- Solutions
- Products
- Community
- Resources
- Company
Call Sales +44 808 164 2563
Create incredible candidate experiences that communicate your brand, mission, and values with recruitment marketing solutions.
Learn moreCommunicate effectively and efficiently with the candidates that can drive your business forward.
Learn moreSelect the right candidates to drive your business forward and simplify how you build winning, diverse teams.
Learn moreHelp your best internal talent connect to better opportunities and see new potential across your entire organisation.
Learn moreCommunicate collectively with large groups of candidates and effectively tackle surges in hiring capacity.
Learn moreAccess tools that help your team create a more inclusive culture and propel your DEI program forward.
Learn moreRebound and respond to the new normal of retail with hiring systems that are agile enough to help you forge ahead.
Learn moreAccelerate the hiring of key talent to deliver point of care and support services that meet and exceed your promise of patient satisfaction.
Learn moreAttract and engage candidates with technical competencies, accelerate hiring for much-needed skills, and advance expertise within your valued workforce.
Learn moreSimplify how you recruit finance, insurance, and banking candidates with a unified platform built to match top talent with hard-to-fill roles.
Learn moreYour business strategy depends on your people strategy. Keep both in lockstep with the iCIMS Talent Cloud.
Learn moreBuild an engaging, high-converting talent pipeline that moves your business forward.
Learn moreDeliver the innovation your talent team needs, along with the global scale and security you demand.
Learn moreDeliver tailored technology experiences that delight users and power your talent transformation with the iCIMS Talent Cloud.
Learn moreThe #1 ATS in market share, our cloud-based recruiting software is built for both commercial and large, global employers.
Learn more Talk to salesAttract the best talent for your business with powerful, on-brand career websites that excite candidates and drive engagement.
Learn more Talk to salesCombine behavior-based marketing automation with AI insights to build talent pipelines, engage candidates with multi-channel marketing campaigns, and automatically surface the right talent for the job.
Learn more Talk to salesEmpower candidates with automated self-service, qualification screening, and interview scheduling through an AI-enabled digital assistant.
Learn more Talk to salesSimplify employee onboarding with automated processes that maximize engagement and accelerate productivity.
Learn more Talk to salesModernize, streamline, and accelerate your communication with candidates and employees.
Learn more Talk to salesTransform the talent experience by showcasing your authentic employer brand through employee-generated video testimonials.
Learn more Talk to salesSimplify recruiting, dynamically engage talent, and reduce hiring bias with job matching and recruiting chatbot technology.
Learn moreStreamline and centralize your HR tech stack with configurable, flexible, secure and reliable integrations.
Learn moreHow PRMG attracts 50% more applicants for niche finance roles with the iCIMS Talent Cloud.
Learn moreThousands strong, our global community of talent professionals includes creatives, innovators, visionaries, and experts.
Learn moreTogether we’re creating the world’s largest ecosystem of integrated recruiting technologies.
Learn morePartner with our global professional services team to develop a winning strategy, build your team and manage change.
Learn moreExplore our network of more than 300 certified, trusted third-party service and advisory partners.
Learn moreExpert guidance about recruitment solutions, changes in the industry, and the future of talent.
Learn moreExpert guidance about recruitment solutions, changes in the industry, and the future of talent.
Learn moreStay up to date with the latest terminology and verbiage in the HR software ecosystem.
Learn morePartner with iCIMS to build the right strategies, processes, and experience to build a winning workforce.
Learn moreDeliver the innovation your talent team needs, along with the global scale and security you demand.
Learn moreWatch the recording of our latest webinar looking at key findings from a recent study and explore short-term and long-term solutions for the talent crisis in 2022 and beyond.
Watch on-demandView press releases, media coverage, and the latest hiring data. See what analysts are saying about iCIMS.
Learn moreiCIMS is the Talent Cloud company that empowers organizations to attract, engage, hire, and advance the talent that builds a winning workforce.
Learn moreGet to know the award-winning leadership team shaping the future of the recruiting software industry.
Learn moreWe believe the future of work isn't something that "happens" to you. It's something you create. We actively create the future of work with our customers every day.
Learn moreStreamline your tech stack and take advantage of a better user experience and stronger data governance with ADP and the iCIMS Talent Cloud.
Learn moreThe combined power of iCIMS and Infor helps organizations strategically align their business and talent objectives.
Learn moreOur award-winning partnership with Microsoft is grounded in a shared desire to transform the workplace and the hiring team experience.
Learn moreOur partnership with Ultimate Kronos Group (UKG) supports the entire talent lifecycle by bringing frictionless recruiting solutions to UKG Pro Onboarding.
Learn moreLet’s get in touch. Reach out to learn more about iCIMS products and services.
Learn more
November 20, 2019 
5 min read
According to several cybersecurity reports, a significant amount of data breaches and security incidents are caused by employee negligence or error. Although most of these data breaches are unintentional, it is critical that your organization put in place forward-thinking privacy and security programs to mitigate risk and protect your business.
