Background Screening Blog

Protecting Candidate Privacy with Background Check Data Security

Posted by Verified Credentials on Sep 21, 2022 11:57:33 AM

Candidate Data Privacy

When screening new candidates, employers collect a significant amount of private information. With most of this critical data stored digitally, protecting it can be challenging. Especially when compared to the physical paper files of the past.

Having an effective data security protocol is key to ensuring that sensitive information does not become available to outside parties. Let's look at what employers may consider keeping data secure.

Understand your screening platform’s access and user roles

Access to candidate information may be on a need-to-know basis. To maintain data privacy, employers may enact and follow certain protocols diligently. Your team may determine user roles and groups to clarify:

  • Who has access to sensitive information?
  • How much access do they have?
  • What specific information they might reach?

This could help establish clear rules as to who should and should not be able to access critical data, mitigating the opportunity for a data breach.

Do you have a vast number of departments or hiring categories? You can keep data even more secure by extended criteria without feeling limited. Verified Credentials allows clients to create unlimited user groups and profiles, providing the freedom to set up a variety of specific parameters based on your unique needs. Your system administrators can even set up, change, and assign users without our help.

It's also important to determine when a user no longer needs access. This could be either because their role has changed or perhaps they have left the organization. How long since the last login will the user remain active?

Create a secure login experience 

Also crucial to your platform’s success is considering password policies. A common approach is to use advanced password requirements requiring a certain alpha-numeric password length. Likewise, a system may require 2-factor authentication, which still requires users to sign in with a password. However, then the system sends an authentication link to the user’s established email address or phone number. Consider which policy may work best for your users while offering the security you need.

Also significant is the number of login attempts allowed. Are users allowed three tries before being locked out of an account and having to contact an administrator? Consider how this might impact your background check process and user experience. You may also choose to add other filters to limit access to specific IP addresses.

Know your screening partner’s policies and protocol

To have a holistic approach to data security, it’s essential to understand who has access to your stored data. That includes those that work for your screening partner. These individuals must be carefully selected within the organization based on the need of their role. It is important to confirm they are appropriately vetted and trained.

Background checks are already a standard course for most hiring processes. This should extend to screening company employees who will have access to this sensitive information. Beyond administrative protections, physical security should also be provided. This includes on-site data center security to ensure limited, secure access to housing locations.

What other policies might a screening company have? Data encryption is important for any sensitive information that may transfer digitally. Once data is obtained, you may want to ensure it is adequately encrypted in transit and at rest to ensure its protection.

How Verified Credentials works for you

The information gathered during a background check represents some of the most fundamental data an individual can carry. Protecting it is one of the most important tasks a company can do. Verified Credentials has the tools and experience to help ensure every piece of private information gathered is protected and safe.

Our Information Security Management System (ISMS) aligns with NIST 800-53 security controls. Our ISMS standard is like HITRUST and ISO 27001 measures. They are all different frameworks for data security with some overlap, and NIST ranks among the most comprehensive. This means you can rest assured that we design our systems to protect your sensitive data.


In the world of IT data security, there are multiple types of standards a company can align with to establish an ISMS standard. Each is different, but you can see that NIST is one of the most expansive and thorough ways to protect sensitive information.

Our mission is to keep personal information private and secure. We do this by operating with the strictest information handling and technology practices. Read about some of the ways we enforce robust cybersecurity measures ››

You already know the importance of protecting sensitive background data. Rest assured, Verified Credentials works to keep critical information secure. We provide reliable solutions to help you manage and store secure data you gather during a background check. We vet and train our staff to follow the strictest standards in data security.

Contact us to learn how Verified Credentials provides efficient solutions you can count on to help manage your sensitive data.


Topics: Employment Background Checks, data security