Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
More and more businesses — especially those in highly regulated industries such as banking, telecommunications, and health care — are engaging in “vendor management” as they implement increasingly rigorous information security programs. Confirming the trustworthiness of vendors’ employees who are permitted on premises or who are authorized access to sensitive information is a cornerstone of such programs. Consequently, these businesses are starting to make a variety of demands in contract negotiations and requests for proposals (RFPs) for background checks and drug-testing of vendor employees.
The demands vary based upon the industry and the company. At a minimum, these businesses require their vendors to certify that employees who will be working on the customer’s account have successfully completed a background check and a drug screen. At the other end of the spectrum, businesses specify the contents of background and drug screens and demand the right to audit the results or even conduct their own background checks and drug tests of the vendor’s employees.
These demands put vendors “between a rock and a hard place.” On the one hand, vendors want to maintain strong relationships with valued customers and win contracts with new customers. On the other hand, turning over background checks and drug test results to a customer can raise red flags with the vendor’s workforce regarding their privacy. And, if not properly handled, the issue can mushroom into an employee relations nightmare and expose the vendor to privacy-based claims. The problem is particularly acute for vendors who have not previously required current employees, or even job applicants, to submit to background checks or drug tests.
Here are three of the steps vendors might consider to avoid this catch 22:
- Consider making reasonable counterproposals to customers. Expressing a concern for the confidentiality and security of the sensitive, personal information of your employees demonstrates awareness of the importance of information security. It also provides you with the opportunity to reinforce your commitment to protecting your customers’ privacy.
- Do not automatically agree to demands without first determining whether they would require your organization to violate often-stringent drug-testing and background check laws. Businesses engaged in vendor management sometimes make broad demands without considering the nuances of state and federal privacy laws.
- Consider implementing a drug testing policy and a background check policy. Distribution of these policies provides an opportunity to communicate the important business interests at stake and the efforts being made to protect employees. At the same time, the policies can be used in contract proposals to demonstrate the company’s commitment to providing only trustworthy employees to work on customer accounts. And, in some states, distribution of a written drug testing policy is required by law.