Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Privacy in recruitment JLB
3 November 2015

vacancy

So you are hiring. What do you need to do to meet your privacy obligations? Here’s an easy checklist of do’s and don’ts. They all relate back to the 12 privacy principles that guide the collection, use, storage and disposal of personal information.   

Applications

When calling for applications, the key thing to remember is to only ask for information that is relevant to the applicant’s suitability for the particular role. For example, an airline might need to know certain medical information about a candidate because a flight attendant might not be able to work safely if they had certain health conditions. But if it's not relevant to the role, don't ask for it.

Other considerations:

  • It’s important to keep the identities of applicants and their personal information confidential.
  • Disclose the information only to those who are directly involved in the recruitment. It is not okay to share the applications around your workplace or talk about them with anyone else.
  • Make sure you store the information safely and securely from unauthorised access.

Interviews

It is also important at the interview stage to take reasonable steps to protect the identity of your applicants including, and perhaps especially, for internal candidates. 

You might want to consider holding the interviews away from the office if you think it might be more appropriate, especially if candidates will be easily recognised. You have a duty not to breach an applicant’s privacy by doing anything that might reveal they have applied for the role.  

Reference and other checks

You can only contact the referees that an applicant nominates. This includes for internal applicants. If the applicant has not agreed to the employer approaching a person, the employer should not approach that person for information.

If there is someone other than an applicant's nominated referees whom you would like to get a reference from, you must first get the applicant’s express consent.

If the applicant doesn’t consent:

  • You can’t go ahead and speak to that other person anyway;
  • But you can draw your own conclusions on what this might say, or might not say, about an applicant’s suitability. 

Remember to always check with the referee if their comments are provided in confidence to you. Otherwise, you may be obliged to disclose their comments if the applicant asks for them.

Get the applicant’s prior consent to any vetting you are going to do. This includes checking for qualifications, criminal convictions, police vetting (which is necessary for particular types of jobs), and credit checks. But only undertake credit checks if the role carries a significant financial risk. Even asking for consent to do a credit check requires justification.

You can use publicly available information to help inform your assessment of an applicant’s suitability. Some employers might carry out a Google search to find out what is out there about an applicant. 

But it is not okay to:

  • ask applicants for their social media login details
  • ask them to befriend you online so you can check them out
  • ask an existing online friend to check them out for you.

After the recruitment

Check with your successful applicant what they are happy for you to disclose about them when you announce their appointment, and when. The personal information they provided you in their application is not necessarily information they are happy to share more widely.

Take care with the way information you have gathered is handled:

  • You cannot use the information you obtained in a recruitment process for any other purpose, except with the applicant’s express consent. 
  • Securely destroy the applications of unsuccessful candidates, unless you have received their prior consent to keep their personal information on file in case another suitable opportunity should arise. 
  • If you used a recruitment agency, make sure they do the same. As they were working for you, you are responsible for ensuring that they meet your privacy obligations to applicants.

Further references

For further information, check out the recruitment section of our Privacy at Work guide for employers and employees.

See also our case notes on this subject, including these relevant cases:

 

Image credit: Clint Tierney (2008) via Digital NZ.

1 comments

,

Back

Comments

  • Awesome practical advice - thanks OPC! Another doozy I've seen is booking meeting rooms for an internal interview in a large organisation without making the booking private! Shared calendars can do a lot of damage...

    Posted by Daimhin Warner, 05/11/2015 8:11pm (22 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries