Considering a change to your background screening provider? Stop by the Cisive exhibit #210 at UNLEASH America and learn why many of the world’s largest companies trust Cisive to handle all of their employment screening needs.
Cisive has deep experience in serving the complex challenges and program needs of large enterprises and regulated organizations. If accuracy and reliability are paramount in your candidate screening program, then look no further.
Ready for GDPR? At Cisive, we are prepared for GDPR and stand alongside our clients and assume responsibility for implementing and managing employee screening procedures in compliance with GDPR.
Making a change to your ATS? No problem. Cisive has partnerships and pre-configured integrations with all of the leading enterprise ATS providers.
So, if you’re current background screening provider is only good at making apologies, come meet us and learn about the Cisive difference.
Cisive to the Rescue!
Don’t forget to come by and pick up your Cisive First Aid Protection kit.
An Intuit report showed that contingent workers of all types (temporary employees, independent contractors, project-based gig workers and on-demand workers) make up 36 percent of the workforce, and are expected to reach 43 percent by 2020. Around 80 percent of large corporations plan to substantially increase their use of contract employees.
A contingent worker in the extended workforce may be engaged for a particular project or for a specific time period and paid by a third-party agency, such as a staffing firm, a Professional Employer Organization (PEO), or firms that specialize in managing extended workforces.
Between 2009 and 2012, according the Bureau of Labor Statistics, the number of temporary employees rose by 29%. A survey of the 200 largest companies found that temporary workers represented, on average, 22% of their workforce, and that percentage is growing. Workers from all different industries (not just tech) are discovering that they’re able to be productive outside of the corporate office and without a long-term employer. And employers are finding that hiring contract workers increases efficiency and flexibility, plus they cost less and turn employment expenses into variable costs.
With this rapidly growing contingent talent pool, employers will need to adapt their screening processes. Contract freelancers have access to your software, your physical location and other valuable organizational assets. Whether it is a freelance graphic designer or a contract engineer for your growing IT department, your organization should do their due diligence.
These individuals are critical to the success of your organizations and their numbers are growing — making it even more important to establish a background screening process for your contingent and gig workers. According to SHRM, employers screening the contingent and extended workforce has nearly doubled in the last five years from 48 percent in 2011 to 81 percent.
Where to begin?
1)Create a contingent workforce background screening process and flow for others to follow. This should include the agency or other business your company may use to hire contractors, whether temporary or contract-to-hire.
The same level of screening used for similar positions should be used for a position that is to be filled by a non-traditional worker or else the firm may be subject to allegations of disparate treatment of similarly situated people.
2) Transparency. Be upfront with your desire to do a background screen and include the language in any job postings.
3) Ensure compliance. Follow the Fair Credit Reporting Act guidelines. The fact that this background screen is for a gig worker and not a permanent employee doesn’t change FCRA compliance requirements.
Some states have passed laws requiring criminal background checks of gig workers such as Uber and Lyft drivers, and the EEOC announced that it would focus additional attention on the complex employment relationships in the emerging gig economy.
All of the rules of due diligence apply with equal force if a member of the extended workforce causes harm. Business can be liable if – in the exercise of reasonable care – they should have known that a member of the extended workforce was too dangerous, unqualified, or otherwise unfit for employment.
4) Communicate often. Just like candidates your contractors are in demand, making the ability to move quickly important as is the ongoing communication process. With the rapid growth of the contingent workforce, contractors have many opportunities to choose from; communication and transparency can make your company stand out.
Using screening technology that integrates well with HR systems and requires less effort from candidates will be a key step toward improving the user experience.
5)Measure and re-evaluate your process often. Is your process consistent? If you use an agency, what screening process do they have in place? And, most importantly, is the screening process creating a bottleneck for your potential contractors?
Employers should also consider using background screening providers that undergo an annual Service Organization Control, or SOC 2, audit from the American Institute of Certified Public Accountants to ensure high standards for the protection of privacy, security and confidentiality of consumer information used for background checks.
Finally, employers should subject any workers from the extended workforce to the same screening as would be done with a regular employee. A best practice is to have the same firm that performs the background checks on regular employees to also perform them on the extended workforce.
