PCRecruiter is ready for the GDPR

Written by Andrew Rothman on . Posted in Topics

Main Sequence’s guiding principles in regards to EU Data Protection Laws are to:

  1. Remain continuously informed about the status of actual legislation, current recommended best practices as presented by the EU government, data protection authorities, and pertinent private industry exemplars, and accomplish technical requirements associated with compliance.
  2. Ensure that customers are offered the longest practicable lead time to make required changes and minimize business disruption, including any ongoing obligations to Main Sequence, associated with Main Sequence’s compliance, or non-compliance, with relevant EU Data Protection laws.

The Genesis of GDPR

The pertinent law, scheduled for full-effect 25 May, 2018, is EU Directive 016/679, headed “General Data Protection Regulation”. The now-standard acronym is “GDPR”. The GDPR law is presented as lengthy assembly of principles related to nearly every aspect of handling information.

The GDPR is structured around detailed and defined roles for the various parties involved with handling information. The persons that are the subjects of information (candidates, clients) are called Data Subjects. The parties that process data (Main Sequence) are called Data Processors, and the parties that collect and use the data (such as recruiters) are Data Controllers.

The GDPR rule developed in light of the previous rule, and from a political process that unfolded over the previous decade. The political sticking points involved with international data protection are inescapable when subjecting firms with varying interests, assets, and exposures to various sovereigns, and arriving at dispute enforcement mechanisms that are actually compelling of good behavior.

So far, these structures have taken the form of quasi-treaties. One that was heavily relied on by Data Processors was known as “Safe Harbor”. Safe Harbor was built around a memo of understanding between vendors and US government agencies that the vendors would reasonably respond to EU data protection authority demands.

Eventually, the EU judiciary did not find that protection to be adequate, and in ruling C-362/14, the EU Court of Justice determined that Safe Harbor would no longer suffice for compliance with EU Data Authority rules.

This decision created immediate disruption and uncertainty for hundreds of cloud vendors and thousands of customers. In response to that pressure, the EU executive body (EU Commission) issued COM 566 (November 2015), stating that Data Exporters who had executed contracts with Data Importers containing unmodified EU provided standard Model Contract Terms (and appropriate appendices) would be compliant until further notice. These contract terms are explicit and comprehensive, although enforcement remains situational.

Main Sequence’s Status as Data Processor

Main Sequence interprets section (106) of Directive 016/79 (“The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organization, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC.”) as authorizing us to continue offering EU Model Contract Terms until at least 25 May 2018 or such time as the EU Commission no longer recognizes the Model Contract Terms as sufficient safeguards under Directive 016/679.

Along with GDPR, a successor to Safe Harbor was created. It’s called Privacy Shield. Main Sequence is a certified participant in Privacy Shield as of 20 November, 2017. That certification may be found here.

In EU Commission COM(2017) 611 (final), the Commission states that: “In its Decision of 12 July 2016 (“the adequacy decision”), the Commission found that the EU-U.S. Privacy Shield (“Privacy Shield”) ensures an adequate level of protection for personal data that has been transferred from the European Union to organisations in the U.S.”

Main Sequence is satisfied that Data Controllers may use our services in the reasonable expectation that they will be found adequate under GDPR.

A key open question of enforcement for Data Processors appears to be the question of where data must be hosted. On 16 October, 2017, The United States Supreme Court granted certiorari in the case United States v. Microsoft, which turns on the question presented to the court:

Whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C. 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad.

On 23 March, 2018, The Clarifying Lawful Overseas Use of Data Act, commonly known as the CLOUD Act, was signed into law. The CLOUD act contains a provision that requires email service providers to disclose emails within their “possession, custody, or control,” even when those emails are located outside the United States. This law rendered moot United States v. Microsoft, which was dismissed by the Supreme Court on 17 April, 2018.

This development removes a significant potential incentive for the EU to demand in-region hosting services.

PCRecruiter Compliance

In addition to the model contract terms, Main Sequence notes the following in regard to compliance with Directive 016/679:

  • PCRecruiter security settings will be set to high by default.
  • Consent management tools already exist in PCRecruiter for opt-in and opt-in renewal + status notation. These tools are being streamlined and extended for GDPR, and GDPR specific training/consulting/configuration will be available to our customers prior to 25 May, 2018.
  • Data portability tools already exist in PCRecruiter to download individual data records as report objects. As with consent management, these tools will be streamlined and ready for use when the law comes into effect. The data portability requirements of the GDPR, in particular, are likely to be developed by enforcement practice subsequent to the 25 May, 2018 effective date of the regulation.
  • Main Sequence will provide complete database return to customers upon request.
  • Main Sequence will report to a customer any data breach within 72 hours of discovery.
  • Search and sort tools to facilitate removal of no-longer pertinent data at appropriate intervals already exist in PCRecruiter.
  • Main Sequence will perform all minimum legal requirements for EU Data Processors, and in the event of a default by Main Sequence of any EU Data Processor requirement, Main Sequence will release any EU Data Controller customer from any future contractual obligations and /or waive any early termination fees associated with closing a PCRecruiter account prior to contract expiry.
  • Main Sequence will actively monitor compliance responsibilities for EU Data Processors operating in the United States and processing EU Personal Data.
  • Pseudonymisation is not a required technique, but may lower exposure to notification requirements in the event of a security incident. It is unlikely that PCRecruiter records can be fully pseudonymised because direct identifiers (data that can be used to identify by cross-linking through other information that is in the public domain) such as addresses, phone numbers, etc. are essential recruitment information. Pseudonymisation features may be expanded in PCRecruiter (for example, “blinded” C/V’s) or coded candidate submissions which could work to limit further interrelationships between recruitment firms and their customers as pertaining to the GDPR.
  • Main Sequence has no role in selecting a Data Protection Officer for customers, or in acting as one on behalf of customers.
  • Main Sequence recognizes that our customers may require support to configure PCRecruiter for essential tasks associated with their role as Data Controllers. Important steps for Data Controllers include, but are not limited to:
    • Documenting Security of Processing
    • Evaluation Pseudonymisation/Encryption
    • Assessment of Compliance
    • Data Breach Notification Planning
    • Estimating Data Protection Impact
    • Identifying Data Protection Officer
    • Design Data Acquisition and Maintenance for Minimum Impact
    • Review/Update Processor Contracts
    • Audit Record of Processing Activities
  • For customers requiring certification for PCRecruiter as a Data Processor, please refer to our Privacy Shield certification. For customers seeking information/training/configuration of Data Controller tools within PCRecruiter, please contact your Main Sequence sales consultant or submit a request to our online support system to schedule services.

GDPR Compliance Features

The following capabilities are available upon request.

GDPR Data Fields

GDPR Fields

A GDPR tab on all name records, which contains new fields for tracking the Consent Date and Consent Purposes.

Consent Status Highlighting

Orange Indicators

Records with Consent Purpose set to Awaiting Consent or Revoked Consent are flagged in orange and are automatically opted out of all list-based email. Names that exist in the database at the time of activation will be automatically set to Awaiting Consent.

Consent Form Letters

Consent Form Letters are generated, which include ‘Insert Field’ merge tags leading the recipient to affirm or revoke consent. Selecting Deny sets the Consent Purpose field on the name to Requested Deletion.

Job Board Consent Requirement

A configurable consent agreement is added to the PCR Job Board so that all online applicants are prompted to affirm consent before proceeding to submit information.

Activity and Consent Log

The system adds New Activity types for tracking consent activity, and also adds a dedicated “Consent Log” panel for retaining all details and notes pertaining to consent collection.

Inactive Record Identification

An EUC Consent Purpose filter is added to the Identify Inactive Records panel, facilitating the location of inactive records and adding them to a list for Forgetting or other handling.

Global Change

A new Global Change option allows admin to apply consent setting to multiple records at once, such as all names that have Requested Deletion. All changes are recorded to the Consent Log.

