E-Verify Privacy Measures
By: Dave Fowler
Due in part to the negative security
experiences of the State of Minnesota has had with an E-Verify Designated Agent
(DA), USCIS is taking steps to enhance the security of E-Verify. As part of the privacy
initiative being taking by the U.S. Citizenship and Immigration Services (USCIS),
you may find that which most of these steps are good, one of them can cause difficulties
for employers who are federal contractors/subcontractors and E-Verify Designated
Agents serving federal contractors/subcontractors.
As of June 2, 2010 E-Verify is using commercial
data from Dun and Bradstreet (D&B) to:
duplicate registrations – identify an existing duplicate or similar registration
for the employer in E-Verify.
employer – if the employer data matches the D&B records allow the employer to
register in E-Verify. If the employer data does not match, E-Verify personnel review
and assess employer validity for registration.
This is good news because this updated registration
process, as described in the DHS
Privacy Impact Assessment (click USCIS) “will help ensure that only valid employers
enroll in E-Verify thereby establishing a level of identity assurance of the employer
and thus minimizing the changes of fradulent employers using E-Verify to confirm personal
information for illegal purposes.”
The E-Verify User Audit Report, which can
be exported as an Excel file, used to contain the full SSN of the employee that
was submitted to E-Verify. This report was very helpful to a federal contractor using
E-Verify (via the E-Verify web site or a DA) with a federal contract that includes
the FAR E-Verify clause. This report could be used to determine which existing employees
had been submitted to E-Verify and how each E-Verify case was closed. This information
is very helpful because
employer must submit some or all existing employees to E-Verify, and
employees already verified by E-Verify should not be submitted to E-Verify
more than once.
So, using the User Audit Report with the full
SSN made it very easy to uniquely identify existing employees who were determined
to be Employment Authorized by E-Verify as well as any existing employees with E-Verify
cases that did not confirm authorization to work in the U.S. This way, employers could
not submit authorized employees to E-Verify again and any existing employees not authorized
by E-Verify could be submitted again and verified as employment authorized.
Since the report now only includes the last
4 of SSN, anyone using the report must now do more work to uniquely identify the employee
related to each E-Verify case. This can be difficult because there is no long a single
unique identifier for the employee. Users of the report must use a combination of
variables to try and determine the unique identity of the employee which can be difficult
due to things such as name changes (e.g., marriage and divorce), lack of complete
data (e.g., date of birth), and employees with the same last 4 of SSN.
Therefore, your algorighm to link an employee
to an E-Verify case should match the following fields to identify the employee:
4 of SSN
There is additional information in the User
Audit Report, but it is not typically readily available in the employer’s HR/Payroll
system to match to the employees. Based on the experience in Minnesota and E-Verify’s
desire to increase the security and privacy features of E-Verify, the SSN in the User
Audit Report will continue to be masked to the last 4 digits. So, update your matching
algorithms and be prepared to manually identify at least a few employees.
This weblog is sponsored by TALX.
Recommended For You
ICE Worksite Investigation Leads to Raid of Texas Company On April 3, 2019 federal immigration authorities arrested more than 280 […]
Off-Site I-9s Present Unique Challenges for HR Firstly, what is an off-site Form I-9? It is an I-9 for an […]
U.S. Immigration and Customers Enforcement (ICE) has dramatically increased its audits and investigations of Form I-9s. And ICE is not […]
This is the final post in our four-part series for HR professionals, called “I-9 Audit and Remediation Best Practices.” In […]