According to a 2015 survey conducted by the Personal Data Protection Commission (PDPC), 92% of the employers are aware of Personal Data Protection Act (PDPA), and 86% have implemented some compliance measures.
Organisations need to be mindful of their obligations under the PDPA when it comes to the personal data of job applicants. It is essential for employers to have in place policies and processes to comply with the PDPA and ensure that their personal data is properly protected, accurate and stored only for the period that it is needed.
Companies found breaching the PDPA will be required to destroy personal data collected in contravention of the Act, provide individuals access to correct the data, and face a fine of up to S$1 million.
Making reasonable security arrangements to protect personal data in its possession or under its control is an obligation under the PDPA.
In the context of recruitment of talents for your company, here are the top 5 measures you can implement to secure the applicants’ personal data.
1 - Controlled access to company’s applicant tracking system
One of the most crucial measures to implement is to restrict the access to the applicants’ personal data to only authorised personnel that are handling the recruitment / placement for the said positions. This is typically done through the use of an Applicant Tracking System, which manages the secure storage of applicants’ data, and also the access of the data to authorised hiring managers and HR personnel.
Using StaffOnDemand, permissions management and controlled access to applicants’ data is automatically set up for you; HR administrators can easily invite hiring / line managers to be part of the recruitment process without compromising the data security of the applicants.
2 – Enforcement of Password Policy
Even with a robust and secure applicant tracking system in place, security lapses could still occur if the users are prone to sharing passwords or use weak passwords that can be easily guessed or reverse engineered through brute force attacks.
A password policy should be enforced on all users, and users should be encouraged to change their passwords every 3 - 6 months.
3 – Use of Corporate Emails and Regular Administration
Another effective yet simple measure is to ban the use of external / personal email services such as Gmail, Yahoo to prevent data leakage. Through the use of StaffOnDemand, only users with corporate email addresses are permitted to be added to the system for access to the recruitment data. HR administrators should also regularly curate the user list to ensure that staff that have left the firm are also removed from the system to prevent unauthorized access.
4 - Training and educating staff
A system is only as strong as its users, and an often-overlooked component in securing personal data, is the training of staff handling these data on the importance of complying with personal data protection, and the various measures that are implemented to ensure that applicant data are secure and accessible only by the right personnel.
The Data Protection Officer (DPO) of the firm should work with the HR team to cover specific training topics on data protection pertaining to the handling of recruitment data, and a useful resource can be found here.
5 - Active audit and monitoring of recruitment workflows
The recruitment workflow is a particularly complex one that straddles across various internal stakeholders (e.g. line managers, HR team, supervisors) as well as external stakeholders (e.g. job applicants) – Monitoring the recruitment workflows for anomalies or strange activities is essential in deterring wrongful activities or unauthorized access to applicants’ data.
With StaffOnDemand, all recruitment activity within the system are logged for HR administrators to review for anomalies, and serves as an indispensable governing tool for HR administrators looking for a good overview of all recruitment activity.
Use StaffOnDemand as your recruitment tool of choice and comply with the best practices for Personal Data Protection today!
>> Sign up for a free trial here
Public Consultation Issued by The Personal Data Protection Commission, 5 Feb 2013
Protecting the Personal Data of Job Applicants and Employees