Can background checks expose personal data?

Can background checks expose personal data?

Online and automated background checks are designed to reduce the back-and-forth between the verifier and HR department.

In the age of stricter privacy laws such as General Data Protection Regulation (GDPR), experts claim verification apps will need to speed up the authentication process while protecting sensitive information.

Background checks and data privacy

Truework, a newcomer to the multibillion-dollar employee verification industry, is preparing to take on what it calls a ‘compliance-heavy’ task.

The startup headquartered in San Francisco officially launched this month with US$2.9m in seed funding and the battle cry of upholding data privacy.

“We realized that this industry at large needed a new paradigm for how sensitive data is shared,” said Ryan Sandler, co-founder and CEO at Truework. The paradigm shift entails streamlining HR processes while putting employees in control of their data.

HR can install the Truework app into its current HR management system. Truework screens external data requests and then notifies the employee of the inquiry via email.

The app allows the employee to review the data or instruct HR to update or correct entries before authorizing the release. Once the employee gives explicit approval, the information is shared on a secure platform.

Truework is going up against industry leaders such as The Work Number, the online employee and income verification service owned by Equifax and used by tens of thousands of companies.

In 2017, IT security expert Brian Krebs revealed vulnerabilities in The Work Number’s data management system.

The Equifax data breach, which exposed sensitive information from more than 145 million individuals, left The Work Number open to identity thieves intent on stealing employment and salary histories, Krebs reported.

Tougher consumer protection

GDPR privacy rules order companies that collect personal information to inform subjects of the type and purpose of the data collection as well as the place and duration of storage. They also need to secure the subject’s explicit approval.

In the US, background screening firm HireRight requires clients to provide certification that they are legally permitted to acquire personal information and that the subject consents to the screening.

“Consent must be freely given, specific, and informed,” Lewis Lustman wrote of GDPR on the HireRight blog.

Apart from legal mandates, background checkers are relying increasingly on emerging technology to safeguard personal information.

HireSafe, another screening service based in North America, uses a trademarked platform called Instascreen. The platform, hosted by Amazon Web Services, purportedly protects sensitive data against external attacks, unauthorized access, worms, trojans, and other malware.

The cloud infrastructure is touted as “one of the most flexible and secure cloud computing environments” to date.


Related stories:
Is your LinkedIn profile open to data miners?
Stacy Zapar's 5 essential recruiting tools
Are you ready for GDPR?