ID theft expert Brian Lapidus, chief operating officer of Kroll Fraud
Solutions (the data security arm of global risk consulting company
Kroll Inc.), has unique frontline experience helping today’s businesses
safeguard against and respond to data breaches.
Included below are some important tips every organization should know about protecting applicant data.
1. Know your organization’s data “hot spots” and secure them against misuse, loss or theft. When job seekers submit applications on your company’s web site, is that transmission secure? Where do you store resumes, job applications, credit reports or other background check information? How are they protected? Who has access to this data and how carefully do you screen those employees? Do you keep a record of how information is distributed to other entities inside and outside of your organization during the hiring process? Companies large and small must ask these vital questions in order to close security gaps both internal and external.
2. Establish a privacy policy at your organization and stand behind it. Once you have identified areas of vulnerability, develop a privacy policy that addresses these issues as well as general best practice rules of handling data. Remember that a privacy policy is only as good as the mechanism for enforcing it, so be sure to review the privacy policy with employees and stress that applicant data is just as important as that of any customer. Finally, share the policy liberally with applicants to quell concerns and publicize the proactive stance your organization is taking on the protection of their information.
3. Be sensitive to the concerns of job applicants about the use and storage of their personal information. Identity theft is a growing crime, and it’s probable that you will run across applicants who have already had their personal information either stolen or compromised in some way. While it may make your job easier, it is not necessarily vital to obtain all the information you will need up front. Be flexible and understand that reluctance to provide certain information, especially social insurance/security numbers, until later on in the process does not necessarily mean that person has something to hide.
4. Familiarize yourself with the laws governing recordkeeping and disposal of information. While data protection laws vary by jurisdiction and type of records, many companies have adopted a best practice policy of shredding unnecessary documentation as often as possible.
5. Have a plan in place in the event an applicant’s data is breached. A pre-breach plan may be a part of your company’s overall risk management or security planning, but make sure it incorporates measures for protecting applicant records, not just employee, customer, or vendor records.
By incorporating applicant data into your company’s data security policies and procedures, your organization will significantly minimize your vulnerability to a breach. As an added bonus, your proactivity in this area will safeguard your company’s reputation, profitability and recruitment capabilities.
For more information on data breach prevention and response, visit www.krollfraudsolutions.com.
Included below are some important tips every organization should know about protecting applicant data.
1. Know your organization’s data “hot spots” and secure them against misuse, loss or theft. When job seekers submit applications on your company’s web site, is that transmission secure? Where do you store resumes, job applications, credit reports or other background check information? How are they protected? Who has access to this data and how carefully do you screen those employees? Do you keep a record of how information is distributed to other entities inside and outside of your organization during the hiring process? Companies large and small must ask these vital questions in order to close security gaps both internal and external.
2. Establish a privacy policy at your organization and stand behind it. Once you have identified areas of vulnerability, develop a privacy policy that addresses these issues as well as general best practice rules of handling data. Remember that a privacy policy is only as good as the mechanism for enforcing it, so be sure to review the privacy policy with employees and stress that applicant data is just as important as that of any customer. Finally, share the policy liberally with applicants to quell concerns and publicize the proactive stance your organization is taking on the protection of their information.
3. Be sensitive to the concerns of job applicants about the use and storage of their personal information. Identity theft is a growing crime, and it’s probable that you will run across applicants who have already had their personal information either stolen or compromised in some way. While it may make your job easier, it is not necessarily vital to obtain all the information you will need up front. Be flexible and understand that reluctance to provide certain information, especially social insurance/security numbers, until later on in the process does not necessarily mean that person has something to hide.
4. Familiarize yourself with the laws governing recordkeeping and disposal of information. While data protection laws vary by jurisdiction and type of records, many companies have adopted a best practice policy of shredding unnecessary documentation as often as possible.
5. Have a plan in place in the event an applicant’s data is breached. A pre-breach plan may be a part of your company’s overall risk management or security planning, but make sure it incorporates measures for protecting applicant records, not just employee, customer, or vendor records.
By incorporating applicant data into your company’s data security policies and procedures, your organization will significantly minimize your vulnerability to a breach. As an added bonus, your proactivity in this area will safeguard your company’s reputation, profitability and recruitment capabilities.
For more information on data breach prevention and response, visit www.krollfraudsolutions.com.