Data Protection for Recruitment

advertisement
Data Protection
Recruitment Process
HRIS Programme
Version: 10.3.11
Overview
The Recruitment process involves the collection and use of candidate’s personal and sensitive
data. Compliance with the Data Protection Act throughout the recruitment process helps to strike a
balance between the University’s need for information and the applicants right to privacy.
The Data Protection Act also covers the collection, storage and disposal of both successful and
unsuccessful applicants.
The Data Protection Act is applicable throughout the entire Recruitment Process.
Further guidance:
University of Oxford - Data Protection webpage
Information Commissioner’s Office: The Employment Practices Code
www.admin.ox.ac.uk/ps
Page 2
Learning Objectives
By the end of this module you will be able to
•
•
Describe the key data protection considerations for the Recruitment process:
1)
Advertising
2)
Job Applications
3)
Shortlisting
4)
Interviews
5)
Pre-employment checks
6)
References
7)
Retention of Recruitment Records
Explain University best practice to comply with the Data Protection Act throughout
the Recruitment and Selection process
Page 3
1) Recruitment Advertising
ICO Data Protection considerations:
•
Ensure that the organisation’s (or recruitment agency’s) name appears in all recruitment advertisements
•
Inform applicants how their personal data provided will be used, unless this is self evident
•
Ensure recruitment agencies send anonymised applicant information, if the employer does not wish to be
identified in the early stages of the recruitment process
University best practice
All job advertisements should comply with the University’s branding to ensure applicants are aware where they are
sending their personal information when applying for job vacancies.
The University’s Privacy Statement explains what types of information is gathered when people visit the University’s
web site.
Individuals must expressly give their consent before their data is used on the University website in order to comply
with Principle 8 of the Data Protection Act which restricts the transfer of personal information outside of the EU.
The Terms of Use on the University’s online jobsite informs potential applicants how their personal information will
be used.
Further guidance:
University’s Jobs and Vacancies at www.recruit.ox.ac.uk and www.ox.ac.uk/about_the_university/jobs/index.html
University Data Protection website: www.admin.ox.ac.uk/councilsec/dp/index.shtml
Page 4
2) Applications
ICO Data Protection considerations:
•
Ensure that the organisation’s name appears on the application form
•
Explain to applicants how their personal data provided will be used, unless this is self evident
•
Only seek personal information that is relevant to the recruitment decision to be made, for example are CRB
checks required for all job vacancies.
•
Explain the purpose of collecting any sensitive personal data, for example Equality and Diversity Monitoring
•
Provide a secure method of sending applications
University best practice
University application forms (online and paper) require that applicants give their explicit consent to the processing
of their personal data during the recruitment process:
•
E-Recruitment: applicants must select a checkbox to agree to the Terms of Use before they register to use eRecruitment and before they submit their online application. The Terms of Use document contains detailed
information on how applicants’ personal data will be used during the recruitment process.
•
Manual application forms: applicants must sign a declaration at the bottom of the form
Further guidance:
e-Recruitment Terms and Conditions of Use: www.recruit.ox.ac.uk/pls/hrisliverecruit/docs/0000000038.pdf
Page 5
3) Shortlisting
ICO Data Protection considerations:
•
Be consistent in the way personal information is used to shortlist applicants.
•
Ensure applicant data is only circulated to those who need to use it
•
Train staff on shortlisting processes
•
Inform applicants if an automated short-listing system will be used as the sole basis for making shortlisting decisions.
•
Ensure any psychological tests used to shortlist applicants are assessed by appropriately qualified staff.
University best practice
•
Shortlisting decisions should be based on the same selection criteria agreed at the advertising stage.
New criteria should not be introduced as these will not have been reflected in the advertisement or further particulars; this
could be unlawfully discriminatory.
•
Applicant data should only be circulated to the shortlisting panel for that job vacancy.
Note: in CoreHR, Equal Opportunities data is entered by Applicants via the online application form, stored separately in
CoreHR and accessible only to the Diversity team.
•
Training for selection panels is a requirement of the Personnel Committee.
Workshops are available and the online course offered by Oxford Learning Institute.
•
Records must be kept of the shortlisting process such as reasons for selection or rejection
Note: shortlisting records are potentially disclosable to applicants on request and may be required by an employment
tribunal in the case of a complaint of unlawful discrimination. Records may also be used to provide feedback. Rejection
reasons are required by the UK Border Agency (further guidance).
Further guidance:
Personnel Services: Criteria for Shortlisting for interviews
http://www.admin.ox.ac.uk/eop/recruitmentmonitoring/recruitmentcodepractice/
Page 6
4) Interviews
ICO Data Protection considerations:
•
Interviewers should be made aware that candidates may have the right to request access to their interview notes
•
Ensure that interviewers know how to take notes during interview and store interview notes securely
•
Ensure that interview notes are destroyed after a reasonable time
•
Explain to interviewers how to deal with a subject access request to interview notes
University best practice
•
At least one member of the interview panel must have undertaken training
•
Where possible use the same interview panel for the whole interview process
•
Use the same selection criteria for all candidates
•
Seek specific information relating to the candidate’s experience relevant to the job
•
Ask open questions
•
Avoid inappropriate questions
Further guidance:
Personnel Services: Conduct of interview
Personnel Services: Practical organisation of interviews
Page 7
5) Pre-Employment Vetting
ICO Data Protection considerations:
•
Make it clear early in the recruitment process that vetting will take place and how it will be conducted
•
Only use vetting to obtain specific information and only where it is justified for a particular job
•
Conduct pre-employment vetting as late as possible in the application process on the preferred candidate
•
Obtain the applicant’s permission to obtain personal information from a previous employer
University best practice:
•
Ensure specific checks (eg CRB) are not carried out on jobs where there is no requirement
•
Pre-employment health questionnaires should only be sent to candidates once a conditional job offer has been
made
Further guidance:
Personnel Services: Pre-Employment Checks at www.admin.ox.ac.uk/ps/managers/appoint/index.shtml#checks
www.admin.ox.ac.uk/hrisprogramme/usinghris/processes/
Page 8
6) References
ICO Data Protection considerations:
•
Set out a company policy stating who can give corporate references
•
Ensure that referees are informed that references will be regarded as potentially disclosable under a Subject
Access Request (Note: marking references "strictly confidential" may not eliminate them from disclosure)
University best practice:
•
Obtain references before offering the appointment (in some circumstance a verbal reference may be accepted in
advance of the written reference)
•
Advise potential candidates in the further particulars document that references will be required
•
Include a declaration in job application form that applicants must sign to agree for references to be taken up –
applicants may determine that references may only be taken if they are invited to interview/offered the job
Further guidance:
Personnel Services References: www.admin.ox.ac.uk/ps/managers/appoint/references.shtml
Data Protection Good Practice Note Subject access and employment references at
www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/references_v1.0_final.pdf
www.admin.ox.ac.uk/hrisprogramme/usinghris/processes for link to summary ‘pre-employment gates’ document
Page 9
7) Retention of Recruitment Records
To comply with the Data Protection Act an organisation should establish and adhere to retention periods for
recruitment records that are based on a clear business need.
ICO Data Protection considerations:
•
assess who retains recruitment records and where they are held (centrally, department)
•
ensure that recruitment records are not held beyond the statutory period in which a claim arising from the
recruitment process may be brought, unless there is a clear business reason for exceeding this period
•
anonymise any recruitment information that is to be held longer than the statutory period
University best practice
The University's policy for the retention of recruitment records is:
6 months following an appointment
Note: In some cases eg where a work permit is required, or where an employment tribunal case is in progress, it
may be necessary to keep records for longer than 6 months, but they should be destroyed as soon as possible
after that time.
Further guidance:
Retention periods for University personnel records: www.admin.ox.ac.uk/ps/staff/codes/retention.pdf
Page 10
Summary
The Data Protection Act is applicable to the entire Recruitment and Selection Process
Recruitment Advertising
• Ensure the University is identified on all advertisements and applicants are aware how their personal data will be used
• Agree the selection criteria to be used throughout the recruitment and selection process
Job Applications
• Only seek information that is relevant to the recruitment decision to be made
• Ensure applicants consent to their personal data being used in accordance to the Data Protection Act
Shortlisting
• Use selection criteria to ensure consistency when shortlisting candidates.
• Shortlisting records are disclosable under a Subject Access Request
Interviews
• Use selection criteria to ensure consistency when interviewing candidates.
• Interview records are disclosable under a Subject Access Request
Pre-Employment Vetting
• Only use vetting to obtain specific information and only where it is justified for a particular job
• Obtain the applicant’s permission to obtain personal information from 3rd parties such as previous employer
Job References
• Obtain applicant’s permission before taking up references and follow University procedure in giving out references
• Job references may be disclosable under a Subject Access Request
Retention of Recruitment Records
• Follow University procedure to dispose of recruitment records (6 months)
• Anonymise any recruitment information that is to be held longer than the statutory period
Page 11
Download