<img src="https://secure.leadforensics.com/75129.png" style="display:none;">
Talk to Sales

Privacy And Security Considerations In Recruiting Technology

February 2, 2021

Efficiency pressures and advances in technology have brought much great use of technology and data to recruiting. Examples of such technology include data mining tools and artificial intelligence. 

Tech allows you to do a lot of things. You can build profiles on candidates, grow your pipelines, automate processes, connect datasets, and much more. Lots of advances, but also a lot to consider. Among the most important of these considerations are privacy and security. How do you go about ensuring you are doing all the right things about privacy and security?

What Laws Are In Place? 

The law is always a good place to start! This is especially true when it comes to privacy, security, and recruiting technology. Laws are changing and emerging fast.  

Since organizations are gathering personal information about applicants, governments have stepped in. Since collected information includes personally identifying data, you can't blame them.

The most important law to consider in the EU is the General Data Protection Regulation. It came into effect in 2018. The law requires that applicants provide consent to companies for use of data. This law also states that candidates may request that their data get deleted. 

Then there is the California Consumer Privacy Act. The act requires that employers notify candidates that they are collecting information. Moreover, the law says that employers must explain what data they are collecting and why. It is important to note here that the law protects public information too. This includes data collected from LinkedIn, for example.

In the UK specifically, there is the Data Protection Act 2018. This is a more general law, though. To focus on the use of AI, the UK’s Information Commissioner’s Office has published some guidelines. The guidelines include a draft AI auditing framework and guidance on explaining decisions made with AI

Similarly, in Illinois, the Biometric Information Privacy Act guides data collection and use. Both Texas and Washington have similar laws, and more states will follow suit

Recruiting teams are monitoring changes in laws. If you’re not doing it, you should. 

What Are The Risks Of Not Protecting Privacy And Security? 

Your recruiting technology holds a lot of private data. This data is attractive to malicious actors. Identity thieves steal names, dates of birth, social security numbers, and account numbers. As you can imagine, this makes talent systems the perfect target for them.

data privacy

Image by Mati Mango on Pexels

While external malicious actors are dangerous, they aren't the main culprits. In reality, a large proportion of security breaches come from within the organization.

According to a 2015 report by Intel, internal actors were responsible for 43% of data breaches. Some of these breaches may have happened by accident, but they still happened. The same report found that personal information was the top target for attackers.  

Having this information stolen is detrimental to the safety of your applicants.  Moreover, it reflects on your organization. A data breach can cause a scandal and it could be the reason candidates shy away from your company. It is likely to also result in massive financial losses. The risks of not protecting privacy are innumerable. 

What Common Threats To Security Exist? 

So now you're aware that internal threats exist. What other threats should you be aware of? 

With the rise of a work from home culture, which has sped up due to the ongoing pandemic, more dangers have arisen. For instance, employees making use of personal devices has become common. These devices are usually connected to external networks, and this is dangerous. They are easier to hack into. This is because they often don't have the same protection as company-owned devices. 

Then there are the phishing and malware attacks. Both attacks get carried out to gain access to sensitive and private information. They are also very common. Organizations must be aware of all the possible threats.  

What Can Companies Do to Safeguard Privacy and Security? 

To work against the threats presented, organizations must take action. You need to protect the information collected by your recruiting technology. 

So by now, you may be wondering what it is that you can do to safeguard privacy and security. There are some common basic practices that companies can use to safeguard security. More important for practitioners though, is data privacy. Here are some ways you can protect privacy. 

Choosing The Right Recruiting Technology 

You must ensure that your HR Tech Stack is compliant with laws. Once you’ve done that, think carefully about what data you collect, and when you either delete or anonymize it.  

Don’t just minimize it (that would hurt future analytics and machine learning efforts), but do ensure that putting in privacy management is a specific task in any project. The systems should also give candidates the option to configure how their data gets used, of course. 

SwoopTalent can also help you ensure compliance with laws in several ways. For instance, we offer anonymization. This is the provision of algorithms to help you de-identify your own records. Our talent management system also has compliance indicators visible everywhere. 

Get to Know Your Company’s Data Protection Officer (DPO) 

DPOs manage processes that affect data rights and privacy - and most big companies already have one.  Your HR Legal team is probably already close to them, but you might want to be on their d-list, too!

Continuous Improvement

With every new recruiting technology venture, do a data privacy risk assessment. You can also do this regularly for existing systems. This will ensure your systems are always safe. It will also show you if risk levels have changed so you can adapt your practices accordingly. 

Make sure your users can see data across systems so they are always aware of the privacy status of people and their data. For example, by using SwoopTalent’s browser extension, you can display all data from all your systems in one place. 

data security considerations

Image by Christina Morillo on Pexels

Closing Thoughts 

Privacy concerns obviously should not prevent organizations from implementing recruiting technology. By failing to use advances in the field, your organizations will lose the recruiting race. This is especially true with technology like artificial intelligence, data mining, machine learning. What's more, is that you will lose time and money too. 

Nevertheless, you should carry out the implementation of recruiting technology with privacy considerations front and center! The risks of privacy and security breaches are tremendous. Don't wait for an attack to happen before you realize that security is important. 

Main image by Christina Morillo on Pexels

You May Also Like

These Stories on Security, Privacy and Compliance

Subscribe by Email

No Comments Yet

Let us know what you think

HR Tech Central