Why is privacy and data protection important to CVCheck?
As a background screening company constantly dealing with sensitive personal data, CVCheck takes data protection seriously and adheres to stringent privacy procedures and regulations.
Sensitive personal information is at the centre of all CVCheck’s services. To date, more than 550,000 private and government organisations, employers and individuals have trusted CVCheck to conduct over a million verification checks on personal data.
“The information that people share with us is their most personal, and we respect this trusted relationship with our customers,” says Colin Boyan, Chief Strategy Officer.
Who does CVCheck share your data with?
Privacy is an integral part of every CVCheck process, from initial conversations with clients through to the delivery of our products.
“We designed our systems on the principle that the candidate always owns the information and it’s their choice to share it with their employer,” explains Boyan. “As outlined in our Terms and Conditions, we only collect and share information with the consent of the person whose background we are checking. We call this the ‘triangle of trust’.”
How does CVCheck store your personal information?
CVCheck only collects the information necessary for the requested check, and only retains that information for the duration of the client relationship, or according to Australian and New Zealand law. Australian criminal history checks, for example, are deleted after 12 months while the identity documents provided when ordering these checks must be kept on file for a minimum of 12 months but deleted within 15.
CVCheck also takes a global view on privacy beyond the Australian and New Zealand Privacy Acts.
“We’ve updated our privacy policies and practices to also incorporate legislation from the European Union (known as GDPR),” explains Craig Sharp, CVCheck General Counsel. “It’s not clear if a background check on someone who lives, or used to live, in the EU would be caught by GDPR, but best practice is to ensure we’re compliant.”
How does CVCheck minimise human error when handling your data?
The biggest threat to any company handling information is human error. CVCheck minimises this risk by automating as many processes as possible and conducting regular education and training of staff.
As Sharp adds: “We’re also introducing processes to minimise the risk of mistakes being made on manual tasks. As an example, our Client Services Representatives will always ask identifying questions at the start of a call, to make sure they are not discussing personal information with the wrong person.”
How does CVCheck protect your data?
CVCheck in-house engineering team has added multiple security layers to its technologically advanced online platform. To prevent identity theft and comply with ACIC legislation, for example, individuals must upload a selfie holding their photo ID.
- Locally stored data: CVCheck’s secure data centres, where all verified records are stored, are located in Australia. All data is encrypted while it’s being transmitted electronically and when it’s stored in the system. Sensitive information is destroyed once it’s no longer needed for any lawful purpose.
- Physical security of data: CVCheck keeps stored information safe at all times in secure offices designed to permit entry by authorised staff and contractors only.
- Preventing data breach: CVCheck monitors data security practices from around the world and consults with experts in the field to stay up to date with the latest prevention and monitoring technology. The company has also updated its data breach notification procedures – if the worst were to happen, CVCheck is well-positioned to respond quickly and proactively in a way that minimises the risk for everyone.
Increasingly, organisations and individuals are facing data protection concerns and challenges, which is why security and privacy are at the forefront of everything CVCheck does. The company complies with both the Australian and New Zealand Privacy Acts, which outline best practice for gathering, handling, using, disclosing, storing, disposing of and the de-identification of personal information.
How should your business handle personal data?
If your business handles sensitive personal information – be that staff’s or stakeholders’ – here are some tips to help deal with the data securely.
- Make sure you only collect and store personal information necessary to carry out your services.
- Build privacy protections into your information handling processes.
- Assess the risks of collecting personal information.
- Have a strategy to protect personal information that you hold.
- Destroy or de-identify personal information that is no longer legally needed.