Top 5 Lessons from 2020:

Regulators offered limited flexibility to address COVID-19 realities, what can the background industry learn from this?

  • Have a solid business continuity plan.
  • Stay abreast of changing guidance from regulators, courts and COVID safety.
  • Internal processes to document changes that occurred which may be different than how they were handled pre and post-COVID.
  • Investing and leveraging technology to your advantage.

COVID-19 led companies to focus on their IT infrastructure to allow employees to work from home, what are some ways to avoid risks in the new environment?

  • Vital4’s cloud-based architecture allowed a quick transition to remote work.
  • The Vital4 team is using devices with Apple MacOS – giving a higher base-level of security.
  • Firewall and virus protection on every personal machine.
  • Internal ‘penetration test’ to test employee ability to detect phishing emails.
  • Microsoft 365 toolkit to limit the ability to email personal information.

Hiring and screening changed; including online events, interviews and not meeting candidates in person; limitations on background checks (e.g., drug testing, public records, employment, and education verification) due to closures or reduced hours. What are the lessons learned from 2020 due to these onboarding process changes?

  • Delays on getting needed information. Sometimes partial information is all that is available. Employers and CRAs need to determine what information is critical and employing an evergreen consent for screening post-hire if legal in the employer’s state.
  • Location of employer and employee and the intersection with background checks and employment law, what laws apply?

Data Security! Remote work has led to risk. How have CRAs had to emphasize data security to safeguard systems, communication channels, and consumer personal data?

  • As an employer and vendor; secure both employee and client data.
  • Personally Identifiable Information (PII) is foundational to the industry and CRAs need to safeguard data as the recipient.
  • One significant data breach can create both a huge financial and credibility risk for your company.
  • In the event of a data breach, consider the platform, the data provider, the end-user, what data was impacted, your business, and the relationship between all of the above.

How can CRAs adapt to stay viable, including ways they can look to enhance new offerings to increase revenue?

  • Don’t have all your eggs in one basket.
  • Look for opportunities to expand your offerings within your existing client-base, such as adding KYC/AML or adverse media screening to existing background screening services.

Items for CRAs to educate end-users about for 2021:

California Consumer Privacy Act (CCPA) took effect on January 1, 2020. What should CRAs and their end-users know about the CCPA and the CPRA (The California Privacy Rights Act), a new state-wide data privacy bill passed into law on November 3, 2020

  • CPRA will supersede the CCPA in January 2023.
  • Only applies to companies >$25M in revenue, or holds data for >50k CA residents or >50% of your business is in selling personal data.

What should CRAs know about FCRA litigation and recent developments?

  • Less lag than you would expect in FCRA litigation with new rulings and orders in 2020 that update the case-law.
  • As workforces become more nationalized it is crucial that employers and CRAs are aware of FCRA developments.

With Watchlist & Sanctions + Adverse Media screening becoming standard procedure, what should CRAs know?

  • Adding adverse media & watchlist & sanctions screening to standard background screening, individuals can be identified that would not appear on criminal screening.
  • Bigger CRAs are already making these screenings part of standard services.

How do the GDPR and cross-border transfers of personal data affect CRAs and their end-users in the EU?

  • EU Court of Justice invalidated the EU-US and Swiss-US privacy shield programs. CRAs should have pivoted to a new mechanism of transferring personal data to the US such as standard contractual clauses.
  • If certified under privacy-shield, entities are expected to continue to abide by that framework.

If 2021 proves to include a business and hiring boom, how should CRAs prepare?

  • Take this time to review your policies and procedures and make sure everything is in order before a boom in background checks.
  • Now is a great time to minimize risk!