This morning our ASP service was updated with a new release that includes a number of fixes and improvements. Along with these routine maintenance items, we’ve adjusted the way Activity records work with Rollup Stages.
As of this update, changing the Stage icon on Rollup List will always write an Activity to the record involved. The text of the Activity will include the details about which Rollup the change was made on and which Stage was set.
This morning PCRecruiter was updated with a set of improvements, fixes, and new features, including comprehensive GDPR management.
This update was particularly driven by the PCRecruiter feature suggestion forum. We value your feedback greatly, so please keep posting and voting on ideas you would find most useful – the details make the difference! This update includes substantial plumbing for future releases, including a coming Job Board update and new publishing features planned for Summer 2018.
Here is a detailed list of changes included the May 3, 2018 update:
New ‘Insert Field’ options have been added. ‘Name.Photograph’ inserts a picture of the applicant, which can be helpful in Pipeline letters. The ‘Searcher.PositionList’ feature creates a clickable list of the selected positions, linking back to the Job Board.
In PCRMail, the menu icons for Compose, Get New, etc. have been relocated to the left side of the screen for easier access.
Our new Email Campaign feature, paired with our Analytics, is now available as an add-on:
The ‘Merge’ action for Company and Name records, previously only on search results screens, is now available on Rollup List.
The Duplicate Names Report under the main Reports menu can now be run by Email Address only.
The Duplicate reports now include a Rollup filter for smaller-scale duplicate management projects.
When performing a search using the basic three-field search form for Names, Companies or Positions, you can now use the breadcrumb navigation link to return to the form without losing your search criteria. (This behavior was already present in the Advanced search.)
Activity Search queries are now saved for later re-use from the Action menu.
In previous editions of PCRecruiter, the ‘Ex._____’ suffix for phone extensions was visible on all phone number fields. This will now only be visible for numbers that do not begin with a + and that exceed 10 digits.
System / User Management
The Copy User screen now begins without any options selected, and has a new ‘Select All’ option. A ‘Save as Default’ option has been added to save time when applying the same changes at a later date.
The options to copy Name, Company, and Position layouts have now been separated so that the layout for a single record type may be copied to other users. This also applies to copying Record Cards and Activity Defaults.
A new “Create/Update Profiles” option has been added under User Securities > Other. This new setting gives non-admin users the option to create and edit Profile forms.
The “Enable User Level Security” option has been moved to the Groups panel and has been renamed to ‘Restrict Access.’
The ‘Ignore All Security’ option for System Administrator security has been renamed ‘Full Permission’
The ‘Diversity Source List’ has been renamed ‘EEOC Source’ for clarity.
Positions & Interviews
A new Action item, ‘Copy Position’, has been added. This will generate a duplicate of the current Position under the same Company, which can be edited before saving the record.
The ‘Interviews’ tab within Name records now can be sorted by clicking the column headers.
The “Place Appointment on Schedule” option can now be given a default setting to save selecting it each time
Default search options can now be stored for “Link to Position” screen.
New options have been added to display ‘number of Interviews’ counts in both Position Rollup lists and Position Search Results.
On the ‘Add Rollup’ screen, we have renamed ‘Description’ to ‘Name’ and ‘Memo’ to ‘Description’ so that they match the labels used when looking at the main Rollup menu.
On the ‘Recently Viewed’ Rollup screen, hovering the cursor over the Description will now display the entire Description.
A new option allows users to hide the predefined Splitdesk Types: Candidate Owner, Company Owner, Interviewer and Position Owner. This is done by un-checking “Use ownership fields on Candidate, Company, and Position Records”.
The ‘History Fields’ sections for Work History, Education, Licenses, References, and Military have been updated with a clearer and more streamlined interface in Profile forms.
Main Sequence’s guiding principles in regards to EU Data Protection Laws are to:
Remain continuously informed about the status of actual legislation, current recommended best practices as presented by the EU government, data protection authorities, and pertinent private industry exemplars, and accomplish technical requirements associated with compliance.
Ensure that customers are offered the longest practicable lead time to make required changes and minimize business disruption, including any ongoing obligations to Main Sequence, associated with Main Sequence’s compliance, or non-compliance, with relevant EU Data Protection laws.
The Genesis of GDPR
The pertinent law, scheduled for full-effect 25 May, 2018, is EU Directive 016/679, headed “General Data Protection Regulation”. The now-standard acronym is “GDPR”. The GDPR law is presented as lengthy assembly of principles related to nearly every aspect of handling information.
