The amount of data collected and aggregated each day is astounding, and rapidly growing. To be precise, 2.5 quintillion bytes of data are currently produced daily. By 2025, it is estimated 463 exabytes will be generated each day. And this only includes the data collected and processed by private companies. Public records, such as civil or criminal records held by courts, have a life of their own.
While all this data exists, in some cases indefinitely, the question becomes: should it be available to private parties, such as employers, to review and assess?
Picture yourself in a virtual meeting with your colleagues and your clients. Do you feel comfortable that everyone on your team, especially those you commonly associate with, is an asset to the organisation? If ‘yes,’ it's likely because you've grown to trust your colleagues. But while trust is earned over time, how can employers quickly ascertain if they’ve made a sound investment in their most significant asset and their biggest source of risk, their workforce?
Pre-employment background screening can help reinforce your hiring decisions by verifying your candidates have the experience and qualifications they claim to. However, designing and implementing a way to effectively manage your organisation's hiring risk is a balancing act between commercial realities and the moral high ground.
An organisation places itself in a vulnerable position if they rely solely on gut instinct when making hiring decisions. Yet asking your candidates for too much information before offering them the job could be seen as invasive, may put off the best candidates, and could even be illegal depending on your location and the type of information you are asking them to provide.
However, in today’s world, where brand reputation lives in real-time online, a single worker's actions can wreak havoc for an employer. You’ve seen the stories – a worker makes a salacious post that gets attributed to the employer, forcing the employer to react, for example. Which often results in the worker’s termination of employment and a public apology or distancing statement from the employer.
While these types of behaviour can be difficult to predict, there are steps a business can take to check a candidate’s background to see if they have a known record of acting this way. But how can this be done effectively and responsibly, while also maintaining the highest levels of integrity and transparency?
The answer lies in the organisation’s risk tolerance. Background screening should be relevant and proportional to the worker's role. The types of information a company checks can also depend on what local legislation permits. Highly risk-averse companies are more likely to conduct a comprehensive screening programme. Conversely, less risk-averse businesses may be comfortable verifying fewer aspects of their candidates’ information, taking certain parts of their experience or qualifications from their application form or CV at face value. But however a business approaches it, transparency is critical to ensure a frictionless candidate experience.
Data privacy laws are evolving at breakneck speed. If imitation is the sincerest form of flattery, the General Data Protection Regulation (GDPR), which came into effect in 2018, should consider itself well-admired. It is the benchmark by which other data protection laws are measured around the world. Consider macro-legislation, such as Japan’s Act on the Protection of Personal Information and Brazil’s new General Data Protection Law, or localised legislation such as California’s Consumer Privacy Act. All are modelled on the GDPR.
These laws tell us that covert gathering and processing of an individual’s data is wrong in most cases. When an individual's personal information is collected and processed, that individual should know exactly what data is collected, how it will be used, how long it will be retained and have access to correct and request deletion of it. These simple doctrines are universal tenets that should be recognised regardless of whether they are required by law.
As a minimum, identity verifications and reviews of previous employment and references should be required of all workers. How much further your business decides to take background screening depends on any local compliance restrictions, industry regulations which may require a broader range of checks and regular employee rescreening, and where they draw the line in the sand between business risk and their candidates’ rights to privacy. While compliance can help guide businesses as to what they are permitted to check, it’s ultimately down to each employer to decide what they feel is necessary and appropriate – a decision not to be taken lightly, as getting it wrong could prove costly.
Alonzo Martinez is associate counsel for compliance at HireRight