Forget and Download

New Forget and Download action items appear for admin-level users, allowing them to relegate any single contact to the Forget Bin or to back up the record’s fields and attachments locally. An option also exists for ‘auto-forgetting’ records that remain without consent for a given period of time.

Forget Bin

Once ‘forgotten,’ a record is given an ID and sent to the Forget Bin admin area. The email remains visible in the bin only. The ID takes the place of the record in Position Pipeline history.

PCRecruiter a “Masters” FrontRunner ATS

Written by Andrew Rothman on . Posted in Industry, News, Topics

Earlier this year, SoftwareAdvice released their latest FrontRunners data. Main Sequence is proud to see PCRecruiter listed in the Masters quadrant, scoring 4+ out of 5 on most of the measured stats, such as Value (4.26) and Integrations (4.9).

FrontRunners is powered by Gartner Methodology and offers a data-driven assessment of the most capable and valuable systems for small businesses. It’s driven by real user reviews/ratings, and verified product data.

For more, see the listing at http://www.softwareadvice.com/hr/applicant-tracking-software-comparison/#top-products.

The content for the FrontRunners quadrant is derived from actual end-user reviews and ratings as well as vendor-supplied and publicly available product and company information that gets applied against a documented methodology. The results neither represent the views of, nor constitute an endorsement by, Gartner or any of its affiliates.

Two Minute Tuesday: October 2016 Update

Written by Andrew Rothman on . Posted in PCR Updates, Topics, Two Minute Tuesday

In this Two Minute Tuesday, we’re looking at a handful of new changes that you’ll see on our hosted PCRecruiter servers later this week. We’ve added a faster way to upload resumes, revived the ‘Associate Rollups’ function for Positions, adjusted the Interviews list, and added a new ‘Scheduled Items’ column to the Rollups.

Follow us on Facebook, Twitter, LinkedIn, join our LinkedIn Users Group, or YouTube to stay in the loop, and watch the lower portion of of your PCRecruiter login screen for all the latest blog posts and updates.

If you have any comments or suggestions for something we can explain in about two minutes, send an email to twominutetuesday@mainsequence.net

Video Transcript

It’s Tuesday, and that means it’s time for another edition of Main Sequence’s series of short videos with tips, tricks, and tutorials to help make you a more powerful PCRecruiter user.

A few new change are going to appear on the PCRecruiter.net system this month, and in this edition of our video series we’ll give you the highlights.

First, a new ‘Quick Upload Resume’ option appears under the ‘Actions’ menu on the Name record. The existing ‘Add Resume’ option isn’t going anywhere, but the new ‘Quick Upload’ takes you straight to your system’s file browser. The full ‘Add Resume’ area allows you to copy and paste a resume, change formats, make edits, created a blinded copy, and so on, but if you just need to add or replace the resume and don’t need to view or interact with it, this new Action offers a slightly quicker route.

Next, you’ll find an ‘Associate Rollups’ option when you’re looking at the ‘Associations’ area of any Position record. This is a feature from older PCRecruiter versions that’s now made its way into the current release. Associating Rollups is a handy way to bookmark the groups of Names or Companies that you may have used for sourcing a particular Position, or to relate similar Positions to each other for easy access. By keeping a list of the companies you sourced from or candidates you found but didn’t end up actually attaching to the pipeline for the job, you can shortcut your future searches when handling similar opportunities.

You may also notice some tweaks to the columns you see when looking at a candidate’s list of Interviews. We’ve removed a couple of rarely necessary items, such as Contact Phone and Placement, and readjusted the widths and the orders of the remaining columns. This makes room for new items like ‘Written By’, which is the username of the person who created the most recent or furthest into the future Pipeline record connecting that Name and Job, and this column which shows the Appointment Date from that same record. If you’ve activated PCR’s pipeline integrations with Spark Hire video interviewing, IBM Kenexa Prove It! assessments, and so on, you’ll also see columns for those results. This new arrangement makes it easier to quickly see the current standing of the candidate for each job they’re connected to.