The GDPR is structured around detailed and defined roles for the various parties involved with handling information. The persons that are the subjects of information (candidates, clients) are called Data Subjects. The parties that process data (Main Sequence) are called Data Processors, and the parties that collect and use the data (such as recruiters) are Data Controllers.
The GDPR rule developed in light of the previous rule, and from a political process that unfolded over the previous decade. The political sticking points involved with international data protection are inescapable when subjecting firms with varying interests, assets, and exposures to various sovereigns, and arriving at dispute enforcement mechanisms that are actually compelling of good behavior.
So far, these structures have taken the form of quasi-treaties. One that was heavily relied on by Data Processors was known as “Safe Harbor”. Safe Harbor was built around a memo of understanding between vendors and US government agencies that the vendors would reasonably respond to EU data protection authority demands.
Eventually, the EU judiciary did not find that protection to be adequate, and in ruling C-362/14, the EU Court of Justice determined that Safe Harbor would no longer suffice for compliance with EU Data Authority rules.
This decision created immediate disruption and uncertainty for hundreds of cloud vendors and thousands of customers. In response to that pressure, the EU executive body (EU Commission) issued COM 566 (November 2015), stating that Data Exporters who had executed contracts with Data Importers containing unmodified EU provided standard Model Contract Terms (and appropriate appendices) would be compliant until further notice. These contract terms are explicit and comprehensive, although enforcement remains situational.
Main Sequence’s Status as Data Processor
Main Sequence interprets section (106) of Directive 016/79 (“The Commission should monitor the functioning of decisions on the level of protection in a third country, a territory or specified sector within a third country, or an international organization, and monitor the functioning of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive 95/46/EC.”) as authorizing us to continue offering EU Model Contract Terms until at least 25 May 2018 or such time as the EU Commission no longer recognizes the Model Contract Terms as sufficient safeguards under Directive 016/679.
Along with GDPR, a successor to Safe Harbor was created. It’s called Privacy Shield. Main Sequence is a certified participant in Privacy Shield as of 20 November, 2017. That certification may be found here.
In EU Commission COM(2017) 611 (final), the Commission states that: “In its Decision of 12 July 2016 (“the adequacy decision”), the Commission found that the EU-U.S. Privacy Shield (“Privacy Shield”) ensures an adequate level of protection for personal data that has been transferred from the European Union to organisations in the U.S.”
Main Sequence is satisfied that Data Controllers may use our services in the reasonable expectation that they will be found adequate under GDPR.
A key open question of enforcement for Data Processors appears to be the question of where data must be hosted. On 16 October, 2017, The United States Supreme Court granted certiorari in the case United States v. Microsoft, which turns on the question presented to the court:
Whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C. 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad.
On 23 March, 2018, The Clarifying Lawful Overseas Use of Data Act, commonly known as the CLOUD Act, was signed into law. The CLOUD act contains a provision that requires email service providers to disclose emails within their “possession, custody, or control,” even when those emails are located outside the United States. This law rendered moot United States v. Microsoft, which was dismissed by the Supreme Court on 17 April, 2018.
This development removes a significant potential incentive for the EU to demand in-region hosting services.
In addition to the model contract terms, Main Sequence notes the following in regard to compliance with Directive 016/679:
PCRecruiter security settings will be set to high by default.
Consent management tools already exist in PCRecruiter for opt-in and opt-in renewal + status notation. These tools are being streamlined and extended for GDPR, and GDPR specific training/consulting/configuration will be available to our customers prior to 25 May, 2018.
Data portability tools already exist in PCRecruiter to download individual data records as report objects. As with consent management, these tools will be streamlined and ready for use when the law comes into effect. The data portability requirements of the GDPR, in particular, are likely to be developed by enforcement practice subsequent to the 25 May, 2018 effective date of the regulation.
Main Sequence will provide complete database return to customers upon request.
Main Sequence will report to a customer any data breach within 72 hours of discovery.
Search and sort tools to facilitate removal of no-longer pertinent data at appropriate intervals already exist in PCRecruiter.
Main Sequence will perform all minimum legal requirements for EU Data Processors, and in the event of a default by Main Sequence of any EU Data Processor requirement, Main Sequence will release any EU Data Controller customer from any future contractual obligations and /or waive any early termination fees associated with closing a PCRecruiter account prior to contract expiry.
Main Sequence will actively monitor compliance responsibilities for EU Data Processors operating in the United States and processing EU Personal Data.
Pseudonymisation is not a required technique, but may lower exposure to notification requirements in the event of a security incident. It is unlikely that PCRecruiter records can be fully pseudonymised because direct identifiers (data that can be used to identify by cross-linking through other information that is in the public domain) such as addresses, phone numbers, etc. are essential recruitment information. Pseudonymisation features may be expanded in PCRecruiter (for example, “blinded” C/V’s) or coded candidate submissions which could work to limit further interrelationships between recruitment firms and their customers as pertaining to the GDPR.
Main Sequence has no role in selecting a Data Protection Officer for customers, or in acting as one on behalf of customers.
Main Sequence recognizes that our customers may require support to configure PCRecruiter for essential tasks associated with their role as Data Controllers. Important steps for Data Controllers include, but are not limited to:
Documenting Security of Processing
Assessment of Compliance
Data Breach Notification Planning
Estimating Data Protection Impact
Identifying Data Protection Officer
Design Data Acquisition and Maintenance for Minimum Impact
Review/Update Processor Contracts
Audit Record of Processing Activities
For customers requiring certification for PCRecruiter as a Data Processor, please refer to our Privacy Shield certification. For customers seeking information/training/configuration of Data Controller tools within PCRecruiter, please contact your Main Sequence sales consultant or submit a request to our online support system to schedule services.
GDPR Compliance Features
The following capabilities are available upon request.
GDPR Data Fields
A GDPR tab on all name records, which contains new fields for tracking the Consent Date and Consent Purposes.
Consent Status Highlighting
Records with Consent Purpose set to Awaiting Consent or Revoked Consent are flagged in orange and are automatically opted out of all list-based email. Names that exist in the database at the time of activation will be automatically set to Awaiting Consent.
Consent Form Letters
Consent Form Letters are generated, which include ‘Insert Field’ merge tags leading the recipient to affirm or revoke consent. Selecting Deny sets the Consent Purpose field on the name to Requested Deletion.
Job Board Consent Requirement
A configurable consent agreement is added to the PCR Job Board so that all online applicants are prompted to affirm consent before proceeding to submit information.
Activity and Consent Log
The system adds New Activity types for tracking consent activity, and also adds a dedicated “Consent Log” panel for retaining all details and notes pertaining to consent collection.
Inactive Record Identification
An EUC Consent Purpose filter is added to the Identify Inactive Records panel, facilitating the location of inactive records and adding them to a list for Forgetting or other handling.
A new Global Change option allows admin to apply consent setting to multiple records at once, such as all names that have Requested Deletion. All changes are recorded to the Consent Log.
Forget and Download
New Forget and Download action items appear for admin-level users, allowing them to relegate any single contact to the Forget Bin or to back up the record’s fields and attachments locally. An option also exists for ‘auto-forgetting’ records that remain without consent for a given period of time.
Once ‘forgotten,’ a record is given an ID and sent to the Forget Bin admin area. The email remains visible in the bin only. The ID takes the place of the record in Position Pipeline history.
We’ve released a brand new update to the PCR Capture plugin for Google Chrome today. This new update includes support for Resume-Library.com and a brand new feature: PCR Match. This great workflow enhancer can skim any webpage for “FirstName LastName” formatted links and tell you whether that name is already in your database. If it is, you can send an email, add to a Rollup, and more right from the page you’re on. Check out the details in this video:
Live Webinar with Verified First
Ian Bellais, Verified First, Dir. Business Development
Whether you need to perform Social Security traces, check criminal and sex offence registry data, check motor vehicle reports, or handle drug screening, Verified First provides one of the quickest and most efficient services on the market today.
In this webinar, Ian Bellias will show you how the seamless PCRecruiter / Verified First integration works, walking through the process of getting authorized, ordering a background check, and looking at the results right inside of PCR. If you need background and drug screening services, this will be 30 minutes well spent.
The latest update for PCRecruiter includes integration with IBM Kenexa Assess On Cloud, bringing a broad range of candidate assessments to your selection or development process. Whether you’re gauging job fit, traits, or skills, PCRecruiter and Kenexa Assess can help you find the right people for any level from entry to C-Suite.