Latest News

Exercising superior investigative techniques, technological innovation and dedicated customer service, we educate and empower our partner clients to make informed business decisions and to employ world-class risk mitigation plans.

January 17, 2017

Best Practices for Background Check Privacy and Confidentiality

Performing employee Background Checks for new hires doesn’t give you the right to compromise the candidate’s privacy.

Every business should run an employee background check on potential staff members to be absolutely sure that they are hiring the right person for the job. From a personal reference check to credential checks, criminal background checks and other employee background checks, you probably have a long list of things to investigate before you make an offer.

While that is entirely understandable, if your business has an annual turnover of $3 million or more, you will need to comply with the Australian Privacy Principles, which govern what businesses can ask of their employees and prospective employees, how they must store that information, and what they can do with it. So, before you start delving into that potential new hire’s past, make sure you are following these best practice rules:

  • Remember that even though the APP is only required of private businesses with a turnover of $3 million or more, most healthcare businesses and a few others, it’s always advisable that all companies try to adhere to these best practices, simply to avoid any trouble down the road.
  • Remember that personal information gleaned through employee background checks is not limited to the obvious like medical records or credit history. Ethnicity, race, religion and even photographs can be considered personal information, so if there’s any doubt, err on the side of caution!
  • In most cases, if there is no reasonable requirement for you to have certain information, it’s best not to request it. For instance, if an employee will never be handling money, a credit check could be an invasion of privacy!
  • If you do have a justifiable need to request certain information, make sure you request it in writing, and outline what it will be used for and how (and if) it will be stored.
  • When it comes to storing personal information about employees, you have a responsibility to ensure that it is secure. It may be wiser to store highly sensitive information in hardcopy format than online, where it may be vulnerable to attack.
  • If you do have a genuine need to access specific personal information, and you do need to update information regularly, make sure employees understand the schedule for those updates.
  • Ensure that you have a policy for dealing with personal information when employees leave your company, for whatever reason. Define what will be retained and why, and develop processes to destroy any information that you don’t need to retain.
  • Understand that under certain circumstances, personal information can be requested by third parties, usually government agencies. Make your employees aware of when and under what circumstances you may share their information, and with whom.
  • Develop a company policy to handle references. Remember that it’s not a breach of the APP to provide certain information to future employers of your former employees, but make sure you know what you may disclose and how.
  • Make sure that you have a documented email and electronic policy, and that employees are aware that the information they transmit and receive on company email accounts and equipment may not be private.

Companies will always require a certain amount of personal information from their employees, and that’s not going to change any time soon. Make sure that you stick to what is absolutely necessary, and that you commit to employee privacy. If in doubt, hire a third-party company to conduct employee background checks for you.

Breaching the APP can get you into big trouble, and depending on the severity of the breach, can result in costly law suits. Do what you need to do, within the law, but always remember that the golden rule is to respect employees’ right to privacy.


Prior to requesting your own check please confirm, prior to ordering, if our reports will be acceptable to the agency you are providing the report to.

Many countries will not provide official government responses. It is your responsibility to confirm if our reports are acceptable and AIS makes no warranties of their acceptance.

Download a copy of our Group Services Brochure