To be annoyed that recruiter CCed all candidates going to job interview

[Ygritte84]

Two emails were sent with the complete list of candidates in CC, with names and email addresses. Total breach of confidentiality, right?

I work in a small industry and people know each other. I will cross some of these people in my job.

Feeling very annoyed and also starting to doubt myself seeing the competition!

OK so I spoke with the recruiter today and told her in a very matter-of-fact way about her mistake. She apologised, but said no one else had noticed and she didn't feel like apologising to the other candidates as this could make them aware of the mistake.

I am not satisfied with this. The recruiter should definitely report the incident to the ICO, not try and forget it ever happened!

I really don't understand why people are saying wait before complaining. I would want to know that a potential employer will deal with issues like this. Anyone can make a mistake, it's how you deal with it that matters!

I mean, do it politely, constructively and discreetly but I couldn't go and work somewhere with a slapdash culture, I'd need to know that mistakes get fixed...

Just to clarify:

The recruiter is separate from the company advertising the job. So her mistake does not reflect badly on the company itself.

@Ygritte84

Just to clarify:

The recruiter is separate from the company advertising the job. So her mistake does not reflect badly on the company itself.

Gosh the response was awful!! I'd let the recruiter know.

Sorry I mean the company know about the recruiter.

@BernadetteRostankowskiWolowitz

Sorry I mean the company know about the recruiter.

Ah this is a hard one, it would make me sound like a bit of a snitch during a first interview!

Ah this is a hard one, it would make me sound like a bit of a snitch during a first interview!

I don't think so. I think most companies would be glad to be made aware of the problem as it could cause a lot of issues for them.

That is terrible of the recruiter! Also, everyone will have noticed, there is a big difference in appearance between an email to one person vs to fifty people!

That's terrible the company should be alerted this recruiter is dying this, responding poorly and also jeopardising their recruitment process a cohort of candidates so closely linked all being aware they are competing with one another could have all kinds of repurcussions

Fuck that is not okay! Definitely complain, you can bet you won’t be the only one.

It's good the recruiter is not an employee of the company, all you need to do is alert the company their recruiter if choice is breaching gdpr and introducing problems into the process in a casual manner (given their attitude to your pointing it out) and they should bin them off pretty sharpish/for all future recruitment and feel grateful to you.

Contact the recruitment company and ask for the details of the Data Protection Officer and report it to them

Accidentally clicking cc instead of bcc is a sackable offence? Like straight to dismissal? Wow

Exactly - I'm glad I don't work where that poster works!

It was an error, shouldn't have happened but it did. I can't see what all the fuss is tbh.

@Ygritte84

OK so I spoke with the recruiter today and told her in a very matter-of-fact way about her mistake. She apologised, but said no one else had noticed and she didn't feel like apologising to the other candidates as this could make them aware of the mistake.

I am not satisfied with this. The recruiter should definitely report the incident to the ICO, not try and forget it ever happened!

I work as a Data Protection Officer, so data breaches are my area of expertise.

From the point you notified the recruiter of the data breach (and that absolutely is what this is) the company has an obligation to investigate and assess the severity of what’s happened to decide if it needs to be reported to the ICO (presuming UK) within 72 hours. It’s unlikely to be the recruiter him/herself who would do this, but there should be a process for them to report the incident to their internal data protection representative/team to undertake the investigation. I’d suggest going back to the recruiter and asking if this has been done.

In terms of what’s actually happened, it’s worth bearing in mind that companies are only required to inform the ICO of an incident if it poses a “high risk” to the rights and/or freedoms of individuals and the assessment of high risk is obviously somewhat subjective. In the situation you describe, what risk do you believe there is to yourself and the other candidates from the breach having occurred? You need to be able to articulate this and tell the recruiter why you’re so concerned. Alternatively, if you think they’re unlikely to do anything, then there’s absolutely nothing stopping you from reporting the incident directly to the ICO. Contrary to a PP’s advice, you’re not required to exhaust any internal processes with the company to resolve the issue first; this is a data breach incident, not a complaint. If you decide to report to the ICO, you really need to hammer home the impact you feel the incident could have on you/your career.

With that response, you could report to the ICO. Idk if you’re case would be taken seriously. But there is no recognition of the possible impact to you and your future career prospects.

As for older more experienced people applying. This doesn’t mean you’re less likely to be the best fit. Some companies prefer candidates they can educate and mould.

@BritInUS1

Contact the recruitment company and ask for the details of the Data Protection Officer and report it to them

How would that help, though? The breach wasn’t performed by anyone in the company.

OP is this recruiter a one person operation? If there’s a recruitment company, perhaps raise it with them. Or speak again to the recruiter.

Clearly nothing can be done to change what’s happened—unless she can recall the emails and send again in proper form—but that ship has probably sailed. But she still owes everyone an apology at the very least.

Depends on the role and line of work. If it's data protection officer they'll be impressed you reported it.

Maybe it’s because I work in regulation; but I would actually look favourably on someone that politely reported a GDPR breach and explained the steps that needed to be taken.

Everyone is very twitchy about GDPR at the moment and the company may be grateful to have it pointed out to them and see you as someone who has a good knowledge of regulation and is looking to protect the company.

If you only have 72 hours, I’m not sure you can wait to find out if you have the job. I’ve personally had so many interviews when it took them a while to get back to me.

Also, if you wait too long, I think it minimises your complain.

While they’ll have to admit it was a wrong thing to do. They’ll also be like ‘well, it didn’t bother you so much if you were happy to wait a week to complain ‘.

She apologised, but said no one else had noticed and she didn't feel like apologising to the other candidates as this could make them aware of the mistake.

GDPR doesn't work like that.

She had 72 hours to investigate the breach and report to the ICO if required. Part of that involves notifying anyone whose details were compromised - in this case the other candidates.

The ICO is thataway -> ico.org.uk/for-organisations/report-a-breach/

That's so bad! Not quite the same but when I interviewed for my current job I took a sneaky look at the sign in sheet and looked up some of the names afterwards... There were people with decades more experience and seniority than me but I interviewed well (for once!) and got it. If you weren't a serious contender they wouldn't be interviewing you. 1

A definite GDPR breach. Go on the recruiter’s website at the bottom or somewhere will be a Privacy policy - detailed on there will be the person you need to contact when there is a breach.

I would also ask for another recruiter to represent you.

Wow stop being so over dramatic. Can you honestly say hand on heart you have never ever made a mistake in your job?
Probably some admin assistant on not much more than minimum wage rushing to get a job done.
So you know the other candidates, isn’t it possible that you would have seen some of them at interview anyway?
No ones died, been hurt or even lost 50p yet posters are acting like it’s the end of the world.
No wonder everyone is suffering from stress and anxiety now if they over react like this.

Wow stop being so over dramatic. Can you honestly say hand on heart you have never ever made a mistake in your job?

Maybe sky diving is not for you then.

no one else had noticed

How would they know? They meant you were the only one who had reported it to them , which is not the same thing.