Information security, risk and compliance are in focus and one of the core issues for many companies. For obvious reasons it has been early recognized that people are one of the key factors and often times the weakest link in organizational security. From this point of view, it was natural to conclude that by knowing more about your employees and future employees you mitigate, to a degree, risks arising from internal threats, and you are employing people with proven records and sufficient level of integrity and trustworthiness.
Over time, this has become one of the security controls and something expected by your business partners and clients when analyzing your security or defining security requirements for potential vendors. Initially, minimizing the collection of personal data was not considered a key factor in this process, and there was little research on effectiveness of the different techniques, methods and types of information being utilized.