It’s winter here in Pittsburgh, Pennsylvania. It is cold. The roads are terrible. It gets dark very early. For me, one of the few real pleasures of this time of year is climbing into bed with my flannel sheets and my huge overstuffed down comforter. I absolutely love that cozy feeling on a winter’s night. Suddenly, the inevitable happens. Just as my brain begins to settle down, a question pops up…
“Did you lock the door? Did you lock all the doors?”
I try to ignore it. I don’t want to get up. I’m pretty sure I did lock everything up and even if I didn’t, I’m sure it will be fine. Why am I even worrying about this? I roll over. Minutes pass. My brain isn’t going to let this go. In my mind, I can see the bad guy sneaking in and the things I have worked so hard for sneaking out. I can hear my children’s peaceful breathing and that does it. It’s that moment when I know I have to check. I am not going to be able to rest until I am positive everything is secure. I have a responsibility to keep my family safe and that is something I am not going to take a risk with.
As background screening providers, we face a similar situation. We are entrusted with protecting your applicant’s personally identifiable information (PII). Employers need to partner with a CRA that not only meets but exceeds data security guidelines. In the wrong hands, the same PII we use to conduct background screening could easily be used to steal an applicant’s identity. 2014 was a very tough year for data security. A variety of publicly admitted data hacks covered the headlines with damaging details. These hacks ranging from the theft of eBay user information, and the economic espionage of Pittsburgh area manufacturers, to the most published Sony hack. The amount of daily attacks is so great that Kaspersky, a global antivirus software company, has created an interactive map that shows global cyber threats in real time. Employers are rightfully concerned when they question how their background screening provider is using and storing their applicant’s PII.
So, how can you make sure that you are dealing with a background screening company that is proactive when it comes to maintaining strict standards in regards to their data security?
Here are some questions you may want to approach your current/prospective CRA with:
- Do you have a comprehensive data security policy in place?
- Are your employees trained in how to identify a data security breach and what to do if they suspect/detect a breach?
- Are you off-shoring applicant’s PII? Once this sensitive information leaves the US, there are no guarantees that legislation exists to protect it.
- Are you a member of the Concerned CRAs, a group dedicated to consumer protection?
- Do you have a Safe Harbor Certification?
- Are you accredited by the NAPBS? This accreditation validates a CRA’s commitment to data security, compliance, service quality, and minimizing workplace risk.
- What security audits have you passed within the past year?
Security is a growing concern in the world we live in. It may be impossible to perceive every threat and protect yourself from every situation. Employers can, however, do their best to mitigate risk by partnering with a CRA that takes data security seriously. It may be time to ask yourself, is your background screening provider getting up and “locking all the doors” or rolling over and”hoping for the best”?
Subscribe to our email list to be alerted of our next blog post: