to-date and to measure up their own practices against those recommended by the FTC.
  9. Enforce restrictive data permissions. So much comes down to employee security and knowledge.  Only those employees with a need-to-know should have access to passwords and other secure information.  The more people who have access, the more potential for problems.  Enforce your policies and change passwords and other security information frequently.
  10. Bring in a specialist. Not every business has the means to hire an outside expert, but, if you can, it could be one of the smartest decisions you could make.  Just like you are an expert in your own business, these professionals are experts in theirs.  They can provide an invaluable education to you and your employees about best practices and security tips.  They can also review your current policies and advise any applicable changes. 

Creating a culture of security is vital to the longevity of your business.  Taking steps now to safeguard sensitive information before any breaches occur is not only smart, it demonstrates a deep, value-based sense of professionalism and integrity in your business operations, which goes a long way with employee and customer satisfaction and loyalty.

Can Drug Testing Your Employers Save Money? Compliance with State Rules is the First Step.

By William J. Judge, JD, LL.M.
Drug Screening Compliance Institute

Drug testing can make you money. I have said this for years and people usually look at me as if I’ve been smoking something. What they don’t realize is that if they explore the state financial opportunities that exist, they can see a significant return on their money. However, in order to do so, compliance with the state’s rules, including the filing of paperwork, is necessary. Two recent cases, one in Florida and the other in Tennessee, make this evident. Before we get into the details of the two cases, let’s set the stage.

Today, nineteen states provide some form of a rebuttable presumption of intoxication defense to a workers’ compensation claim.[1]  Seen on the map below, the states highlighted in green offer a rebuttable presumption of intoxication. However, the cause must be established. The states highlighted in blue provide a rebuttable presumption of both intoxication and cause. In those states, the burden then shifts to the employee to show that she or he was not intoxicated and/or that something other than intoxication caused his or her injuries.


If the employee is unable to rebut the presumption, the claim is denied. Some states require paying for the medical care that the injured employee received and, in a few states, the presumption is unavailable if the injured employee died. If you are operating in one of these states, you should seriously consider complying with the financial opportunity that is available to you. If you don’t utilize this defense, you are leaving cash on the table.

Another cash opportunity, also involving workers’ compensation, can be found in the twelve states highlighted in yellow below.

These states offer a discount on your workers’ compensation premiums annually (usually ~5%) if you voluntarily comply with the rigid rules detailed in most of the state’s statutes and regulations.

As seen in the following two cases, if you fail to comply with the rules in either of these financial opportunities, you may not receive the benefits available.


Florida Case

On April 18, 2018, a Florida Court of Appeals reversed a lower court’s decision to deny death benefits to the spouse of a man struck and killed by a vehicle while walking from a bar along the road.[2] The employee, a construction helper assigned to an out-of-town job, was returning to his hotel. Surveillance video showed the employee “weaving in and out of the road” shortly before the accident, but the actual accident was not seen.

The employer raised the rebuttable presumption of intoxication defense available in Florida (sec. 440.09(3) and 440.09(7)(b)). The Court of Appeals found that the employer and carrier were not entitled to the defense “due to their non-compliance with…the procedures set forth in the administrative rules.” Without the presumption, the employer/carrier had to show “by the greater weight of the evidence, that the work-related injury was occasioned primarily by the intoxication of the employee.”

The Court of Appeals concluded that the employer/carrier failed to meet that burden. The potential cost to the employer/carrier was up to $150,000 in compensation and up to $7,500 in funeral expenses.[3]


Tennessee Case

On February 8, 2018, the Tennessee Bureau of Workers’ Compensation Appeal Board (“Board”) found that an employer that had participated in the State’s Drug-Free Workplace program in the past was not entitled to the presumption available in that program because they hadn’t filed the required paperwork with the State to cover the time period of the accident.[4]  Had they filed the application for participation in the program they could have raised the rebuttable presumption that the injured employee’s drug use (marijuana) was the proximate cause of her injuries she sustained in an automobile accident while at work. The employer asserted that it’s past participation in the program and its “substantial compliance with the statutory requirements” should entitle it to the program’s benefits.

The Board disagreed indicating that not only had the General Assembly imposed certain program requirements, but it also required that “substantial compliance in completing and filing the [application] form shall create the rebuttable presumption” that the employer had established the required program.

