Job applications: the sleeper privacy issue for business
The tendency for companies to hold on to CVs leaves them vulnerable to the dual threat of privacy-law enforcement and cyberattacks.
There's an information risk at the heart of the recruitment process that opens companies up to the risk of not just cyber intrusions, but privacy-law enforcement: the humble job interview.
Under existing laws, businesses must not retain personal information handed over during a job application for longer than is considered necessary for business purposes. It’s a compliance requirement that can be easy to neglect, but it’s precisely the type of area likely to attract increased regulatory scrutiny following a series of recent high-profile mass data breaches.
"The over-retention of applicant information is a fairly significant sleeper issue that Australian business is going to have to face and I think they will have to face it fairly soon," Tim de Sousa, a senior director at FTI Consulting, said in an interview.
Data retention – and over-retention – were factors in the recent major data breaches at Optus, Medibank Private and Latitude Financial. And in 2018, the hacking of recruitment software provider PageUp potentially compromised the application data of thousands of individuals. The company was used at the time by major companies including Telstra and Wesfarmers.
