Archive for the ‘Country Essentials’ Category

Compliance Update – Law Finally Outlaws ‘Back Door’ Criminal Records

March 12, 2015 Leave a comment

litigation%20As of March 10, 2015 United Kingdom’s Ministry of Justice finally passed a law formally outlawing employers and third-parties from carrying out ‘back-door’ criminal record checks on candidates in the United Kingdom. Violators could face criminal charges to include unlimited fines. Buyers of background screening services need to ensure screening providers are acquiring their criminal information in accordance with local legal provisions or could face criminal as well as civil sanctions by local authorities.

For years some third-party background screening providers as well as employers both within the UK and outside have tried to bypass a well-established lawful process for vetting criminal records for employment as well as other nefarious purposes in the UK whether by demanding a potential employee to use their rights under the DPA to see criminal information held about them (also known as ‘Enforced Subject Access’) or by other back-door routes of criminal court records.

Aletheia Consulting Group is the leading Global Background Check Consulting firm. We focus solely on providing industry leading independent third-party best practice advice to global organizations no matter where in the world your organization may operate from. Helping you make the right decisions.


How to establish the reliability of International Background Check data

February 27, 2012 Leave a comment

Today I’d like to share a recent discussion that has been taking place the last few weeks on our LinkedIn Forum, the International Background Screening Forum that I think our readers will find resourceful.

The discussion provides an interesting primer and an insight into the rather fragmented nature of the global background check market and the challenges faced by screening companies outside of their geographic location (country of domicile) that look to source U.S. or overseas based clients international background check research either through direct to source i.e. a government agency abroad or to third-parties whether they are global wholesale providers or even in-country providers.

In summary a rather thought provoking statement and question was made that not all countries are equal when it comes to the reliability and accuracy of records around the globe. It was also  expressed that clients (multinational employers) are paying a premium for international searches and that there is a growing concern from a US based background screening company’s point of view as to how one should go about evaluating the reliability and accuracy of such results on a country basis. From a practical point of view it is believed that there might be countries that may not be worth performing a records search because… “there are no records to search”, or “70% of the people in a country can pay officials to lose the record”, or “50% of the records become “nonexistent” for political or religious reasons,” etc.

These are all very valid questions, (1) what is the reliability / accuracy and (2) if based on available information, local records might not necessarily provide at least a certain level of accuracy should an organization even attempt such research? As a global advisory firm specializing in this area we receive these types of questions more often than you would think. We’ll discuss both of these points.

How to Establish Reliability / Accuracy in International Background Check results

In many respects even after 12 years of specializing in the global background check market many would agree that it is still very much considered “The Wild West” and at its emerging stage due to the fragmented nature of differing laws, availability and access to local records and data required to undertake a legitimate check, costs, and most importantly differing points of view on what is legally permissible versus folks that just want to turn a quick buck for less than ethical work product. In the end the latter has done more harm than good but it’s getting better through education and the effects of increased global trade (increased demand) but also increased enforcement action of those that flagrantly violate compliance and personal privacy.

Unfortunately there is no public available resource that details by country each of these aspects of background screening on a country basis, at least at this time. This type of information is generally closely held by companies that actually specialize in this area of the market and many may feel that it is considered part of the “secret sauce” that differentiates them from their competitors (particularly global specialists). Aletheia Consulting has in fact conducted such research on a number of geographies around the globe.

With that in mind we will discuss the guiding principles we apply when working with our CRA (background screening) clients no matter whether they may be a US based or overseas based provider (ie. a screening provider located in Bangladesh as an example) looking to expand their geographic footprint and design their international background check product portfolio.