Make sure that you are properly screening your prospective contingent workers, vendors, or independent contractors. Cisive’s vendor screening program helps companies ensure that contingent workers and vendors meet specified corporate standards relating to licensing, insurance, compliance, and other minimally acceptable personal and corporate standards.
To learn more about Cisive’s vendor screening program, contact us at 1-866-557-5984 or email firstname.lastname@example.org.
According to the Federal Trade Commission, employment- or tax-related fraud — when a criminal uses someone else’s Social Security number and other personal information to gain employment or to file an income tax return — made up 34% of all fraud reports in 2017. It’s considered the most common form of data theft. Why? An increase in data breaches.
Candidate and Hiring Fraud Explained
Data breaches expose sensitive personal information including SSN, driver’s license, medical and/or financial records for millions of consumers. This combined with advancements in graphics technology, has made it easier for a deceptive candidate to falsify a government-issued ID and assume another person’s identity.
The Identity Theft Resource Center collects fraud reports from consumers. According to its most recent data, the number of data breaches reported for 2017 was 1,579, a 45 percent increase over 2016. Businesses continued to suffer the majority of breaches and more than eight times the number of Social Security numbers were exposed in 2017 than in 2016.
Identity Fraud vs Resume Fraud
Identity fraud is more than simply exaggerating credentials on a resume. Identity fraud means that someone is using another person’s social security number, fake identification, and other personal information to obtain a legitimate job.
Resume fraud is shockingly common: two out of three employers have encountered an applicant lying on their resume. This type of fraud wastes expensive recruiting resources, denies job opportunities to qualified applicants, and can expose a company to potential employee fraud and brand damage down the road. However, resume fraud is easier to detect than identity fraud. Most background check providers can verify specific details like an applicant’s degree, graduation date, job title, and salary.
When an identity thief uses a victim’s name and social security number to gain employment, the employer reports the wages to the IRS for income tax purposes. When the IRS discovers employer-reported wages from both the thief and victim, there is a mismatch with what the victim filed and it appears they didn’t report all of their wages. This type of fraud is much more difficult and time-consuming to detect, and often takes months or years to catch. It’s also a lot more prevalent than you’d think.
A 2017 report from the Treasury Inspector General for Tax Administration found the IRS failed to identify 497,248 victims of employment-related identity theft, even though criminals electronically filed tax returns with evidence showing they used the victims’ Social Security numbers to gain employment.
How to Prevent Identity Fraud in the Hiring Process
Don’t Skip the Background Check
Even the most convincing looking documentation could easily be fake, and if you’re taking any credentials or documents at face value, you might already be at risk. The more sophisticated the fraud and the higher the position, the more damage and cost there is likely to be, and it’s significantly harder for the authorities to catch someone if they have no idea who they are chasing.
Background checks can be an excellent resource to help find red flags that may indicate false documentation. These kind of checks can be even more telling when information isn’t found, such as missing employment history, lack of social media presence, and so on. Criminal background checks are also necessary, but a good identity thief will likely pass with flying colors.
Identity-based systems can help detect employment fraud. They expand fraud detection significantly beyond the traditional rules-based system by accessing national repositories of identity information.
Identity-based detection is powerful because it does not treat self-reported data as the truth. For example, a common rule in many rules-based filters is to match the name, SSN and address from the presented information with the name, SSN and address on-file. This rule ensures that an applicant’s self-reported data aligns with the other information held by the agency. But matching data does not confirm an individual’s eligibility. However, because this type of fraud takes so long to detect, common fraud schemes may involve fabricated or false identities that have been nurtured through multiple filings over the course of years.
Where Technology Comes In
Recruiters rely heavily on technology, and so do job applicants. In fact, the very thing that streamlines the online job application process is the same thing that makes it easy to use stolen identities to apply for jobs. One of the newest technologies available to the private sector is identity verification with biometrics.
Biometric recognition technology relies upon the physical characteristics of an individual, such as fingerprints, voiceprint, pattern of the iris of the eye and facial pattern, in identifying an individual, offering positive identification that is difficult to counterfeit. This will also increase traceability of nefarious individuals or stolen identities.
Facial recognition is an automated method to record the spatial geometry of distinguishing features of the face. Different methods of facial recognition among various vendors all focus on measures of key features. The advantages to facial recognition include the use of commonly available technologies, such as phone cameras, no contact required, and it’s easy for humans to verify results. It’s also recordable, as the characteristics of an individual cannot be collected without their consent.