Finally, we’ve added a new column option to the Rollup Lists. By adding the ‘Scheduled Items’ option to your custom Rollup layout, you’ll see the date of the next item in your PCRecruiter schedule, not including Interviews, that’s tied to the given Name, Company, or Job. If you’re using Rollups for calling lists and other planning tasks, you may find this a helpful way to keep tabs on your next upcoming call or meeting related to that record. And if you’re not sure how to add columns to your custom Rollup layout, then you’ll want to stay tuned for next week’s Two Minute Tuesday!

For all the latest, keep an eye on our blog or your PCR login screen, follow us on Facebook, LinkedIn, or Twitter, join the PCRecruiter LinkedIn users group, and subscribe to our YouTube channel. If you have any topics or suggestions for future Two Minute Tuesdays, send an email to twominutetuesday@mainsequence.net.

Two Minute Tuesday: Copying User Settings

Written by Andrew Rothman on . Posted in Topics, Two Minute Tuesday

How do you give one user all of same settings and preferences as someone who’s already in the system? In this week’s Two Minute Tuesday, we’re going to look at how an admin user can duplicate settings from one user to another.

Follow us on Facebook, Twitter, LinkedIn, join our LinkedIn Users Group, or YouTube to stay in the loop, and watch the lower portion of of your PCRecruiter login screen for all the latest blog posts and updates.

If you have any comments or suggestions for something we can explain in about two minutes, send an email to twominutetuesday@mainsequence.net

Video Transcript

It’s Two Minute Tuesday, time for a new edition of Main Sequence’s series of short videos with tips, tricks, and tutorials to help make you a more powerful PCRecruiter user.

In an earlier edition, we talked about what to do when you want to remove a user from the database. What happens when you add a new user and want them to have the all same settings as someone who’s already in the system? In this week’s video, we’re going to look at how an admin user can duplicate settings from one user to another.

We’ll start by going to System and opening up the ‘Users’ section. If you don’t see this option, you’ll need to log into PCRecruiter as an administrator. Before anything else, let’s go into ‘Manage Users’ and find the account that’s got the prototypical settings we intend to copy. On the main information panel, we’ll want to verify that the ‘Model User’ setting is set to ‘Yes.’ Only the accounts designated as models will show up as sources to copy settings from.

Now let’s see how the process works when adding a new user. We’ll click the ‘plus’ to create a new account, and fill in the basic details like name, email, phone, username, and password.

At the bottom of this info panel, we have a dropdown to copy settings from a model user in this database. We can copy some or all of the basic settings. The ‘Security’ option is disabled by default, so if you do want to give the target user the same security settings as the model, you’ll need to check that box. Items that are checked by default include the custom layouts for name, company, and position records, position pipeline configurations, custom rollup list layouts and stage setups, and settings for which menu items are pinned and unpinned on various screens. There’s also an option to make duplicates of any form letters associated with the model user for the target user, but this is generally left unchecked. When we save, the new user gets the model’s settings, and we can adjust from there as needed.

What if we want to copy settings between users that already exist? We get to that panel from the Action menu on the user list, or from into the System’s main Users area. On the left, you’ll see the ‘Source User Name’ dropdown, which lists all of the model users in this database. The checkboxes for the various settings appear below.

On the right side, we’ll see a ‘Target Database’ dropdown. The default setup is to copy settings between users in the current database, but we can select a different database from the account if we have more than one. Just be aware that we can only copy settings across databases if the account we’re logged in with exists as an administrator account with the identical username and password in both the source and the target databases.

In the checklist below, we can either select all the users in the database as targets, or just specific ones. When we click ‘Save’, all of the selected settings on the target users will be replaced by the ones from the model user.

For more Two Minute Tuesdays, watch our blog posts on your PCR login screen, subscribe to this YouTube channel, follow us on Facebook, LinkedIn, or Twitter, and join the PCRecruiter LinkedIn users group. If you have any topics or suggestions for future Two Minute Tuesdays, send an email to twominutetuesday@mainsequence.net.

