A Closer Look at the latest E-Verify MOUs
Last week, the United States Citizenship and Immigration Services (USCIS) published a brand new set of E-Verify agreements (each known as a Memorandum of Understanding or “MOU” for short) which will impact a variety of organizations that interact with the E-Verify system. For those who are new to E-Verify, the MOU is basically a non-negotiable, take it or leave it type of contract which must be electronically signed by the employer during the E-Verify enrollment process.
In particular, the MOU sets out (in some detail) all of the various terms and conditions of all of the parties involved (employers, agents, and even the government too). While most people would probably agree that browsing an MOU has all of the excitement of reading a shrink-wrap software license, it is actually a very important document which must be reviewed and considered before taking the E-Verify plunge. Let’s take a closer look at the changes!
The USCIS has published a handy fact sheet which lists the essential details concerning the MOU change. For those who want an even more condensed summary, here is my three-bullet “what you need to know” list:
- Are you a new user to E-Verify? If so, congratulations! You will automatically see (and need to sign) the latest version as of December 8, 2013.
- Already a current user of E-Verify? No problem, according to the USCIS. You will not need to sign a new MOU. Instead, the new MOU will magically go into effect for you on January 8, 2014. Pretty neat, huh?
- Can I view the latest E-Verify MOUs even if I’m not an E-Verify user? Absolutely! You can see all of the MOUs on the E-Verify web page here.
New MOUs Address Concerns about Non-Compliance
While the above information is certainly useful, you may still be wondering why the USCIS has decided to change the existing MOUs and add 3 new ones for web services (electronic I-9) users. According to USCIS’ supporting statement, the changes were necessary in light of the complexity of the E-Verify system and the ever-present danger of privacy breaches, pre-screening, and illegal discrimination. In addition, the agency recognized that there are a variety of potential users of the system (including employers, agents, electronic I-9 providers, etc.), each of whom has different rules and requirements.
So how are these concerns addressed in the new MOUs? As described below, USCIS appears to be focusing on monitoring and compliance, data security, and the responsibilities of the electronic I-9 provider.
Monitoring and Compliance
There are two revised provisions in the MOU for employer agents (including electronic I-9 providers) which address the issue of how E-Verify may conduct its monitoring and compliance function. First, they revised a provision in the MOU so that it now requires agents to cooperate not only with DHS but also with contractors or agents of DHS or SSA. While it’s not entirely clear why this change was made, it’s certainly possible that other agencies may be getting involved in watching over your E-Verify submissions.
Second, they clarified that DHS can terminate access of a software developer who creates or uses an interface that does not comply with E-Verify procedures “with or without notice.” This new requirement, in particular, should definitely give pause to any employer who has concerns about their current I-9 and E-Verify vendor.
As I’ve written in the past, the MOU has long required software developers to serve as E-Verify Employer agents with respect to their clients (despite the fact that some vendors were very slow to adopt this rule). Under this latest MOU, the USCIS is once again reiterating this requirement by adding new language which specifically allows the employer to designate the electronic I-9 provider to carry out the Employer’s responsibilities under the MOU.
When might this come into effect? One example which springs to mind is assisting an employer with a difficult E-Verify case that cannot be resolved through the usual channels. Over the years, LawLogix has encountered many of these “interesting” scenarios where it became necessary to contact E-Verify or even SSA to help resolve a case.
Last but not least, the USCIS has added new language whereby the Employer agrees to call or email DHS immediately in the event of a breach of personally identifiable information. Specifically, employers are instructed to call 1-888-464-4218 or send an email to E-Verify@dhs.gov with the subject line “Privacy Incident – Password” when sending a breach report to E-Verify.
Employers using electronic I-9 systems will want to go several steps further to ensure that the vendor has a comprehensive incident response policy which includes specific steps for detecting a breach, performing risk analysis, investigation and notification, and mitigation.
As E-Verify use continues to expand, it’s absolutely essential for employers to understand their obligations, rights, and responsibilities as dictated by the E-Verify MOU. Like it or not, employers must agree to all of the provisions and be prepared to defend themselves in the event of an E-Verify audit. For those employers using electronic I-9 systems, now’s the time to carefully review their handling of the E-Verify system and assess whether they are truly your agent (or just another vendor).
For more information on how the Guardian system by LawLogix can assist your organization’s E-Verify needs, please contact us here.
John Fay is an immigration attorney and technologist with a deep applied knowledge of I-9 compliance and E-Verify rules and procedures. During his career, John has advised human resource managers and executives on a wide variety of corporate immigration compliance issues, including the implementation of electronic I-9 systems. In his current role, John serves as General Counsel at LawLogix, where he is responsible for overseeing product design and functionality while ensuring compliance with ever-changing government rules.