5 Data Security Questions You Should Be Asking Your Background Screening Provider

(Last Updated On: January 28, 2021)


Now that we are one year into the pandemic, what lessons have we learned?  Are there steps you have taken to improve efficiencies, tighten up policy, and prepare for a return to growth?  COVID restrictions have caused most businesses to make some radical changes in the way business is done.  Many leading business are now taking a serious look at their security strategy and what aspects need to be reset to make today’s “work from anywhere” requirement a workable reality.

A critical part in reviewing your data security plan should include a review of your vendors’ policies, including your background screening provider. Safeguarding employee data is a priority for any company conducting employee background checks.  In order to conduct comprehensive background checks, background check companies are entrusted with applicant’s private and sensitive information including: full contact information, social security numbers, dates of birth, etc…

Choosing a background check partner whose policies and practices reflect your own high standards in safeguarding your employees and applicant’s personal information is a critical piece in ensuring all bases are covered in your data security plan.

Here are five critical questions to ask yourself when reviewing background screening providers:


  1. What certifications do you hold? Are you SOC2 certified?- A SOC 2 report ensures your background screening partner meets the current high standards set by the AICPA (American Institute of Certified Public Accountants), to protect customer and third-party information. Completion of a SOC2 audit helps to ensure high standards for the protection of privacy, security, and confidentiality of consumer information used for background checks.


  1. Is any of my applicant’s data being sent overseas?- Several background screening providers opt to outsource verifications to foreign countries in order to lower their costs. Sharing PII (personally identifiable information) with a foreign country is a risky practice because other countries can vary in their laws and regulations in regards to how that private information is handled.  To protect your applicants, you want to make sure that their information is kept in the United States and safeguarded by our laws.



  1. What are your protocols for notification in case of a breach? You should know how your vendor categorizes risk and what they consider a “serious” issue.  Also, what is the frequency and form of notification they will use?


  1. Do you have cyber insurance? In order to ensure business continuity, it is important for your background screening partner to have cyber insurance to avoid disruption to services in the event of any security incidents.



  1. Are you PBSA accredited? To become accredited firms must demonstrate initial and ongoing compliance with the accreditation standard as prepared by the Background Screening Credentialing Council (BSCC). Compliance is demonstrated through rigorous desk and on-site audits, all of which are completed by an independent third-party auditor.


COVID has not given us a break on compliance.  In order to promote a “Security First” culture, it is important to check that your background screening vendor practices are in line with your organization’s data security strategies.


Justifacts has been committed to providing compliant, accurate employment suitability reports for nearly 40 years.

Justifacts is both PBSA Accredited and SOC2 certified.  Justifacts undergoes these audits to confirm we meet the high standards for protecting the privacy, security and confidentiality of consumer information used in the background screening process.


 If you are looking for more information on our services, feel free to request information or give us a call at 800-356-6885 to speak to our sales team.

It is important to note that Justifacts is providing this information as a service to our clients. None of the information contained herein should be construed as legal advice, nor is Justifacts engaged to provide legal advice. We go to great lengths to make sure our information is accurate and useful. We recommend you consult your attorney or legal department if you want assurance that our information, and your interpretation of it, is appropriate to your particular situation.