Data Protection Laws – Use It or Lose It!

Data protection is an issue which seems to only raise its head when it is too late. Due to their own negligence, a number of high profile organisations have publicly brought this issue to light. What should be noted by companies of all sizes, is to be pro-active, rather than reactive.

Research undertaken by Candidate Manager indicated that only 2% of customers using an ATS had a formal data protection compliance procedure in place. Some companies carry out a data cleansing exercise on an ad-hoc basis by many companies simply continue to overlook this and keep records of applicant details of which they have no use for several years!

Since April 6th 2010 the Information Controller has the power to fine companies up to £500,000 for serious breaches of the act. While a fine of this level is an extreme case, it does remind us of the importance of compliance with the act.

The Information Commissioners Office (ICO) informs us that “the Data Protection Act says that information should be kept for no longer than is necessary. The Act does not specify what a ‘necessary’ period should be for particular information. Each case would be considered on its own merits. If an organisation is obliged to retain data for a given length of time under any other laws, this should be taken into consideration.

For example, financial institutes may have to keep some information for up to six years in accordance with the Financial Services Authority regulations. A sole trader, however, may not need to keep information for longer than a month.”
Indeed, earlier this year the CIPD issued a guideline that in relation to information such as CV’s, application forms and interview notes for unsuccessful applicants that it is recommended that this information is only kept for between 6 months and one year.

Data Protection is a grey area, and it is apparent that some UK organisations choose to ignore the issue until forced to act. Many organisations are unwittingly failing to comply with the regulations due to their sometimes vague instructions. The obvious consequence is that they are found guilty and suffer negative publicity, as Orange, Natwest and BT in recent years. In the USA in February of this year, New Jersey’s Housing Minister, Deputy Sean Power was forced to resign after forwarding on a work email to an external third party.

Neglect of data protection can also lead to a lack of clarity from an applicants experience. For example, if an applicant does not know how long their details will be kept on file, they will not know whether to apply again if another role comes up. The last thing you need is confusion surrounding your application process.

Applicant Tracking Software Solutions provide the tools that enable organisations to comply with regulations in an easy and simple manner, taking away the administration associated with such a task. Candidate Manager’s Data Purge is one such functionality offering, which is becoming more utilised as there is a growing fear of being punished severely and publicly if caught.

The onus is on each organisation to research the data protection regulations they fall under, comply with them, and make this known to all stakeholders. It illustrates to all parties that the company is focused on best practices. This work could be deemed as short-term pain, but undoubtedly will result in long-term gain.