We carefully examine each local data source (i.e. criminal records, credit, etc..) by country and by product type with the following 8 specific questions in mind:

  1. Existence of information in target country? (locate possible sources of the data)
  2. How is information maintained?
  3. Reliability and credibility of information? (whether held directly by gov agency but also how credible the third party that may be in conducting the search on the customers behalf)
  4. Legality of using consumer information for employment purposes? (can it even be used for employment purposes?, if so
  5. If based on answers related to No. 4 that it is legally permissible for employment – how can research be accomplished? Direct to source or through a third-party?)
  6. What is required in order to obtain the information?
  7. Timeliness of delivery?
  8. Affordable cost of information?

Questions 1-5 can then be applied to a Risk Matrix and conclusions drawn as to the quality and credibility.

This of course assumes one also factors in the cultural and environmental factors involving a country’s level of corruption (i.e. the practice of paying bribes in order to get out of being arrested or to pay off a claimant prior to court in order to avoid a trial which is actually a common practice in some countries).

A country’s level of corruption and actual fundamental issues around the quality of source data will always be potential factors in international background investigations that one should consider but should never be a deterrent or an excuse for not conducting an adequate level due diligence on a potential non-US or local employee, contractor, or trading partner. Remember many countries including the U.S. have enacted various anti-corruption/bribery and terrorism statutes (Foreign Corrupt Practices Act) as well as various industry specific guidelines (US Federal Sentencing Guidelines for Organizations) such as within the financial services, IT, healthcare, and many other industries that require a reasonable/responsible level of due diligence be applied when making a business decision.

What to expect from your local or global background check provider

When working through a 3rd party (in-country partner or even one of the “wholesale international providers”) aside from the usual production guidance i.e. what they require from you to undertake the search and what to expect in return I recommend you require them to demonstrate a sufficient working knowledge of the geographies they claim to be able to support. This needs to be supported by their willingness to educate you and or provide sufficient guidance for you to be able to communicate the local cultural and legal provisions governing access and use of the data to your clients or even candidates. You should then have this information cross referenced and verified independent and directly with the source agency and the relevant privacy commission (if applicable).

In the end there must be transparency with your overseas background check providers. If not than you or your organization may be placed in a risky situation of possibly violating an applicant’s personal privacy rights or even worse an organization failing to be able to demonstrate that they applied the necessary level of due diligence in their background screening process.

I am not a firm believer in “blind faith” or “blind trust” as someone mentioned in the discussion about relying on their provider without verifying the facts.  This is an unwise practice and creates significant risk for you and your client. Our clients come to us for expert advice and if we don’t know the answer to their question than we should know how to derive the right (accurate/truthful) answer or tell them we simply don’t know.

Some folk’s spoke of records not being available in certain geographies and that is absolutely accurate. In fact one of my most famous recommendations to clients is that “any firm that purports to offer and deliver criminal records for employment purposes from every country on the planet, don’t walk away, run away!” This simply isn’t legally permissible in a multitude of countries and is an outright criminal offense. As a provider of international background screening services however it is our job to be able to speak to both the local environment as well as our experience to be able to offer best practice advice for our clients in order to address and in some cases offer next best available options to consider.

In conclusion, just because criminal records in a country may be paperwork intensive, expensive, take an extremely long time to accomplish, or worst case scenario not very accurate due to the reasons discussed today as long as the organization has applied that reasonable level of due diligence..meaning that if it is legally permitted and available for employment the organization should have the check done by a responsible provider. The question then may become what source and as long as you’ve applied the guidelines we discussed above during the sourcing and selection process you should be okay. If as a provider you don’t have the in-house expertise of the local geographies than we believe you have one of two options (1) spend the time to research the various geographies on your own (although it will be a very long, painful, and expensive process), or (2) hire or partner with local and or global subject matter expert that has already done the leg work and who is able and willing to be your subject matter specialist.

International Background Check Market Outlook

All and all the international background check market even with its rather interesting challenges continues to grow and further develop in leaps and bounds nearly by the month. I am a firm believer that through continued education of our buyers, providers, applying best practice concepts, and striving to do the right thing as a business owner and as an industry will many of these challenges have less of an impact on the emerging international background check market.

For more information about Aletheia Consulting Group’s advisory services in international background screening please feel free to visit our website or email us at .

Background Checks in Europe

July 22, 2011 1 comment

Gerlind  Wisskirchen of CMS Hasche Sigle discusses background checks affecting employers in Europe. As published by Who’s Who Legal

Gerlind Wisskirchen, CMS Hasche SigleGerlind Wisskirchen, CMS Hasche Sigle

Background checks – the most recent since the 2002 financial   reporting scandals involving US corporations (Enron, Worldcom and Tyco) –   have acquired global significance for employers. Ever since,   comprehensive background checks, or ‘pre-employment due diligences’ have   been carried out in US corporations. In Europe, however, background   checks are not permitted to the same extent.


In Germany no specific legislation exists concerning background checks; the permitted room for manoeuvre must be determined on the basis of the existing legal situation. Statutory constraints with regard to the acquisition and storage of personal data are in place, warranting the protection of the private sphere and the right of self-determination. The applicant need not tolerate any background checks that go beyond an employer’s permissible right to ask questions within the limits of the German Equal Treatment Act (AGG) and the personality right of the applicant. The employer’s legitimate interest in the answering of the question must be so great that the protection of the personality right of the applicant is second to the right to ask questions. The applicant need not respond to inadmissible questions put by the employer, the applicant is also permitted to give a wrong answer to the question. When background checks are being carried out, the principle of direct acquisition of data via the applicant takes priority. Background checks with the help of third parties are therefore only admissible if the reliability of the applicant is of particular relevance, eg, in finance and childcare, or where special information is essential for the employment relationship. The applicant’s knowledge and consent will always be required.

The employer has a legitimate interest in information on the applicant’s personal particulars. Both before and after the job offer, the applicant may be asked to verify his personal particulars by presenting his ID card, passport, social security number or birth certificate. Otherwise, the employer can refuse the applicant. If there is legitimate suspicion that employees have not disclosed their true identity, the employer may demand the mentioned proof of identity, also during the existing employment relationship. The same applies to job application documents. Applicants submit documents concerning their qualifications and previous professional experience with their application. The employer may – both before and after the job offer – request the original documents for perusal, and after being given the applicant’s written consent, may also contact schools, universities and former employers directly. For data privacy protection reasons, as a rule enquiries made are limited to information on the duration and type of employment. In the case of breaches of such requirements, the applicant can assert claims for damages. In addition, there is the threat of an administrative fine of up to E300,000 pursuant to the German Data Protection Act (BDSG). Potential employers may only demand limited information on previous convictions or on the applicant’s financial situation. Questions will only be permitted if the information is relevant to the advertised position, for example because particular trustworthiness and financial reliability are required. Scrutiny of any previous convictions will only be possible in rare cases through presentation by the applicant of a certificate of good conduct (Führungszeugnis). The applicant’s career development and criminal history will only be allowed to be scrutinised in the existing employment relationship if this failed to take place already during the recruitment process, and if the concrete workplace is affected. Then, the written approval of the employee will be required, except in the case of legitimate suspicion of fraud on the part of the employee. Moreover, as a rule, the employer can request presentation of the employee’s work permit and residence entitlement without giving a reason. Creditworthiness checks like SCHUFA information or extracts from the commercial register are prohibited under the German Data Protection Act.

Primarily during the application procedure, HR departments – via internet research – are increasingly collecting data about the applicant that goes beyond the information communicated in the job application documents, notably the applicant’s professional background. Pursuant to section 28, 32 of the Data Protection Act, collecting personal data from the internet is allowed if this data is accessible to the general public, unless the protectable interests of the applicant outweigh this. With work-oriented networks like XING or LinkedIn, the data posted there by the applicant is accessible to the general public after log-in. Data that is posted by the applicant on social networking sites like Facebook may not readily be collected and stored.

