Home / News & Resources / Case Study / The importance of looking after sensitive candidate information during the recruitment process

The importance of looking after sensitive candidate information during the recruitment process

When applying for a job, we trust recruiters and the places we hope to work with a vast amount of sensitive information. But all too often this isn't looked after as well as it should be.

In a recent case, our solicitors saw the impact of what can happen when sensitive information supplied as part of a job application was processed incorrectly.

What happened in this case?

In this data breach, the individual managing the recruitment process wrongly addressed sensitive applicant information and failed to send it by recorded delivery or hand delivery, as was the company's standard purported practice.

The documentation included the following material:

  • A copy of the applicant's passport
  • A copy of her driving licence
  • A copy of her birth certificate
  • Two letters to prove her address/identity
  • Copies of her NVQ certificates.

The information has still not been recovered and therefore remains a potential threat to our client.

As a direct result of this data breach, our client has suffered severe psychological effects, including stress, anxiety and trauma. So much so that her GP has prescribed medication.

Lessons learned

In many cases, data breaches such as this can be avoided by employees abiding by the data protection principles of their organisations. But it is up to these organisations to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

Not just hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of data breaches to raise awareness of this issue and educate people to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.