So you are hiring. What do you need to do to meet your privacy obligations? Here’s an easy checklist of do’s and don’ts. They all relate back to the 12 privacy principles that guide the collection, use, storage and disposal of personal information.
When calling for applications, the key thing to remember is to only ask for information that is relevant to the applicant’s suitability for the particular role. For example, an airline might need to know certain medical information about a candidate because a flight attendant might not be able to work safely if they had certain health conditions. But if it's not relevant to the role, don't ask for it.
It is also important at the interview stage to take reasonable steps to protect the identity of your applicants including, and perhaps especially, for internal candidates.
You might want to consider holding the interviews away from the office if you think it might be more appropriate, especially if candidates will be easily recognised. You have a duty not to breach an applicant’s privacy by doing anything that might reveal they have applied for the role.
Reference and other checks
You can only contact the referees that an applicant nominates. This includes for internal applicants. If the applicant has not agreed to the employer approaching a person, the employer should not approach that person for information.
If there is someone other than an applicant's nominated referees whom you would like to get a reference from, you must first get the applicant’s express consent.
If the applicant doesn’t consent:
Remember to always check with the referee if their comments are provided in confidence to you. Otherwise, you may be obliged to disclose their comments if the applicant asks for them.
Get the applicant’s prior consent to any vetting you are going to do. This includes checking for qualifications, criminal convictions, police vetting (which is necessary for particular types of jobs), and credit checks. But only undertake credit checks if the role carries a significant financial risk. Even asking for consent to do a credit check requires justification.
You can use publicly available information to help inform your assessment of an applicant’s suitability. Some employers might carry out a Google search to find out what is out there about an applicant.
But it is not okay to:
After the recruitment
Check with your successful applicant what they are happy for you to disclose about them when you announce their appointment, and when. The personal information they provided you in their application is not necessarily information they are happy to share more widely.
Take care with the way information you have gathered is handled:
For further information, check out the recruitment section of our Privacy at Work guide for employers and employees.
See also our case notes on this subject, including these relevant cases:
Image credit: Clint Tierney (2008) via Digital NZ.