Over the past 8 Years, Subscribe-HR has been researching the Data Privacy Act requirements for businesses and the Global Data Privacy Landscape. Thought you may like to read the below and use this as an audit checklist for your HR Team and the business.The data privacy act changes based on the country of origin, either based on where the data is stored, or based on the country of origin where the head office is of the company that is providing the service.For example, A company based on North America, that has a server in Australia, can still override the sovereignty of the Data by using the contract to stipulate this.In Europe, there is a Safe Harbour Policy that governs the privacy of the data and outlined the boundaries in which the data can legally be accessed.In the USA, they have the Patriot Act, which basically states that it can override any other jurisdiction particularly if the Company has a head office in the USA.The Safe Harbour Agreement will stipulate that the Data Centre where the data is stored, needs to be Certified, usually to a level of (tier 4) or equivalent.This is why, Australian businesses like dealing with Australian Software providers, particularly as the ownership of data, and sub clauses which tie the data to an off-shore data privacy laws and regulation.HR Departments are particularly vulnerable in this area, as they do not quite understand to intricate nature of doing business with off-shore companies. Most of the business they serve, are not acknowledging the appropriate Privacy Act.With regards to the Privacy of applicant information during the recruitment process, there are quite a few imperative elements of ensuring the Applicant data is managed carefully.
- The Applicant Data is protected by a user name and password.
- The Applicant can have access to their data, on request at any time.
- The Applicant has the ability to opt out of the businesses application process
- The Applicant can opt out of Job Alerts.
- The data transferred between applicant and the business is not crossing borders. Applicant Data is not shared, unless you allow you ATS provider to do so. Is there is cross border data transfer, the Applicant needs to be made aware of this.
- The e-Recruitment Software Provider does not interact with Applicants on behalf of the business that the applicant is applying for a job with. Unless this is stipulated in the Terms of Application.
- The Applicant Data is kept on file for 2-5 years depending on privacy statement adhered to by the business.
- Privacy Statement and Application Terms are linked together and made public. There are the business terms outlining if the ATS provider is going to use their data and share it with other.
- The Applicant must be provided with the opportunity to read these terms prior to Application. E.g. Check box Saying, Please read the terms of application. If they do not agree, they cannot apply.
Follow Subscribe-HR on Linkedin - https://www.linkedin.com/company/subscribe-hr?trk=biz-companies-cym
Follow Subscribe-HR on Twitter - https://twitter.com/SubscribeHR