Legal

Laws around background verification in India

Image Source- Facebook
Image Source- Facebook
Spread the love

Introduction 

In today’s competitive job market, employers in India often rely on background verification processes to make informed hiring decisions. However, it’s crucial to navigate the complex legal landscape surrounding Background Verification laws with a trusted Background Check Company to ensure compliance with Indian laws and protect the privacy of candidates.  

In this blog, we’ll delve into the laws for background verification in India and highlight key regulations that employers and background check agencies need to be aware of. 

Laws Around Background Verification in India  

The Legal Framework 

Conducting a background check in India is legal, provided it adheres to Background Verification laws, government guidelines and obtains necessary permissions. Employers and background check agencies must ensure they have the candidate’s consent before initiating any verification process. Moreover, the information collected during background checks should be handled confidentially and not shared with unauthorized parties. 

1. Sensitive Personal Data or Information (SPDI) Rules 

One significant regulation employers and Background Check Companies must adhere to is the SPDI Rules. These rules state that any “sensitive personal data or information” collected with consent should only be retained for the lawful purposes for which it was collected. This ensures that unsuccessful candidates’ sensitive information is removed from the employer’s database after a reasonable retention period. This measure is designed to protect candidates’ privacy and prevent misuse of their data. 

See also  Benefits of Hiring a Car Accident Lawyer After a Crash

2. The Digital Personal Data Protection Bill, 2022 

The Digital Personal Data Protection Bill, 2022, emphasizes the importance of obtaining clear and informed consent from the data principal (the individual whose data is being processed). Data fiduciaries (entities conducting background verification) are responsible for providing detailed, plain-language notices to data principals, outlining the personal data collected and its purpose. The bill also mandates the implementation of reasonable security safeguards to prevent data breaches, irrespective of any agreements or non-compliance by data principals. 

  1. Data Privacy Laws: India’s data privacy laws are continually evolving. Employers must stay up-to-date with relevant laws for background verification when collecting and storing personal information. Consent from the candidate is crucial, and data should only be used for its intended purpose. 
  1. ISO 27001 Certification Requirement: Indian companies or background check agencies with ISO 27001 certification are required to conduct background screening for employment, making it an essential aspect of the hiring process. 
  1. Privacy of Sensitive Information: Employers cannot access sensitive data, such as medical records, financial background, or biometric data, without the employee’s permission. 
  1. Social Media Scanning: Currently, there are no laws in India preventing companies from scanning candidates’ social media profiles during background verification. 
  1. Governing Laws: The collection of personal information and sensitive data in India is governed by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules) and the Information Technology Act, 2000. 
  1. Consent Requirement for Sensitive Data: The SPDI Rules mandate obtaining prior written consent before collecting sensitive personal data, including during background verification
  1. Exception for Publicly Available Information: If the information collected during background verification is publicly available, such as court records or criminal history details, the obligations under the SPDI Rules may not apply.
  1. Retention Period for Sensitive Data: The SPDI Rules require sensitive personal data or information to be retained only for as long as necessary for lawful purposes and to be deleted from employers’ databases after a reasonable retention period for unsuccessful candidates. 
See also  9 Reasons for Hiring the Best Workers' Compensation Lawyer in Portland

How do privacy laws affect background checks in India? 

If you’re in India and involved in background checks for employment, as an employer, Background Check Company or other purposes, you need to know about this important Background Verification law- Digital Personal Data Protection Bill, 2023. This new law, which was introduced in August 2023, affects how personal data can be processed, including for background checks. 

What is the Digital Personal Data Protection Bill, 2023?  

This bill is all about protecting your personal information. It applies to any digital personal data collected in India, whether online or offline if it’s later digitized. It even applies to data collected outside India if it’s used to offer goods or services in India. Personal data here means any information that can identify you. Processing includes collecting, storing, using, and sharing this data. 

Obtaining Permission to Handle Personal Information: Legal regulations dictate that personal data should only be employed for legitimate reasons following an individual’s agreement. Prior to data gathering, it’s essential to issue a notification elucidating the specifics of the data being collected and the purpose behind it. Crucially, individuals have the right to retract their approval whenever they wish. Nevertheless, certain circumstances allow for data usage without explicit consent. Legitimate purposes, such as governmental services or medical emergencies, may not always necessitate consent. In the case of individuals under 18, their parent or legal guardian grants the necessary consent.

Rights and Duties: If your data is being processed (you’re the data principal), you have rights. You can ask for information about how your data is used, request corrections, nominate someone to manage your data in case you can’t, and file grievances. But remember, you must not file false complaints or provide false information, or you could be fined up to Rs 10,000. 

See also  4 Reasons to Hire a Car Accident Attorney in Utah

Responsibilities of Data Fiduciaries: Organizations that collect and process data (data fiduciaries) have duties too. They need to ensure data accuracy, have security measures to prevent breaches, report breaches to the Data Protection Board of India, and delete data once its purpose is fulfilled. Government entities have some exceptions. 

Transferring Data Abroad: This law for background verification allows personal data to be transferred outside India unless the government restricts it through notification. 

Exemptions: In certain cases, the rights of data principals and obligations of data fiduciaries might not apply. This includes activities like preventing and investigating crimes or enforcing legal rights. The government can also exempt specific activities, like research or archiving, from the law. 

Data Protection Board of India: The government will set up the Data Protection Board of India. This board monitors compliance, imposes penalties, directs action after data breaches, and handles grievances. Board members serve for two years and can be re-appointed. If you disagree with the board’s decisions, you can appeal to TDSAT. 

Penalties: There are hefty penalties for not following these rules, including up to Rs 200 crore for not protecting children’s data and up to Rs 250 crore for failing to secure data properly. The penalties will be decided by the Data Protection Board after an inquiry. 

In a nutshell, if you’re conducting background checks in India, you’ll need to follow these new privacy laws closely to ensure you’re compliant and avoid substantial penalties. 


Spread the love
, , , ,
Shabir Ahmad

Posted by

Shabir is a Guest Blogger. Contributor on different websites like ventsmagazine, Filmdaily.co, Techbullion, and on many more.