Candidate Data Protection: Privacy in Recruiting and Hiring
Recruiting generates vast amounts of personal data, from resumes to interview notes to background checks. Protecting this data is both a legal requirement and essential for employer brand.
The Candidate Data Lifecycle
Data Collection Points
- Application submission: Resume, cover letter, contact info
- Screening: Phone screens, assessments, background checks
- Interviewing: Notes, scorecards, recordings
- Offer stage: Salary history, references, documents
- Onboarding or rejection: Final decisions, feedback
Data Volumes
Typical recruiting generates:
- 100-200 applications per open role
- 5-10 data points per candidate
- Multiple team members accessing data
- Extended retention periods
Types of Candidate Data
Direct Identifiers
| Data Type | Source | Sensitivity |
|---|---|---|
| Name | Application | High |
| Email/Phone | Application | High |
| Address | Application | High |
| Social profiles | Application/Research | High |
| Photo | LinkedIn/Application | High |
Assessment Data
- Technical test results
- Personality assessments
- Skills evaluations
- Interview scores
Sensitive Categories
- Salary expectations/history
- Visa/work authorization status
- Disability accommodations
- Protected class information
Protecting Candidate Data in Practice
Original candidate record:
Anonymized for analysis:
Critical Removal
Notice that protected class information (pregnancy) was completely removed, as it should never factor into hiring decisions.
Compliance Requirements
GDPR (Europe)
- Lawful basis: Consent or legitimate interest
- Purpose limitation: Only use for stated recruiting purpose
- Data minimization: Collect only what's necessary
- Retention limits: Delete after reasonable period
- Candidate rights: Access, correction, deletion
US Regulations
- EEOC: Don't collect protected class info unnecessarily
- FCRA: Background check notification/consent
- State laws: Salary history bans, "ban the box"
- Industry: Specific requirements (healthcare, finance)
CCPA (California)
- Disclose data collection at point of collection
- Honor opt-out requests
- Provide access upon request
- Delete upon request (with exceptions)
Data Protection Best Practices
1. Minimize Collection
Only collect what you need:
- Remove optional fields from applications
- Don't require social profiles
- Delay background checks until offer stage
2. Limit Access
Role-based access to candidate data:
| Role | Access Level |
|---|---|
| Recruiter | Full candidate profile |
| Hiring Manager | Relevant candidates, no salary |
| Interviewer | Interview-specific info only |
| Executive | Aggregate metrics only |
3. Secure Storage
- Encrypt candidate data at rest
- Use secure ATS platforms
- Audit access logs
- Secure file sharing for documents
4. Retention Policies
Define clear retention periods:
- Hired candidates: Move to employee records
- Rejected candidates: 1-3 years (varies by jurisdiction)
- Withdrawn candidates: 1 year or per request
- Pooled candidates: Per consent duration
5. Interview Documentation
Train interviewers to:
- Focus notes on job-relevant observations
- Avoid recording protected class information
- Use structured scorecards
- Not retain personal notes
Anonymization for Analytics
When analyzing recruiting data:
- Remove candidate names and contact info
- Generalize current employers
- Use ranges for compensation
- Aggregate protected class data (if collected for EEOC)
Incident Response
If candidate data is breached:
- Contain the breach immediately
- Assess what data was exposed
- Notify affected candidates as required
- Report to regulators if required
- Remediate the vulnerability
Conclusion
Protecting candidate data throughout the recruiting process requires clear policies, technical controls, and ongoing training. By minimizing collection, limiting access, and implementing proper retention practices, organizations can recruit effectively while respecting candidate privacy.