Institutions Must Take Note of Recent Changes to CORI Regulations
In April, the Department of Criminal Justice Information Services (DCJIS) released amendments to the regulations governing access to and the use of information maintained in the Commonwealth’s Criminal Offender Record Information System (CORI). The amendments to the regulations will effect use of the iCORI system to conduct background checks.
The following changes, among others, included in the amended regulations will have an immediate impact on institutions using the iCORI System:
- Expanded Definition of “Employee”. In addition to employees and volunteers, the definition of employee now includes contractors, subcontractors and vendors. This change will allow institutions to conduct CORI checks on individuals who will provide services to or for them in these capacities.
- Changes to Acknowledgement Form Requirements. The amended regulations include several changes with respect to CORI Acknowledgment Forms. For example, Institutions can now collect Acknowledgment Forms as part of an electronic application and can run an additional CORI check based on a signed Acknowledgment Form without providing written notice to the individual 72 hours in advance, so long as the Acknowledgment Form includes a notice that the employer may conduct an additional check within one year from the date the Acknowledgement Form is signed.
- New iCORI Agency Agreement. Upon application to obtain or to renew access to CORI information through iCORI, Institutions must accept an agreement whereby they will promise to: comply with CORI laws and regulations; keep an up-to-date list of employees authorized to request and review CORI information; request only the authorized level of CORI information; and accept that they, and any of their authorized users, will be liable for violations of the CORI law and regulations.
- Provide Specific Information In Pre-Adverse Action Notices. For employment purposes, Institutions are now required to identify the specific criminal record information on which the pending action is based in the Pre-Adverse Action Notice.
- Cloud Storage of CORI Information. Institutions may now store CORI information using cloud storage, provided, however, that the Institution has a written agreement with the storage provider and that stored information is encrypted and password protected. DCJIS will produce guidelines for cloud storage agreements.
Client Tip: Institutions should review and revise their background check policies, procedures and forms now to ensure compliance with the requirements of the amended regulations.