Navigating the legal basis for employment background screening: Global compliance challenges and best practices
Abstract
This paper concentrates on the legal basis of processing personal data in the context of the employment background screening role. Although this is a specialised task, it serves as a useful exercise for any enterprise evaluating the legal basis of processing personal information, especially when third parties are involved. When conducting employment background screening, the roles of the parties involved need to be clearly outlined. If a third party screening company is used, they may be a data processor, which requires specific contractual language. If they are a data controller, then joint controller language will need to be completed, as the employer and background screener have entirely separate roles in the data processing. Determining the legal basis of processing is primarily completed by the hiring organisation, as only they know who they are screening and why. Although the term ‘consent’ is commonly used in the background screening process, it is rarely allowable in General Data Protection Regulation (GDPR) or GDPR-like privacy regulations but may be the primary legal basis of processing in other countries. This can set up a conflict of laws for the hiring organisation, which they will have to navigate through. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Kerstin Bagus is the Chief Knowledge Officer for NetForce Global, a wholesale provider of international background screening data. She has decades of experience in the screening industry. Kerstin is the recipient of the 2022 Professional Background Screening Association (PBSA) Mike Sankey Lifetime Achievement Award. She is a frequent presenter and leader with PBSA. She holds International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional certifications for Canada (CIPP/C), Europe (CIPP/E) and the US (CIPP/US).
Andy Hellman has worked in the background screening industry for almost two decades leading teams in operations, product development, business analytics and strategy. He is a published author and frequent presenter on all things related to global background screening, ranging from General Data Protection Regulation (GDPR) compliance to artificial intelligence (AI). Currently, he sits on the Board of Directors for the Professional Background Screening Association (PBSA). His international experience includes study abroad in Japan, working for an Italian technology company in Milan and running global screening businesses in London, Canada, the US and Singapore. He also holds International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Manager (CIPM) certifications, as well as a Fellow of Information Privacy (FIP).