March 21st, 2017 | Sterling

Managing Personal Identifiable Information

Woman with clipboard speaking with two men

PII or Personally Identifiable Information, exists whenever a specific attribute – or a number of attributes combined – create enough information that it becomes identifiable to a specific individual. For example, a single piece of information such as a Social Insurance Number constitutes PII because it is unique to an individual. A piece of biographical information, as a single attribute, may not be enough to constitute PII but certainly the combination of first name, last name, date of birth and gender, for example, are sufficiently to be treated as PII.

Background Screening and PII

Background screening processes rely on the collection of large amounts of Personal Identifiable Information. The information is necessary to perform verifications which a wide variety of organizations review when they screen applicants. A complete background screening check may include criminal history information, police information, credit history, driver’s license abstracts and education records to name some of the more common ones.

In the background screening context, applicants provide their PII on a consent basis. What the applicant is consenting to are specific (narrow) uses of their PII in order to run the information needed for background screening checks. Regardless of whether that Personal Identifiable Information is provided on a paper form to the local soccer coach or it is submitted securely and electronically to a third party company, the obligations of the recipient and the expectations of the individual are established through the consent process:

  • The recipient must safeguard the PII and ensure that it is never used for any other purpose
  • The individual expects their PII will be handled properly and won’t fall into the wrong hands or be used for some other purpose

Management of Personal Identifiable Information

The responsibilities associated to the management of PII are myriad. Legislation exists at the federal, provincial/territorial and even municipal levels that imposes legal obligations upon organizations when collecting PII. There are regimes that govern the management of PII for both the public and private sectors. In broad terms, the ten principles of privacy are all reflected in any comprehensive privacy framework.

They include:

Benefits of Third Party Management of Personal Identifiable Information

Organizations often choose to outsource their screening requirements to third party companies for a number of practical reasons. Typically, screening is not a core function of the organization and is generally viewed as work that can be more efficiently performed by specialists external to the enterprise. Often, organizations have a broad range of needs in the screening context and wish to create a one-stop shopping relationship with a trusted provider that will manage all the components. Organizations are also looking for predictable cost and turnaround time.

Less obvious, but definitely worthy of serious consideration are the benefits associated to proper management of PII that an organization obtains. Whether big or small, organizations should consider the risk they are managing when they are in possession of PII, often occurs in large amounts and unsecured in filing cabinets or even boxes under someone’s desk! Not a week goes by when the media hasn’t reported the discovery of large amounts of PII blowing through a park or found in a dumpster. The ramifications for the organization and for the affected individuals can be serious and far reaching.  Organizations can suffer damage to reputation and brand – individuals face the risk of identity theft or personal embarrassment and inconvenience.

Choosing to use a mature employment screening provider like Sterling Talent Solutions means that PII associated to organizations’ onboarding activities is properly managed and safeguarded. All of the privacy principles enumerated are integral to everything Sterling Talent Solutions does – from the delivery of our services to the design and implementation of the processes and technologies that support them. Compliance is our hallmark – as a leader in the information services sector, it has to be.  In particular, our ability to safeguard the Personal Identifiable Information entrusted to us and to manage it in a compliant manner throughout its lifecycle comprises a valuable aspect of the service we provide to our customers and is a benefit that is often overlooked.

If you’re already a Sterling Talent Solutions customer, derive confidence in knowing that we have your interests covered from a privacy and compliance standpoint. The applicants that we screen on your behalf have their PII handled with the care and rigor the Ten Principles of Privacy demand. If you’re considering a background screening service, why not talk to our Compliance and Privacy team and learn more about how Sterling Talent Solutions can provide your organization with added value that you may not have initially considered.

This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.