Companies risk hefty data breach fines by failing to destroy candidates’ CVs

-

HR managers and recruiters are putting their employers at risk of penalties of up to £17.5 million (€20 million) under imminent data protection regulations by failing to destroy sensitive data contained within job applicants’ CVs.

The General Data Protection Regulation (GDPR), which comes into force on 25 May, will apply to all companies that process personal data of European Union citizens.

CVs and application forms often reveal personal data about the subject including their home address, middle names and national insurance number — and sometimes even sensitive information, such as their physical or mental health condition and previous criminal convictions.

And since it’s customary for HR managers to print the CVs of prospective employees prior to interviewing them, they’re risking serious data breaches — and therefore hefty fines — unless they properly destroy the documents afterwards.

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

This comes after identity fraud, particularly against young people, is reported to have risen by 30% and Facebook finds itself at the centre of a worldwide data breach scandal.

Organisations in breach of GDPR, which includes not having a person’s consent to process their data, can be fined up to 4% of their annual turnover, or €20 million (£17.5 million) — whichever is greater.

In fact, job candidates — and any data subjects — will have six rights under the new legislation: right of access, whereby they can request to be informed about what will be done with their data; right to rectification, meaning they can correct or update any data that’s held on file; and right to erasure, which allows them to have their data removed from a database at any time.

Prospective employees will also have the right to restriction of processing, whereby they can request their data is suspended from being processed in a database, the right to export all their data from files, and the right to object to their data being processed indefinitely.

Jonathan Richardson, managing director at secure shredding specialist Russell Richardson, said: “Ahead of the enforcement of GDPR, and in light of the Cambridge Analytica scandal, many businesses are rightfully focusing on cleaning up their electronic databases to remove the risk of breaches. But it’s equally important that they destroy hard copies of sensitive and personal data — a perfect example of which is printed CVs, which are often cast aside or disposed of insecurely after job interviews.”

Many businesses are beginning to outsource the shredding of confidential and sensitive documents for this reason. Although in-house office shredders are common, they typically use the ‘strip-cut’ method which produces ribbon-like strips of paper. In the wrong hands, waste paper shredded in this way can still be read and reassembled, meaning the data subject could still be at risk of identity fraud.

“Employing a regular shredding service removes this risk and gives businesses of all sizes peace of mind that they’re adhering to the new laws,” Jonathan added. “The size of the fines they’re avoiding by securely destroying confidential information far outweighs the cost of such services.

“And while recruiters often tell unsuccessful candidates: ‘We’ll keep your details on file,’ in future they’d be wise to rephrase this message.”

Rebecca joined the HRreview editorial team in January 2016. After graduating from the University of Sheffield Hallam in 2013 with a BA in English Literature, Rebecca has spent five years working in print and online journalism in Manchester and London. In the past she has been part of the editorial teams at Sleeper and Dezeen and has founded her own arts collective.

Latest news

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

England’s overnight World Cup clash prompts CIPD call for clear workplace expectations

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Jon Wright: Apprenticeships can help save generation COVID

In light of National Apprenticeship Week, Jon Wright discusses how apprenticeships can be improved in order to bolster employment for young people.

Charlotte Mepham: changes to flexible working

As employers will already be aware, employees with children...
- Advertisement -

You might also likeRELATED
Recommended to you