Because the employer here had not filed the application (even though it had been filled out) it was not entitled to the presumption.


Lesson:  State benefits can save substantial amounts of money, but only if you comply with the rules set out by the state legislature and agency that enforces the law.


[1] In most of these states, there are detailed rules that must be met.  An explanation of those details is beyond the scope of this article.

[2] Inmon v. Convergence Employee Leasing III, Inc., et al, No. 1D17-0815, (1st Dist. Ct. of App. (4-18-18)).

[3] Sec. 440.16.

[4] Bowlin v. Servall, LLC, et al, Docket No. 2017-07-0224, (2-08-18).

Hire Image to Present Free Webinar: What Every HR Professional Needs to Know in 2018

On February 22, at 3:00 PM EST, Hire Image’s CEO, Christine Cunneen, will host a Free Webinar: What Every HR Professional Needs to Know in 2018.

Join us for a discussion on what’s new in 2018 and what trends will be affecting the background screening industry this year. This webinar will cover topics including, but not limited to, Salary History Laws, Ban the Box Laws, Marijuana in the Workplace, Non-Traditional Staffing, and Data Security. Register today and join the conversation on what we expect to see as the year progresses.

This webinar is approved for SHRM PDC credit.
This webinar is approved for HRCI credit.


Hire Image to Present Free Client Only Webinar: Behind the Scenes of Background Screening – A Step by Step Review

On January 25th at 3:00 pm EST, Hire Image Director of Compliance, Dorothy Riley, will host a Free Client Only Webinar: Behind the Scenes of Background Screening – A Step by Step Review.

Join Dorothy and CEO, Christine Cunneen, with updates of new compliance obligations and the necessary steps of the background screening process from start to finish. The online system will be reviewed, covering topics from notices (federal, state, and local) to new legislation, such as salary restrictions. In circumstances where the report contains information that could bar an applicant from employment, they will discuss the Pre-adverse/Adverse process and where sample forms can be found. Finally, helpful resources will be shared to aid in the awareness of compliance requirements.

This webinar is approved for SHRM PDC credit. This webinar has been submitted to the HRCI for review.

Click Here to Register


Hire Image’s Top 10 Background Screening Predictions for 2018

When it comes to background screening, drug testing, and employment verification, human resource professionals, employers, business owners, and employment attorneys must keep informed of the ever-changing rules, regulations, laws, and court decisions.

What are the trends facing the industry for 2018?  Of those, what will have the greatest impact on the practice of human resources related to background screening?

Here are Hire Image’s 2018 Top 10 predictions for what’s “hot” and why.  These are topics that are sure to demand attention in 2018.

1. Increased Attention to Data Security

One of the biggest lessons we learned in 2017 is that our personal information may not be as safe as we had hoped.  There were breaches at many companies and financial institutions throughout the year, culminating with the major Equifax data breach that captured headlines in the fall.  This breach was staggering not only because of the over 145 million people it affected, but also because of the extremely sensitive information, such as social security numbers, that was compromised.

As our banking, business, and overall online transactions continue to skyrocket, the amount of personal information captured and stored by businesses will continue to grow in 2018.  With an increase in information comes an increase in concern over the security of that information.  Securely maintaining and disposing of records that contain sensitive information will continue to be a top priority for every business owner.

The Federal Trade Commission (FTC) is charged with the regulation and oversight of business privacy laws and policies in the U.S. that impact consumers, including the Fair Credit Reporting Act, which governs background checks and provides guidance on best practices businesses should follow to keep data secure.

In addition to following the FTC’s guidance on the proper data security practices, businesses that utilize a consumer reporting agency for their background screening services should be sure to partner with one that has achieved accreditation with the National Association of Background Screeners (NAPBS) Background Screening Credentialing Council (BSCC). The Background Screening Agency Accreditation Program (BSAAP) standard, policies and procedures, and measurements are available at http://www.napbs.com/

2.  Increased Misunderstandings Surrounding Drug Testing in “Marijuana-Friendly” States

Marijuana remains a Schedule I substance under the Controlled Substance Act, which makes it illegal for any reason under federal law.  However, more than half of the states have now legalized marijuana for either medical or, the more expansive, recreational use.  This inconsistency among states and, more specifically, between states and the federal government leaves many employers wondering what the changing laws mean for their existing drug screening policies.  This issue was further complicated just last week by the Memorandum on Marijuana Enforcement issued by the Department of Justice, making it easier for U.S. prosecutors to enforce federal marijuana laws in states that have legalized it.

