In simple terms, a digital audit trail is an absolute, immutable trail (a. log) of every step, event or action taken in a system, that establishes the fact of that action, who took it, and when. This is required under law, federal and state guidelines, and as ethical best practices for any agency providing investigative consumer reports or background screenings, for legal, judicial, compliance, internal or external investigatory, HR process, or forensic audit purposes.
Biometrica is fully FCRA compliant. Every part of eMotive is end-to-end encrypted, and data is shared and notifications provided in a process similar to the movement of HIPAA data.
A company authorized person receives an email notification (without the employee name) as an alert. What we use is a Uniquely Targeted Email Notification, a notification that is unique to that particular alert. It is a notification that is produced in relation to a specific alert and is transmitted to a curated list of recipients — that may or may not be a single recipient — that has explicitly opted in at a prior time to receive that notification. It can be tracked and audited to reflect when it was transmitted, if it was opened, when it was read, to what action was taken thereafter.
Every single action or event is tracked, to maintain a digital chain of custody and create an immutable digital audit trail, for legal and judicial purposes, and to protect PII. For example, let's say an employee on your list, for instance, a driver, is arrested for a DUI on a Friday night, and gets out Saturday afternoon. Your HR person receives a notification asking them to log into eMotive and make a determination on a potential match to an arrested individual, but they do not check it, as it’s a weekend.
Suppose that employee gets inebriated again and drives a work truck into something or someone on Monday morning. You can actually see the audit trail for when the notification alert was received, whether it was even acknowledged, and if it was acknowledged, and whether anything was done about that acknowledgement (at least in the system). There’s a process in place, one that can’t be manipulated or altered, while protecting employee PII.