Many companies offer some sort of identity authentication for the hiring process, but biometrics is still new to the private sector. Companies like Cisive have gotten ahead of the game and offer the Human Resource industry’s first identity authentication solution, IDVerityTMis a state-of-the-art technology that forensically authenticates a candidate’s identity by validating the authenticity of their government issued ID and compares it to a candidates’ self-photograph taken on their mobile device.
The solution combines artificial intelligence (AI) technology including ID verification that authenticates the ID and identity verification using biometric facial recognition, liveness detection and live verification experts, to provide a complete solution to verify the real-world identity of a candidate. The balance of AI and human review is a critical component to keeping employers globally compliant.
All employers need to guard against insider threats, especially those perpetrated by persons using a fraudulent identity.
To learn more about Cisive’s IDVerity solution or to request a demo, contact us at 1-866-557-5984 or email email@example.com.
In the era of #MeToo, the subject of workplace harassment is a complicated one. It’s no longer enough to have an open door policy or a 1-800 number to anonymously report concerns. Companies must take deliberate measures in order to educate, train, and anticipate how workplace harassment might happen, how to conduct the employee investigation, and the different ways in which incidents might occur and how they should be handled.
Workplace harassment isn’t just sexual harassment. In fact, in the era of technology social media and electronic communication, workplace harassment isn’t limited to office behavior like bullying, snide comments, or cold stares. Behavior that creates a hostile work environment can impact employees that work remotely if the harassment takes the form of online trolling or abuse. In this post, we’ll define workplace harassment and explore how to handle violations in order to protect your employees as well as your company.
Defining Workplace Harassment In the United States, Canada and in some European Union Member States, employers are responsible for providing their employees with a work environment that does not discriminate and is free of harassment. According to the United States Department of Labor, there are two basic types of unlawful harassment.
(1) Quid Pro Quo Harassment (“This for That”) Quid pro quo harassment generally results in a tangible employment decision based upon the employee’s acceptance or rejection of unwelcome sexual advances or requests for sexual favors, but it can also result from unwelcome conduct that is of a religious nature. This kind of harassment is generally committed by someone who can effectively make or recommend formal employment decisions (such as termination, demotion, or denial of promotion) that will affect the victim.
supervisor who fires or denies promotion to a subordinate for refusing to be sexually cooperative;
supervisor requires a subordinate to participate in religious activities as a condition of employment;
supervisor offers preferential treatment/promotion if subordinate sexually cooperates or joins supervisor’s religion.
(2) Hostile Work Environment Harassment
A hostile environment can result from the unwelcome conduct of supervisors, co-workers, customers, contractors, or anyone else with whom the victim interacts on the job, and the unwelcome conduct renders the workplace atmosphere intimidating, hostile, or offensive.
Examples of behaviors that may contribute to an unlawful hostile environment include:
discussing sexual activities;
telling off-color jokes concerning race, sex, disability, or other protected bases;
commenting on physical attributes;
displaying sexually suggestive or racially insensitive pictures;
using demeaning or inappropriate terms or epithets;
using indecent gestures;
using crude language;
sabotaging the victim’s work;
engaging in hostile physical conduct.
When Harassing Conduct Violates the Law
First, unlawful harassing conduct must be unwelcome and based on the victim’s protected status. Second, the conduct must be: subjectively abusive to the person affected; and objectively severe and pervasive enough to create a work environment that a reasonable person would find hostile or abusive.
Whether an instance or a pattern of harassing conduct is severe or pervasive is determined on a case-by-case basis, with consideration paid to the following factors: the frequency of the unwelcome discriminatory conduct; the severity of the conduct; whether the conduct was physically threatening or humiliating, or a mere offensive utterance; whether the conduct unreasonably interfered with work performance; the effect on the employee’s psychological well-being; and whether the harasser was a superior within the organization.
Hostile work environment cases are often difficult to recognize, because the particular facts of each situation determine whether offensive conduct has crossed the line from “ordinary tribulations of the workplace, such as the sporadic use of abusive language… and occasional teasing” to unlawful harassment.
