Select Page

Will your staffing firm be compliant with rapidly evolving privacy compliance laws?

One of the biggest challenges in today’s business environment is the growing expectation and awareness of consumers regarding data. There is a building movement and demand from consumers that they should have a say in who has access to their personal data and how that data is used. The European Union took the lead in 2018 by the passing of the General Data Protection Regulation (GDPR) which demands that firms protect the personal data they hold on individuals and requires a detailed process of how data is acquired and ultimately used. Following this legislation, California passed the California Consumer Privacy Act (CCPA) which increased consumer protection and privacy rights for California residents. This ever-changing regulatory landscape continues to evolve as two additional states (Virginia and Colorado) have passed similar legislation. The movement is growing as many states have this issue on the agenda for active legislation sessions in the upcoming year. 

Based on a combination of growing demands from consumers and new legislation, it’s imperative that data privacy compliance becomes part of your digital transformation strategy. While this will be a shared obstacle for firms doing business in states with this legislation, I’m going to specifically focus on the staffing industry—a $144 billion industry in the USA—based on my observations from leading teams in this space for close to a decade. There is a temporary exception in the CCPA exempting information collected by a business about a job applicant or employees from its provisions, but that is set to expire at the end of 2022. Even with this exception, staffing firms that meet the requirements for this legislation still have a call to action to protect other personally identifiable information (PII) that is acquired during their typical business practices. While it’s possible this extension could continue in the future, I believe it’s prudent to view this legislation as part of a growing shift in consumer expectations and be ahead of the curve to establish an early advantage in a fiercely competitive industry.

As a former staffing industry veteran, I’d like to create a call to action to make sure the industry is ready for these changes and can create competitive advantages during one of the hottest recruiting markets of all time. While legislation will continue to grow in new states, my focus will be on the legistiation in California (CCPA).

Will Your Staffing Firm Be Affected By This Legislation?

CCPA regulations must be followed by any entity that does business in California and satisfies one or more of the following:

  1. Annual gross revenue in excess of $25 million
  2. Interaction with (including buying, sharing, receiving, or selling) the personal information of 50,000 or more CA consumers or households
  3. 50% or more of its annual revenue is derived from selling CA consumers’ personal information

The Biggest Risk Factor to Staffing Firms is Unstructured Data

Having spent almost 10 years in the staffing industry, I can attest that it is a very rewarding but chaotic industry. While there are established workflows and applicant tracking systems (ATS) to store structured data, there is an exponentially growing amount of unstructured data which includes PII that is exchanged in the typical business process of an average recruiting firm. For clarification, structured data is highly specific and is stored in a predefined format, where unstructured data is a conglomeration of many varied types of data that is stored in native formats.

While every recruiting firm is unique, a typical business process includes sourcing candidates from various online platforms, candidate outreach (calls, emails, texts), internal candidate screening, candidate client interviews, and onboarding if a contractor is offered a position. This repeatable process is exponential and is the fuel of the delivery engine for large recruiting firms, ultimately allowing these firms to service their customer staffing job orders.

The Staffing Business Model Creates Content Chaos

 It’s not uncommon for contractors or applicants to email an application for employment directly to their recruiter of choice. While part of the recruiter’s responsibility is to upload or attach this information into an ATS, this information typically stays in a recruiter’s email. This challenge multiplies in scale with the size of a recruiting organization. While this is not just a security risk for keeping candidates’ data secure, it would also exceed the capabilities of most staffing firms to be compliant if a candidate requested all of their PII be deleted. It would not be a challenge to delete a candidate’s information in an ATS, but—based on existing technology investments—most staffing firms do not have an efficient process to sort through unstructured data due to their systems not being properly integrated.  

Another common area of risk is the actual recruiting process. Typically candidates are sourced from an internal ATS and external tools such as LinkedIn, Indeed, CareerBuilder, and many other job boards. Many of these recruiting tools are not connected to the centralized ATS which can include PII from candidates and active consultants in all stages of the recruiting process. It’s not uncommon for recruiting firms to use texting platforms to engage with candidates and have PII stored on these applications. By having systems and processes that are not fully integrated, counterproductive and countless hours of manual processes are created by employees in an attempt to be compliant with privacy legislation. 

Staffing firms face another challenge with contractor onboarding. Depending on where a recruiting agency is along their digital transformation journey, often a resource will fill out paper documents with an in-person onboarding manager, or they will email personal documents back and forth to the recruiter. Some firms have invested in automated onboarding systems, but the process is typically initiated by email and each recruiter as a function of time has an ever-growing cluster of unstructured data in their email inbox. This could cause a major hassle if asked to become compliant with a CCPA request. In addition to the compliance risk, they are also not able to harness the power of their data, as the majority of it is not in a structured format.

How Should The Staffing Industry Respond?

Staffing firms should examine their current practices of collecting personal information and develop internal processes to ensure compliance with the privacy legislation for the states they do business in. This could include reviewing how information is collected, where it is archived, and who at the firm has access to the data. Zia Consulting can help organizations improve their practices around unstructured content by applying knowledge of how Hyperautomation and RPA can reduce the manual labor needed to establish a streamlined process to complete all privacy-related requests. I would encourage industry leaders to monitor this legislation and engage with external partners for guidance. Zia Consulting can help modernize how your information is stored, processed, disseminated, archived, and ultimately dispositioned. As a staffing industry veteran, I welcome the opportunity to help guide you through this process. I spent close to a decade in the industry and was responsible for overseeing multiple sales, delivery, and operations teams across multiple markets. If you are in the process of reviewing your governance process, please reach out to Zia to learn more about how our Privacy Aware Governance Solution can assist you with these challenges.


Source Material:
SHRM article explaining new rules that start in 2023 › AllegisGroup › GDPR

Explanation of temporary exemption of CCPA for staffing companies and shows the expiration date,selling%20California%20residents’%20personal%20information.
Industry size of staffing market
Link showing each state’s privacy laws

Pin It on Pinterest

Sharing is caring

Share this post with your friends!