Just Like That? No Background Check?

James McGill, a disbarred lawyer, is looking for a new job. He is interviewing for a sales manager role at NEFF copiers – a family-owned business distributor of office photocopiers. James has no experience, but he knows his way around copiers from the time he spent in the mail room at the law firm where his brother was a partner. With his usual charms, James (Jimmy) delivers his sales pitch: “The copier is the beating heart of any business (…) you plug one of your new machines into the system (…) that is a healthy business. That is a successful business”. The owner, Mr. Neff, and his assistant are so impressed with his performance that they hire him on the spot. Then Jimmy goes “Just like that? I just came in off the street. No due diligence? No background check?” And he walks away.

The story is a scene from the fourth season of “Better Call Saul“, the popular “Breaking Bad” spin-off, set around the life of the picturesque lawyer James McGill/Saul Goodman. Although a fiction, some characteristics of the scene should string a real cord to any recruiter and HR professional: 1) the halo effect, where hiring managers let themselves be charmed by the candidate; 2) making a hiring decision immediately, without allowing room for further thought or compare with other candidates to make a better assessment; 3) the lack of a background check. All these are real shortcomings that take place more often than they should when recruiting.

In this article, we want to focus on the third one: background checks. We are not interested though in the ins and outs of background checks in Albuquerque, but on those of China.

As competition for jobs in China gets tougher along with slower growth in the economy, there is an incentive for job applicants to beautify or magnify some of their past credentials and professional achievements in their resumes. It is necessary then to confirm a candidate’s credentials and other relevant information. You can do that using background checks. Let’s review the elements you should be checking for while remaining compliant with China’s regulations on personal data.

 

In the Light of What We Know. What to Check?

It is advisable to perform background screening before making an actual employment offer. You should put every effort to verify the candidates’ basic information: level of education, past work experiences, and for certain type of roles, criminal record.

Let’s start with the education credentials. You should request the certificates and diplomas to verify the qualifications stated by the candidate in his/her resume. Since there is no central public database system in China to check for the authenticity of those documents you or a third party acting on your behalf will have to connect with the specific academic institutions. Andrew Houlbrook, a former intelligence analyst at London Metropolitan Police and now business intelligence and investigations at PSU China Consulting based in Beijing, tells chinahrnews: “A common issue is the manufacture of fake degree certificates. Vendors providing these services in Taobao or dedicated WeChat groups are just one-click away. It is all a game of confidence trickery, hoping the HR professionals won’t check”. And even when checking this might not be enough. Mr. Houlbrook also warns against diploma mills: “You may find some Chinese candidates who use diploma mills, especially overseas institutions, to look more impressive on paper, usually at MBA or master level. When you look closer, those allegedly educational institutions do not provide any education whatsoever, but issue diplomas and certificates in exchange for a fee.”

Checks on previous professional endeavors are relatively straightforward. With the candidate’s provided references and his/her consent, you can contact former employers. In addition to that, it is useful to look a little further: “Past terms of employment and employers are fine but also look at what is not in the CV, like undeclared company involvements”, says Mr. Houlbrook. “Candidates may have business ties with companies that weren’t specified in their CV. Sometimes these other business involvements can be easily explained since there is no conflict of interest with the employer’s business operations. Other times, clients are interested in knowing about why the candidate left a previous role: they see an early exit from a past employer and want to know what happened”.

 

“When outsourcing background checks in any capacity you must really understand your third parties and who you are working with. Understand their business model. Criminal law will come into effect if you are sourcing information using incorrect channels”

 

The most complex screening involves checking for criminal records. Certain jobs in China require to have a clean criminal record. These jobs are referred to as “CNNC jobs”, with the acronym standing for certificate of non-criminal conviction. To check for a Chinese national criminal record, an employer can ask the candidate to present it. The law is not clear on whether a CNNC can be provided if the candidate is not applying for a CNNC job (the applicants must submit, among other application documents, an introduction letter from the employer). The CNNC is issued by local security bureaus, at the request of the candidate. An employer cannot request the CNNC directly by itself.

