Recruiters & Data Privacy - Proceed with Caution
You may have already given a recruiter everything hackers need to figure out your passwords. Think about it. This isn't like Target, who might have information such as name, address, card number etc.
The higher up the ladder you go, the more common it is that during the course of interviews, you’ll mention the name of your spouse, your kids, pets, hobbies, birthdays, favorite sports team, movies etc. That kind of info is a hacker’s dream for figuring out your passwords (e.g. family member’s name backwards using @ instead of A, followed by someone’s birthday or jersey number).
Recruiters like any good networkers, memorialize all of that data in their CRM or Contacts software. There is after all, nothing wrong with wanting to send a birthday gift or sports tickets to someone with whom you've built a relationship.
But where businesspeople with strong networking skills will keep such information on their personal computers, recruiting firms often record every detail as “Interview Notes” in a firm-wide database.
Worse, many search firms (especially larger ones) have open access data bases. That means every recruiter (and often admins) in every office, world-wide, has access to the Interview Notes about your family, hobbies etc… forever. This is very different than a former colleague having reminders for your kid’s birthdays in her Outlook.
You have serious reasons to be concerned about your data privacy.
Additionally, every law firm and corporation a recruiter has submitted your information to, also has your interview notes stored in perpetuity. Although corporate and law firm cybersecurity tends to be much stronger than at recruiting firms, last year’s breach of DLA Piper proved that even the biggest firms are not impervious.
While there are times you may want a recruiter or potential employer to keep your professional information, there is almost no reason to allow them to keep your personal information.
After hearing that one of our competitors may have been breached, our firm began requiring every client to sign a Data Privacy Addendum that states three things:
a. Candidate information will be kept confidential and only those involved in the recruiting process will have access to it.
b. No one will be contacted about a candidate without prior written authorization.
c. Everything about the candidate will be deleted and destroyed upon request.
None of our clients have refused to sign the addendum. They get it. So don't believe anyone who tells you that deleting your personal information is too much to ask.
If you have worked with a mid to large-sized recruiting firm in the past, I would strongly suggest requesting they delete and destroy all your personal information.
If you consider working with a recruiter in the future, just take reasonable precautions such as those outlined above to protect yourself. Get in writing that only the recruiter you’re working with, their boss, and the recruiting database administrator will have access to your information. Make sure that once you’re hired or done working with the agency, all Interview Notes, personal data etc. will be deleted and destroyed at your request. Finally, make sure their clients will do the same.
When applying to law firms or companies directly, I would recommend you add the following stamp to your resume or depending on the situation, send an email before submitting your info:
“Due to data privacy concerns, ABC Company understands and agrees that this resume and any information learned or noted about me during the interview process will be deleted / destroyed upon my request.”
The first four words above clarify why you’re making this request. If the employer won’t agree, it’s decision making time as to whether you want to move forward. Until they catch up with the times, you may need to take the risk with direct employers.
But if nothing else, make sure this is a non-negotiable item with recruiting firms.
Frederick L Shelton
CEO, Shelton & Steele