Showing posts with label privacy policy. Show all posts
Showing posts with label privacy policy. Show all posts

Thursday, June 22, 2023

Is the Personal Information of your Employees Safe?

Is the personal information of your Employees Safe?

Safeguarding the Personal Identifying Information (PII) of your current and former employees, along with those applying for a position, is extremely important.

There are legitimate times that a person is required to provide personal details about themselves. It may be during their application for credit or a loan, a rental application, or even when they are the subject of a background check. This personal information can include their date of birth, social security number, and many other things that can identify them as the person they say they are. 

However, the threat of that information getting into the wrong hands worries many. It exposes individuals to possible identify theft, which can cause long term ramifications to their credit, security, and future employment.  Many times people don’t even know they have been compromised until some red flag arises.

That is why it is understandable that job applicants are often reticent about sharing this information when it comes time for the employment background check.

As a company and employer, what can you do to alleviate their fears?

Keeping both your clients' and employees' personal information safe is the responsibility of every company, even a small business. That is why it is important to put practices in place from the beginning that will help!

That duty begins with guarding the Personal Identifying Information (PII) of your employees and clients.

As an employer, you are required to develop and implement a policy for the safe handling of PII. You must also include the rules of behavior expected, including the consequences for non-compliance.

You should also recognize that employees are often the “weak link” when it comes to safeguarding PII.  

Making sure they are both thoroughly trained and monitored helps. 

Steps to Help you safeguard PII:

  • Determine if Information is PII
  • “De-Identify” your Records ~ removing as much PII from your records as possible
  • Anonymize your Information ~ consider substituting a code for PII
  • Control / Limit Access to PII ~ limiting the number of people who have PII access
  • Onsite Location of PII ~ keep all PII records onsite with limited accessibility
  • Confidential Transmission of PII
  • Develop an Auditing Program ~ ongoing monitoring of potential PII breaches

Learn more about what constitutes PII and how to safeguard it in “Tips to help you Safeguard Personal Identifying Information in your Small Business”.

Does Your Company have a Privacy Policy? Find out Why You Should!

Establishing sound rules regarding the PII of your job applicants and existing employees all starts with creating a good Privacy Policy!

Creating a sound Privacy Policy is a crucial step in ensuring their PII is handled safely and thoughtfully.

Your Privacy Policy, or Privacy Statement, should have two versions. One that will appear on your website and one for the Owners, Managers, and Employees of your company.

Discover what needs to be included in each and why here!

However, no matter what you include in your PII Policy, the best way to protect your employees, clients, and your company is to practice the “minimum necessary principle”.  

The goal is to minimize the use, collection, and retention of PII to the least amount necessary.

This includes the previously mentioned limiting of access to PII. It also means the proper destroying of records physically, shredding for example, and digitally (sanitizing).

Creating sound PII handling procedures, along with a company Privacy Policy, makes sense.

It is not only vital to your applicants and employees, it is good for your company and your reputation…and that is priceless.

Authored by  

Check out the Privacy Policy on our website here!

And learn more About Us and Our Services too! 

Sunday, January 5, 2020

Our Top 5 Small Business Articles of 2019!

2019 is in in the books!
At Access Profiles we, like all of you, have had to deal with changes throughout this past year. Changes that impact how we run our small business and changes on how we seek to improve it.

But one thing has remained constant ~ our focus on helping you, our clients and readers, navigate the changes that directly effect your employment and hiring practices.

So, in order to to close out the old and welcome in the new, we are once again sharing our Top 5 Small Business Articles as determined by you, our readers. These articles are the ones that got the most “likes”, shares, and comments.

Thank You!

Number one on our list was “The Top 5 Hiring & Background Check Trends and Guidelines You need to Follow Now”.

The purpose of this article was simple… make sure you know what you need to know about the laws and guidelines that can impact your hiring process.

“Keeping informed of any new and emerging laws and guidelines is important in ensuring that your hiring and employment screening practices are working for and not against you”.

Understanding these trends and guidelines will:

  • help you make any necessary adjustments to your hiring procedures
  • help you comply with current and upcoming screening laws
  • help you attract the quality new hires you need

We also shared the steps you need to take now to comply with these laws and guidelines. 