Privacy became a critical point of focus for many global organizations when the European Union enacted the General Data Protection Regulation, a law that seeks to better protect the personal data of individuals in the EU. While many individuals across the world were already skeptical about how organizations used their personal data, the GDPR spurred further concerns over data ownership and secondary data usage – and put the onus on businesses to comply and ensure personal data is properly processed. Moreover, it drove many of those same organizations and others to consider adopting the GDPR’s privacy principles and security measures across all personal data processing activities.
The future of privacy and security remains somewhat unclear and situationally dependent for every organization, but what we do know is that employees must be educated, trained, and held accountable on privacy and security compliance measures.
Furthering the critical notion of employee-wide training is the fact that regulatory penalties and data breaches impact companies across the globe. Recently, companies like Google, British Airways, Equifax, and Marriott faced significant regulatory penalties for data breaches that exposed individuals’ personal data. Many of these breaches can be attributed to criminal hacking, but also stem from unaddressed internal vulnerabilities and security culture failures.
Privacy and security continue to evolve as global concerns. The GDPR has certainly catapulted other jurisdictions to consider and pass data protection and privacy legislation. However, the United States’ failure to do so has incited some states to create their own patchwork of privacy legislation. California was the first state to do this with the California Consumer Privacy Act. The Act is currently set to go into effect on January 1, 2020, and a multitude of other state privacy laws loom behind it. Without critical and timely preparation efforts now, many organizations will arguably be unable to sustain and comply with the forthcoming plethora of data protection and privacy laws.
Every U.S. organization needs to ensure its employees, regardless of role, understand the key tenants of privacy and security. While many default to thinking a topic like data protection and privacy compliance falls under the purview of legal professionals, experts from the International Association of Privacy Professionals agree that a joint committee of legal, practical, and operational expertise provides stronger privacy and security risk mitigation, and ensures the best approach towards compliance.
IAPP points to Facebook’s recent challenges, with the organization becoming the source of one of the largest breaches of personal data to date, as a strong example. The organization had support of a full, competent legal team, security team, and data protection management program at the time of this breach, but still exposed itself to risk when business teams, engineers, and operational leaders were not regularly involved.
Legal expertise is certainly required to thoroughly understand legislation and accurately craft policies and contracts; however, it can’t fully protect your organization without operational compliance and widespread knowledge to carry out preventative policies and procedures.
While everyone in the organization is ultimately responsible, your legal and IT departments are typically the first touchpoints to initiate and maintain privacy and security programs, policies, and procedures.
Your legal department (often alongside your CEO and board) is likely to determine the strategic approach your organization will take to address data-related risks. This includes how both current and upcoming legislation are expected to impact the policies and programs that govern how your organization operates.
Likewise, your security and IT departments should closely collaborate with the legal department to develop and operationalize privacy and security programs, policies, and procedures. Selecting and adhering to a framework, such as ISO 27001, will ensure alignment with industry best practices. That not only better positions your organization to address privacy and security risk like vendor alignment, but also manage partner privacy and security requirements on your own.
To confirm information about applicable laws and regulations is disseminated to all employees, you may also consider identifying a cross-functional leadership team to work with your legal department. Lastly, never forget that continuous training is critical as both your organization and the data protection and privacy legal landscape evolve.
HR and talent acquisition departments are responsible to safeguard all personal data received from employees and job candidates. This includes typical job application fields such as age, address, and marital status as well as salary details and information collected during the interview and screening process.
When thinking about overarching privacy and security issues, HR and talent acquisition stakeholders need a regular outlet to bring forward transparency on current information collection processes and their use of technology. This way, they are prepared to navigate this evolving landscape and are aligned with your organizational objectives to proactively seek out risk mitigation.
To quickly comply with current and pending legislation, HR can likely repurpose their GDPR remediation plans to comply with the California Consumer Privacy Act and future privacy laws. As a reminder, another critical aspect of data protection and privacy compliance for HR and talent acquisition teams is the appropriate vetting and oversight of third-party vendors. As such, organizations must initially and continually assess all third-party vendors for activities such as background checks, resume parsing, and other activities that are involved in processing personal data.
Compliance burdens and responsibilities to secure personal will increase as your organization gains more access to it. At the same time, publicized data breaches continue to have mounting repercussions, like tarnishing brand reputations and heightening concerns among employees, consumers, and vendors alike. Therefore, your organization’s current and future success hinges upon the steps you take now to ensure compliance and mitigate privacy and security risks.
By Josh Torres
Josh Torres serves as corporate regulatory & privacy counsel at iCIMS, Inc. Torres brings more than 10 years of corporate law experience to iCIMS, including a highly regarded specialization in privacy law. Torres is one of a select few members to be named a Privacy Law Specialist (PLS) by the International Association of Privacy Professionals (IAPP), an exclusive designation that recognizes a select group of leaders that successfully demonstrate a knowledge of relevant privacy laws, regulation and technology; a commitment to staying ahead of new developments in the field; and substantial time devoted to practicing law related to safeguarding personal information.