In theory, it is possible for the employer to walk in together with the candidate into a local security bureau or police station to request the CNNC. However, there are many instances in which this might not work: the staff is not familiar with the certificate, or it is but refuses to release it, the file is not stored properly and cannot be retrieved, etc. As Mr. Houlbrook points out: “There is not enough consistency or clarity around these procedures”.

Some agencies provide CNNC’s on request. They claim to have access to criminal record databases of the Ministry of Public Security. However, how exactly they obtain this data is often not transparent. Mr. Houlbrook recommends “When outsourcing background checks in any capacity you must really understand your third parties and who you are working with. Understand their business model. Criminal law will come into effect if you are sourcing information using incorrect channels”.

The only way to get an effective glimpse of any kind of risk or record of any involvement in legal matters from a candidate is via desktop-based online research. This is also the best way to remain compliant with local regulations. “Finding information on criminal records is hard, but not impossible. It takes skills, some time and some patience. Knowing which sites to search, understanding the peculiarities of these sites, and how to research for keywords is something you learn. For example, we source information directly from open court records since this information is publicly available in China. Additionally, it is not only about the individual and search terms around that individual. If he/she was holding an executive position, you might want to look also into some financial issues with the company while that individual was employed there. You can also look at local court records and try to spot issues that came to the surface when that individual was in charge”, adds Mr. Houlbrook.

 

“(Companies) need an assessment in a matter of days, but there is enough information publicly available to be able to provide a risk indicator to support their decision-making process”

 

Background screenings based on online research have their limitations, but the methodology provides quality results in a timely manner. Mr. Houlbrook acknowledges: “You cannot conduct a thorough investigation to produce hard evidence. Clients need an assessment in a matter of days, but there is enough information publicly available to be able to provide a risk indicator to support their decision-making process”.

 

Staying on the Right Side of the Fence. Legal Provisions in China on Data Privacy

In China no explicit legal provisions are preventing an employer, or a third party acting on behalf of an employer, to conduct background checks on candidates.

As of November 2018, China lacks a comprehensive data protection law. However, this does not mean there are no significant legal considerations to take into account before engaging in background checks involving sensitive personal information.

China’s regulatory framework for privacy protection spans through laws and regulations across civil, administrative and criminal areas. In this article, we provide just a short review of the current framework, but this should not be taken as legal advice. To seek legal counsel reach out to specialized bureaus on the subject.

The Tort Liability Law (since July 1st, 2010) includes provisions that relate to the protection of personal data. Article 2 details a list of eighteen civil rights that are protected under the Law, one of them being the right to privacy. If an individual considers his/her right to privacy has been undermined, he/she may sue against the injuring party to seek compensation.

Under China’s Criminal Law (Art. 253), individuals selling or illegally providing personal information obtained from his or her employment are committing a criminal offense. It also applies to individuals acquiring such information (by stealing or by any other means). If those individuals act on behalf of a company or any other type of organization, the entity is subject to a fine and the individuals responsible or directly involved could face imprisonment of up to three years, criminal detention and fines.

The Cybersecurity Law of the PRC (CSL) is perhaps the most relevant piece of regulation for this article, and also the most recent. The Law is valid from June 1st, 2017. The CSL provides a series of data protection provisions in the form of national-level legislation. It is considered a milestone towards the implementation of a national protection law. It defines personal data as information that identifies a natural person either by itself or in combination with other information. That includes a person’s name, address, telephone number, date of birth, identity (ID) card number, medical records, genetic and biometric information, bank account information and transaction records, e-commerce sites account information and transaction records, and personal consumption habits.

A detailed national, non-binding, standard known as the Personal Information Security Specification – making for the unfortunate acronym PISS – came into effect on May 1st, 2018. The PISS separates between general personal data and sensitive personal data. The latter may include, among others, personal ID card numbers, health and biometric data, bank account numbers, personal communications, and credit records. To collect sensitive personal data from an individual requires his/her express consent (in writing or via other affirmative action) only after the individual has been informed of the purpose and intent of collecting such data; for general or non-sensitive personal data, tacit consent is enough (i.e., the individual did not oppose to it).