Crew Verification v Vetting

What's the difference, and why is it important❓

✅ Verification = checking facts that someone has provided about themselves.  Pretty low risk and it can be easily rebutted or conclusions challenged objectively

🔍 Vetting = gathering information from external sources and drawing conclusions.  An essential safeguard when handled with care, fairness and clear communication

❓Should I do it❓

Vetting is a practical and necessary step to protect everyone onboard. But - if you're going to do it, do it well.

The desired outcome (protection) needs to be balanced with the impact and rights of the individual (fair decisions, right to private life).

💡 My Top Tips

1️⃣ Understand (and document) why you are doing it and what you are seeking to achieve

2️⃣ Have a vetting process: who, what, how, when

3️⃣ Make it clear to the individual early in the selection process that vetting will occur, and the timing and extent of the checks

4️⃣ What is the best way of carrying out the checks - will you do them internally or via an agency?

5️⃣ Know your legal basis for processing (and your additional basis if there is any special category or criminal conviction data). If you are using legitimate interests you'll need a Legitimate Interests Assessment

6️⃣ Check your retention policy. The ICO recommends that the information obtained by a vetting exercise is destroyed as soon as possible, or in any case within 6 months.  A record of the result can be retained

7️⃣ Understand the circumstances in which you will allow the candidate to make representations about the information, is there a right of appeal? Information needs to be accurate (individuals have the right to rectification) and is likely to be accessible under a Data Subject Access Request

8️⃣ Do a Data Protection Impact Assessment

The quality of the gathering and assessment process can have a significant impact on individuals.  If you use an agency, understand their processes and the standards to which they adhere. There are no legal requirements to practice so ensure they have experience and training in techniques such as OSINT (open source), SOCINT (social media), HUMINT (human intelligence).

‍