No Image Available

REC urges care with data protection


With the rise in availability of technology, recruiters are increasingly using the Internet as a business tool, and the distribution of information via the net is fast becoming an integral part of current recruitment methods. Consequently, practitioners are subject to the watchful eye of the Data Protection Commission.

The Data Protection Act of 1998 regulates the processing of information relating to individual candidates who supply you with personal data. However, manual data (i.e. paper-based records) is exempt from compliance with the 1998 Act until October 23 2001.

Tim Nicholson, Chief Executive of the Recruitment and Employment Confederation (REC) said, “This transitional period has provided businesses with the opportunity to prepare for the change in the law. We advised REC members in June 1999 to undertake a spring-clean of their personnel records and other documentation for permanent and temporary staff by checking that information is up-to-date and relevant and discarding any data that is no longer required to be kept by law,”.

In light of this extension of the transition period, the (REC) has developed advice for recruiters concerning the processing of data.

  • Any factual information or opinions on an individual are classed as personal data. When placing any information on the Internet this data immediately becomes widely available. As a result, it is important that you obtain consent from the individual before distributing any of their details.
  • It is advisable not to collect or retain personal data unless it is strictly necessary for your own internal purposes. If you do require additional information on a candidate for an alternative purpose, you must let them know in advance.
  • Email addresses are also personal data, so if you are including email contact details on a distribution list, ensure that all individuals are happy for their details to be issued.
  • You and your staff should be familiar with data protection principles but it may be prudent to review your registration process and the storage and use of personal data to ensure that it is relevant to the purposes for which it is obtained. This will not only ensure that your staff adhere to the Act, but will act as a firewall.
  • Consent is also required when collecting personal data. Always inform candidates, prior to information being collated, who you are, what data you are collecting and for what purpose it is being obtained.
  • When establishing your Web site, provide a ‘privacy statement’ to help individuals decide whether or not to provide any personal information.
  • Finally, if a client or candidate requests that you stop using their information or correct, change or delete inaccurate details make sure you follow their instructions.

One Response

  1. Training course on The Data Protection Act 1998
    I am investigating sources of training to understand the implications of the Data Protection Act 1998 on companies who use computers to store information. If anyone knows of any courses in the London, Herts or Essex areas in May or June I would be grateful for further information.

No Image Available

Get the latest from HRZone

Subscribe to expert insights on how to create a better workplace for both your business and its people.


Thank you.