Is Your Applicant Tracking System a Security Risk?

When it comes to making sure your employee data are secure, it never hurts to be aware of the ways they can be breached. Today we’ll hear from Raquel Lawrence, content strategy associate at iCIMS about how applicant tracking systems (ATSs) can be a major source of potential insecurity.

Data breaches are becoming a far too common news headline. Whether its major retailers or service providers leaving customer information vulnerable to hackers or massive outages disrupting use of critical workplace systems, businesses must be smart about how they store and protect sensitive information.
In Human Resources technology, attention is traditionally more focused on protecting employee data, including Social Security numbers, salary amounts, health benefits, etc. What employers often forget, however, is that they hold far more data in their cloud-based HR systems than employee pay and performance data.
Applicant tracking systems collect an incredible amount of data. For example, iCIMS Recruit processes over 32 million applications each year. That’s a lot of résumés! In the age of LinkedIn®, it may seem that candidate work history and professional information should be public domain. But that doesn’t take into account that open access to something as simple as an e-mail address can put jobseekers at risk of data theft, in addition to the potential dangers of sharing personal phone numbers, home addresses, or current workplace locations. Talent acquisition professionals should keep some security basics in mind when evaluating recruitment software for crucial, comprehensive data protection.

Reliable Service and Maintenance

Responsible data collection and storage lay the foundation for operational excellence; a business cannot successfully scale without the right systems of record in place. Nonetheless, the nature of any technology is to rapidly evolve, which inevitably leads to challenges in adoption and maintenance.
HR professionals should be able to rely on their software providers to keep their applicant data safe, available, and to have appropriate safeguards to prevent data breaches. This way, the process of data protection feels simple thanks to the layers of security checks and backups behind the scenes. If an organization is using multiple services within its hiring process, such as background screening and assessments, it is even more necessary to have a talent acquisition platform of record that can be trusted to securely transfer candidate data with the utmost care.

Addressing Globalization Challenges with Localization

For international and enterprise organizations, job applicant data safety and compliance are more challenging than ever in a world of rapidly changing data protection and security standards. When the safe-harbor agreement was annulled in October 2015, for instance, businesses that transferred personal information of European Union (EU) citizens to the United States for storage and processing were pushed into a state of uncertainty around international data flows. Since then, the European Commission and the United States thankfully agreed on a new data pact, the EU-U.S. Privacy Shield, creating a new transatlantic data transmission framework as of last year.
To provide international business with hosting options that uphold Privacy Shield standards for data transfer and compliance, U.S.-based talent acquisition providers are committing to expanding their own global footprints. By offering on-continent candidate data storage in European cities, businesses hiring and operating there have the option to more easily meet regulatory requirements and reduce business risk.
In part two of this article we’ll take a look at proactive disaster recovery, plus other ways your ATS might be failing you.
Raquel Lawrence is a content strategy associate at iCIMS.