- In case you missed it, Acting Director Thomas Homan announced recently that Immigration and Customs Enforcement (ICE) will increase worksite investigations of employers compliance with immigration laws by four to five times starting this Fall. Meaning, ICE will ramp up immigration enforcement at workplaces with respect to a company’s compliance with the legal requirement to complete the Employment Eligibility Verification form (the “Form I-9”) for employees as well as investigate whether employers are hiring and maintaining a legal workforce.
- In other immigration compliance related news, Asplundh Tree Experts entered into a $95 million settlement with DHS/DOJ over its hiring practices and the unlawful employment of undocumented workers. The allegation was that the scheme involved decentralization of hiring so that senior management (intentionally) would not be aware of what lower level managers were doing during the hiring process. The settlement includes $80 million in a criminal forfeiture money judgment and $15 million to satisfy civil claims of failure to comply with immigration laws. After Infosys, this is now the largest payment in an immigration case.
- Switching gears to data privacy and companies operating in the European Union (EU), the Article 29 Working Party issued guidance (Guidelines on Personal data breach notification under Regulation 2016/679) related to the General Data Protection Regulation (GDPR) and notice to regulators and individuals in the event of a data breach. The GDPR generally requires notice within 72 hours in the event of a data breach. The 30-page guidance is a must read for those working on compliance with the GDPR and the handling of EU nationals personal data as it describes, through examples, the obligations of controllers, processors, conditions when notification is not required, and risk assessment triggering notification, among other topics covered.
- The European Commission’s first annual review of the EU-U.S. Privacy Shield program for transferring EU nationals personal data to the United States was a success. The Commission determined that Privacy Shield ensures an adequate level of protection for the transfer of personal data from the EU to the United States. This should provide comfort to companies transferring such data that Privacy Shield certification is a valid onward transfer mechanism. One noteworthy recommendation by the Commission in the report is that the Department of Commerce conduct compliance checks on a regular basis of certified companies.
- Last month New York Governor Andrew Cuomo announced proposed rules in response to the Equifax data breach that will require credit reporting bureaus to register in New York. At this time the proposed rules are focused on “consumer credit agencies,” which are defined as a consumer reporting agency that regularly engages in the practice of assembling or evaluating and maintaining, for the purpose of furnishing consumer credit reports to third parties bearing on a consumer's credit, public record information and credit account information. The definition in the proposed regulations is similar to that found in section 603(p) of the federal Fair Credit Reporting Act (FCRA) defining credit bureaus. Registration with the New York State Department of Financial Services would take effect February 1, 2018, with annual renewal required. At this time it appears that the proposed regulation will not cover consumer reporting agencies generally.
- According to U.S. Citizenship and Immigration Services (USCIS), and based on a new information-sharing partnership between USCIS and the Social Security Administration (SSA), foreign nationals in certain categories or classifications can now apply for work authorization and a social security number using a single form – the updated Form I-765, Application for Employment Authorization. The ability to do this simultaneously will be a benefit for employees. Although for Form I-9 purposes, an employee presenting and Employment Authorization Document (EAD) does not also have to present their Social Security Card since an EAD is a valid List A document. However, if the employer participates in E-Verify the employee needs to provide their SSN in section 1 of the Form I-9. Click here for more on USCIS's website.