9 Data Protection Tips for Recruiters

By Hannah Ervin - Jun. 26, 2017
Improve Your Company Branding With Zippia

Editor’s Note: This is a guest post by Hannah Ervin – a UK-based Business Consultant. Her opinions are her own.

Recruiters play an important role in achieving the set hiring goals of an organisation. In certain countries, there is also an act which is known as “Data Protection Act” which has provided rubrics for protecting the personal information of employees and candidates from being mishandled. Recruiters should be aware of all the clauses within the appropriate data protection legislation. This article includes several important tips for recruiters.

1. Protecting personal details

Recruiters must clearly explain the purpose of personal details of a candidate. He/she must mention that the personal details of unsuccessful candidates are either deleted or retained for future consideration (with the candidate’s permission). It is illegal to misuse the details of successful or unsuccessful candidates under any circumstances. A company must protect the personal details of every candidate. How an organisation handles the details of all its applicants also reveals a great deal about the professionalism of the company.

2. Strict security measures for online job applications

A company’s website must be protected against hacker attacks and foreign intrusion. All the information about candidates should be securely processed. Also, the submitted resumes should be made accessible only to those officials who are directly concerned with the recruitment process. Other employees should be restricted from viewing the personal information of the candidates. It is also against the recruitment ethics. If this information gets leaks then it would put a question mark on the credibility of the said company. Make sure that you have erased or safely stored the personal information and CVs of both the successful and unsuccessful candidates.’

3. Avoid asking for irrelevant / sensitive information

Recruiters should devise the job application process in a way which is purely relevant to the appropriate position. The entire questionnaire should be formulated by keeping in view the key job criteria. These details should be stored in a secure folder. Sensitive details, such as political leanings, religious and cultural beliefs shouldn’t be asked by the recruiters because they are not related to the said job. If these questions are considered obligatory for the specific role then the answers should never be disclosed in public in order to save the candidate from potential discrimination.

4. Email encryption

Make sure that you are using email encryption. It will protect the candidates’ details from abuse by a third party. Email encryption should also be used for any other correspondence related to job besides recruitment purposes. Encrypt all the outgoing emails before sending any recruitment related material. Encrypted emails are protected and difficult to be accessed by malicious factors. Sometimes a company’s own employees are involved in cyber crimes and they misuse official information. Thus, it is important to double check the encryption on all recruitment related activities.

5. Set difficult passwords

Don’t set easy to guess passwords. Always use a mix of characters, letters, numbers and symbols for all logins. It will help keep private information safe. Avoid using people’s names and company names as a password. In addition to this, passwords comprised of upper and lower cases are difficult to decode by hackers which makes it harder to access the personal details of the candidates or employees which they want to use for carrying out illegal activities. Hackers are experts in breaking down the easy passwords that is why it is always advised at any forum to choose passwords carefully.

6. Disclosure of personal information during references

Avoid disclosing candidates’ details to companies when providing references. There are always chances of fraud. Companies should not disclose personal information of current or previous employees without their written consent. Sometimes an innocent employee can be exploited through the misuse of personal information.

7. Consult an IT professional

If you’re recruiter who is not tech savvy then you must consult an IT professional to help with data protection matters. An IT team can helps a recruiter checking through all the systems within the company. They might also help detecting any illicit activity. Employees should be trusted but their systems should be inspected to identify any activity which could harm the company or the recruitment process. This case has been reported by various companies where a company’s employees are involved in leaking employment related information to third parties for illegal purposes.

8. Upgrade your security software

You should definitely instal the latest antivirus programs. Security software should be updated on a regular basis in order to combat impending hacker attacks which might misuse the personal details of candidates and employees. Also make sure that private information is always shared face to face. Avoid dispersing personal details via email etc.

9. Delete records of terminated employees

Managers should delete the records of those employees who have left the company. It is against the company’s ethics to retain the personal records of terminated employees unless they have committed any fraud with the company. This information is then used for legal actions against that employee.

Hopefully these tips will help you protecting the personal data of job applicants. Management should not neglect the security concerns which could arise if the personal information of employees or applicants is misused by a third party.

All the steps in the recruitment process should be carried out with utmost care by hiring managers and recruiters. Technology has given innumerable options to help protect the data of the candidates which should be used to enhance the security of the personal information collected throughout the process.


Hannah Ervin

Related posts