Don’t Allow A Gap In Your GAPP

Let’s continue this series looking at Generally Accepted Privacy Principles (GAPP) and how they relate to HR in general and onboarding in particular. Here is a peek at Principles 4 and 5.


A well designed privacy policy will ensure that the personal information collected from job candidates, new hires, and employees is used only for appropriate purposes. This is usually limited to the purposes which the individual was notified about when the information was collected. An employer is responsible for ensuring that any third parties engaged to collect information (such as background screening partners) are doing so fairly and lawfully.

HR sometimes unintentionally toes the line between appropriate and inappropriate collection and use of private information. With the advent of GINA, there’s been a big kerfuffle over whether it’s OK to dig through the internet to accumulate personal data on candidates and employees. The fear is that such data gathering efforts might be prejudicial against individuals with medical conditions. Two recent stories have hit the news about city and state government agencies requiring employees to fork over their FaceBook passwords – with predictable outrage as the result.

Until the dust settles, it’s probably best to act conservatively in collecting information without employees’ knowledge or consent. The GAPP folks rightly point out that gathering more data than necessary can increase liability, raise administration costs, and make it more likely that information will be used inappropriately or disclosed unintentionally. With Universal Onboarding, the information you collect on data panels and through third party screening partners can be customized based on business necessity. That way, you’ll avoid overstepping the bounds of your new hires’ privacy.


Keeping records for no longer than necessary (or legally required) is one consideration in a privacy policy. The more information you store, the more security you may need to keep it safe. From an HR standpoint, keeping certain types of personnel records past the required date can increase risks if an audit occurs. Inspectors (such as those from the DHS) can ask to see everything you have and aren’t limited in how far back they can dig if you have records available. That means if there are incorrectly completed I9s from workers you terminated 5 years ago in your files, you could still get in trouble for that. Our Allegro HR products promote best practices such as annual I9 self-audits to help you effectively manage your records.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s