Why recruiters must protect candidate's data

August 17, 2017


Data plays a big part in the employee recruitment process these days. By the time the process reaches its conclusion, the company’s HR department can end up with piles of data from all the candidates who applied. But how should this data be handled? When should it be disposed of? And in what way? All these questions and many more need to be addressed by your company.

You can learn a lot more about your data protection responsibilities and why they should be taken very seriously

Recruiters Have a Responsibility

Whether you like it or not, your business has a responsibility to look after all of the data that you gather during the recruitment process. It can be the case that recruiters amass the personal information of hundreds or even thousands of applicants. It’s up to you to ensure that secure vendors are used at all times to keep that information safe. And the data needs to be controlled in the office so that only the right people with the right training can access it.

The Challenge is Not as Simple as Many People Think

Many people wrongly assume that this is all simple and doesn’t require too much thought or attention. But it’s that kind of attitude that leads to mistakes and that can lead to fines or charges for your company. Data protection and Privacy laws are there for a reason, and you have to respect them. It’s up to your company to choose the right vendors, even if those vendors are in control of things like encryption and monitoring. And even if a cloud-based vendor can protect your data from overheating and other physical threats, cybercrime is a real threat.

Risks of Cybercrime

Cybercrime is a real risk, and it’s one that can take lots of different forms. For a start, cybercriminals can aim to hack weak systems that are not up to date. Aside from direct attacks on systems, cybercriminals can carry out identity theft if they have the chance to. Your business could be put at risk if you get charged with offenses relating to the data protection act too. And physical threats also need to be combatted in the right way when considering the storage of data.


The Steps to Take to Protect Candidates’ Data

  1. Keep all the documents that are related to employees' background check secure. 

If you have requested the candidates to provide any documents apart from their Identity documents in the recruitment process such as background check certificate, right to work's evidence or copy of professional qualifications make sure that you have a good system to store those documents secure. 

  1. Stop Gathering Data That is Sensitive and Irrelevant

Gathering too much data is a common trap that HR departments fall into during the recruitment process. But it’s not something that has any real impact in a positive sense. It just means that you have more stuff to deal with and delete afterwards. So, don’t ask for data that is sensitive if you don’t even need it.

  1. Be Cautious with References

For successful candidates that work for you, the day might come when they leave. If a company asks for a reference, only give it out if the individual themselves has informed you in advanced to do so. If you have not been asked to do so, don’t pass it on. 

  1. Start Using Email Encryption

These days, you have to understand the importance of encryption when it comes to data protection. Every email you send that contains sensitive information about a candidate needs to be secure as it can be, and that’s only possible if you use encryption. It’s something for you to look into and learn more about if you’re not currently using it.

  1. Anonymise Sensitive Data When Possible

Sensitive data only comes under the category of personal data if it’s identifiable and attributable to a person. But if it’s completely anonymous, then it can’t count as personal data. So, you should make an effort to anonymise sensitive data in situations where this is an appropriate and realistic option.

  1. When Employees Leave the Company, Delete Their Records

It’s important to make sure that employees have their records deleted upon them leaving the company. There is no reason to hold onto data when the person no longer works for you, so try to delete it at the first opportunity. It’s good for your business because it’s less data for you to have to worry about.

  1. Choose Secure Passwords

The passwords you use on your computer's systems need to be secure and hard to guess. If it’s easy to make a quick guess and get inside your system, it will be very easy for people to steal candidate data from your systems. That’s not something you want to happen, so strengthen those passwords as soon as possible.

  1. Have a Clear Policy for Disposing of Data Belonging to Unsuccessful Candidates

Mostly there are no clear policy about the information from candidates that are not successful. These are people that are rejected from the process for whatever reason. You should have a clear policy in place for disposing of their data or how long you will keep the information for because once they’ve been rejected,

  1. Ensure Only Authorised People Have Access to Records

You should have complete control over who has access to the records that your business stores. You don’t want to have people without the right level of authorisation access data that is sensitive and belonging to candidates. And everyone who does have authorisation to access it should be trained and understand data protection protocol.

If you are using a HR system to manage employees' records, make sure you have the option to assign different access level based on user's’ department, roles and locations so only relevant account users are allowed to access candidates’ sensitive data.

Police Checks platform for HR

  1. Upgrade the Security Software You Use

Your computers should be using security software already. This software can stop hacks and viruses taking hold; two things that are a risk to the data you store. But is the software modern and up to date? If not, now is the time to change that.


Kelly Dang

Kelly Dang

Marketing Executive at InterCheck and board member at the Digital Women's Network.

Related articles


New Blog Post delivered fresh to your inbox Join the conversation today