US
At best, news that Hays’ leaked contractor pay rates at RBS is an embarrassing gaffe, in a worst case scenario it could cause both long-term reputational harm and see a damaging loss of business.
Either way, it highlights the thorny issue of how recruiters need to ensure their data is adequately protected in the event of human error.
This story has been widely covered, but much of the attention has been on how RBS, a state-owned bank that has been making redundancies, has the gall to pay some of its contractors up to 2k a day.
Such rates are being paid to people involved in the ABN Amro integration and, suffice to say, RBS is not alone in paying exorbitant sums for change managers. What’s more, we’re told only 10 people were on such a rate, while the vast majority were on around 350-400. Anyway, we digress.
Perhaps the bigger concern for Hays, and indeed any other recruiters with access to vast amounts of pay and personal data (as well as something as simple as interview feedback) about financial services employees, is that they’re covered if something goes wrong.
Until last year, significant personal data breaches would have resulted in a maximum fine of just 5k. As of April 2010, the Information Commissioner’s Office (ICO) has the power to impose a penalty of up to 500k.
Even if the regulator doesn’t bear its teeth, both candidates and clients are much less like to do business with a recruiter if they believe their data is at risk.
RBS has said its main concern was “the security of information and the wider relationship with Hays” whereas Hays has said that it “recognises that the correct treatment of data is of utmost importance”.
Information security is a huge, and growing, headache for most firms, whether that’s banks, recruiters or telecoms firms, and they’re having to spend increasing amounts of money to ensure that adequate controls are in place, says Paul Hanley, director, information protection and security at KPMG.
“If there’s an accidental breach, where someone sends an e-mail containing confidential data to a large number of people, for example, a recruitment firm should have controls in place – this could include a chance to double check that the person wants to send this, making sure a technical team is aware of the action, or an ability to recall the e-mails once the company has realised a breach has taken place,” he says.
Moreover, recruitment firms need to ensure that they restrict access to information to key people in the business, that people can’t copy data on to external hard drive and even consider encrypting more sensitive information, he suggests.
I dont konw why people havent picked up on the fact something similar happened a number of years ago in Ireland with Hays! If memory serves, I think they were removed from the PSL!
This is the second time that Hays’ have done this, I understand it was another large IB also some years ago. When will users of Hays’ and Hays’ themselves learn their lesson.
2,000 per day is absolutely ridiculous.
This happened a number of years ago in London with Hays as well where contractors details were sent out to a very wide audience.
Reality is that they have made THREE mistakes in the last week alone that involve data that should not have been released.
Hays must have the worst reputation for data protection and they never seem to learn. Someone needs to address the issue!
John, your comment is ridiculous. You don’t even know what they do for a living. Some people earn more, some people earn less. Live with it.
2,000 a day is ridiculous – how can anyone survive on that? The point of a daily rate is to make you rich, rich beyond your wildest dreams. That’s the reward for the risk of the rollercoaster of day-pay contracts.