Tips on How to Protect Job Applicants’ Identities

Help Wanted: Why You Need to Protect Job Applicants’ Identities — And How to Do It?

Most people are aware of the risk of identity theft by now, and in most situations, take every precaution necessary to protect their personal information. They know, for example, not to respond to phishing emails asking for account information, or to send their Social Security number via email. However, there is one situation in which their usual caution flies out the window, and they put their identities at risk: during the job hunt.

Think about how much personal information that the average job seeker reveals during a job search. Most people, desperate to give potential employers every possible shred of information that could land them the job, throw all common sense out the window and share personal details online or via email. Even the average job application asks for information like Social Security and driver’s license numbers, both of which present a veritable gold mine to a cyber criminal.

While individuals bear the lion’s share of the responsibility when it comes to protecting their personal information and preventing identity theft, as the collector of such information, you also have a responsibility to protect applicant data. Over the last few years, there have been several incidents in which employment applications containing personal data were found in trashcans or on the ground outside of businesses; in most cases, the applications were found by honest people who reported the breach, but it was very likely that the information could have fallen into the wrong hands.

The potential for data theft — and the sanctions that could result from a data breach revealing personal information — make it imperative that businesses take precautions to protect data. Thankfully, there are some easy ways to do this that will protect both you and those applying to work at your company.

Protecting Potential Employees

Keeping personal data safe requires a two-pronged approach, which first limits the type of data collected and how it is collected, and then takes precautions to secure the data once it is collected.

The first step to protecting data is to be selective in what you collect. Many companies request Social Security numbers during the application process to confirm an applicant’s right to work in the U.S. However, it’s better to collect that information later, after a hiring decision has been made. Instead, ask applicants if they are eligible to work in the U.S., or provide the option to provide a partial Social Security number. The same goes for driver’s license numbers. Unless there is a compelling reason to collect that information, you don’t need to ask for it until it’s time to run a background check.

Some privacy experts even question whether job applicants need to provide their home addresses and phone numbers on applications, given that most communication takes place via email. The bottom line is to collect only the information that you absolutely need to determine whether to interview a candidate. You can always request more information later on if necessary.

Electronic Protections

Once you do collect any type of information, you must protect it. Obviously, physical applications should be properly destroyed once they are no longer needed, and not tossed out with the trash. However, electronic records should also be protected just as you would customer information. That means:

» Securing databases via encryption solutions like those found at All information should be encrypted during storage and encryption.
» Restricting access to applicant information to only those who “need to know.” Implementing restrictions on file sharing and monitoring who shares information, when, and how can also keep applicant data safe. Maintain thorough network logs to review regularly.
» Run robust virus protection to prevent malware and viruses from creating data breaches. Scanning applications for malware prior to opening and storing them is also important; it’s not impossible for a cyber criminal to “apply” to a job via an infected file with the intent of stealing information.
» Employ best practices for applicant password management. If you use a system that allows applicants to login to apply, upload documents, and check on the status of their applications, use the same password protocols that you would for any other credential. This means requiring strong passwords, locking accounts after too many failed attempts, and if necessary, employing two-factor authentication.

Whether or not you opt to hire an applicant, you have a responsibility to protect the personal data that they entrust to you. Take this responsibility seriously, and you will avoid the potentially significant consequences that can come from theft of personal information — and show employees and potential employees that you take privacy and security seriously.


Add a Comment

Your email address will not be published. Required fields are marked *

17 + three =

CommentLuv badge