You should:

  • Follow FCRA guidelines covering Employment Background Check release forms
  • Protect your clients personal information (PII)
  • Stop asking for salary history
  • Take steps to make your company attractive to job seekers
  • Consider hiring ex-offenders

Find out why taking these steps is so important to your company and hiring process here.

“Who” to Hire is just as important as knowing “How” to Hire for your Small Business. 

The next article to hit our “Top 5” focused on just that.

In “The “Soft” Skills You need to look for in Your New Hires!”, we shared how sometimes hiring for the “intangibles” makes sense. “Soft” Skills falls under this category.

“People that possess good “Soft” skills are able to work with and lead others. They are creative problem solvers and are often inherently likable ~ all of which make for valuable employees. 

When you are looking for a new hire, many of your applicants will have the technical “hard” skills needed to do the job. But those that also possess those coveted soft skills are the ones you really need to consider!

Even candidates that may not have every qualification you desire can be great new hires, if they possess those soft skill traits that are hard to teach”. 

The “soft skills” you should look for are:

  • A good work ethic
  • Leadership skills
  • Team player
  • Effective communicator
  • Resourceful problem solver
  • Good time manager
  • Willingness to learn

Hiring with these skills in mind is even more important for small businesses. Find out why here!

Our final “Top 5” article on hiring really struck a chord, “Should You Hire Family and Friends for Your Small Business?”.
This article resonated with many because it is common for businesses, especially small businesses, to hire family or people they know.

Hiring family and friends for your business would seem to make sense. You think you know the person and that they would have you and your companies best interests at heart.

But it is still smart to consider a few things first! Are they qualified to do the job? If not, are they able to learn quickly enough to do the job? And, even though you think you "know" them, don’t forget the background check!

Discover the pros and cons of hiring family or friends in your business here!

This next top article, “Isn’t a Background Check just a Way to Breach Your Privacy?”, really highlighted one of the greatest fears that job seekers have about the employment background check ~ the protection of their personal information.

Job applicants are wary about the kinds of information they are required to give employers and potential employers. They worry about who will see it and who could steal it. Easing these fears should be the goal of any good employer.

That is why companies must put sound policies in place to protect their applicant’s, and even their existing employee’s, personal information and be completely open and above board when it comes to background checks. 

Learn the steps you need to take to accomplish these goals here.

Rounding out our “Top 5” is “Questions You need to ask before Doing Business with any Business!”.
“Whether we ourselves own a business and are contemplating taking on a partner or we are look for someone to work in our home, doing our homework first makes good sense”!

Key is knowing what to look for when we do our due diligence. We need to know the questions we need answered and why those answers are important to making a good decision as to whether or not we should work with a company.

You should:

  • know what others say about them (check references)
  • check with the BBB
  • check for any civil or criminal court records
  • look at online reviews

Knowing as much as possible about any company you are thinking of working with helps minimize risk, protects your company or your family, and keeps you from wasting time and money.

Learn more about how to check out any company here!

This concludes our “Top 5 Articles of 2019”!. We look forward to sharing more information about Hiring and Background Checks to help you and your small business in 2020.

If you have any specific topics you would like covered, please let us know!

Thanks again for supporting our blog and small business. We couldn’t do it without you!

Authored by  

Check out our site for more information on Hiring and Background Checks and our Small Business Mentoring and Security Consulting services.

Also take a look at our FAQ page and Subscribe to our Blog!  Thanks!

Sunday, March 3, 2019

Isn't a Background Check Just a Way to Breach Your Privacy?

Are You afraid a Background Check is simply a way for employers to find out personal things about you?

This question is one that worries many job applicants. 

Fears abound concerning “what they (investigators) will find” and if that information could keep them from getting the job. 

Many Job seekers even wonder why employers need all this “personal” information in the first place!  

These are all valid concerns when it comes to employment background checks ~ and anything that “exposes” what we consider our personal and private information is viewed as suspect.

If you are among those worried, know that you are not alone!

It is a question that crops up often on the popular Q&A site, Quora.

