Performing background checks on candidates is a crucial part of the hiring process for many employers. However, it can also be complex, especially when it comes to ensuring you remain compliant.
In this feature, we’ll look at why more than 20% of employers risk breaching the law when asking about criminal records incorrectly, why 40% fail to screen contract workers and why 70% may not be fully compliant with GDPR.
In addition to identifying the common pitfalls when performing background checks on candidates, we’ll also look at how to avoid them.
It’s almost a year since the General Data Protection Regulation (GDPR) came into force in May 2018.
The GDPR is an EU law that regulates the collection, use, disclosure and processing of personal data, and as HR professionals can handle significant volumes of sensitive data when screening candidates, it’s crucial you ensure your background checks are GDPR compliant.
However, this can be a challenge if you’re unclear on how to meet all your obligations. In fact, a report by IT Governance, published six months after the GDPR came into effect, revealed that only 29% of companies were fully compliant with GDPR.
All candidates have the right to basic information about the screening process and to know what personal data will be collected, as well as why and how it will be processed.
Candidates also have the right to request access, rectify or erase their personal data.
Another obligation relating to GDPR is related to ensuring you involve a human in the decision-making process of any programme where candidate data is handled, which could also include background screening.
With the growth of AI, HR automationand technology only set to increase in the coming years, it’s easy to see how some organisations could fall foul of this regulation.
Failure to comply with the GDPR could result in maximum fines of up to 4% of global annual turnover or €20 million, whichever is greater.
Some high-profile fines have already been issued since the GDPR came into force, including Google, which was hit with a €50 million fine by French data regulator CNIL, relating to how the firm collected and processed user data to personalise advertising.
If you’re screening candidates, review all your existing processes and ensure you have a GDPR-compliant background screening policy in place.
You’ll also need to work with any third-party companies who collect data on your behalf, to make sure they are following the GDPR guidelines, and update privacy notices, policies and contracts accordingly.
Social media has transformed the way organisations source and recruit potential employees, and many employers now perform social media checks on candidates during the hiring process.
While social media searches enable employers to gain a greater depth of insight into a candidate than perhaps a CV or interview, there are risks involved if you base hiring decisions on information found that you aren’t allowed to use.
A 2018 CareerBuilder survey revealed that 70% of employers use social networking sites to research candidates during the hiring process, and of those, over half found information that caused them not to hire an applicant.
Meanwhile, research conducted last year by Sterling found that 60% of businesses admit they haven’t included social media checks as part of their structured background-screening programme.
Organisations that conduct ‘unofficial’ social media searches could face compliance issues because hiring managers may discover more information than they really need to know, especially if this information relates to one of the protected characteristics, such as race, religion or sexual orientation.
If that candidate is subsequently not hired, the applicant may potentially claim this played a part in the decision not to recruit them, and the employer could be at risk of a discrimination claim.
For example, a hiring manager could discover that a candidate had been discussing pregnancy and babies on Twitter, and then decide not to hire her in case she’s pregnant. Of course, this could be deemed discriminatory, and the employers could find themselves in hot water.
Social media screening must be compliant with discrimination and privacy laws, so make sure any social media searches you carry out are part of a structured screening programme, and that any information you use is relevant to the job role.
HR also needs to ensure that hiring managers have a clear understanding of protected characteristics and sensitive personal data.
As with most other types of background check, if conducted by a Consumer Reporting Agency, the employer must also obtain a candidate’s consent before performing any social media screening on them.
Of course, outsourcing this as part of a structured background check programme is likely to mitigate the employer’s risk.
Criminal record checks can be incredibly complex, and there are legal risks if you get it wrong. In short, you need to make sure you’re performing the right type of criminal record check that is proportionate and relevant to the role in question. However, it’s often not as simple as this, and there are some common mistakes employers can make.
For example, if you collect criminal records data at the application stage of the recruitment process, chances are it won’t be compliant with data protection legislation.
Despite this, research last year by charity Unlock revealed that 70% of employers asked questions about criminal records in job application forms, while 22% asked about criminal records in a potentially unlawful or misleading way, which risks breaching the GDPR and the Rehabilitation of Offenders Act (ROA).
The ROA protects individuals convicted of minor offences from future discrimination, and enables certain convictions to become ‘spent’ or ignored after a rehabilitation period.
While employers are not prohibited from asking job applicants about their criminal record, the ROA restricts the amount of information that an applicant needs to disclose, and limits the extent to which employers may base their decisions on the information provided.
Make sure you’re transparent in your approach and consistent and fair in your hiring practices, and that any criminal record check you perform complies with the ROA. This guide on recruiting ex-offenders safely and fairly is a useful resource.
Employers can risk leaving themselves exposed if they don’t perform background checks on their contingent workers, such as contractors, freelancers and temporary workers.
Research conducted by Sterling in 2018 found that just 60% of employers screen their contingent workforce, compared to the 89% who perform checks on their full-time employees.
Some organisations fail to screen their contingent workforce because they assume an agency has already performed checks, while others may feel as though they don’t have sufficient resources to screen non-permanent, short-term workers.
However, temporary workers often have the same access to company resources and sensitive information as their permanent counterparts, meaning that gaps in the screening process could bring about significant risks, including fraud, theft or data security breaches. You also need to be sure they are legally entitled to work in the UK.
With increasing numbers of contingent workers entering the labour market, it’s important you are consistent and fair with your screening, have robust screening policies in place that cover all your workers, and that you carry out the same checks for both your contingent and permanent workforce.
Looking for more information? Read Strengths-based recruitment: are you hiring people for the wrong jobs?