Candidate's Guide to Background Checks – India Edition

Candidate's Guide to Background Checks – India Edition

Welcome back!

As a candidate have you ever wondered what happens to all the personal data you submit to verify your background? The newsletter sheds light on the Personal Data Protection Act in India that safeguards the privacy of the employee.

The Digital Personal Data Protection Act (DPDP Act) of 2023 is akin to a long-awaited data privacy awakening. It aims to reshape how companies handle candidate information during background checks.

Previously, employment screening often operated in a legal grey area. Under the pressure of making informed hiring decisions, employers would uncover irrelevant or outdated details without their explicit consent. The lack of transparency and candidate rights in this process made candidates feel like unknowing participants in their career evaluations.

The DPDP Act seeks to dismantle this opaque system. 600,000 Indian internet users, representing 12% of the global data breach, have had their personal information exposed online for sale. This data breach highlights the urgency for increased awareness regarding data privacy regulations in India. The DPDP Act's emphasis on stringent data security measures is a major step towards Indian citizens controlling their digital footprint during the recruitment process.


The DPDP Act: What It Means for Background Checks in India

The Digital Personal Data Protection Act of 2023 marks a significant shift in how Indian companies handle employee data, particularly during background checks. This act defines personal data as any information that can be used to identify an individual. The act applies to data collected in India in digital & physical form and digital data stored anywhere in the world. The act only excludes information you make public yourself.

This broad definition means employers handle a substantial amount of your data throughout the employment cycle. From application details and interview notes to background checks, payroll information, and even end-of-employment records, it's all considered personal data under the DPDP Act.

This legislation introduces a new legal framework that clearly defines roles and responsibilities for protecting data privacy. Employers, now classified as "data fiduciaries" under the act, are entrusted with the safekeeping of personal data—any information that can be used to identify or profile an individual.  

Conversely, candidates become ‘data principals’, empowered with greater control over their digital footprint. The act mandates a purpose limitation principle, requiring employers to clearly define the specific reasons for data collection during employment screening. It necessitates tailoring inquiries to the specific job requirements and avoiding collecting irrelevant personal data.


4 Key Principles: DPDP Act’s Impact on Background Checks

·       Informed Consent

The act requires employers to obtain explicit permission from candidates before initiating any data-driven employment screening. HR departments must develop transparent and easy-to-understand consent forms that outline:

o   The specific data points being verified

o   The purpose of the verification

o   How their information will be stored and secured

Candidates are no longer passive participants in their professional evaluations. The DPDP Act grants them the right to be informed, to choose what aspects of their digital identity are revealed, and for what purpose. It fosters trust and a culture of data accountability.


·       Data Collection Limitation

The DPDP Act introduces the principle of data minimization where the employer can only collect the essential information for the background screening process.

For instance, an employer hiring for a marketing role might not need a candidate's marital status or religious affiliation. Under the DPDP Act, such an intrusive question would be considered excessive.

This act compels employers to tailor their data collection practices to the specific requirements of the role. It protects candidate's data privacy and streamlines the process.


·       Data Accuracy

As data fiduciaries, employers are responsible for the information collected during background checks. Employers need robust verification processes, such as contacting past employers or educational institutions to confirm details. Inaccurate data can have a ripple effect, leading to unfair hiring decisions and damaging a candidate's reputation. So, the act gives candidates the right to challenge and correct the information employers hold.


·       Data Security

The DPDP Act mandates that employers implement reasonable security safeguards to protect personal data collected during employment screening. These safeguards include measures to prevent unauthorized access, data breaches, and accidental loss. The specific security measures required will vary depending on the sensitivity of the data collected. However, some standard practices are access controls, data encryption, and regular security audits.


Know Your Rights as a Candidate Under the DPDP Act

The DPDP Act rewrites the rules of engagement for background checks, equipping you with robust candidate rights to manage your personal data.

·       Right to Access

You can request a complete account of the information collected, including the specific sources. You have the right to ask for a list of data gathered, along with the exact sources it came from. By doing this, you can find any biases or out-of-date information that may have found its way into your employment screening profile. The Act sets a timeframe for the employers to respond to access requests.


·       Right to Rectification

If an incorrect information is recorded during the background check contains errors, you can request rectification. For instance, if a past employer inadvertently reported an incorrect termination date. You can request rectification and demand proof of the changes made to your data. It creates a more accountable data ecosystem and minimizes the risk of inaccurate information influencing hiring decisions.


·       Right to Erasure

While the act allows employers to retain background check data for a reasonable period, the right to erase or be forgotten allows you to request erasure under specific circumstances. For example, if your application is rejected, you can request the deletion of your background check information after a certain period.


Conclusion

A turning point for data privacy in India has been reached with the Digital Personal Data Protection Act, especially for job seekers. It forces employers to be more careful with their data collection. They can only collect what’s required and relevant to the job. With candidate rights and the principles of consent, minimization, accuracy, and security, it creates a culture of transparency and accountability during employment screening. Such a balanced and ethical data collection process in the Indian job market brings a new era of trust and respect for individual privacy.

Sunday Sejius

Background Screening Expert/Due Diligence Specialist/Senior Verification Analyst

2mo

Good information

Abdullateef TIAMIYU

DATABASE VERIFICATION OFFICER (Employee Background Screening) at RCSN || Verification Specialist || Learning Web Development (Frontend) || PMP || Lean Manager || OPSWAT || COSHH || Certified Western & Arabic Tutor.

3mo

Useful tips

Ankit Ruhela

Seasoned Executive bringing many years of experience in the field and a demonstrated record of success. Versatile and strategic leader with top-notch

3mo

I agree

GAURAV TIWARI

Dressland global pvt Ltd

3mo

Interesting

To view or add a comment, sign in

More articles by cFIRST Background Checks LLP

Insights from the community

Others also viewed

Explore topics