When is it time to talk “privacy” with your recruitment and HR departments?

August is Employment Privacy month

Whether you have a recruitment department or you outsource this function, the entire effort of attracting talent, having the right candidates apply and get interviewed and vetted, up to the point where they get hired is filled with exchanges of personal information, some very sensitive: studies, work related and criminal background checks, references, possibly work permits, visas, social insurance numbers, family members for benefits and the list goes on.

The information is often on paper or in emails and lose files (which we call unstructured repositories). The problem with these unstructured repositories is that even though the internal privacy policy applies, the controls are applied manually, which means ad-hoc and inconsistently.

In the ecosystem of recruitment, there is a lot of communication back and forth.

This list of Do’s and Don’t’s proves that the time to talk to the recruitment department and HR about privacy is all the time:

…protect personal information in structured and unstructured repositories – protect personal information (PI) in transit and at rest…ask personal questions in interviews that have nothing to do with the role discussed
….discuss with IT and the Privacy Office how you can send secure emails to candidates…bring up religious, political, immigration and other very personal topics in interviews
….make sure you get awareness training about handling PI  and sensitive PI often…ask for a pay slip or previous salary, use ranges if you have to discuss it
….define a candidate and then employee Onboarding process to avoid “spillage” of personal information….ask candidates to email their sensitive identification information via unencrypted email
…ask for credentials and education diplomas and background…let your employees share their employee management portal credentials, even with their manager
… feel free to collect information and references from former employers (or former colleagues), but only after informing the candidate and obtaining his or her prior express consent…ask for a candidate’s place of residence if a position is to be performed online, with no office presence required
…explain to the candidate that a criminal background check is required but only if that is the policy or the position requires it…ask about vaccination status unless there is an offer on the table and your candidate has to come into the office at any time

For additional tips, consult the Office of the Privacy Commissioner’s resources: https://www.priv.gc.ca/en/privacy-topics/employers-and-employees/02_05_d_67_tips/

Managed Privacy Canada has helped many clients navigate the very complex operations of talent recruitment and management with secure and privacy respectful processes and technical solutions. Ongoing privacy awareness is key to ensure adequate controls for handling PI and sensitive PI are in place and are effective.

Your employment agency or your HR department can benefit from our expertise by chosing to adopt the MPC Practical Privacy Playbook(™) – available this month only at a discounted price. Review our social media posts for the discount code or contact us:

Website: www.privacymanagement.ca


Facebook: https://www.facebook.com/ManagedPrivacy

Instagram: @managedprivacycanada

Twitter: @managedprivacy

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Sign up for our Newsletter

Scroll to Top