Here is the answer I recently posted……

Is a background check a breach of one’s personal data or, in other words, an invasion of privacy? The simple answer is No! When it comes to Employment Background Checks, they are done completely out in the open and with a clear purpose ~ to hire the best, and safest, possible candidate for the job.

These types of background checks are also only done after a conditional offer of employment has been made and with the clear knowledge and signed consent of the applicant. Employers are up front as to what they will check and how far back they will go (usually 7 - 10 years) for the information they need. They will also inform the applicant of their rights when it comes to background checks, which includes the right to withdraw consent to the background check at any time and to mitigate or deny any “red flags” found during the background check. None of this is an invasion of privacy or breach of personal data”.

You can find more answers to this question here!

When it comes to Employment Background Checks, the number one reason they are not a “breach” of privacy is that they are done only with the applicant’s complete knowledge and consent.

Employment Background Checks are only done with clear Knowledge and Consent! “Tweet This”

Before a background check even begins, applicants are informed that a check will be done and sign an authorization permitting release of information from relevant institutions such as courts, universities, and past employers.

Applicants are also notified of their rights concerning the background check, and that includes the right to withdraw consent at any time.

This sets the open and above board tone for the entire screening process. There is no “breach” here!

Good employers also take it a step further and focus on protecting the rights and privacy of their applicants.

To that end, the background checks they request are done with a specific purpose in mind and only information relevant to the position being filled is investigated.

Employers are careful to strike a good balance between their applicant’s personal privacy and getting the information they need to make a safe new hire!

The key (to achieving this balance) is understanding Why Background Checks are necessary, understanding How to protect your candidate’s privacy, and the Right Way to Use the information you find”!

When looking at “Why” background checks are vital to the hiring process, it really comes down to job fit and safety. 

It is important for employers to know that their candidate will be able to do the job ~ whether that means training, education, skill set, or personality.

It is also important for employers to be informed about whether their applicant has a criminal history that could make them an unsafe hire.

That does not mean employers simply delve into every aspect of their applicant’s life without regard.

Protecting their applicant’s privacy is a duty employers take very seriously. They develop and implement policies designed to safeguard personal information and consider it a crucial part of balancing their “need to know” and the applicant’s need for privacy.

Find out more in “Do You Believe Background Checks are an Invasion of Privacy?”.

Employers simply aren’t Using Background Checks to “Spy” on You! 

That is why when it comes to background checks, good employers will focus only on verifying what is necessary to the job!

To determine what to check, employers consider:

  • The level of the position being filled
  • If the employee will have access to company assets
  • If the employee will have access to sensitive customer and company data
  • If the employee will have direct contact with clients, customers, and other employees

Being as specific as possible with the answers to these questions will help a company determine what they need to screen for during the background check. That is called Fitting the Background Check to the Job!

Discover more about the importance of this here!

The bottom line is ~ when employers do a background check, they are ultimately only interested in an assurance that they are making the best hire…not in discovering your most personal and private information!

What they want is corroboration that they have made the right decision in wanting to hire you!

By running a background check, Employers are simply looking for confirmation that they have made the right choice. 

By this point in the hiring process, they have already read your resume, interviewed you, and, out of all the other candidates, picked you as a good hire.  

They have also invested a great deal of time and money....and they will have to spend even more screening you. Employers are simply not in the business of wasting time or money.

When an employer starts the background check process, it is because they are interested. You have already met many of the criteria necessary to fit in and do the job.  

However, they would be negligent if they did not make sure.  Background checks are designed to do just that”., excerpt from “Surprise! Doing a Background Check Means They WANT to Hire You!”.

All this attention to your rights and privacy shows that when done right, Employment Background Checks are not designed to invade your privacy.

They are simply a tool employers use with a clear goal in mind and with a focus on gathering only the information needed to hire the best possible candidate. 
And that is good for both the company and for job applicants!

Authored by  

If you are looking to hire, API will help you hire safely and effectively, all while keeping your budget in mind. 

Discover what our Background Investigation, Business Mentoring, and Security Consulting services can do for You and Your Small Business.

And if you are looking for a job, API is here for you too!
We will help you get your resume “background check ready” and give you peace of mind about what is “out there” about you!

