HR Background Checks: Where does your info go?

HR Background Checks: Where does your info go?

Introduction

backgound checksWhen you grant employers permission to run background checks and credit checks on you, where does all that confidential information go?

Last year we asked Does Human Resources go too far? Now, a subscriber who is an HR professional suggests that Pandora’s Box has been opened. He points out that in their zeal to protect themselves and their companies, HR departments may be covering up illegitimate and possibly illegal practices.

When HR outsources background checks and investigations of candidates, is HR merely doing its job, or is it ensuring plausible deniability while letting loose an investigative demon that systematically violates people’s privacy and feeds the specter of identity theft? Does HR go too far when screening job candidates? Hold onto your seats. We’re about to take a rough ride through a nasty landscape.

I’m not disclosing our insider HR executive’s name for obvious reasons. I cannot confirm every claim he makes, but we spoke and I find him credible. If some of his insider claims seem farfetched, I’d love to hear any rebuttals. Here’s what he has to say.

An HR insider speaks up

Regrettably, all these [background investigation] procedures and processes are advocated by the Society of Human Resource Management (SHRM), as reading its web site will reveal. And, just as regrettably, many HR people fall right in line, like little ducklings swimming behind the mother duck of SHRM. It’s the latest rage, and every HR person wants to be a part of it.

Background checks galore

With thousands of people applying for each job and the jobless rate for skilled and white-collar workers at a recent all-time high, the applicants, like sheep being led to the slaughter, will subject themselves to almost any practice and jump through almost any hoop to get a job. The theory is that any job is better than no job.

The background-check processes are, the majority of the time, being outsourced to security companies that have turned these processes into a lucrative business:

  • background checks
  • personality testing
  • criminal checks
  • educational checks
  • military service checks
  • employment verification
  • reference verification
  • credit checks
  • drug testing
  • searches into legal agreements
  • scanning of your phone records
  • scanning of your Internet activities and e-mail
  • and so on.

This total invasion of privacy beyond your wildest dreams (actually, nightmares) is outsourced. The worst part is that much of the data and information these outsourced security agents collect is erroneous.

Have you been checked without knowing?

HR will narrow the list of candidates down, and then turn the outsourced security investigators loose on that list. Background checks are often done before the first interview, and before any sort of an agreement, authorization, or disclosure is signed by the job applicant.

You will never know about it until you order a copy of your credit report and find all the inquiries (that’s the first sign) and wonder, who in the devil is that who has run checks on you?

The larger outsourced security and investigative companies have started keeping databases of their own. One advertises they have a database of over 1.5 million people for employers to run their candidates against. If you have signed one disclosure for one employer, the investigations company that did the checks will keep the information about you in their database and then just re-sell the results to their next client.

Do you know where your background checks are?

They start with a name and phone number and e-mail address from a resume or application. Then, they cross-reference information until they get a date of birth or social security number and go from there. When an applicant walks into HR for that first meeting, they already may have been investigated. Never mind that much of the data gathered may be erroneous. The “data” was gathered at arm’s length, but the employer will treat it as absolute fact.

Security and background checking has become a lucrative business. The outsourced investigators are starting to sell that information amongst themselves, expanding their databases and increasing their profit margins. The shuffling around of this data only makes its accuracy even more questionable.

This is an industry that is almost totally unregulated. The multiple levels of outsourcing and subcontracting yield enough plausible deniability to the companies themselves, and their clients, that abuses run rampant.

Nick’s comments

The statement above was submitted to Ask The Headhunter unsolicited. I’m grateful for the permission to publish it. Once again, I cannot present it as fact — but I have encountered examples of many of the claims. If anyone in the investigations business would like to comment on these allegations, please do so below or feel free to contact me. This is worth discussing and researching further.

Where is the accountability in background checks?

When HR asks you to provide information that is confidential to you, or to sign permission for your background to be investigated, or to waive liability if your confidential information is leaked or misused, HR must be accountable to you. Whether or not we have hard evidence of abuse, I am convinced there is a serious problem with this part of the hiring process at many companies.

While some employers may be innocent, we need to ask whether they are being responsible. Others are overstepping the bounds of what is legitimate and ethical – and possibly legal — when conducting aggressive background checks on job candidates. Worse, employers may be putting you at risk because they presume to entrust sensitive information about you to third parties with whom they have only an arm’s-length relationship. Where is the accountability?

Do you know how your confidential information is being used?

Job applicants need to be aware of the risks they take when divulging information about themselves – any information. It seems that even your name, address and phone number might be enough to allow an employer’s investigator to access every nook and cranny of your life without your knowledge. If the law is being circumvented, then the law needs to be enforced – or our legislators need to start working on laws that will protect our privacy.

In this day of heightened sensitivity to security, it’s important to recognize that the problem lies not in checking people out. The problem lies in unethical, unwarranted and possibly illegal procedures conducted at arm’s-length from employers by third parties. In some cases, there’s a cascade: An employer outsources reference checks to Service A, which in turn outsources criminal and credit checks to Service B and Service C. (Read about one third-party investigations company that’s so “arm’s-length” it conducts automated background checks.) Who’s accountable — the independent investigative service, or the employer?

Time out for questions

A responsible employer should have good answers to these questions, and a job candidate should not hesitate to ask any of them before submitting even a resume. If this list seems over the top, perhaps it is. I think every item is legit, but you must decide which ones are important to you.

  1. What kinds of checks does the employer conduct? Are they legal?
  2. Is the candidate notified in advance and given the opportunity to decline to be investigated? Is the permission form clear and easy to understand?
  3. Who is conducting the checks — the employer, or a subcontractor who in turn subcontracts the investigations to yet another firm?
  4. What information is gathered? How is its accuracy determined? How valid and reliable is it?
  5. Does the candidate have an opportunity to review and confirm or contest the information?
  6. Is the information secure? Who has access to it? Is there a risk of identity theft?
  7. Who owns the information and what rights do they have to it?
  8. Is the information maintained in data bases not directly controlled by the employer? For how long?
  9. Is the information made available to any other parties at any time for any reason? Is the information re-used or sold?
  10. Does the candidate have the power to limit or rescind rights they have granted for use of the information?
  11. What responsibility and liability does the HR department accept regarding the collection and use of your private information?
  12. Last and most important, is the employer prepared to sign an agreement to protect you and your private information?

What are the risks if you apply for a job without answers to these questions?

Time for less invasive practices

Maybe the biggest question we’re left with is the one we originally asked: Does HR go too far when screening candidates? It seems that HR routinely abuses the job seeker’s frame of mind — often that of a terrified supplicant — when it indiscriminately demands all plus the bathroom sink before it consents “to proceed with your application.”

Does anyone seriously contend that HR doesn’t ask for more private information than it really needs? Having immense power over relatively helpless applicants is no justification for unnecessarily abusing them. I’ll echo our HR insider’s implied challenge to the SHRM: When’s the last time your august group recommended less invasive practices?

Until HR owns up to its responsibilities, maybe the job seeker’s best protection is to lay their own confidentiality agreement on the table – and decline to divulge anything until the employer signs it and makes itself accountable.

What’s your experience with background checks when you apply for a job? Have you encountered any of the issues our insider enumerates? If you work in HR, can you confirm or deny what he presents? What can job hunters do to protect themselves?

: :

Behind the scenes of a rescinded job offer

In the September 25, 2018 Ask The Headhunter Newsletter an HR worker reveals how a faulty HR process led to a job offer being rescinded after the applicant quit his old job.

Question

rescindedI work in Human Resources (HR). During our on-boarding process, we send prospective employees for a drug screen and run a background investigation and, if the job requires driving, a motor vehicle record (MVR) check. The background is launched when the applicant electronically completes an authorization.

We had planned on hiring a guy, when three days before his start date he had still not signed the authorization. So I ran the part of the background that I already had authorization for, and saw that his MVR was horrible. He had DUIs, super-speeder violations and more.

He’s already given his notice to his old employer, and we can’t hire him. I think he avoided signing the background authorization to hide a bad record.

We had to rescind the position as we don’t have any positions for a non-driver. I feel bad about this but I also think he should take some of the responsibility. What do you think?

Nick’s Reply

It’s important to consider the critical path of your company’s hiring process. That is, which steps are critically dependent on earlier steps being completed satisfactorily? And, who is responsible for those?

The critical path to making a hire

You don’t say explicitly whether you made this applicant a bona fide job offer. But I think it’s fair to assume you did based on two other pieces of information you shared.

  • You started the on-boarding process. You would not have done that without two critical steps being completed first. You had to extend a job offer and he had to accept it.
  • He quit his old job. He would not have taken that critical step unless the two aforementioned critical actions were taken first — an offer was tendered and accepted.

Please note that I’m not putting any specific order on these critical steps, though of course there is a necessary order. In any case, when you made that job offer and it was accepted, you had a contract. The deal was done.

A job offer is a contract

So, where does that leave your company and the HR person who is responsible for the hiring process? In a bad, indefensible spot, I think. You made and broke an agreement. A rescinded job offer is a broken contract.

Two other critical steps in this hiring path are:

  • Obtaining authorization to conduct a background investigation.
  • Conducting the investigation.

Clearly, both of these critical steps must be done before you can hire anyone. And the investigation — a critical step — brought the entire process to a screeching halt when you discovered the problems, as it should. That’s why that step is on the critical path to hiring, right?

Where you blew it is that you apparently jumped ahead. You made an offer — a contract — before obtaining authorization to do the background check, and before you had any investigation results. You acted without due diligence.

Why would any employer do that?

Due diligence

Due Diligence: Don’t take a job without it.

See Fearless Job Hunting, Book 8: Play Hardball With Employers, p. 23.

The applicant’s mistake is that he followed your lead. He, too, failed to perform due diligence to ensure your company was acting in good faith. He didn’t double-check to make sure you had followed your own critical path before he took the ultimate critical step: He quit his job.

Why would any job applicant do that?

No job applicant can afford to quit their old job, or to trust an employer or HR rep, unless they are certain they have a bona fide job offer.

A bona fide job offer

A job offer is bona fide when it is:

  • Neither specious nor counterfeit; genuine
  • Made with earnest intent; sincere
  • Made in good faith without fraud or deceit

You, as an HR representative, know your company cannot hire someone with a bad record. So, why did you make a job offer before checking? There’s no good faith when you lead someone to quit a job so they can start work with you — then pull the rug out from under them. (See HR Managers: Do your job, or get out.)

A rescinded offer is a broken contract

You said: “We had to rescind the position as we don’t have any positions for a non-driver.”

That’s not why you rescinded the offer. You rescinded because you didn’t do your job properly. The main fault is yours, and it could get your company sued. (For an attorney’s take on this, see Job offer rescinded after I quit my old job.)

You should never have made an offer before you conducted the investigation. The investigation came first on the critical path to making an offer, before the hire quit his other job, and before you began on-boarding the new hire.

Hire with integrity

A company should hire with integrity. It should follow a sound process that ensures a healthy deal will be struck that is good for both parties. That requires following a series of steps in proper order, to protect both parties. (See Protect yourself from exploding job offers.)

Here’s the critical path you should follow. Staple it to your office wall where you can see it all the time. Make sure everyone involved sees it in advance and signs off at each step. None of these steps should be taken until all previous ones have been completed:

  1. Make sure the position is open and fully funded with an appropriate salary and benefits.
  2. Conduct interviews.
  3. Decide your favored applicant is qualified and that you want to hire them.
  4. Conduct appropriate background investigation(s) after obtaining authorizations.
  5. Confirm that all information you need about the candidate has been gathered and logged.
  6. Make a bona fide offer in writing that includes all terms, signed by an authorized representative of the company.
  7. Confirm the candidate’s bona fide acceptance of the offer and terms in writing.
  8. Notify the candidate that the hire is confirmed and that they should resign their old job.
  9. Conduct your on-boarding process.
  10. New hire starts work.

The applicant was foolish to accept a job offer before confirming that your company’s critical path had been completed. He was disingenuous about not signing the authorization for the background investigation. He was downright stupid to quit his old job before ensuring the new job was solid.

So he, too, bears responsibility. Caveat emptor. But shame on you as the employer for letting the matter get to a point where you had to rescind the job offer.

The employer owns the hiring process

Your company is going to spend money to hire someone. You start the ball rolling and control the process. You own the process.

Don’t know how to properly check out a job candidate? See References: How employers bungle a competitive edge.

It doesn’t matter if your investigations reveal the candidate is an axe murderer. It’s still not his fault that you didn’t do your job prior to issuing a job offer. You failed to conduct due diligence (the checks and investigations). In this case, your process should have stopped dead at step (4.) above.

You tacitly if not explicitly encouraged him to quit his job and relinquish his pay based on your assurance (the job offer you gave him) that he could rely on you to hire him. No one deserves that. (If he’s an axe murderer and you don’t figure it out prior to making him an offer, then shame on you.)

Rescinding a job is not an option

Please review the 10 steps in the list above. Nowhere is there a “Rescind job offer” step. It’s a terribly embarrassing option. Rescinding a job offer is a last resort that you — and your company — will pay for with your reputations.

You need to sit down with your top management to develop a critical path to follow when hiring. The fact that you were three days from his start date when you figured all this out reveals a shocking problem at your company. (See Smart Hiring: A manager who respects applicants (Part 1).)

Rescinding a job offer that your company never should have made is unacceptable.

Is it ever legitimate to rescind an offer? When — and why? Have you ever rescinded a job offer that you made to an applicant? Have you ever had an offer pulled out from under you? Was it a legitimate action? What steps belong on the critical path to completing a hire and who is responsible for them?

: :