In support of Privacy Awareness Week 2019, which this year runs from 12 to 18 May, all CVCheck staff were provided with refresher training on privacy on 15 May. Here’s why security is a company cornerstone, and how CVCheck makes privacy a top priority.
Why is privacy important to CVCheck
The Government-run Privacy Awareness Week is an annual event that highlights the importance of protecting personal information, and helps organisations, agencies and the public better navigate the delicate privacy landscape.
CVCheck is a registered supporter of this initiative and as a background screening company that deals with sensitive personal data, it is committed to adhering to stringing privacy procedures and regulations.
In fact, sensitive personal information is at the centre of CVCheck’s services. More than 400,000 private and government organisations, employers and individuals have trusted CVCheck to conduct over a million verification checks on personal data.
“The information that people share with us is their most personal, and we respect this trusted relationship with our partners,” says Andrew Maffett, Chief Commercial Officer.
Who does CVCheck share your information with
Privacy is integral to all CVCheck processes, from initial conversations with clients through to the delivery of our products.
“We set up our systems with the belief that the information is always owned by the candidate and they willingly share it with their employer,” explains Andrew Maffett. “As outlined in our Terms and Conditions, we only collect and share information with the consent of the individual who the background check is completed on. We call this the ‘triangle of trust’.”
How does CVCheck store personal information
CVCheck only collects the information necessary for the requested check, and only keeps information for the duration of the client relationship, or according to Australian and New Zealand law. Australian criminal history checks, for example, are deleted after 12 months while the identity documents provided when ordering these checks must be kept on file for a minimum of 12 months but deleted within 15.
And it’s not just Australian and New Zealand Privacy Acts that CVCheck complies with.
“We’ve updated our privacy policies and practices to also incorporate recent legislation from the European Union (known as GDPR),” explains Craig Sharp, CVCheck General Counsel. “It’s not clear if a background check on someone who lives, or used to live, in the EU would be caught by GDPR, but best practice is to ensure we’re compliant.”
How CVCheck minimises human error
The biggest threat to any company handling information is human error. At CVCheck, this risk is minimised by automating as many processes as possible and through continuous education and training of staff.
As Craig Sharp adds: “We’re also introducing processes to minimise the risk of mistakes being made on manual tasks. As an example, our Client Services Representatives will always ask identifying questions at the start of a call, to make sure they are not discussing personal information with the wrong person.”
How CVCheck protects your data
CVCheck has its own in-house engineering team and has added multiple security layers to its technologically advanced online platform. To prevent identity theft and comply with ACIC legislation, for example, individuals must upload a selfie holding photo ID.
Locally stored data: CVCheck’s secure data centres, where all verified records are stored, are located in Australia. All data is encrypted while it’s being transmitted electronically and when it’s stored in the system. Sensitive information is destroyed once it’s no longer needed for any lawful purpose.
Physical security of data: CVCheck keeps stored information safe at all times in secure offices designed to permit entry by authorised staff and contractors only.
Preventing data breach: CVCheck monitors data security practices from around the world and consults with experts in the field to stay up to date with the latest prevention and monitoring technology. The company has also updated its data breach notification procedures – if the worst was to happen, CVCheck is well positioned to respond quickly and proactively in a way that minimises the risk for everyone.
Increasingly, organisations and individuals are facing data protection concerns and challenges which is why security and privacy are at the forefront of everything CVCheck does. The company complies with both the Australian and New Zealand Privacy Acts, which outline best practice for gathering, handling, using, disclosing, storing, disposing of and the de-identification of personal information.
Tips for handling personal data:
If your business handles sensitive personal information – be that staff’s or stakeholders’ – here are some tips to help deal with the data securely:
1) Make sure you only collect and store personal information necessary to carry out your services.
2) Build privacy protections into your information handling processes.
3) Asses the risks in relation to collecting personal information.
4) Have a strategy to protect personal information that you hold.
5) Destroy or de-identify personal information that is no longer legally needed.