Utah is the latest state to pass tough new privacy laws when it comes to Personally Identifiable Information (PII).
Utah passed a new law effective May 12, 2009 called ‘The Employment Selection Procedures Act.’ See: http://le.utah.gov/~2009S1/bills/hbillenr/hb1002.htm
The law prohibits an employer with more than 15 employees from collecting an applicant’s social security number, date of birth or driver’s license number before a job offer or before the time when a background check is requested. In addition, if the person is not hired, the employer will not keep the information beyond two years. The employer also may not use the information for any other purposes and must maintain a “specific policy regarding the retention, disposition, access, and confidentiality of the information.” An applicant has the right to view the policy.
The idea appears to be to limit the flow of personal data before or unless it is needed and to destroy it if no longer needed. For employers using paper applications, it creates an administrative burden since the employer needs to add another step to get the data required for a background check if an applicant moves forward in the hiring process. However, electronic hiring procedures, such as the Applicant Generated Report system offered by ESR, solves this issue, since an applicant is only asked to provide confidential data only if the employer decides to perform a background check and the information only goes to the screening firm.
ESR provides Utah employers with a sample policy in the ESR proprietary 50 state guide available after logging onto the ESRnet system.
The Utah law is part of a growing trend to restrict access to PII in order to prevent identity theft. Some courts have attempted to restrict the access of identifying information in public records, which makes it harder for employers to receive accurate reports on a timely basis.