Issues and Emerging Trends in Employee Background Screening
May 12, 2021
Author’s Note: In writing this, I am acutely aware that many i-SIGMA members find themselves at this time having trouble finding good employees. Despite that fact, or maybe because of it, rehashing the basis and issues related to background screening is important. Oh yeah, and I am not a lawyer or CRA and this is not legal advice.
For any organization, the people it hires are both its biggest asset and its biggest risk.
Among those risks in the RIM, ITAD, and secure destruction industry – likely the most acute risk – is that they will have access to very sensitive and valuable information; information that both the client (bank, hospital, etc.) and you (the service provider) are required by law and by contract to protect.
Both NAID AAA Certification and PRISM Privacy+ Certification require initial and ongoing screening, and there are several issues about which operators should be aware.
Employee Screening Liabilities
In the US, third party employment screening firms are legally considered Credit Reporting Agencies (CRAs) under the Fair Credit Reporting Act (FRCA). This fact stems from the fact that use (or rather misuse) of such information in hiring can be deemed legally discriminatory.
This is why i-SIGMA’s certifications:
- Only restrict employment of those with a very specific conviction profile (fraud, theft, etc.) and not every criminal conviction.
- Require a third party to do the criminal background screens, which, as professionals (and CRAs in the US):
- Are more capable.
- Provide a safe haven from certain screening liabilities.
- Are more likely (and often legally responsible) to know any jurisdictional screening limitations and discriminatory pitfalls.
i-SIGMA’s Restrictions Versus Employer Discretion
As mentioned, using screening information to make initial hiring decisions must not violate discrimination laws. That said, service providers may use the information to restrict undesirable employees beyond what i-SIGMA certifications require. Even though i-SIGMA does not restrict the hiring of a person with a felony assault conviction in the past 7 years (because it legally can’t), it does not mean a service provider may not decide it is too big a risk to hire that individual. The important thing, if used to that effect, is that there be a rationale. For instance, the person will be in client’s offices and a past propensity to violence could be a problem.
Everything in the last paragraph applies to ongoing criminal background screening of existing employees as well. if the ongoing criminal screening discovers a conviction (while employed) that prohibits the individual from being an Access Employee (as defined by certification), they must have no further contact with client information. If the service provider discovers a conviction for assault, they may decide the employee is too big a risk and remove or redeploy them.
Substance Abuse Recognition
I often get calls from members wanting to know what to do when an existing employee has a positive drug screen result. When that happens, I tell them they should do whatever their company policy states they should do. The point is, i-SIGMA cannot (and should not) be telling service providers how to deal with an employee with what, according to law, is a health issue. Moreover, there are far too many variables. Was the person on duty and putting themselves at risk, is it a chronic situation, have past attempts to help them failed, did they lie about the abuse?
Then (some might ask), why does i-SIGMA require substance abuse screening or recognition at all? The answer is that the service provider has an obligation to know if an employee is a substance abuser. How they deal with it is their choice, but it cannot be ignored.
Social Media Screening
You have all seen it. The first thing law enforcement (and media) do when there is some horrific crime is to go to the perpetrator’s social media accounts. Often, the perpetrator has a squeaky-clean criminal history, but their social media history is full of red flags that indicate their state of mind or their propensity to violence.
It hasn’t happened yet that I know of, but it may have, and if it hasn’t, it will. Some employers will be held accountable for putting other employees and the firm’s clients at risk by hiring someone who, by their social media feeds, was clearly a danger.
Of all areas of screening, social media and online presence screening is emerging as a critical issue that employers cannot ignore.
Social Media Screening in the IG Journal: The upcoming edition of IG Journal has a feature article on Social Media screening by one of the country’s leading authorities.