The Sensitive Data That Accumulates in HR Systems
Human resources and recruitment functions generate and store some of the most sensitive personal information in any organisation. Resumes, cover letters, interview notes, reference checks, psychometric test results, salary negotiations, performance reviews, disciplinary records, and medical certificates all pass through HR IT systems. When this equipment reaches end of life, the volume and sensitivity of accumulated candidate and employee data demands careful attention during disposal.
What HR IT Systems Contain
HR and recruitment data is distributed across multiple systems and devices. Applicant tracking systems (ATS) store candidate applications, resumes, interview evaluations, and hiring decisions for every role the organisation has advertised. Human resource information systems (HRIS) hold comprehensive employee records including personal details, tax file numbers, bank account information, emergency contacts, and employment history.
Payroll systems contain salary information, superannuation details, leave balances, and tax records. Performance management systems store review documents, development plans, and potentially sensitive feedback. Learning management systems hold training records and assessment results. Email systems contain HR correspondence that often includes attached resumes, offer letters, and confidential discussions about employee matters.
HR practitioners’ laptops and workstations may contain local copies of all of the above, plus interview recordings, reference check notes, and draft documents related to restructures, redundancies, or disciplinary actions.
Privacy and Regulatory Considerations
HR data is subject to the Privacy Act 1988 and the Australian Privacy Principles, with particular sensitivity around health information (sick certificates, workers compensation records, pre-employment medical assessments), tax file numbers (governed by the Tax File Number Guidelines issued by the Australian Information Commissioner), and employee records (which have a partial exemption from the APPs for current and former employees of the organisation, but this exemption does not extend to candidate data from applicants who were not hired).
The Fair Work Act 2009 requires employers to retain certain employee records for seven years, including pay records, hours of work, leave records, and superannuation contributions. These retention requirements must be satisfied before IT equipment containing payroll and employment records can be approved for destruction.
Candidate Data: The Often-Forgotten Category
While employee records receive attention in most HR data management plans, candidate data from unsuccessful applicants is frequently overlooked. An ATS that has been in use for several years may contain thousands of applications from candidates who were never hired. This data includes personal contact details, work history, qualifications, and sometimes sensitive information volunteered in cover letters or interview discussions.
Under the APPs, organisations should only retain personal information for as long as it is needed for the purpose it was collected. For unsuccessful candidates, this purpose is typically exhausted once the recruitment process is complete and any challenge period has passed. Retaining candidate data indefinitely increases the data volume that must be managed during IT disposal and increases the risk profile of the equipment.
Before disposing of HR IT equipment, consider whether a data purge of aged candidate records should be performed to reduce the volume of sensitive data on the systems being decommissioned.
Sanitisation Requirements
Given the breadth and sensitivity of HR data, all IT equipment from HR departments should be treated as high-sensitivity for disposal purposes. Storage drives should be sanitised to NIST 800-88 Purge level at minimum. Equipment that contained tax file numbers, medical records, or disciplinary information should be considered for physical destruction given the heightened sensitivity of these data categories.
Mobile devices used by HR staff for recruitment activities (candidate calls, interview scheduling, offer discussions) should be factory reset and deregistered from management platforms. USB drives used to transport HR documents between locations should be sanitised or destroyed.
HR data touches every person who has ever applied to or worked for the organisation. Proper destruction of HR IT equipment protects the privacy of employees and candidates alike, and demonstrates the organisation’s commitment to responsible data handling throughout the employment lifecycle.