Criminal background checks involve a great deal of personal information, and the way businesses handle them is important in ways beyond compliance with the law. Protecting an applicant's privacy is important, too. Explore some steps you can take to better respect job-seekers privacy.
When screening potential new employees during the hiring process, businesses focus a substantial amount of attention on legal compliance. Abiding by "ban the box" or "fair chance" laws, meeting federal guidelines, and other efforts are all critically important to protecting the company. However, how much thought have you given to protecting job applicants during criminal background checks?
Even when based on public records, the vetting process can reveal sensitive facts about an individual. Protecting individual privacy rights is important, especially when you may collect a range of personally identifiable information about candidates to do a background check. Mishandling this data could create legal risks separate from the usual compliance concerns. Therefore, a plan for avoiding problems—and respecting an applicant's privacy—is essential.
What steps should a company take to ensure that it respects the privacy of its employees and applicants? Here are seven ideas to keep in mind.
To begin, consider that there is some overlap between the laws concerning using a criminal background check for employment and how you can respect privacy. The FCRA's mandate that you receive written consent from an applicant is one such area of overlap. Obtaining consumer reports such as a credit check or a background check means gaining deep insight into aspects of someone's personal life.
It would be unethical, not to mention illegal, to obtain this information for employment purposes without first alerting the individual. Developing a written procedure for ensuring FCRA compliance is the simplest way to ensure you only obtain reports on individuals who've given permission. If a candidate declines to submit to a background check, you are always free to move on to another applicant.
Don't obtain more information about a candidate than you need to for completing your evaluation. While it can be tempting to order a broad battery of vetting products to see the big picture about a candidate, you might overreach in the process. Typically, you will only need the following for most candidates:
In most cases, there is no good reason to pull a candidate's credit history report as part of the hiring process. In fact, some states bar that procedure altogether. Only order what you need. For another example, there is little reason to request a candidate's MVR report when you're hiring for a position that involves no driving.
Only obtain what's necessary for your decision-making process.
It helps both you and your candidates when you conduct background screenings based on the most reliable resources available. Remember, there are no true national criminal databases. Even the FBI's fingerprint-based database only includes records of federal crimes and what state agencies choose to share. Therefore, it's key to partner with a consumer reporting agency that understands how to source and maintain records for issuing accurate, up-to-date screening reports.
Confirming that records belong to the individual you're considering for a job role is crucial. Otherwise, you can run into situations where you risk obtaining a report for the wrong individual. The right partner works with you to ensure that all the pieces are in place for you to receive an accurate, relevant report.
Just as you should choose a screening partner offering access to reliable data, you should also evaluate their stance on security. After all, many of these solutions rely on the internet for ordering and receiving background check results. That process necessarily involves transmitting a candidate's private information to your partner. Your reporting agency must handle this information with the same care you would in the office.
Ask potential agency partners what they do about security and how they protect their systems against likely intrusion attempts. Doing due diligence on providers to understand how they will use your candidates' data is an important and valuable step.
Your background check partner isn't the only one that needs to think about digital security. Your business should have a plan in place for how you will store these records securely, too. Since you may keep an employee's background check on file for some time, such information mustn't be accessible to those without authorization.
Limit the number of people with access and authorization to sensitive applicant data. The relevant team members in HR and management should all understand the need to keep this information private. Ensure that the average employee cannot access these systems and train HR to maintain strict control over who can see the data.
Under the FCRA, businesses must retain records for a period of time in the event that a job candidate opens a dispute. The exact retention period is unclear because of overlapping legal standards, but most companies choose to hold on to applicant records for five to six years. During this time, you should keep this information well-secured.
However, once the retention period elapses, you should promptly delete this information from your computer systems. With no continuing legal obligation to hold on to the data, there is no good reason to remain liable for keeping that information safe. Permanent deletion after some time is the best way to ensure you're following best practices for privacy.
How you collect an applicant's information matters. For example, you may use a web-based platform to collect information from an applicant, such as their FCRA consent signature and personal details. This system may interface directly with your background check provider or be part of your provider's service. Whatever the case, choose solutions that use high-grade encryption to transmit the information between users and servers.
Digital onboarding can be swift and easy, but it shouldn't come at the expense of user privacy. Just as you protect records in your physical office space, you should also seek to create a private online environment.
Devoting time and attention to the issue of candidate privacy is worth the effort. Even though applicants themselves may never know the extent to which you try to protect their information, it is an outcome preferable to mishandling data and the associated risks. By taking the time to think about your procedures and partnering with a reputable reporting agency, you can ensure your business won't be responsible for leaking personal info.
For good reason, criminal background checks are a critical element of the hiring process. Using them appropriately should always mean going beyond simply complying with the law. Extending your focus to the logistics of the procedure and how you handle information leads to a stronger, more reliable process.