Throughout the cases that have been decided (and are in no doubt just scratching the surface of this issue), one thing is clear–employers still have the right to maintain a drug-free workplace.  States are beginning to step in to help define the rights of employers as they pertain to the changing drug laws.  Additionally, when medical marijuana is involved, employers must also remember the Americans with Disabilities Act, which prohibits discrimination against someone with a disability.  For example, in Barbuto v. Advantage Sales & Marketing LLC et al, the Massachusetts Supreme Judicial Court ruled that an employee may proceed with a claim of handicap discrimination after being terminated from employment based on a positive workplace drug test result for her off-site use of medical marijuana.

Employers should also be aware that marijuana in the workforce, legal or otherwise, continues to rise. According to a study by Quest Diagnostics, the world’s leading provider of diagnostic information services, in oral fluid testing (detecting recent drug use), marijuana positivity increased from 5.1% in 2013 to 8.9% in 2016 in the general U.S. workforce, representing a nearly 75% increase.

It is important that employers recognize that every state has different requirements and update their policies for each state in which they do business.  When updating, clear and distinct language should be used to ensure that employees have a firm understanding of what is expected of them and the ramifications of non-compliance.

3. Salary History Inquiries May Soon be History

2017 saw many gender equity issues come to the forefront and we expect this powerful trend to continue, including when it comes to salary history questions during the hiring process.  Several jurisdictions have passed “pay equity” laws over the past couple of years to help close the gap on equal pay and strengthen protection against pay discrimination by employers.  However, jurisdictions are now taking it a step further by enacting specific laws prohibiting employers from inquiring about salary history during the interview and screening process.

Massachusetts was the first state to pass legislation, in 2016, prohibiting employers from requiring salary history from applicants before receiving a formal job offer (the law actually goes into effect this year, on July 1, 2018).  Last June, Oregon passed a law prohibiting employers from screening applicants based on salary history (effective January 1, 2019) and in October, California passed its own legislation (effective January 1, 2018).

In April of 2017, Philadelphia became the first city to prohibit employers from inquiring about an applicant’s wage history at any stage of the hiring process (note that this law has been enjoined and is not currently effective).  New York City and San Francisco followed suit by enacting similar legislation in April and July of 2017, respectively.

Salary inquiry restrictions will impact many employers nationwide in 2018 and beyond as more jurisdictions look at enacting similar legislation. Employers should review their policies and practices regarding previous employment information and how employment verifications are handled. Pay equity laws could impact the screening process and policy changes may be required.  Click here for a list of current Salary History laws.

4. “Ban the Box” Initiatives will Continue

“Ban the Box” has been a popular subject for some time now, and while we have all discussed the ins and outs of the laws as they were intended, it appears that their adaptation and evolution will continue into 2018.  As of January, 30 states and more than 150 counties and cities have now passed legislation removing criminal history questions from job applications.

As the “Ban the Box” movement has grown, many of the laws now go further than simply eliminating the question about criminal conviction history from the application. Requiring an employer to wait until after a conditional employment offer is made before inquiring about criminal history and limiting the type or age of conviction records an employer can use in considering employment are just a few ways that the laws have expanded.  It is also expected that many established “Ban the Box” laws will be amended to include “Fair Chance” components.   Spokane, Washington is the most recent city to pass legislation, which becomes effective May 28, 2018.

Employers should understand and comply with the laws in the states, counties, and cities in which they do business.  Click here for a list of current “Ban the Box” laws.

5. Social Media Searches Will Increase

There is no doubt that both employers and prospective employees are using social media more and more when recruiting or looking for employment, respectively.  A 2016 Career Builder Survey found that 60% of employers use social networking sites to research job applicants.  This represents a significant increase from the 22% who did so in 2008.  That increase in percentage, along with the increasing amount of Millennials entering the workforce demonstrates that the use of social media in the hiring process will continue to increase.

For the employer, it is a risk versus reward analysis.  The reward is avoiding a potentially bad hire and the tremendous costs associated with such.  However, in using social media, the employer runs the risk that he or she, even unintentionally, will come across protected classes of information and then use that information to make a hiring decision.  Even the appearance of a decision not to hire someone based on a negative impression related to race, gender, religion, disability, or other protected classes could subject them to a discrimination lawsuit.  There is also the risk of a lawsuit for using protected activity, such as the applicant complaining about a previous employer, as a basis for not hiring someone.

Other problems with the use of social media searches throughout the background screening process include the possibility of false positives or negatives.  People use different names on their social media accounts and at least some information posted is usually incorrect.  Employers run the risk of misidentifying someone or missing someone all together because of these inaccuracies.

Finally, employers need to be concerned with the applicant’s right to privacy.  It should be noted that this does not apply if the applicant’s social media settings are set to public.  That information is open and anyone can look at it, including potential future employers.  However, if their profile is set to private, the employer cannot try to bypass those settings without risking exposure to potential liability down the road.

These concerns should be considered carefully in order to decide if this type of investigation is worth the effort and risk. Companies are encouraged to discuss these searches with their legal counsel and consider outsourcing this process to stay away from potential discrimination claims.

6. E-Verify Gets Closer to Becoming Mandatory

E-Verify is a fast and accurate web-based program that helps to ensure that jobs are only made available to those eligible to work in the country.  It is currently being used by over 740,000 employers in the United States.  Checking job applicant eligibility using E-Verify has been a voluntary process (except for certain employers with federal contracts) since it was created by the U.S. Citizenship and Immigration Services (USCIS) in 1996.   However, the Legal Workforce Act introduced in Congress last year could change that.

The goal of the legislation is to make E-verify a mandatory requirement for all U.S. employers.  Mandatory use was also included in the White House Fiscal Year 2018 Budget in an attempt to reduce illegal employment.  According to the Society for Human Resource Management (SHRM), there is strong support for a mandatory system among U.S. employers.

A published Summary of the Act, demonstrates that the mandatory participation for new hires would be phased in gradually in six month increments, based on the number of people employed by a business, so that within 24 months, all businesses will be mandated to use E-Verify.

7. On-Demand, Extended Workforces and the Gig Economy Continue to Impact the Screening Process

There is no doubt that non-traditional staffing has been on the rise.  A study by Intuit showed that there will be 7.6 million Americans working in some form of on-demand or freelance capacity by the year 2020.  Both employers and employees tend to need more flexibility than ever.  This has forced many industries to change the way they do business, while, at the same time, inspired new industries to emerge.  Although not identified as employees, these contractors, freelancers, and consultants represent the companies they’re gigging for, and are often times the only “face” of the company the customer ever sees.  In order to maintain the integrity of the “gig economy,” as well as the trust of their customer base, it’s up to the businesses who rely on a freelance workforce to properly vet those individuals, even when they are not defined as traditional employees.

With a high turnover rate and a need for quick, efficient background checks, companies rooted in the gig economy should be prepared to adopt clear background screening protocols with a willingness to adapt the policies as local and national laws change.  Employers could have the same exposure as with traditional employees and should screen them just as if they were so.

8. FCRA-Related Lawsuits Remain a Threat to Employers

2018 will likely see the continued trend of class action lawsuits brought against employers for alleged violations under the Fair Credit Reporting Act (FCRA). Employers should not let down their guard when it comes to FCRA-related lawsuits, as plaintiffs’ attorneys will continue to creatively bring suits to show the “concrete injury” requirement established in Spokeo, Inc. v. Robins, Inc. in 2016.

Last year saw cases involving Avis (paying a $2.7 million settlement in a class action lawsuit), Postmates (paying a $2.5 million settlement), and Home Depot (on the opposite side, dismissing the case for lack of “concrete injury”), among many others.

Although most class action lawsuits that wind up in the news involve large, recognizable companies, employers of any size are at risk and should frequently review their forms and processes to ensure that they are in compliance with the FCRA. Employers should also review the laws in the states and cities in which they do business to ensure compliance with local laws.

9. Access to Criminal Data Information will be Limited

In addition to the restrictions placed on the type of record or age of information that employers can consider when reviewing an applicant’s criminal history, a new obstacle for background screening appears to be on the horizon.  Turnaround times for obtaining information have increased substantially, as many courts no longer have the resources to help with public research.

Additionally, several states are considering proposals that, if passed, would further restrict access to criminal records by imposing new rules about who can have access to court records and what information those records will contain. Under many of the proposals, date of birth will no longer display in records, thereby eliminating a key element that allows background screening agencies to validate that the criminal record belongs to the applicant in question, and making it more difficult to ensure maximum possible accuracy.

