Background checks have become an essential part of today's recruitment process, and the recent changes in privacy laws and regulations have impacted how employers carry out background checks. With the advent of the internet and the tremendous amounts of data available, privacy concerns have become widespread. As a result, lawmakers have tightened the regulations surrounding the manner in which employers conduct background checks.
The Future of Background Checks
On May 25th, 2018, the General Data Protection Regulation (GDPR) came into effect. The GDPR was designed to protect EU citizens' personal data from misuse and abuse, and employers must now adhere to these regulations. One of the key components of the GDPR is the right to access an individual's data stored by a company. If an employee requests the data, the company must provide it within a month.
Similarly, in the United States, there has been a growing call for employers to respect employee privacy in the workplace. In 2018, the California Consumer Protection Act (CCPA) became law, and it is considered to be one of the most comprehensive privacy laws in the country, and has been a major driving force behind other states that have started to follow in California's footsteps.
The CCPA has implications for the employment sector since it applies to even small businesses and non-profits that may employ California residents. Additionally, the CCPA grants California residents the right to access personal information collected by a company, the right to request that such data be deleted, and the right to bring a private legal claim for violations.
Changes in Privacy Laws Being Implemented
In the face of stricter privacy laws, employers must now ensure that they are not infringing on their employee's privacy. The best approach is to be transparent with employees when conducting background checks, and to seek their permission before starting the background check process.
An employer should provide clear, concise information about why they are conducting the check, what information will be collected and how it will be used. The employer must also ensure that the information collected during the check is relevant to the job or role and not overly invasive.
Employers also need to ensure that they adequately protect personal data. As part of the CCPA, employers must be able to demonstrate they have implemented "reasonable" measures to protect personal data from unauthorised disclosures. This includes measures to ensure employees properly store and dispose of personal data.
Unreasonable Background Checks
In the past, employers would source public records or rely solely on third-party background checking companies to carry out background checks on their behalf. These checks were often invasive, disproportionate and unreliable.
A disproportionate check would be when employers would require candidates to submit their medical records. This unequal scrutiny would lead to claims of discrimination. For example, if an employer barred an applicant for a job in a warehouse or industrial setting based on their epilepsy. It is reasonable for employers to understand potential risks, but they must also be cautious in applying reasonable standards to employees and applicants.
An unreliable check is one that produces inaccurate results that can lead to incorrect conclusions about a person. This can have serious implications for the person being checked and the employer. For example, if a background check concludes that a person has committed a criminal act when he has not, this could lead to the erroneous decision not to hire or to fire the employee. Often, these cases involved outdated, inaccurate or erroneous information that should have been caught upon review.
Best Practices for the Future
Moving forward, employers must take extra care to handle employee data respectfully and not abuse their position of power. They must communicate openly and clearly with their employees about the background check process, what information will be collected, and how it will be used.
Employers must also ensure that their background checking procedures are fair and reliable. They should only collect the data necessary for the role, dispose of it correctly if needed and always double-check that their sources are reliable and up to date.
Finally, companies should provide employees with guidance on how to safeguard their online and personal data to reduce the risk of it being used against them inappropriately.
In conclusion, tightening privacy laws and regulations regarding background checks on employees may seem like an impediment to employers, but it is a welcome step in promoting the collective value and respect of data in the workplace. Employers must adapt their processes and procedures to meet privacy laws' requirements and to ensure that their background checks are proportionate, reliable, and fair. When it comes to employee privacy, an approach that fosters mutual trust, respect, and fairness between employer and employee will ensure a transparent and successful relationship.