Changing recruitment ad agencies or programmatic partners can be a great way to improve your hiring strategy, but it’s a critical time for data security. Many companies unintentionally leave a digital trail of tracking elements that allows former partners to continue monitoring their recruitment activities and, even worse, retain access to sensitive applicant data. A thorough offboarding process is just as important as the onboarding.
This article outlines the key steps to take to secure your data and protect your company’s privacy during and after a transition.
The Digital Footprint Agencies Leave Behind
Recruitment agencies often handle a few core functions for their clients: managing advertising spend, placing tracking pixels on websites, and accessing your Applicant Tracking System (ATS) and/or Candidate Re-Marketing (CRM) tools. These pixels are small pieces of code that agencies use to track everything from landing page visits to application completion steps.
The problem is that these pixels and access points often aren’t removed when an agency’s contract ends. This can leave your company’s website and recruitment process vulnerable. It’s like giving your ex-partner a key to your new home—they can still see everything you’re doing.
A prime example of this is a former employee retaining access to a LinkedIn Recruiter account long after they’ve left the company. This happens because their personal email was used for backups, allowing them to continue viewing sensitive data.
The Essential Offboarding Checklist
To ensure a clean break and secure your data, follow these steps meticulously:
1. Remove All Tracking Pixels and Code
The very first step is to scour your websites and ATS for any code left by the old agency. This includes:
- Tracking pixels and JavaScript on your career site and company website.
- Agency-specific code within your ATS.
- Tags in your Google Tag Manager (GTM) that are connected to the old agency’s tools.
You can often find these by searching for the agency’s name or a unique identifier in your code. Removing these ensures they can no longer track your candidate traffic or recruitment activities.
2. Revoke All API Access
Agencies often use APIs (Application Programming Interfaces) to connect their systems to yours. Make sure to:
- Remove all API access from your ATS and CRM.
- Disable any career site widget APIs they may have implemented.
- Turn off any automated reports that were set up to send weekly or monthly data to the agency.
By disabling these access points, you cut off their ability to pull real-time data from your systems.
3. Request and Secure Your Historical Data
Historical performance data is crucial for future strategy, but agencies rarely provide it proactively. Before you terminate the contract, you must:
- Send a formal request for a complete copy of all your historical data.
- Request confirmation of a data purge from the agency, as outlined in your Master Services Agreement (MSA). This confirms that they have deleted your sensitive data from their systems.
4. Inspect Your Website and Assets
It’s surprisingly common for agency branding to linger long after a contract has ended. Check your career site and company website for any remaining logos, links, or mentions of the former agency. This not only cleans up your site but also ensures there are no hidden redirects or tracking mechanisms left behind.
The PII Security Risk
Beyond tracking, the biggest risk is the potential for former agencies to retain access to Personally Identifiable Information (PII). PII includes sensitive applicant data such as names, emails, phone numbers, and sometimes even social security numbers or driver’s license details.
Some integrations, like those with Phenom, have known vulnerabilities that can be exploited if access isn’t fully revoked. An old agency with lingering ATS or CRM access could potentially view this sensitive data long after your partnership has ended, creating a major security and compliance risk.
When you take a proactive and meticulous approach to offboarding, you protect your company from these risks and ensure a smooth, secure transition.
About The Author
