02/02/2011 - Protecting Employees’ Personal Privacy

What happens to the personally identifiable information (PII) that I send to BackTrack on my applicants? Is it safe? Do my employees get added to mailing lists or is their data sold to other data brokers?

Clients send us hundreds of pieces of PII daily, and BackTrack is committed to protecting the employee data that is entrusted to us. Our computer systems are password protected and not stored on laptops, one of the biggest sources of accidental data breaches. Information remains in our office, is handled by our internal staff and is not sent offshore.

BackTrack requires strong passwords from both our employees and our clients in order to access any applicant data in our system. Clients and employees are given explicit instructions on how to create strong passwords, and all passwords must be changed every 90 days.

BackTrack’s information security policy and practices include information related to protecting consumer information in hard copy and electronic form from internal and external unauthorized access. We have procedures in place to detect, investigate and respond to an information system intrusion. We also have physical security in place to control physical access to all areas that contain consumer information.

We follow the FTC guidelines regarding the destruction of data:

• All papers are shredded onsite by our shredding company. Our Security Manager oversees the destruction of paper files to ensure that they do not leave our premises until after they are shredded.
• Papers may not be discarded in wastebaskets and must be placed into the locked shred bins. Papers must be placed in the shred bin daily and may not remain on desks overnight.

• Computers and copiers that are no longer needed are wiped clean of any data. Information from our database that contains personally identifiable information may only be accessed by computers in our office that are connected to the BackTrack network.
• Any CD Roms that contain data are run through a machine that destroys that data and makes them unreadable.

BackTrack has policies and procedures in place to ensure that social security numbers, dates of birth, drivers license information is truncated or masked before being sent out of our office to vendors, employers, schools or other entities. Before any faxes are sent outside of our office, our staff reviews them to be sure that any PII has been blocked.

Information on applicants is only sent to our client who initially requested the information. We do not sell mailing lists containing applicant data, nor do we sell the data on your applicants to other companies or data brokers. Our philosophy is to handle the data on your applicants as if it were our own.