Welcome to the December issue of the Credential Check Examiner! This month we will look at new workplace violence guidelines from ASIS, the attorney client privilege, and the latest type of credit card scam. Please feel free to offer your feedback. We appreciate hearing from our subscribers.

The Transportation Security Administration (TSA) is moving forward with its plans to roll out the Registered Traveler program nationwide in June 2006. The Registered Traveler program will allow people to avoid delays at the airports by pre-registering and submitting background information with the TSA prior to flying.

A timeline of three key dates have been scheduled:

• January 20, 2006: The TSA will provide guidance to the industry on how to collect the biometric data necessary (most likely fingerprints and/or iris scans) and announce the benefits program members will receive. This is also when comments on the model must be submitted and the redress process will be provided.
• April 20, 2006: The TSA will select a third party to manage compliance and certify service providers, as well as issue amendments to Airport Security Plans that establish requirements for verification providers.
• June 20, 2006: The first Registered Traveler participants will be screened.

More information on the Registered Traveler plan can be found at www.tsa.gov.

top

According to the U.S. Bureau of Justice Statistics, between 1993 and 1999, 1.7 million violent victimizations per year were committed against people in the workplace, including: 1.3 million simple assaults, 325,000 aggravated assaults, 36,500 rapes and sexual assaults, 70,000 robberies, and 900 homicides. With such astounding statistics, the need for a thorough and comprehensive guideline to prevent and manage workplace violence is not surprising. ASIS International, the premier international organization for professionals responsible for security has recently approved such a guideline.

Since March 2005, ASIS International's Commission on Guidelines had been diligently working on creating a distinct guideline that would, for the first time, provide organization's with a comprehensive guide to maintaining a safe and secure work environment. After a lengthy review and comment period this past summer, by a wide variety of professionals in the security industry, the guideline was recently approved and accepted by the ASIS Commission on Guidelines. The variety of contributory work on the guideline has resulted in the inclusion of multidisciplinary approaches to aggressive and violent behavior in the workplace, preventative measures, practices for security officers to better respond to and resolve incidents, and also encompasses the legal aspects of workplace violence.

"A major benefit of this guideline is that it applies to both public and private sector organizations while providing an overview of general policies and procedures that organizations can adopt to prevent threatening misconduct and violence in the workplace," said George M. Patak, Risk Management Consultant at Credential Check Corporation. "With the realistic and persistent threat of workplace violence in organizations both large and small, it is critical that this guideline be utilized by not only corporate security departments, but also human resource departments and executive level management alike."

Tip: ASIS International's Workplace Violence Prevention and Response Guideline will soon be available on their website for purchase. Please visit the ASIS International home web-site at www.asisonline.org for more information.

Source: Bureau of Justice Statistics. 2001. Violence in the Workplace, 1993-1999. Washington, D.C.: U.S. Department of Justice

top

Convenience is a hot commodity in today's business world, and more and more organizations are spending high dollar amounts to make their workplace more convenient. One such way of creating convenience in the workplace has been the advent of the multifunction printer (MFP), the combination copy machine scanner, fax machine, and printer. MFPs are similar to PCs in that they have processors and utilize memory. Furthermore, they create an electronic image of documents, which thus enables repagination or duplicate printing without having to scan the document multiple times. Convenient, right? Not necessarily. What many organizations don't realize is that these MFPs actually store a digital image of the document on its hard drive, which in turn could potentially be exposed to individuals outside the organization if and when the MFP is sold, or the lease is up. The money you've spent securing your organization's intellectual and proprietary data through other security means including safes and other security measures has now been wasted, and your company's most confidential information is exposed.

An additional hazard that arises from MFPs is that typically these machines are connected to an organization's main network and/or the Internet. As such, MFPs could be used to promulgate attacks throughout an organization if they are not properly secured. Furthermore, exposure may create legal liability if the MFP stores or transmits sensitive corporate, customer, or patient data that is subject to legislation including the Health Insurance Portability and Accountability Act (HIPAA) for the health care industry and other specific industry related legislative acts.

What can you do to protect your organization from exposure if you already have an MFP?

top

The attorney-client privilege can be defined as the right for a client and the obligation of his attorney to maintain confidentiality of shared information. It seems rather simple with regard to an individual consulting with their attorney regarding a personal legal matter. What then does it mean for your corporation?

For corporations, it entails the right to seek advice, examine alternative courses of action, and consult with counsel without fear that your communications can be disclosed. The privilege belongs to the client and may be invoked by the client or by the client's attorney on their behalf.

What do we mean by communication?

Communications could include, but are not specifically limited to: verbal conversations, phone conversations, written documents, and email.

Who is the client?

Clearly the President/CEO and Board of Directors of an organization could be deemed to be clients. The privilege can also extend to senior management in so far as the communication is within said management's direct prevue (decision-making authority). It is safe to assume that any employee without direct decision-making authority over the scope of the communication cannot assert the privilege. It is important for both the client and the attorney to discuss the privilege to uncover what is, and what may not be deemed confidential in the course of the communication.

When are we protected?

As long as the communications are between the client and the counsel only, and are involved solely in the purveyance of legal advice, confidentiality will almost always be protected. Discussing business details, not related directly to legal advice, with your attorney in most cases will not be protected. Also, disclosing the intention to commit a future act which violates the law may also void the privilege. We will be examining more substantive instances in which privilege is nullified in next month's newsletter.

The advice given in the article above is not intended to serve as legal advice.

top

As the holiday season rapidly approaches and cross-country travel dramatically increases, it is timely to present some food for thought to ensure your trips are as stress-free and safe as possible. To make life easier during this hectic travel season, the TSA has published a checklist to prepare even the busiest traveler.

Here are some highlights:

You can find the holiday travel checklist in its entirety as well as the list of prohibited items at www.tsa.gov.

top

When seeking reference information on applicants, it is common (and frustrating) for personnel directors to find that previous employers provide only directory information (name, job held, final salary, dates of employment) when asked about an applicant. It is typical for previous employers to be fearful of retaliatory claims by rejected applicants who claim defamation or negligent misrepresentation. States have been passing reference laws in response to the numerous cases in which employees with negative but undisclosed prior employment records have injured or killed coworkers, and those state laws are becoming more prevalent. Reference laws protect employers who give reference information concerning a former or current employee from liability.

Pennsylvania recently joined the list of states that have passed reference laws. Most jurisdictions have some type of employee reference law: only Alabama, Connecticut, District of Columbia, Massachusetts, Mississippi, Nebraska, New Hampshire, New Jersey, New York, Vermont, Washington and West Virginia do not.

"Acquiring valid information about job applicants is a necessity in the age of employer liability," said Timothy D. Whiting, Director of Applicant Screening at Credential Check Corporation. "A reliable background check often yields information that is crucial in understanding some of the relevant history of an applicant. Obtaining information by speaking with an applicant's former employer, and, conversely, providing references about your former employee are actions that are likely covered by an employee reference law."

Our advice? Each state law has its nuances. Know the employee reference law in your state and be able to cite it to your staff and clients.

top

Quote of the Month: “A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.”
-Herm Albright (1876 - 1944)

Pending legislation in Congress would mandate states to share mental health records for the purpose of adding the information into the national database that licensed gun dealers check before making sales. Most states currently have privacy laws that prevent mental health records from being shared with law enforcement.

Current federal law prohibits the mentally ill from purchasing guns, and the proposed legislation would provide information that would "save lives" according to the Federal Bureau of Investigation, which maintains the National Instant Criminal Background Check System.

National mental health advocacy groups are currently arguing that the bill would violate patient privacy and would further contribute to the stigma that to be mentally ill is to be violent.

The legislation would also mandate states to improve their computerized record-keeping for felonies and domestic violence restraining orders and convictions.

Source: www.detnews.com

top

Credit card scams have become big business as the use of the cards is an almost daily occurrence for most Americans-especially during the Holiday season. Scammers' tactics are becoming more sophisticated and effective.

The latest scam starts with the scammer calling and claiming to be from the Security and Fraud Department at your credit card company. He or she explains that your card has been flagged for an unusual purchase pattern and asks if you purchased an anti-telemarketing device for $497.99 from a marketing company. When you say No, the scammer offers to issue a credit to your account. The scammer goes on to explain that your credit card company has been tracking the marketing company for repeatedly fraudulently charging from $297 to $497, just under the $500 purchase pattern that flags most cards. The scammer then explains that the credit will be indicated on your next statement and then claim to verify your address.

Next, the scammer claims to initiate a fraud investigation and provides a six digit "control number". He or she then requests to verify that you are in possession of your card and asks for the first four numbers from the back of your card. These are the numbers used to make internet purchases. The caller will ask you to read the 3 numbers aloud and explains that they just need to verify that the card has not been lost or stolen, and that you still have your card. The caller now ends the conversation and thanks you for your cooperation. You have actually said very little and the scammer never asked for or told you your card number.

"What the scammers want is the 3-digit PIN number on the back of the card," said Todd N. Krost, Business Development Manager at Credential Check Corporation. "Your credit card company will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 digit PIN you may think you are receiving a credit but by the time you get your statement you'll see charges for purchases you didn't make. By then it is almost too late and more difficult to actually file a fraud report."

top

top