Two Minute Tuesday: Images in Emails

Written by Andrew Rothman on . Posted in Topics, Two Minute Tuesday

People often ask our training team how to add their social media icons to their email signatures, or how to put images into their form letters. Today’s Two Minute Tuesday covers using images in HTML emails.

Follow us on Facebook, Twitter, LinkedIn, join our LinkedIn Users Group, or YouTube to stay in the loop, and watch the lower portion of of your PCRecruiter login screen for all the latest blog posts and updates.

If you have any comments or suggestions for something we can explain in about two minutes, send an email to twominutetuesday@mainsequence.net

Video Transcript

It’s time for a fresh Two Minute Tuesday, Main Sequence’s series of short videos with tips, tricks, and tutorials to help make you a more powerful PCRecruiter user.

Today we’re going to look at how you can add images to your emails in PCRecruiter, and particularly how to insert clickable icons for your LinkedIn, Twitter, or other social profiles into your email signature. These same principles apply for adding images to stationery, templates and form letters, and other emails.

But before we get started, a few general pointers about images in emails. Due to the lack of standards across mail reading apps and providers, getting images to show up consistently and reliably is not as simple as you’d expect.

Many email readers, most notably Microsoft Outlook, are set up by default not to download or display inline images until the recipient says it’s ok to show them. For this reason, always assume that none of your images are going to load. We’ll show you how you can supply alternate text to describe the images for those who can’t view them.

As a general rule, using fewer images means more predictable display, reduced chances of triggering a spam filter, and faster sending and receiving, so before inserting any image, decide if you really need it, and leave it out if you don’t.

Let’s edit the signature. From the System area, we’ll scroll to ‘Email Setup’ and open ‘Email Signature’. Now we’ll use the ‘Insert Image’ option in the toolbar. We can either use a web-hosted image, or embed a PNG, GIF or JPG file from the local hard drive.

On the “General” tab, we have the option to specify a web URL for the image. This causes the email reader to download the image from the web when the message is received, rather than embedding the image data into the email code. This keeps the message smaller in size, which can really speed things up when you’re sending a bulk mail. It’ll also prevent the image from showing up as an ‘attachment’ for anyone who has embedded images blocked by default, but remember that web-hosted images are hidden or blocked just as readily as embedded ones, so the method of inserting the image won’t likely improve visibility one way or the other. If you don’t have anywhere to store your commonly used logos and icons online, the ‘Server Image Store’, also found under ‘System’ in PCR, can serve in a pinch. The ‘Image Description’ box is where we’ll place the alternate description text for folks who can’t see the picture.

We can also change the display dimensions of the image. Most inbox windows are no more than 400-500px wide, so it’s currently considered best practice to crop or resize to that general maximum width for email use. It’s always better looking, faster loading, and more reliable to resize the actual image file rather than scaling it to a new size when it loads in the email, so if your picture is too big or too small, change the image file rather than using this feature if you can.

The ‘From File’ tab is used for embedding an image into the email directly. To do that, we click and browse. After the image is in place, we can click it and go back to the ‘Insert/Edit Image’ tool to give it that alternate description text in case it’s not displayed.

To make the image a link, we highlight it and then use the ‘Insert Link’ icon. Paste the appropriate URL into the box, and you’re done.

One bonus tip… what if we want our LinkedIn, Twitter, and Facebook icons to line up side by side? That’s where an invisible table comes in handy. We’ll use the ‘Table’ option in the editor to create a 3 column, 1 row table. Now we can put the images into the cells of the table. The dotted borders we see while editing are guides that won’t show up when the email is sent. Try adjusting the properties of the table and the cells to create the layout you have in mind.

For more Two Minute Tuesdays, watch our blog posts on your PCR login screen, subscribe to this YouTube channel, follow us on Facebook, LinkedIn, or Twitter, and join the PCRecruiter LinkedIn users group. If you have any topics or suggestions for future Two Minute Tuesdays, send an email to twominutetuesday@mainsequence.net.