What You Can Do to Limit Harassing Conduct
The most effective way to limit harassing conduct is to treat it as misconduct, even if it does not rise to the level of harassment actionable under the law. The goal of any workplace policy is to eliminate harassment before it becomes severe and pervasive enough to violate the law. A well constructed and well-implemented plan within an organization may stop inappropriate conduct before it creates a problem for individual employees or the company. Below is a list of steps you can take right now to ensure your company is compliant with harassment laws, as well as making it easy for employees to report incidents without fear of retribution.
1) Make sure your policy is up to date and that all employees have reviewed it, acknowledged it (via document signature), and are aware of any updates or changes to the policy as soon as they occur. Update and reissue the policy statement every year, and provide training every year. Obtain a signed acknowledgment form from every attendee indicating she understands the company policy against harassment and retain signed acknowledgments in employment files stored in the human resources department.
2) Provide ongoing training for managers and employees. An effective presentation is made up of three pieces: a review of the basics, real world harassment scenarios and a chance for participants to interact and share their ideas. Even if you feel like your participants have of a good grasp on harassment basics, it’s important to build your presentation around familiar terms and concepts. Never forget to cover things like the definitions of quid pro quo, hostile work environment, retaliation and other well-known harassment terminology. For most supervisory employees this will be review. The key is to give them a chance to apply their knowledge.
3) Establish a variety of reporting channels, such as an anonymous 1-800 number, a form on your employee portal, or a generic email address like firstname.lastname@example.org that makes it easy and provides employees an opportunity to feel more comfortable to talk to HR about the harassment that is happening, whether it’s to them or someone they know in the workplace.
4) All complaints should be investigated thoroughly, providing a standardized process for the person filing the complaint to follow up, even if the complaint is made anonymously. Management must take prompt, remedial action to investigate and eliminate any harassing conduct. Note that several litigated harassment claims include allegations that an employer sat on a complaint without fully investigating it. All information should be maintained on a confidential basis to the greatest extent possible.
5) Investigation records should be kept and quarterly reviews should take place to determine if a pattern of behavior or harassment exists. From SHRM: “If an investigation results in a finding that this policy has been violated, the mandatory minimum discipline is a written reprimand. The discipline for very serious or repeat violations is termination of employment. Persons who violate this policy may also be subject to civil damages or criminal penalties.”
6) Don’t forget harassment outside of work. In the age of digital and social media, harassment can happen on social media platforms. The U.S. Equal Employment Opportunity Commission (EEOC) recommends that workplace anti-harassment policies incorporate dealing with social media. Even if employees post harassing or derogatory information about coworkers away from the workplace, for example, an employer may be liable for a hostile work environment if it was aware of the postings, or if the harassing employee was using employer-owned devices or accounts. As a result, the EEOC found that “harassment should be in employers’ minds as they draft social media policies and, conversely, social media issues should be in employers’ minds as they draft anti-harassment policies.”
7) Use your background screening process to help spot possible offenders during the hiring process. While criminal history searches will identify known criminal offenses, there are also other ways to help uncover potential risk. Consider adding employment verifications, reference checks, professional credential checks and social media searches to your current background screening program.
Employment Verifications can help uncover whether the candidate has ever been released for harassment in the past. Reference checks provide you with subjective information about an applicant. If there have been problems with harassment in the past, it will likely continue. Should the candidate’s position require a license(s), then a check of the license(s) may identify previously identified violations and/or sanctions
In addition, Social Media searches can also help companies who are concerned with harassment and mitigating risk. A combination of artificial intelligence, machine learning, and human-based quality assurance automatically highlights red flags in your candidate’s social media activity which may reference aggressive or violent acts, bigotry, unlawful activity, illegal drugs, discriminatory or sexually explicit activity, or any “custom risk” you feel may have a negative impact.
Note that this post is intended to provide resources and information; it should not be construed as a legal document, nor has it been reviewed by legal counsel. Employers should review federal and state anti-harassment provisions before implementing any new anti-harassment policy.
The Senior Managers Regime (SMR) is part of the UK financial regulation introduced by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) and is aimed at increasing personal accountability of senior level people in the financial services industry. The SMR was initially implemented in the banking sector after the 2008 financial crisis, considered the worst economic crisis since the Great Depression. The SMR’s purpose is to reduce consumer risk and strengthen market integrity by holding financial services managers in senior positions accountable for their conduct and competence. The SMR covers both domestic and international firms with UK operations.
