The importance of client and candidate data security

The recruitment industry handles a huge amount of client and candidate data containing sensitive business and personal information. Implementing the right security measures enables both recruiters and software providers alike to remain credible and lead the way.

Changing perceptions

The concept of information security has evolved over the last few years to the point where it’s now increasingly at the forefront of people’s minds. There are very few people who haven’t been affected, directly or indirectly, by a data breach – such is the prevalence of online data in many global sectors, from banking to retail to utilities.

Recruitment and staffing organisations store a huge amount of data regarding individuals and, traditionally, their view has been that this information is in the public domain. Candidates may have posted CVs online, or recruiters may have obtained them through public sources, so their contents were not considered particularly sensitive. Perception is now changing because more expansive information is being stored alongside CVs within cloud-hosted recruitment software systems.

Candidate records often hold banking and payroll information for example, but recruiter notes can be equally sensitive. Recruiter notes contain information captured during conversations with candidates and may include personal details regarding job roles candidates are seeking, or reasons why they are leaving their current employer. If leaked, this information could significantly affect a candidate’s ability to find a future position.

The right culture for the right security

Recruitment companies need to take information security more seriously. The bottom line is the two key stakeholders, clients and candidates, expect their data to be stored securely. Recent legislation is taking a much stricter view of data loss and substantial fines have been imposed. If a recruitment company loses data, the Information Commissioner will undoubtedly be interested and fines could be levied.

Recruiters must ensure they have the best security practices in place. Further to the security of their cloud hosted software, the whole company culture should focus on the fact they are looking after sensitive data on behalf of their clients and candidates.

There are two clear strands to the security offered by cloud recruitment software providers. Firstly, functional security which you would expect to see in every cloud system:

  • Can users be grouped together?
  • Can one particular group of users see another particular group of users’ data?
  • When users run searches, are they able to access data they should not be able to access?

Most recruitment software providers have been delivering this type of security to a high standard for many years. However, when providers connect CRM applications and databases to the internet and operate Software as a Service (SaaS) via the cloud, higher levels of security must be considered and implemented.

The first strand of security is still important but usually part of the product, and the second strand comes down to:

  • Can someone illegally access the data?
  • Can someone with no ties to the provider’s organisation, in effect, compromise the system? Bearing in mind, from a recruitment perspective, very IT literate users may be accessing these systems and fully aware of how to test their vulnerabilities.

Security = Credibility

Providing the best recruitment-specific CRM possible simply isn’t enough if data is leaking or unauthorised users are able to access it. It’s very important for recruitment agencies to understand exactly what their suppliers are doing to ensure data security, because their credibility and ability to secure future business could be irreparably damaged if their client or candidate data is compromised.

Daniel Richardson, Group CTO at Bond Adapt