ID theft expert Brian Lapidus, chief operating officer of Kroll FraudSolutions (the data security arm of global risk consulting companyKroll Inc.), has unique frontline experience helping today’s businessessafeguard against and respond to data breaches.
Included below are some important tips every organization should know about protecting applicant data.
1. Know your organization’s data “hot spots” and secure them against misuse, loss or theft.
When job seekers submit applications on your company’s web site, is that transmission secure? Where do you store resumes, job applications, credit reports or other background check information? How are they protected? Who has access to this data and how carefully do you screen those employees? Do you keep a record of how information is distributed to other entities inside and outside of your organization during the hiring process? Companies large and small must ask these vital questions in order to close security gaps both internal and external.
3. Be sensitive to the concerns of job applicants about the use and storage of their personal information.
Identity theft is a growing crime, and it’s probable that you will run across applicants who have already had their personal information either stolen or compromised in some way. While it may make your job easier, it is not necessarily vital to obtain all the information you will need up front. Be flexible and understand that reluctance to provide certain information, especially social insurance/security numbers, until later on in the process does not necessarily mean that person has something to hide.
4. Familiarize yourself with the laws governing recordkeeping and disposal of information
. While data protection laws vary by jurisdiction and type of records, many companies have adopted a best practice policy of shredding unnecessary documentation as often as possible.
5. Have a plan in place in the event an applicant’s data is breached.
A pre-breach plan may be a part of your company’s overall risk management or security planning, but make sure it incorporates measures for protecting applicant records, not just employee, customer, or vendor records.
By incorporating applicant data into your company’s data security policies and procedures, your organization will significantly minimize your vulnerability to a breach. As an added bonus, your proactivity in this area will safeguard your company’s reputation, profitability and recruitment capabilities.
For more information on data breach prevention and response, visit