The FCA’s expanded scope of SMR requirements will go into effect May 2018, and extends beyond the banking industry to include insurers and solo-regulated firms. Some facets of the current banking regime will also be affected. This will significantly increase the number of firms required to comply and bring an end to the current Approved Persons Regime (APA).
Individuals working in a ‘Senior Management Function’, as defined by the FCA, must be approved by the FCA before taking on the responsibilities of the role. In addition, firms will need to ensure the suitability of the Senior Manager by completing a ‘fit and proper’ assessment.
As a result, firms need to certify at least annually that senior managers are suitable to perform their job functions. It is proposed that firms should perform criminal record checks for each Senior Manager and obtain a ‘regulatory reference’ from the Senior Manager’s previous firm.
At Cisive, we are experts in the specific risks and regulations that apply to regulated industries. For many years, we have provided tailored solutions to meet the unique requirements of our financial services clients.
In 2017 we opened an international operations centre in London, England to manage our global screening business. We recognize the specific challenges that our clients with a UK presence face, from managing Brexit contingency planning, to implementing General Data Protection Regulation (GDPR) compliant procedures, dealing with MiFID 2, in addition to preparing for SMR changes.
At Cisive we are prepared for the extended SMR and GDPR regulations and will contractually support you as a data controller in the background screening process. As a data controller, we will stand alongside our clients and assume responsibility for implementing and managing employee screening procedures in compliance with GDPR.
Cisive has rolled out a suite of SMR specific screening solutions to help ensure efficient and effective application of the new regulations. Our Senior Manager Regime solution includes:
Digital, touch-free inbound and outbound Disclosure and Barring Service checks for basic and standard disclosures
Continuous criminal monitoring service
FCA ‘fitness and propriety’ package
Regulatory reference regime compliant service
Education and employment checks performed by our UK-based team
Full GDPR compliance and indemnification
If you are a financial services institution providing financial services in the UK, any and all employees considered senior decision makers fall under the scope of the new regulation.
With more than 40 years of experience, Cisive offers the most efficient and effective solution for the financial services industry.
For more details or to further discuss how Cisive can help your organization meet the extended requirements of the GDPR and Senior Manager Regime, please contact us at +1 866-557-5984 or email email@example.com.
VP and General Manager
Global Executive Intelligence Division
In Part 1 of this post, we discussed going beyond metrics and ROI of HR and the need for change agents in human resource leadership. Now we’ll get to specific ways to overcome the status quo and the neuroscience of change.
Say the authors, “In a recent research study among self-identified rebels at work, we found that among their strengths were — not surprisingly — honesty, creativity, curiosity, and fairness. But self-regulation, perseverance, and prudence were among their weaker points. Setting small goals and appreciating the small wins along the way will help you strengthen those weaker traits and help prevent you from giving up too soon because you’re frustrated that things aren’t happening the way you want them to and you decide not to persevere.”
Some of the pitfalls include failing to prioritize your ideas, which can lead to creative pitch burnout from company decision makers; trying to go it alone, as many successful endeavors require a team approach; and ignoring your personal red flags for creative burnout. Creativity is a renewable source of energy for rebels, but pessimism can be an unintended side effect of swinging and missing a pitch.
Think Like a Marketer
HR pros play a lot of roles: employee liaison, culture keeper, people leader, coach. But the best ones are also marketers. They boost employer brand and improve the overall experience for employees. And when HR adopts marketing techniques, they can better manage talent.
An article in Entrepreneur outlines four marketing principles HR professionals can use to help achieve company buy-in for new ideas, including:
(1) know your target audience. Employees receive hundreds of emails every week — yet 50 percent of those surveyed in theEMPLOYEEapp’s Mobile Trends in the Workplace survey said they still feel out of the loop. Why? Because the messages aren’t tapping into their interests. Learn everything you can about your audience and use the knowledge to target messages to specific groups of employees rather than a company-wide email blast.
(2) One brand voice, every channel. Marketers know that if they want to get the attention of their audience, they need to use more than one method. A campaign cannot be successful through emails and newsletters alone. Marketers use a mix of media to convey their messages. They use video, images, interactive websites, social media and more.
(3) Create an information hub. When HR focuses on a branded employee experience, encouraging program participation becomes easier. Bring all programs, initiatives and information together in one easy-to-use platform. Think of it as a hub that integrates the most important HR benefits, programs and initiatives in one convenient place.
(4) Measure effectiveness. Decide what metrics are most important to the company culture and overall business goals and track them to drive employee engagement. Are employees responding to messages? Are they participating? Are they happy? What can be done better? Some HR systems learn about people and take action so employers don’t even have to.
Dr. Andreatta says that it is important for organizations and leaders to understand where each employee is on the change journey. Leaders who are involved in creating and building new organizational strategies have had time to adjust to the new change while employees often have not been given the time to consider, learn about and adjust to those same changes. This is one of the many situations where workplace neuroscience and leadership can help.
According to Dr. Andreatta’s research, there are three categories of people who take part in the workplace change journey. They are 1) expedition designers, 2) guides who are most often managers, and 3) travelers. She says that people throughout the organization will fall into these different categories depending on the change processes taking place and what part of the organization they work in.
In order for organizations to succeed and their employees to embrace change, organizational leaders must focus on their employees and help create new neural pathways for their employees in everything they do, from launching a new training program, workplace process, or employment video.
Finally, driving change and moving from the usual needs to have the support of organizational leaders and a culture of trust. Otherwise, it doesn’t matter how much you’ve researched and planned a new program if it doesn’t have the support and trust of the executive leadership team.
Following what has always been done is comfortable, like a warm blanket. It’s safe — but failing to change or evolve in this fast-moving economy and talent market could be to an organization’s detriment. It’s important for HR leaders and team members to consider themselves trend hunters and thought leaders operating with a mindset where creativity and new ideas are welcomed. This doesn’t mean being cavalier. Rather, it means being open to new ideas and seeking them out, taking the time to vet and discuss them, as well as implementing programs strategically that can drive department or organizational change.
The ROI of HR
The resistance to change in human resources in part comes from the fact that the department is seen as a cost or expenditure versus a revenue-generating center. As HR grew in complexity and became more involved in business forecasting, establishing business ROI and executing progress that could be directly tied to future and current business success, so evolved the role of the HR professional into something more than it ever intended to be. We are strategic business partners forcibly involved in the success of organizations evaluating not just hiring, firing and traditional hiring advisory roles but so much more. This is where the HR ROI Scale developed by Paul Kearns comes into play.
As our roles become more complex and more strategic with the organization, the metrics of HR become less important, because the real value we provide is in the larger organization as a whole. Challenging yourself as an HR leader means adopting new methods and processes, thereby demonstrating a value for your organization that goes beyond ROI.
Consider HR technology. Jason Averbook, co-founder and CEO of LeapGen, says that human resources must look beyond their department silos and focus on workforce technology that is focused on business processes, tools, and resources for the end user which in this case isn’t HR but managers and their teams (Workology podcast #118: Finding the ROI In Your Workplace & HR Technology #hrtech). The key when implementing successful tech, Jason says, is to always be in perpetual beta, meaning that there is always change, improvements, and enhancements, just like you see in consumer technology. This move towards “perpetual beta” has happened because of new cloud-based workforce technologies making it easier to update, enhance and change the experience and structure for enterprise technology users.
Perpetual beta doesn’t just apply to technology. If you’re always working with a new test model in HR, it seems less risky because you’re labeling it as such. It’s an easier sell to management, and the “test and scale” methodology that is so popular in tech startups gives you room to fail — which can help get you out of the same/same mindset and into a change adoption state.
In HR, like in marketing, it is difficult to put a number on the value of new programs or processes. What you can measure, however, is workplace adoption rates, employee engagement increase or decrease, and scalability. Because change is constant in the workforce, it’s natural for HR to be a change leader and early adopter. One great example is the wave of companies adopting unlimited PTO. While we don’t know what company was first to execute, we can imagine how the conversation went between HR and company executives. Companies needed a way to stand out to candidates and differentiate their perks. It was likely a HR leader who said “let’s take our two weeks of sick and vacation time and make it unlimited PTO.” Cue the company CEO and executives chorus of “no’s.” And then one company did it, with the bonus side effect of earned media coverage. Once that domino fell, other companies rushed to do the same and became part of a corporate experiment that resulted in happier employees. SHRM data suggests only about 1% of employers offer open PTO, so it’s definitely a big step, but it’s an excellent example of challenging the status quo.