Currently, the general terms and conditions of the operator provide for use of the network for private purposes only. Moreover, predominating interests of the applicant and lack of necessity as defined in the Data Protection Act are opposed to the collection of data. If the employer decides against an applicant, the job application documents must be returned to said applicant. If an action brought by the rejected applicant cannot be ruled out, copies of the documents can temporarily remain with the employer. Employee data can be stored for as long as it is required by the employer within the framework of the protection against unfair dismissal process. If the employer intends to introduce staff questionnaires, eg, in the context of works agreements, the approval of the works council must be obtained in advance (section 94 of the German Works Constitution Act) and the data privacy protection officer must be involved (section 4 of the Data Protection Act).

By conducting impermissible background checks, the employer will be in breach of the pre-contractual duty of care and of the general personality right. An impermissible background check can entail damages claims if the applicant can prove that the losses were incurred by obtaining unlawful information and that without this measure, the applicant would have been recruited. It is also possible to grant the employee damages of three monthly salaries, pursuant to section 15(2) of the Equal Treatment Act.


French law offers no explicit statutory framework for handling background checks. It contains provisions concerning admissible acquisition of data relating to applicants. Pursuant to article L.1221-6 of the French Labour Code, the employer can only obtain information about an applicant, which facilitates an assessment of their professional skills with regard to the position being offered. These professional skills must be directly required for the position. Social security enquiries about the applicant are generally prohibited, except if the applicant is not yet registered. In all other respects, personal particulars are allowed to be subject to comprehensive scrutiny. The employer can demand presentation by the applicant of the relevant job references, eg, of former employers, however, not the presentation of pay slips. In addition, the employer has the right to ask questions concerning previous positions and the grounds for their termination. The applicant’s consent relating to enquiries made to former colleagues is required.

Employers may make use of all information from the internet, irrespective of whether it was posted on social or work-oriented networks. In France, the employer is generally prohibited from reviewing any previous convictions as well as the applicant’s financial position. If applicable, the employer can – only by setting forth a legitimate interest – demand the current extract number three of the certificate of good conduct, which lists the heaviest penalties and can only be applied for by the applicant itself. An exception is made in the area of asset management, eg, in the banking industry. With applications in the areas of security or care, the employer additionally has the option, under administration law, of having police files reviewed by local government.

During the existing employment relationship, the employer as a rule (setting out its legitimate interests) can demand updated versions of the certificate of good conduct. Dismissal for breach of the duty to furnish the requested information is possible if the employee’s refusal with regard to furnishing the desired information results in disturbances in the peaceful working climate or if material qualifications for the function turn out to be false. The storage of employee data is possible after prior clarification regarding the affected employee. Employers additionally have the option of setting up biometric ID systems on their employees if CNIL (Commission National de l’Informatique et des Libertés), the French data protection watchdog, approves of their introduction. If the employer violates the above-referenced legal provisions or employee rights, the employee can claim damages or sanctions under criminal law, see article L. 1121 -1 of the French Labour Code. Pursuant to the French Criminal Code and the French Labour Code, an employer could face up to three years of imprisonment, and a fine of up to E46,000 in the event of discrimination with regard to an employee’s membership of a trade union.


In Italy, prior to the acquisition of personal data, there is no general duty to notify the applicant or to obtain the applicant’s approval. The person concerned should be informed in advance concerning the purpose of the background check, in terms of whether the data has to be surrendered voluntarily or obligatorily and with regard to the consequences of non-voluntary surrender (see article 13 of the Italian data protection law).

At the employer’s request, applicants must communicate their social security number to the employer. Publicly accessible data, eg, a birth certificate, can be perused by the employer at any time without the approval of the applicant; detailed information can only be viewed with the approval of the applicant, the employer demonstrating a special interest. The employer can comprehensively scrutinise statements made by applicants about their educational background. Upon request, schools and universities are entitled to surrender their assessments (possibly via electronic information) to the corporation. This generally also applies to enquiries made by former employers. The employer may call on the applicant to handover documents on previous nationwide convictions and pending proceedings before the court in the potential employer’s district. However, the employer may not call for bank and credit card information.