10. Drug Screening Panels will be Added in Response to the Country’s Drug Crisis

According to an analysis of over 10 million drug tests, Quest Diagnostics recently found that the American workforce reached the highest positivity rate for drug use in over a decade.  Barry Sample, Senior Director, Science and Technology at Quest said, “[t]his year’s findings are remarkable because they show increased rates of drug positivity for the most common illicit drugs across virtually all drug test specimen types and in all testing populations.”

Poison control centers and hospital emergency rooms have reported increasing instances of abuse and overdose of synthetic (also called designer) drugs, which are not approved by the FDA.  Synthetic drugs have constantly changing compounds, so that testing becomes increasingly difficult.  As such, it is imperative to stay one step ahead in new drug-test development.

Drug screening panels will need to be added or changed in order to keep up with the increased use of various drugs.  Both the Department of Health and Human Services (HHS) Mandatory Guidelines and the Department of Transportation’s rules reflect this trend by clarifying existing drug testing program provisions and adding certain semi-synthetic opioids including hydrocodone, oxycodone, hydromorphone, and oxymorphone, commonly referred to as OxyContin®, Percodan®, Percocet®, Vicodin®, Lortab®, Norco®, Dilaudid®, and Exalgo® to the drug testing panel in response to the increasing concern over opioid abuse in this country.

It is clear from all that is happening in our industry that the year 2018 will be a busy one in the background screening, human resources, and employment law fields.  Hire Image will continue to monitor legal and regulatory developments in federal, state, and local jurisdictions and timely share those changes that impact the process of background screening.

Background and Drug Screening – Not a Question of Why, but a Question of When

It is undisputed how valuable background screenings are in the hiring process.  They not only provide a tremendous amount of information about job applicants, they also save a company time and money by reducing the risks of a bad hire, workplace safety issues, and even workplace crime.  Although everyone agrees how important they are, questions arise as to their timing.  Specifically, whether they can or should be completed before or after an offer of employment is made.

There are currently no federal laws restricting the timing of background or drug screening (other than occupational health screenings which may fall under the Americans with Disabilities Act).   State and local laws are really where the timing issue arises.  Some state, city, and county laws have restrictions in that you either are not allowed to conduct one at all prior to an offer of employment or where you can conduct one, but certain information is limited.  There are also Ban the Box laws limiting inquiries into criminal history at various times during the hiring process, which may include post application, post initial interview, or after conditional offer is made.  The laws vary greatly between jurisdictions and it is important to understand how those laws impact the timing in each jurisdiction where you are considered an employer.  For a complete ban the box resource guide, click here.

If you are in a state where pre-offer background and drug screenings are allowed, there are some advantages to doing them early.  For example, after a job fair for a large hiring initiative where starting the process early will assist you in having candidates available to work as soon as possible. The sooner you start, the faster you can learn if someone is not a good fit for the company and move on (after sending the required notifications).   If you have to wait until after an offer has been made, you will have to start again from step one with someone else, which will increase the amount of time that position stays open.  From the opposite perspective, when you find the right person early, he or she can have a faster start date after the offer is accepted, since the background screening is already completed.  Additionally, some searches take more time than others.  Starting early gives you adequate time to get the screening completed in its entirety.

Pre-offer background and drug screenings also have some disadvantages to consider.  There is a higher cost associated with doing the screening for multiple applicants at the same time.  This is especially true for industries with a high turnover rate, where costs can add up quickly.  Depending on the need to have candidates ready to work as soon as possible and the speed in which the background and drug screens are completed, companies should analyze the cost benefit specific to their company.

Employers should not let a question of timing stop them from conducting a background screening.  You should consult with your attorney to ensure you stay in compliance with your own state and local laws and remember that even if you are in a Ban the Box state, the provisions of your law may be vastly different from another.  This is especially important for employers with multi-state operations.  Once you ensure that you are compliant, it is important to stick with your company’s policy and stay consistent in terms of the timing of your background screening by location and by a certain position.  Another option is to hire a third party to conduct your background screenings.  Using a third-party background and drug screening vendor, such as Hire Image, can help you find accurate information on your candidates, as well as help you develop a process that works for your organization.