Click on these links to learn more About Us and what our Clients have to say about API too!

Monday, January 30, 2017

Does Your Company have a Privacy Policy? Why You Need One Now!

Having a Privacy Policy for your business is a great way to let your Employees and Customers know that you take their security seriously.  

Creating a sound Privacy Policy is a crucial step in ensuring their PII (Personally Identifiable Information) is handled safely and thoughtfully.

Your Privacy Policy, or Privacy Statement, should have two versions. One that will appear on your website and one for the Owners, Managers, and Employees of your company.

The “public” online version should include the policy's purpose and an overview. It should also cover the key elements within your policy.

The purpose section is where you share why you have created a Privacy Policy. Explaining that you recognize the need to maintain the confidentiality of personal information and that you are dedicated to the protection of it throughout your company is vital.

Your online version will include an outline of your policy’s key elements. It should explain what type of information is considered PII, how you retain that information within your company, and the training you give your employees and contractors in the safe handling of PII.

It should also share how PII is transmitted to your employees and  contractors who may have access to PII, your adherence to all regulatory requirements concerning PII, and your dedication to the confidentiality of this information. Including your commitment to discipline, re-train, suspend, and/or terminate anyone violating your Privacy Policy is also important.

Why Your Business Needs a Privacy Policy Now!  “Tweet This”
While that covers the public version of your Privacy Policy, it is also important that you have a more comprehensive, internal version, for your employees and contractors.

Your in-house Privacy Policy will include all the key elements of your public policy, in addition to adding more detailed information that is specific to you and your company.

To make it truly informative, this internal policy statement should start by including specific examples of PII. This will help your new and existing employees recognize exactly what they should look for and safeguard.

Under your Retention section, it is important you detail how long your company retains PII information and your procedures for its disposal. 

Addressing employee and contractor training is also important. Reinforcing your dedication to safeguarding PII, when and how you initiate the training, and emphasizing mandatory compliance should be your focus. In addition, you should explain your commitment to ongoing observation and internal audits for potential violations.

It would also be wise to include “minimum necessary” and “need to know” principles in your Privacy Policy. Making sure to limit access to PII to only those employees and contractors that absolutely require it to do their jobs is the best practice.

Your internal Privacy Policy should also be more detailed when it comes to addressing data on portable devices and off-site access. Requiring anyone with access to PII to use only assigned, approved devices makes sense.

When it comes to regulatory requirements concerning PII, you need to state in your policy your commitment to complying with existing laws and staying abreast of any changes to those laws. Assigning this specific duty to one or two designated employees helps.

Finally, your detailed in-house Privacy Policy must outline what will happen in the event there is a violation or breach in your PII protocol. Be sure to completely explain the penalties for a first or subsequent offense so your employees and contractors understand the consequences of not following PII policy. 
Created by Kimberly Kline, API

Taking a conscientious approach when it comes to recognizing what data is considered PII, training employees in how to handle it properly, 
and creating a sound Privacy Policy makes sense.  
It shows your customers and clients your commitment to keeping their personal information safe…..and that is good for you and your company! 

Authored by   

To find out more about what is considered PII and how you can train your employees and contractors to safeguard it properly, check out; 
Tips to Help You Safeguard PII in Your Small Business”!  

Need Help Starting or Growing Your Business?  Contact Us! Our Services include Business Mentoring, Hiring and Job Search help, and Security for Your Company! Find out more About Us too!

Monday, January 23, 2017

Tips to Help You Safeguard Personally Identifiable Information (PII) in Your Small Business

Created by Kimberly Kline, API
Keeping both your clients' and employees' personal information safe is the responsibility of every company, even a small business. That is why it is important to put practices in place from the beginning that will help!

That duty begins with guarding the Personally Identifiable Information (PII) of your employees and clients.

Here we will discuss what information is considered PII, why it is important, and what you need to do now to safeguard it.

What is PII?
PII (Personally Identifiable Information) is defined as any information that can be used to determine a person’s identity. It also covers any information that when combined with other identifying information can reveal a person’s identity.

