jump to navigation

Recruitment Rant – Part 2 August 26, 2012

Posted by Audit Monkey in The Joy & Pain of Internal Audit, Working Life in Britain.
Tags: , , , , , , , ,

And I’ll tell you what else is bugging me in the latest twist in the ‘modernisation’ of the recruitment industry – ‘self-serve registration’. I’ve applied for a couple of roles via gaapweb and I’ve been asked by the recruitment agency to register via the firm’s website-portal thingyamabob. And of course, I’ve been supplied with a user name and a password.

So what’s my beef? It’s ANOTHER FLAMING PASSWORD TO REMEMBER or CHANGE! I know for an auditor this is a strict no-no but I maintain a spreadsheet entitled ‘Passwords’ on my computer hard drive listing all my account passwords. There are currently 27 accounts. Typical accounts include my American Express card account through to my account for the Heathrow Express. Yes, I’m aware I could fudge the old password control by using the same password for different accounts but I’m always suspicious that if you use the same password that once one is compromised, there is the risk that other accounts could be compromised by people in the know. I could be wrong but.

However, what is more worrying is that all these recruitment agencies now requesting formal photographic identification as well as passport numbers or NI numbers [social security numbers] and comprehensive details on education and previous employment. The excuse used for this data is the Immigration, Asylum and Nationality Act 2006, where employers have to verify that an employee has the right to work in the UK. Forgive me but this is bureaucracy gone mad? Essentially the British government has shifted responsibility for performing immigration checks to employers. The flip side of this is the indigenous population are caught up in the board brush approach adopted by employers, recruitment consultants included, to ensure no one missed in error. I do find this maddening when it’s blatantly obvious that I’m a WASP – white, Anglo-Saxon protestant from South London. But no, I still have to go through the same checks as if I was from Sub Saharan Africa.

But more worrying is the storage of sensitive documents and data such as Passport and NI numbers. I’ve done KYC/AML checks at different firms and seen the passports and personal details of the great and good as part of my audit work. Until now I haven’t been too concerned about the theft of clients’ details as access to document management systems are ‘usually’ well controlled. Also, I always think you’ve got to go some to perpetrate identity theft.

However, I reckon I’ve got to change my mind as the volume of data being collected is going beyond the realms of what I would consider reasonable and second I doubt the security of data held. For example, I was recently asked to present my passport for reference for identity checks at a well-known recruiter. I mentioned that I had presented my passport previously in the vain hope I wouldn’t have to go through the whole rigmarole again but they were unable to locate my records. Cue ringing of alarm bells. Obviously the cleaner has had a field day.

So should I be concerned? Is that easy to forge a new identity? I would love to know.

Another recruitment rant to follow this one.


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: