5 Ways Pinpoint Helps With CCPA Compliance for Recruitment
First of all, let’s set the scene with some background on Pinpoint.
Our CEO was previously Chief Digital Officer at a cloud computing company that focussed on serving customers with stringent security needs, and complex data protection and data residency requirements. So it’s not surprising that we take privacy and security incredibly seriously at Pinpoint.
Our experience helping customers navigate the changes to data protection laws in Europe in recent years has set us up well to support our global clients in adopting data protection and privacy best practices.
Customers that choose Pinpoint as their ATS get access to enterprise-grade security and privacy for their recruitment teams.
General safeguarding of candidate data
We believe that whilst the CCPA places specific requirements on businesses around data protection, information security and data privacy should be more than just a “tick in the box” exercise—globally accepted best practice should always be followed.
As well as our own robust data security policies and procedures, we’ve built tools right into Pinpoint to help our customers ensure their candidate data is always secure. That starts with controlling access—Pinpoint offers two factor authentication and single sign on as standard.
We work with high profile enterprise clients all over the world and have been through numerous security reviews as part of their procurement processes. If you have any questions about our approach to data protection and security, feel free to reach out to our team.
Responding to requests from candidates
Under the CCPA, candidates can request that you disclose any of their personal information you’ve collected, used, shared, or sold. Here’s how Pinpoint can help:
Centralized candidate data
Because all of your candidate data is stored centrally in Pinpoint, rather than in individual recruiter and hiring manager email inboxes, notebooks, and devices, it’s easy to respond to these requests.
Source reporting
You may be required to provide the categories of sources from which you collected a candidate’s personal information.
Pinpoint includes comprehensive source reporting that will enable you to do this for each application that a candidate’s submitted.
Providing a “Notice at Collection”
The CCPA requires businesses give consumers certain information in a “notice at collection” at, or before, the point that the data is collected.
Pinpoint includes a customizable notice as part of your job application form, and as a link on your careers website.
Pinpoint also includes a “cookie notice” on your careers website by default that informs visitors about the use of cookies and related data processing.
Responding to requests for deletion
With some exceptions, candidates can request that you delete their personal information.
Pinpoint offers a self-service portal that enables candidates to manage their own personal information on an application-by-application basis.
This gives candidates more control, demonstrates your commitment to transparency, and results in reduced admin for your recruitment team
Because all of your candidate data is stored centrally in Pinpoint (rather than in hiring manager and recruiter inboxes, personal devices, etc), it’s easier to respond to these requests for deletion if you do need to process a request manually.
Following globally accepted privacy and data protection best practices
There are a number of data protection best practices that our European customers have adopted as a result of the GDPR (European Data Protection Legislation).
We’re seeing increasingly stringent data protection laws come in around the world right now and the CCPA is just one example of this. For organizations that aren’t prepared, this can cause a massive headache for their recruitment team.
That’s why we encourage all of our customers to think about adopting global privacy and data protection best practices, regardless of their specific local requirements at this point.
But it’s not just about complying with regulations.
Candidates are also becoming increasingly privacy conscious. Being able to demonstrate that you take privacy seriously is a great way to build trust with your candidates and encourage more people to apply for your roles.
There are a number of ways that Pinpoint helps you put globally accepted best practice around data protection in place:
Default data retention periods
Data retention periods can be set in your Pinpoint account. If you haven’t had an interaction with the candidate within a pre-determined time period, and the data retention period has passed, the personal information will be automatically obfuscated enabling you to minimize the amount of personal data you store.
Talent pipeline refresh
You likely have thousands of candidate profiles in your talent pipeline but how many of those candidates still have an interest in working for your organization? How many of those profiles still have up to date resumes and contact information?
With our talent pipeline refresh feature, candidates in your talent pipeline will be emailed after a pre-defined period to check that they still want to be in your pipeline, and to give them an opportunity to update their information.
Minimizing data collection
We see lots of organizations using the same, standard application form for every role, meaning they ask huge numbers of irrelevant questions of candidates. This means your hiring team has lots of unnecessary information to sift through, you’re storing more personal information than you need to, and you’ll haemorrhage applicants (data tells us that you’ll lose 10% of applicants for every minute over 5 minutes your application process takes).
Pinpoint gives you the ability to customize the application form for every job to ensure you’re only asking the questions that are going to have an impact on your selection process.
Still got questions about how Pinpoint can help you manage your privacy and data protection obligations in recruitment? Get in touch and we’ll be happy to help.