Xref Security and Compliance for Automated Reference Checking

As a recruiter, you’re in contact daily with sensitive employee data, including information gathered from online reference checking. But how sure are you about how safe your data is and if you're keeping to the right data security, compliance, and privacy measures?

Data protection is crucial for all HR professionals

Employment checks provide valuable information about pre-hires and are essential for decision making. Through the employment verification process, a large amount of candidate data is collected, managed, and stored by HR teams; the thorny issue is data security and protection of information. Hiring companies and their HR teams need to make reasonable security arrangements and protect the collected reference information.

The role of HR in compliance 

All organisations need to comply with employment laws, rules, and regulations of the country. Compliance is a top area of focus for HR departments and company executives. Companies face increasing complexities as the number of employment laws is on the rise, and the risk of penalties for non-compliance has never been greater. Data compliance regulations, such as the GDPR, are a great starting place for organisations wanting to address data protection. Some laws to watch out for: 

• GDPR (General Data Protection Regulation) for Europe: Regulates and protects the processing of personal information. GDPR ensures companies are transparent with the way they handle personal data for EU citizens or residents and have a legitimate purpose for using it.
  

• Australian Privacy Act: Protects the handling of personal information includes the collection, use, storage, and disclosure of personal information in the federal public sector and the private sector.

• Personal Information and Electronic Documents Act (PIPEDA) in Canada: All businesses that operate in Canada and handle personal information that crosses provincial or national borders are subject to PIPEDA. The Act ensures adequate protection of personal information. Organisations covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their data held by an organisation. They also have the right to challenge its accuracy.
  

These laws aim to protect personal data through a wide range of data privacy and security requirements. Such regulations have proved beneficial in creating standards of right and wrong usage of data. 

‍

Candidate data privacy 

Having strong privacy policies creates trust and significant reputational benefits for an organisation. A privacy-compliant company assures candidates and referees that their data is safe from unauthorised access. An HR department needs to ensure that its data sharing has a strict set of controls and policies. 

How does Xref measure up to security and compliance regulations?

To keep up with the security demands of companies, online reference checking providers need to ensure that they maintain the highest global standards. Xref ensures that it meets the global compliance and regulations requirements (GDPR, Australian Privacy Act & Personal Information and Electronic Documents Act in Canada). 

Ongoing platform development has enabled us to meet the highest security and data protection standards; Xref takes the necessary steps to ensure the data from thousands of organisations, candidates, and referees is secure. 

Our customers require an optimum level of data security; we aim to have a security-first mindset and a compliant operating environment. If you’d like to know more about what makes a reference checking tool compliant, we’ve covered it in detail in this post.

The Xref security-focussed platform

As a continuous effort to be up to date with security measures, the Xref’s platform includes:

• Two-factor authentication (2FA): an extended verification common in enterprise workplaces. Clients can add 2FA to their Xref account to verify the identity of every user attempting to access it.
  

• Extended user management: With multiple users accessing one account, the platform needs to ensure that only those who are current and appropriate have access. Xref enables account admins to manage this. Measures such as an inactive user alert notify admins of users who have not logged in for an extended time so that they can be deactivated.
  

• Advanced password and security policy alignment: Enterprise organisations globally are tightening their security measures. Xref ensures that the security of their account aligns with these requirements by enabling organisations to customise their access requirements. 
  

• Data sharing and tracking: The Xref reference checking process is typically managed and driven by HR and recruitment professionals. There could be clients who often want to share final reference reports with relevant department managers. Xref has introduced ways to enable this by creating rules that allow reports to be sent only to those defined as appropriate by account administrators. We’ve ensured that while we’ve made the solution user-friendly, it follows compliance regulations. 
  

• Location-based access restrictions: As cloud-based technologies become common solutions, organisations often seek to restrict their geographical usage. With Xref, these restrictions are possible by allowing the introduction of IP and location-based access policies to accounts.
  

• Regionalised data storage: With the introduction of the GDPR, many European organisations require all data storage and handling to be conducted in Europe. Xref has regional data centres to host European data locally.
  

• Extended security log function: Xref allows account administrations to monitor every action taken by users on their Xref account. The platform function creates an audit trail of all account activity and usage. It ensures organisations have a clear view of the handling and management of any data securely stored on their Xref account.
  

Final Thoughts:

Every employee, contractor or prospective candidate needs to know that their data is safe. While it's the responsibility of the organisation to safeguard sensitive data, the protection of data and its challenges will only increase, and it's hard to keep up with security and compliance requirements. That's where you need to turn to reliable solution providers. We take our data protection and security seriously! Xref is ISO 27001 certified and built using the highest standard of security and quality management practices. With our industry experience, we are aware of the compliance standards and offer the assurance of a fully compliant online checking platform. If you’re interested in knowing more about our solution, book a demo with our specialist today!