Specific Examples of PII are:
  • Full Name (if not common)
  • Home Address
  • Date of  Birth
  • Social Security Number / National Identification Number
  • Telephone Number
  • Email Address (if private)
  • Vehicle Registration Number
  • Driver’s License Number
  • Fingerprints or Handwriting
  • Credit Card Numbers
  • Genetic Information
  • Login Name, Screen Name, or Handle (radio)
There is also information that could potentially be PII when it is combined with other Personally Identifiable Information. The idea here is that one or more of these examples when put together increases the possibility of identifying a person.  

Examples of potential PII:
  • Full Name (if common)
  • Country, state, zip code, city of residence
  • Age
  • Gender or Race
  • Name of School they attended or their Workplace
  • Grades, Salary, or Job Position
  • Criminal Record
  • IP Address
Safeguarding this type of information is important. 
Being lax in any way with how you treat it is dangerous and can open up your clients and your employees to identity theft. This can have serious, lasting effects on their bank accounts, social media accounts, and credit. Having unauthorized access to PII is also an invasion of privacy.

That is why it is crucial to develop a sound policy concerning PII. Your policy should include the safe handling of PII, the proper training of your employees in what is PII and how to keep it safe, and the consequences of not following your policy. 

Safeguarding PII begins with You and Your Employees!  “Tweet This”

As an employer, you are required to develop and implement a policy for the safe handling of PII. You must also include the rules of behavior expected, including the consequences for non-compliance.

You should also recognize that employees are often the “weak link” when it comes to safeguarding PII.  

Making sure they are both thoroughly trained and monitored helps. 

All employees and contractors who have significant privacy information responsibilities must understand your PII policy. This includes any employees and contractors who work with PII as part of their job duties such as Human Resources staff, finance staff, or Managers / Supervisors.

Created by Kimberly Kline, API

Establishing steps to both recognize PII and handle this type of information properly is the backbone of a good PII policy.

The first step is to identify whether the information is, in fact, PII. Educating your staff on the examples of what is PII and what, when combined with other information, becomes PII is crucial.

You should then consider “de-identifying” your records as much as possible. This means removing enough PII from any report or document so that the remaining information does not automatically identify an individual.

Another option is to “Anonymize” PII information. For example, you may consider substituting a code for the PII information (such as a name).

But the absolute best way to safeguard PII begins with controlling or limiting access to PII. This includes both physical and mobile access including cell phones, laptops, etc.. Curbing the number of people who come in contact with sensitive PII information is the easiest way to keep it safer and control how it is handled.  

Careful consideration of the location of your PII records is also key. Keeping them onsite with limited accessibility is best. Any offsite or mobile storage creates vulnerability.

Your policy also needs to consider the confidential transmission of anything containing PII.

The final safeguarding part of your policy should be developing an auditing program to monitor for potential inappropriate access to PII or for a data breach.

It is also important that your PII policy explains the consequences and corrective actions for breaching PII protocol. It should cover both employee and contractor expectations.

You must emphasize that compliance is mandatory and that the penalty for breaking the protocol for safely handling PII may incur disciplinary and/or criminal action.

Penalties may range from reprimand and retraining to suspension or removal. It should be noted that fines may also be levied on anyone found guilty of willful disclosure of PII.

The responsibility for properly training your employees and contractors who work with PII lies with you, the owner, and your managers. The best practice is to develop a thorough training program, make sure your workers follow the program, and frequently monitor the handling of PII.

However, no matter what you include in your PII Policy, the best way to protect your employees, clients, and your company is to practice the 
“minimum necessary principle”.  

The goal is to minimize the use, collection, and retention of PII to the least amount necessary.

This includes the previously mentioned limiting of access to PII. It also means the proper destroying of records physically, shredding for example, and digitally (sanitizing).

Creating sound PII handling procedures, along with a company Privacy Policy, makes sense. (Discover how to write a Privacy Policy for your Small Business here!)

Not only is taking these steps to guard PII the safe thing to do, it is the right thing to do….and your employees and clients will thank you for it! If you need help developing your PII or Privacy Policy, Contact Us !

Authored by   

Visit our site to discover how our Background Investigation Services can help You with Your Business!

Learn more About Us and follow this blog for tips and Information dedicated to Hiring, Security, and Your Business!