The Department of Homeland Security (DHS) has released a document entitled “Guidance on the Collection and Audit Trail Requirements for Electronically Generated Forms I-9” in response to a Freedom of Information Act (FOIA) request. If you use electronically generated Forms I-9, read on. If you are a vendor with an I-9 product that allows companies to electronically generate Forms I-9, read on.
The Guidance provides direction to DHS special agents and auditors during Form I-9 investigations for those employers who use electronic Forms I-9. Which means that if you are the subject of a Notice of Inspection (NOI) by Immigration and Customs Enforcement (ICE) — meaning ICE wants to inspect your Forms I-9 — and you have electronic Forms I-9 through a third party vendor, ICE agents will not only look at your Forms I-9 but also at your vendor and their product. Under the Immigration and Nationality Act, providers of electronic I-9 software products must follow certain requirements (see generally 8 C.F.R. section 274a.2). The Guidance is important because it clarifies minimum electronic audit trail requirements, among other things. So what will ICE agents ask for if you are the subject of an I-9 investigation and you use an electronic I-9 product? In addition to the Forms I-9 and other documents, ICE will want the following:
- Documentation regarding the product’s ”audit trail”, specifically the date the Form I-9 was accessed, who accessed it, and what action was taken. Meaning that the audit trail must show when a Form I-9 was created, completed, updated, modified, altered or corrected.
- The name of the software product being utilized.
- Documentation about your internal business practices and protocols related to the inspection and quality assurance, as well as, the generation, use, storage and security of the electronically generated Forms 1-9. Which means that if you use an electronic I-9 product, have in place a document with your I-9 vendor outlining protocols and procedures in place with respect to the I-9 product and your Forms I-9.
- Information about the product’s indexing system identifying how the electronic information contained in the Form I-9 is linked to each employee. This will include documentation of the system used to capture the identity and attestation of the individual electronically signing the Form I-9.
- What procedures are in place to certify that the individual whose name is on the electronic Form I-9 not only is the person who completed the form, but also that they knew what they were verifying to when they provided their electronic signature.
- ICE agents or auditors may also ask to see at least one printed completed electronically generated Form I-9. They may also request access to the system for a demonstration of the generation of an electronic Form I-9.
Tip of the Day: ICE worksite audits and investigations can be a stressful process, but knowing what to expect will make the situation more manageable. Moreover, employers can greatly reduce the burden imposed by these audits by properly documenting the protocols and procedures relating to the company’s management of electronic Form-I-9s in advance and discussing them with immigration counsel. Contacting your electronic I-9 software provider may also provide answers to questions regarding the audit trail, indexing system and electronic signature. It’s also important to confirm that your vendor is meeting the standards outlined in the DHS guidance so that if ICE comes knocking you will be prepared.
The Guidance can be found at ICE’s FOIA library.