- VP Staffing
- Privacy Officer
- Marketing Communications
- Applicant Tracking System Vendor
New laws, like California SB 1386 (in effect 1 July 2003), affect what data you collect, keep, how you use it, and who gets to to see it. We do all of that through our career site. Where do we stand? What's our plan?
- What laws and regulations apply to our pre-employment data now?
- What are coming soon?
- Which jurisdictions apply to our online staffing process?
- What data do we collect now?
- How are we protecting the data electronically? Physically? Procedurally? Is it enough?
- Does our responsibility start on web sites that collect information on our behalf, like job boards?
- Do we share information with contractors and business partners? How can we determine if they compliant? Is that a new condition of working with us?
- What can we do to both serve our recruiting goals while meeting job seeker needs for privacy?
- Will this change our data sharing policy within the organization? Across sister organizations?
- Do we have procedures and a mechanism for user notification? Have we tested the mechanism?
- How do we communicate our actions in a way consistent with our employment brand?
- How flexible is our ATS? How fast can changes be turned on?
- What is our data retention policy? Does it need updating?
- What is our risk exposure?
- What are the direct and indirect costs of compliance?
- What is the effect, positive or negative, on recruiting?
- What upside potential can we earn by being compliant sooner and better than other employers? Are there stricter standards worth bragging about to potential employees?
- What should we do to stay ahead of privacy compliance changes?
- Official California State Government site on SB 1386
- California Attorney General site on SB 1386 notifications
- Text of SB 1386
- Epic, privacy advocates.
- InfoWorld article: Leading the charge into privacy legislation
California Security Law Background: The
state passes a tough law regarding public disclosure of security breaches
after a hacker breaks in to a state employee database.
- Threat Focus, consulting firm. California SB 1386 mandates public disclosure of computer-security breaches in which confidential information of ANY California resident MAY have been compromised. The law covers every enterprise, public or private, doing business with California residents. Come July 1, 2003, those who fail to disclose that a security breach has occurred could be liable for civil damages or face class actions.
- "95 percent of people who use the Internet at home think they should have a legal right to know everything about the information that websites collect from them." CIO article. Annenberg news release (pdf) and the Americans and Online Privacy: The System is Broken report (pdf).
Use an Emblog Agenda to jump start your thinking on an important topic. For internal use only.