The General Data Protection Regulation (GDPR) will become enforceable on May 25, 2018.Will your pre and post-employment background screening processes be GDPR compliant?
Join Cisive for a live webinar, “GDPR Compliance in the Background Screening Process” on Thursday, March 15 @ 1:00 pm EST.
Rob Jones, General Manager, Global Operations in London, will discuss the different areas of recruiting and hiring that GDPR impacts including background screening, candidate experience and sourcing. He will also touch on compliance requirements for the extended Senior Manager’s Regime (SMR).
Both of these regulations will place additional burdens on employers and significantly increase the importance of compliance.
Don’t miss the exclusive event on GDPR compliance! Cisive can help you efficiently and effectively apply the new regulations.
Presenter: Robert Jones, VP and General Manager, Global Operations
Rob Jones joined Cisive in 2017 and leads their global operations and executive intelligence division from their London office. Prior to joining Cisive, Rob held a leadership position with a specialist global risk management consultancy. In this role, he developed and implemented risk assessment, due diligence, and compliance programs for Fortune 100 corporations operating internationally.
When it goes into effect on May 25, 2018, the EU’s General Data Protection Regulation (GDPR) will enforce a set of laws designed to protect European citizens’ personal data. It will affect all companies that deal with personal data — and even non-EU-based companies will still have to comply. GDPR will impact not just companies who are hiring in the EU but also those that are employing citizens of the EU who live in different areas of the world.
What is GDPR Really About?
So what exactly is GDPR about? It was designed as a replacement for the current Data Protection Directive 95/46/EC with the purpose of reconciling country-specific and sometimes conflicting European data privacy laws. Most importantly, it aims at changing the way organizations operating in the EU, or those collecting personal data from the EU’s citizens, approach data privacy. It also provides a harmonization of the data protection regulations throughout the EU, thereby (in theory) making it easier for American companies to comply.
Under GDPR it will be unlawful to use an EU citizen’s data without his or her explicit consent. This citizen data includes consumer information and more importantly, for talent acquisition leaders, candidate information. GDPR fundamentally changes the way recruiting teams can engage candidates who are citizens of EU countries in the areas of resume and application storage, candidate data collection, employment branding activities, and candidate sourcing strategies.
How GDPR Will Impact the Hiring Process
Recruiters will no longer be able to send emails to users who have not opted into their mailing list. Additionally, recruiters and HR staff must be aware of who is currently in their database. This means you may wish to consider grouping candidates in the EU into a different category than candidates elsewhere (who are not impacted by GDPR). You must obtain affirmative consent before collecting or sharing candidate data.
From the application process to background screening, companies recruiting or employing EU citizens must adhere to strict new regulations. Under GDPR, you are required to ask for explicit consent, clarify how you will use individual candidate’s data, and make sure that the data remains secure. This involves more than simply adding a clarification and a checkbox to data collection forms. Your vendors – such as your ATS, payroll, and recruiting software, must be GDPR compliant.
How to Ensure Vendor Compliance
The impact of GDPR is broad, but it focuses on data collection. You’re likely using an ATS or other recruiting software, along with vendors that run background checks or candidate screens. It’s imperative that your vendors are aware of the GDPR constraints and fully compliant. Here are seven questions to ask your vendors:
(2) Do you have GDPR compliance for applications around the world or will you have separate policies for each country?
Your ATS and any other software you’re using to hold data will need to be GDPR compliant. If your ATS and other vendors are on their game, they’re already working on compliance or have compliance for GDPR in place.
(3) Opt-out or opt-in?
Most U.S. companies currently use an opt-out policy when collecting and sharing consumer data. The opt-out model requires consumers to specifically ask data collectors and aggregators not to share their data with third parties. Otherwise, consent is assumed by default. The GDPR will require organizations to do just the opposite. You must obtain affirmative consent before collecting or sharing candidate data. Make sure your vendor is prepared for this change.
(4) How will you handle “Right to Erasure”
Under the GDPR, candidates must be able to access and review their data anytime they like, ask for updates of their data, and even allow for full deletion upon request. Candidates will have the “right to be forgotten or right to erasure,” meaning that candidates can request for their data to be erased when it is no longer necessary for the original purpose.
