The increasing “digitization” of our lives is both a blessing and a curse – it is much easier and more convenient to keep in touch with our family and friends, do work, transact, and entertain ourselves online, yet it also exposed much more of us and our activities to malicious or prying eyes. In response to the seeming loss of privacy, the past several years saw much of the world pass Data Privacy legislation, while the public started demanding organizations that collect and store information to improve the way they protect that data.
Background screening companies like Vanguard routinely collect, process, and send personal information to and from clients, candidates, schools, employers, and other parties. Professional and world-class screening vendors should have Information Security and Data Privacy tightly woven in their day-to-day operations, and not just something for the IT Department or the Data Privacy Officer to worry about. Each person in the company should know that it is everyone’s responsibility to protect the data that they work with – no exceptions!
Companies that want to outsource their employment screening requirements would do well to verify if the vendors they are considering have the appropriate disciplines, processes, and infrastructure in place to protect their data. It must be noted that any leakage of candidate personal information from the background screening vendors will ultimately be the legal responsibility of the company, as they are the employer of the candidate. There is no way to contractually pass that responsibility to the screening vendor, so the next best thing is to make sure the vendor is up to snuff in terms of Info Security and Data Privacy.
At a minimum, companies must demand that a Background Screening vendor have the minimum Information Technology infrastructure to support industry-standard security settings. All user computers must be centrally managed, and all logins are done using unique accounts. Password policies must conform to standards. All employees must have undergone training once onboarded, and regular reminders and refresher training programs in place. The concept of least access to data must be practiced. Work must be sufficiently segregated to have checks and balances. Physical security of the work areas must be in place. As a rule of thumb, your vendors Information Security and Data Privacy standards must be at par with your own standards – else they are the weakest link and your biggest risk.
*To get a FREE copy of How to do Background Checks Correctly go here: