Does Your Background Screening Firm “Offshore” Personal Information?

background screening firmHow would you feel about your background screening firm “offshoring” personally identifiable information (PII) collected for a background check?  Would you be concerned? Yes, you should be.  Sending PII data of job applicants outside the U.S. eliminates all the protections of our privacy, identity theft and information security laws.

I recently spoke with a large organization that was concerned with the practices of their current criminal background screening provider. They were initially most concerned with the low quality criminal background checks but found that the very large screening company was also “offshoring” all of their reference checks.  The PII of all of their candidates was being sent to a call center halfway around the world.

The company had no idea the PII of their candidates had been sent outside the U.S. borders for years.  And even yet, most of our new client’s candidates have no idea their information may be sitting on a server in a foreign country.

Let’s be honest, we live in a world where identity theft is a real and growing concern.  The Federal Trade Commission Survey on Identity Theft found more than 27.3 million victims in the past 5 years.  More than 140,000 children in the U.S. have their identity stolen each year ID Analytics estimates.

I spend a considerable amount of time speaking with groups and individuals about information security, identity theft and acknowledging PII safety concerns as it relates to criminal background checks.  I do not take these concerns lightly and am very patient explaining all of the ongoing safety and security measures we take to protect their PII.

And let me say ALL of our domestic background checks are performed in the United States.  We would never offshore PII.

California appears to be the first state in the nation to address this growing concern of offshoring PII with SB 909 that became law on 01/01/2012.   Please understand, this law does not prohibit the sending of personal information from a background check outside the U.S.  However, it requires a disclosure so that consumers are aware that their information is being sent outside the U.S. borders.

The bottom line is the practice of offshoring personally identifiable information such as name, date of birth and social security number is an unnecessary risk and poor business practice for a background screening firm.  The screening companies that offshore are placing profit above safety and security which further illustrates the importance of conducting due diligence on prospective background check firms.

How would you react to your PII being offshored?