The employer’s right to information also continues to exist during the current employment relationship to the same extent as prior to recruitment. In exceptional cases, dismissal is possible if, after examination of the data, it subsequently emerges that the employee fails to meet the requirements of the position. The employer may store data in the individual case, stating a legitimate purpose, for the duration of the employment relationship. In the event of unauthorised or unlawfully conducted background checks, the employer will be liable for prosecution under civil law and criminal law. The employer will be liable to pay damages or ‘smart money’ if the processing of personal data brings about losses for the employee or if data is stored longer than permitted for the required purpose.


The employer’s right to information is determined in Denmark notably by way of the Danish Act on Processing of Personal Data, APPD. With the written approval of the applicant or employee, the employer can subject their personal data to scrutiny by means of a database governed by social security legislation. If the applicant refuses such scrutiny, the employer can refrain from recruitment for this reason provided the employer has already informed the applicant of the consequences thereof.

With regard to educational background and previous activities, as a rule, the data from the application may be verified by the employer. It is not usual in Denmark to issue job references. Applicants can, however, be called on to surrender contact data of former employers. Also in the existing employment relationship, scrutiny can take place if there is legitimate suspicion of fraud by the employee to the detriment of the corporation. If the employer acquires information via social networks, it must grant the employee the opportunity of answering. The applicant must disclose previous convictions if the offence is relevant to carrying out their duties and if there is a temporal proximity between the offence and the position. This is the case if an official permit regulated by statute for exercise of the function is required, for example relating to insurance clerks, attorneys or finance managers. The legal limits of data acquisition, notably the proportionality principle, are applicable in favour of the applicant and the employee. As a rule, the employer obtains information about relevant previous convictions from the public criminal records kept by the police with the written approval of the applicant.

The employer is authorised to keep personal data of applicants and employees by electronic means. It is permitted by statute to store data for as long as a legitimate purpose for this exists. As a rule, this data is allowed to be stored for up to six months after its transmission to the employer. Danish legislation provides for sanctions like monetary fines or damages for financial losses in the event of illegal collection of data. It is also usual to publish the corporation’s breach on the website of the Danish data protection agency.


In the Netherlands, background checks regarding applicants and employees are generally permitted, but limited by the Data Protection Act (Wet Bescherming Persoonsgegevens). Background checks are only supposed to be carried out relating to necessary data for the firm offer of a position.

The information on professional experience and educational background listed in the application, can, however, be subjected to scrutiny by the employer by making enquiries to former employers. Job references are seldom issued in the Netherlands. On the publicly accessible homepage of the Dutch courts ( employers can inform themselves about the possible insolvency of the applicant.

However, it is up to applicants as to whether they provide information to the potential employer about their financial situation and credit rating. This principle also applies to any previous convictions. Exceptions apply relating to function-related previous convictions, eg, in the case of an applicant for a position as a primary school teacher previously convicted for the sexual abuse of children.

These principles relate to the duty to provide the requested information comprehensively, at any time during the current employment period, and to the extent that scrutiny of data relating to the employee’s position is relevant, and the interests of the employer outweigh those of the applicant. In the Netherlands, the right of the employer to be able to use all private and work-related information from the internet has existed hitherto. To date, notification about the found information has not been prescribed by statute. Personal data can only be stored for a limited period. There is differentiation made between information relating to applicants who are recruited and applicants who are not recruited. Personal data relating to the first-mentioned applicants can be stored during the entire term of employment. With regard to the applicants who are not recruited, differentiation has to be made between whether applicants have consented to further storage of their data (storage for one year admissible) or not (storage for four weeks admissible). The Dutch Data Protection Commission are allowed to sanction corporations breaching the Data Protection Act with monetary fines of up to E15,000.

© Law Business Research Ltd 1998-2011. All rights reserved.

%d bloggers like this: