One of the most common questions we get asked is how our searches comply with GDPR. In particular, there are always questions around privacy, data protection and social media screening. Our searches are fully compliant and are always updated to reflect any changes in regulations – but questions are always asked once social media is added to the checking process.
Here’s some common questions we get asked:
Do you need consent under GDPR to run these checks?
Are social media checks common practice?
Can the candidate see their report?
While I need to manage risk / comply with regulations, I don’t want to be intrusive…
Here’s a breakdown of current regulations, the risks of running checks internally and tips on how to stay compliant.
International Social Media Screening
Social media screening as part of background checking has existed in some form since the platforms began and recent studies suggest their deployment is only going to increase.
The US government introduced a new visa procedure in 2019 which demands foreign visitors applying for working visas to disclose their social media accounts on their applications. They see social media as a reliable and valuable way to review a person’s behaviours and attitudes, beyond just database or box-checking exercises.
With the use of social media screening growing, the need for a consistent, regulated approach is obvious.
What are the data protection laws when it comes to social media?
Data protection laws are different all around the world, so the complexities change depending on the jurisdiction. The EU, for example, takes data protection very seriously and in 2018 brought in the GDPR.
We’re all familiar with the basic ins and outs of the GDPR by now and the hefty fines that can be given out for breaking these guides.
Specifically relating to social media, the GDPR states that employers should notify candidates before viewing their social media accounts unless they have a lawful basis for processing data – such as consent or legitimate interests. It goes on to state that employers should only take into account data that is relevant to the role.
As a third party background screening provider, at Neotas we have “legitimate interest” to perform these checks for business purposes, as requested by our clients. Our reports only include role-related risks and our policies are consistently updated to reflect changes in legislation.
Screening to be conducted as late as possible in the recruitment process (to avoid the opportunities for human bias)
Candidates should be made aware of any screening that will take place and how it will be conducted
Only accessing publicly available information
Screening levels being proportionate to the seniority of the role
The overall guidance here is clear:
Only review relevant, role-related data
Ensure that protected characteristics remain protected
Only process data if you have a lawful basis for doing so
The Risks of Internal Social Media Screening
The risks that come with carrying out social media background checks in-house are significant. By combing through a candidate’s social media accounts, protected characteristics (such as race, sexuality, political stance) are unintentionally revealed to internal staff.
Whether intentional or not, it’s both illegal and unethical to make hiring decisions based on these characteristics. Internal staff are left exposed to potential accusations of unconscious or discriminatory bias, accusations that could prove costly in any legal proceedings. It would be difficult to legally argue that discriminatory bias hadn’t taken place if staff were exposed to personal data for potential new hires.
Using Third Party Background Screening Providers
Using a third party background screening provider is the best way to avoid these risks and the financial or reputational damage that can come with them.
While they may mean well, internal staff are less likely to be trained in data handling and may be less aware of the stringent GDPR practices that must be followed.
Third party providers like Neotas are externally audited, regulated by industry standards and often hold external certification to process sensitive data. At Neotas, we are:
Alongside the technical certifications, third party background screening providers are completely objective. Providers like Neotas have zero hidden agendas and we only ever present relevant, role-related risks in our reports. Our role is to demonstrate that the candidate meets the level of honesty and integrity expected of their new position.
Lastly, the technology used is cutting edge, capable of processing data at hugely efficient speeds. Our AI and machine learning technology processes vast quantities of data, highlighting potential risks before context is applied by objective human analysis. This way, protected characteristics remain protected and candidates need not worry about their new employer seeing old holiday photos.
2020 proved to be a truly remarkable year globally, with all industries feeling the impact and repercussions of the pandemic. Throughout the year, we provided thousands of objective background check services, from pre employment background screening through to a host of third party due diligence services.
While the exact results of course remain strictly confidential, here’s a sneak peak into some of the data trends and highlights from an unprecedented year.
What is included in a background search?
First of all, let’s establish what’s included in our searches. Our background check services scour the web for anindividualor organisation’s full digital footprint, from surface level through to the deep web.
Standard background checks like DBS checks can be limited to just checking databases, while we go a step further and leave no stone unturned. For HR & Recruitment purposes our pre-employment background checks canlook intoemployment and education histories, criminal activities and social media screening.
A Neotas third party due diligence search often includes all of the above, plus checking against international PEP & sanction lists, investigating business networks and a host of anti-fraud checks.
Whether it’s cross referencing employment data with digital records, or assessing international networks or criminal links, there’s no time or jurisdiction limit on our searches.
How are we able to search for this?
Our enhanced due diligence methods combine proprietary AI technology with machine learning and expert human analysis. We’re able to identify business risks that wouldn’t appear in other searches.
Simply put – we process more data, from more sources than traditional searches.
So what did we find in 2020?
To be brief – a lot.
Nearly a third of cases through 2020 uncovered medium-high risk behaviours, warranting further investigation. So what types of behaviours do these include?
3-5% display red flags Red flags highlight high-risk behaviour for serious indiscretions such as inappropriate or sexually explicit content, substance abuse, violence, racism, PEPs or previous sanctions.
20-25% display amber flags Amber flags refer to medium-risk behaviour that may be inappropriate, but needs further investigation. Such as: employment or education inconsistencies, adverse media, undisclosed directorships.
70-77% display green flags Green flags return no obvious indiscretions. These cases are verified and the suitability of the candidate or deal is confirmed.
What is Red Flag Behaviour?
Up to 5% of cases displayed what is determined as a serious, or red flag, risk. Neotas searches all publicly available data from financial & tax records to social media accounts. As a result, red flags can vary from serious undisclosed financial conduct to consistent patterns of discriminatory behaviour.
Our recommendation would always be to investigate these behaviours further and likely take action to lower the risk of financial or reputational damage.
Download the full report to reveal the most common red flag behaviours.
We would never reveal exact case details and all of our reports are held to the highest data protection standards. These are some anonymised examples of the types of the most serious cases discovered in 2020:
A founder CEO who boasted about having defrauded his public sector client and threatened exiting staff with violence
A COO who needed to be removed for consistent racist and misogynistic abuse of staff
A founder who rewarded their salespeople for dirty tricks against clients by sharing cocaine
What is Amber Flag Behaviour?
Up to 25% of cases displayed consistent behaviours that could pose potential risks to businesses or individuals. While not all of the behaviours flagged here lead to further action or qualify as red flags, our human analysts apply context to the findings and highlight those that warrant further investigation.
Although an amber flag may not appear as serious as a red flag, they still pose serious potential risks. The most commonly flagged behaviours include employment inconsistencies, links to explicit content and undisclosed directorships – all of which come with the potential to escalate into a costly or damaging situation.
2020 Insights & 2021 Predictions
While global restrictions remain in-place and business interactions become more digitised, effective verification and vetting processes have never been more critical. With due diligence requirements also continuing to change year-on-year, it’s crucial to stay ahead of the curve and use all of the resources available.
Vero Screening recently published their predictions for employment screening trends in 2021. They predict that social media background checks in particular will become a critical part of the screening process as the workplace become less familiar amidst the ongoing restrictions.
In 2020, nearly a quarter of cases reviewed highlighted a potentially serious business risk, so the need for thorough checks is clear. Third party due diligence and employment background checks lower risks by being both objective and comprehensive. Only with this added security, can a business move forward with an investment or potential new hire with confidence and peace of mind.
We would love to chat to you about your background checking and due diligence needs, please feel free to schedule a call here. Alternatively, you can build a no-obligation quote using our pricing tool here.
What makes an expert background check from Neotas different?
We are experts in background screening, from pre-employment online reputation checks to online due diligence for financial institutions. But background checks are nothing new, right?
We know that there are lots of companies providing different types of background checks out there, so why are ours different? Here’s why…
What is covered in a standard background check?
Everyone in recruitment for high-risk roles has to run standardised background checks and regulators require due diligence for financial services organisations. But what are these standardised checks and are there any weaknesses?
Typical background screening can include any number of elements including criminal (DBS check) and credit checks, references, qualifications and employment history, PEP & sanction list checks and media database searches. The issues with traditional background checks is that they’re limited by their very nature.
References, qualifications and employment history are all easily falsified while many of these checks, while effective, simply tell you whether a company or individual appears on a database or not. It’s a straightforward exercise that isn’t always robust or complex enough for properly identifying risk.
A DBS check, for example, is limited to show only crimes committed and convicted in the UK. What about international crime or migration? How much does it tell us about a person’s personal behaviours? What if there are non-convicted crimes from their past that could pose future reputational risks?
Then there are the issues around manual, in-house checks. These are often time consuming, resource draining and run the risks of bias. Exposing internal staff to bias, or accusations of it, could be seriously damaging to any organisation.
As experts in background screening, our reports are completely objective and all-encompassing, best of all they are supercharged by incredible advanced technology. We use OSINT (Open Source Intelligence) to Go Beyond our competitors and current services listed above into data that isn’t covered in standardised checks. We paint a complete picture.
The Neotas methodology leverages open source intelligence by combining proprietary algorithms, machine learning, natural language processing, and human input to investigate individuals and entities in core risk areas.
Open source data isn’t exclusive to Neotas, it’s publicly available and everyone has access to it – but only experienced industry specialists like us have the skillset and technology to unlock it fully.
Best of all? We’re able to guarantee results at a fraction of the cost and in a much faster timeframe than traditional risk consultancies.
“Our results continually show that we are providing more information than any other screening system out there” Ian Howard, Founder, Neotas
Do enhanced checks replace standard background screening?
We don’t replace existing checks, we supplement them and enhance the results. The traditional checks listed above all have their strengths and many remain legal requirements for certain roles or regulations.
By supplementing standardised checks with OSINT, we uncover 100% of publicly available data, from surface level (search) through to the deep and dark web. In contrast, typical online or desktop search facilities can only account for 4-6% of available information.
This process enables Neotas to accurately report on the character, behaviour, networks and risks associated with the subjects it investigates and highlight critical information that is not identified by the traditional desktop tools. Using OSINT provides a richer, more complete profile of real people – not just database results.
Are Neotas background checks compliant with all regulations?
Our searches and results are all completely in the public domain. All searches and results are fully compliant with GDPR and all other regulatory requirements. That’s guaranteed. So what are the expectations for the regulators?
The regulators, including the FCA, expect any information in the public domain to be used in risk-based decisions. In these cases, lack of knowledge would be hard to defend when the data is so readily available.
Organisations such as Thomson Reuters and LexisNexis collate adverse media data from sources like news websites, online search and sanction lists. Our definition of “media” takes that one step further.
We collate information from the full digital footprint of a business or individual, including social media. This advanced definition of media is crucial and continues to evolve all the time. With new mediums constantly developing, it’s critical that background screening stays relevant this way and continually adapts to include new channels.
Is social media screening ethical? Do background check results stay private?
Privacy matters at Neotas. Our reports ensure that protected characteristics stay protected. As a third party, we will objectively review a lot of information but only the incidences flagged as risk indicators will be reviewed. We only include relevant data in the report.
Our role will only ever be to demonstrate that a candidate or business meets the level of honesty and integrity expected, then highlight any points of concern.
“… using Neotas allows us to cover potential risks more thoroughly at lower cost to our clients.” Mike Hicks, Founder, Catalysis Advisory
What is shown on a background check report from Neotas?
Our reports are clear, concise and always supported by clear evidence. We identify risk indicators using a traffic light system. “Red flag” behaviours indicate serious risk, “amber flags” show potential risk that may warrant further investigation. A “green flag” shows minimal risk and confirms the suitability of the candidate or investment.
In all cases, the crucial element for a Neotas search is the context we provide. In due diligence cases, our report provides detailed evidence and an audit trail – including source, screenshot and relevance. We assist clients by providing a framework to help with their decision making processes, ensuring that AI powers the search but our clients make the final risk decision.
For HR and Recruitment, context is equally important. Our HR and Recruitment reports highlight clear risk indicators like abusive or discriminatory language, violence or undisclosed criminal behaviour. We search only for role-related risks and behaviour patterns, reports do not display personal, sensitive information or content.
How is a Neotas search more advanced than standard background checks?
Our signature blend of AI, machine learning and human analysis means we can process data at a hugely efficient rate while producing the highest quality search results. This technology drives all of our searches and is one of the main reasons why we’re able to provide high-end checks both faster and in a more cost efficient way than our competitors.
Although Neotas searches are powered by advanced technology, human analysis remains critical to what we do. Qualitative analysis of reports ensure all results are fully contextualised and that only clear risk indicators are included.
Can Neotas provide international background checks?
Harnessing this advanced technology makes it possible to interrogate unindexed and unstructured information across global data sets and languages, with zero false positives and on an unlimited timeline.
Using in-house skills and machine translation tools, our searches are able to process data in over 200 languages. We provide enhanced due diligence across global jurisdictions, removing the limitations of traditional criminal or background checks that may only investigate localised or regional databases.
In practice, this technology enables us to identify international aliases, networks and financial data in a rapid turnaround time.
What bodies regulate Neotas background searches?
As a member of AFODD, we guarantee to provide results that have been obtained entirely within the law through access to publicly held information. The rigorous membership criteria ensures that services are held to the highest standards, providing confidence to organisations who want to use internet searches for pre-employment, due diligence or KYC purposes.
Alongside AFODD, we hold ISO 27001 and POSS (Personal Online Screening Standard) certification. ISO 27001 is the highest international standard for managing information security. POSS guarantees that our DD searches are carried out by qualified experts, with consent, and fully in line with UK data protection laws.
How will these background searches protect your staff and reputation?
Accusations of bias, whether conscious or unconscious, can be damaging to any organisation or individual. The real risk comes when these checks are conducted internally. Internal checks leave compliance personnel and recruitment managers exposed to accusations of bias when reviewing potentially sensitive data.
Legally, it’s hard to prove an organisation didn’t use the information seen by an employee to inform any decision. I.e, in the event of a claim, it may be assumed that if you accessed information, you used it to inform your decision. Outsourcing removes this possibility. Neotas are able to process vast amounts of data objectively, only presenting the relevant, risk-based results.
Do you only background check suspicious profiles?
Up to 25% of our cases in 2020 identified at least an “amber flag” within the report, with up to 5% displaying more serious “red flag” behaviours. With a quarter of cases needing further investigation, deeper analysis insight is clearly critical for safeguarding businesses and improving decision making.
Equally important is that 75-80% of cases return “green flags” – confirming the suitability of a candidate or investment. This confirmation can act as a final seal of approval on a potential investment or hiring decision and comes with a guarantee of zero false positives.
Here’s the Difference
We have the benefit of being experts in background screening and ultimately, our role is to bridge the gap between the information that’s available and the information that’s leveraged for risk-based decision making. The data itself is useless without the tools, insight and deep industry expertise to analyse and contextualise it. There’s where Neotas make the difference and that’s what sets us apart.
We harness proprietary advanced technology to provide insights that are high quality and hyper-accurate, all while keeping costs low. We guarantee to lower risks and improve decision making, that’s the real difference.
“Fraud and deceit are anxious for your money. Be informed and prudent”.
– John A. Widtsoe
International Fraud Awareness Week
Neotas have joined the global effort to minimise the impact of fraud by being a supporter of International Fraud Awareness Week (IFAW). IFAW, or Fraud Week, is celebrating its 20th anniversary this year and is organised annually by the ACFE, the world’s largest anti-fraud organisation.
Throughout the week, supporting organisations and individuals share resources and engage in conversation online, in an effort to proactively fight fraud and help safeguard businesses from this growing problem.
Rise in Fraud Cases
In their 2020 Report to the Nations, the ACFE compiled data from 125 countries to help explore the costs, schemes, victims and perpetrators of fraud. Alarmingly, amongst their findings they discovered that companies lose an estimated 5% of their revenue annually due to fraud.
A recent BBC investigation also highlighted how fraudsters had hijacked the government’s Bounce Back loan scheme, resulting in potential taxpayer losses of up to £26bn through fraud, organised crime or default.
*The ACFE, Behavioral Red Flags of Fraud, 2020
The ACFE’s Report to the Nations (2020) found that just 12% of fraudsters are being caught and convicted. As a result, it’s important to identify robust, future proof tools for trying to safeguard businesses and individuals from the risk of fraud.
Alongside internal measures like employee training and procedure updates, effective background screening can play a crucial role, whether it’s pre or post employment, or as part of due diligence checks. This is where the power of OSINT comes in.
Enhancing Existing Searches
Search engines reveal just 4-6% of available data, while traditional background checks like DBS or credit checks are limited by their very nature, they only identify whether a subject appears on a set of specific databases. Our OSINT specialists are able to scour 100% of open source data in over 200 languages, leaving no stone unturned.
Using a combination of machine learning, AI and human analysts, Neotas are able to identify “red flags” for fraudulent behaviour within a matter of days – potentially saving individuals or organisations from the risks and harmful nature of fraud.
Through Enhanced Due Diligence, we recently uncovered a subject who had hidden a past conviction for fraud worth over $50m. Having changed their name and moved to the UK, they had escaped traditional customer due diligence but by supplementing these checks with OSINT, we found a network littered with criminal ties, bribery and corruption. Only through these insights were we able to help protect our client and their business.
Our team of experts have continued to educate themselves on the latest anti-fraud measures, including taking part in seminars throughout the week and competing against each other with the Fraud Week trivia quiz.
Fraud Week Trivia
To support Fraud Week, we posted daily trivia questions through social media using the official hashtag #FraudWeek:
89% of responders answered correctly that 5% of revenue is lost annually to fraudulent behaviour
Two-thirds of responders knew that 54% of organisations don’t recover any financial losses when falling victim to fraud
Nearly 75% of responders believed that strengthening internal controls would reduce a fraudster’s opportunity to commit fraud
Just 27% of responders knew that 39% of fraud is detected through tips, with the remaining answers all opting for lower percentages
When it comes to identifying fraudulent behaviour, a quarter of responders felt that missing funds was the key indicator, while the remaining majority believed it to be a combination of missing funds, lack of policies & procedures and missing documentation
Based on the results, responders overwhelmingly recognised the financial impact of fraud. The results were more varied when it came to identifying fraudulent behaviours and the ways to prevent them moving forward. What is clear is the need for the continued development of future-proof anti-fraud measures like training and robust, technology-driven background screening.
We’d like to say a big thanks to everyone who took part.
For more resources and more information on Fraud Week, you can head here.