28.01.2022 :
What you need to know about data privacy and background checks
How do you ensure that your employees’ data is protected during background checks?
For employers, access to certain personal information is imperative to conduct a background check program that will allow these companies, their employees, and their customers the assurance that their business is being conducted and managed by competent individuals who are qualified to perform their duties. Concerns about data privacy are not new, but with the increasing digitalization of our societies, laws and regulations are constantly changing and corporations must keep pace. It can be challenging for organizations to keep up with these changes, especially for those with international operations or staff located around the world.
What regulations apply to your organization?
In Canada, there are provincial and federal regulations that govern the issue of data privacy. These laws are implemented through three different acts.
Public sector organizations must follow the regulations under the Federal Privacy Act and the Freedom of Information and Protection of Privacy Act. These organizations include federal and provincial government agencies, municipalities, hospitals, schools and universities as well as non-profit organizations, political parties and associations. These requirements for handling personal information primarily include informed consent for the collection of information, its use, its accuracy, retention and disclosure.
Public sector organizations must comply with the regulations set out in PIPEDA. This legislation is based on 10 founding principlesthat ensure fairness in the handling of personal information and allow individuals to retain control over the collection, use and disclosure of their information.
The provinces of Quebec, British Columbia and Alberta have their own legislation regarding data security, so organizations operating in these provinces are subject to their respective regulations. An organization operating in one of these provinces as well as in the rest of Canada and/or internationally must also ensure compliance with PIPEDA.
As a Canadian company, how do you ensure that your background check program is compliant?
First, you must ensure that everyone whose data is collected has consented to its collection, and understands the purpose for which their data will be used. The signed consent should be as transparent as possible about the type of data being used, the details of the associated research and the retention of the information.
The information collected must therefore be relevant to the background checks you wish to perform. You must also ensure that individuals have access to their data and are able to correct it if it is found to be inaccurate. On the other hand, you should only retain possession of this data for the period of time that it is needed. It is your responsibility to dispose of it in a secure manner.
In addition to making sure you understand all the regulations your company should follow regarding privacy for your background checks, best practices to ensure your compliance include:
- To designate a Privacy Officer responsible for establishing a compliance program.
- Have regularly updated Privacy and Data Protection policies available to the public.
- Train and educate your employees on a regular basis about privacy issues.
- Establish a link so that individuals concerned about the collection of their data can contact you and access their information easily.
Ensuring the protection of the companies we work with through our background check programs is the core purpose of Mintz Global Screening. We ensure that our business partners and our own company follow the highest security standards and comply with all laws applicable to our business at all times.
Contact our team of specialists with any questions you may have regarding your background check program and the safety of your employees and organization.