This impacts your ATS and the hiring process because applicants can apply for a position, get rejected, then request their right to erasure. A few months later, the same job seeker could apply again, but you won’t know it because your ATS won’t show it. No data, no notes from previous interviews, no data on the job seeker at all. And not only will you have to remove data by request from your ATS, it also must be removed from the sourcing tools your ATS uses. The same goes for any data collected for the purpose of a background screen.
(5) What is your Breach Notification policy?
GDPR requires companies to inform consumers about data breaches impacting their personal information. While that requirement is not particularly new for American companies—most states mandate it currently—the breach reporting requirements under GDPR are strenuous. Notification must be made within 72 hours from the time the breach is discovered.
(6) Are you prepared for GDPR Reporting Requirements?
Under Section 3, Article 35 of the GDPR, a Data Protection Impact Assessment (“DPIA”, which is also commonly known as a Privacy Impact Assessment or “PIA”) is required for any processing that may result in “high risk.” The supervisory authority shall establish and make public a list of the types of processing operations that require a DPIA. While official public lists from the Data Protection Authorities (“DPAs”) are forthcoming, your company and its vendors should begin identifying areas of high risk, such as data processing, email triggers, data collection, and portability of data (when erasure is requested).
(7) What is your company’s liability for failure to comply?
GDPR fundamentally changes the way recruiting teams engage candidates who are citizens of EU countries in the areas of resume and application storage, candidate data collection for background checks, employment branding, and candidate sourcing. Compliance is mandatory for all organizations that are processing the personal data of EU residents across the globe. Failing to comply could result in severe penalties of up to 4 percent of worldwide revenue of the prior financial year or €20 million euros, whichever is greater. If your vendor software isn’t compliant, who is responsible for penalties?
Compliance is as important to your vendors business as it is to yours. If you’re not sure, use the list above as a starting point for ensuring your vendors are compliant so that you’re not scrambling to do so in May.
When it comes to pre-employment and post-employment background screening, Cisive is prepared for the GDPR. To learn more about Cisive’s commitment to GDPR compliance, contact us at 1-866-557-5984 or email firstname.lastname@example.org.
VP and General Manager
Global Executive Intelligence Division
Artificial intelligence (AI) is changing business as we know it and major shifts are underway as adoption advances in the workplace. In one example, IBM expects that AI will bring massive shifts in behavior monitoring over the next five years. According to a recent NetworkWorld.com article, IBM plans to pair machine learning with statements made by individuals to predict their future mental health and behaviors. Industry experts say 2018 will hold more advances for AI and coming to terms with such technology now will make for life-improving programs later. A recent Accenture survey reported that 74% of business leaders are accelerating investment in AI and such investment will boost revenues, profits, and employment.
Some companies that specialize in background screening services are investing in AI as well. Background screening providers are in the unique position of being entrusted with highly personal information and having the skills and technology to break down data so that employers can understand it and make informed decisions. One of the things that makes AI special when it comes to employment background screening is that it can reduce recruiter bias. For those who might not be believers of such a concept, look no further than the economic recession of 2008 and so-called “over-qualified” candidates seeking jobs to make ends meet. HR professionals told candidates that they simply weren’t the right fit for the position despite the fact that they could have easily performed the job functions. According to a 2017 Time magazine article, one out of every four college graduates was over-qualified for the job they currently hold.
Scanning resumes with AI can focus on skills rather than age, race, gender and other demographics. According to tech website Venture Beat, businesses that deployed AI for the purpose of using “people data to predict business performance” jumped by nearly 30 percent between 2015 and 2016. Specifically, companies like IBM are using machine learning to fill the most complex job openings first and score prospective employees based on submitted credentials. Cisive is also leading the way with its recently-launched IDVerity identity authentication solution. IDVerity leverages AI, including ID verification and biometric facial recognition to verify the real-world identity of a candidate. Customers who implement Cisive’s solution realize benefits that include faster onboarding, deterring fraudulent applicants, and improving the accuracy of background screening results.
Artificial Intelligence has already begun to revolutionize the hiring process and we anticipate more innovation will help resolve problems and improve HR and recruiting efficiency.