Buried in a new law regarding identity theft is a provision that requires employers to protect employment applications from being disclosed. (Hat tip to my colleague Jennifer Willcox for pointing this out.)

The law (Public At 09-239), which went into effect on October 1, 2009, states that "Each employer shall obtain and retain employment applications in a secure manner and shall employ reasonable measures to destroy or make unreadable such employment applications upon disposal. Such measures shall, at a minimum, include the shredding or other means of permanent destruction of such employment applications in a secure setting."

Before you discard this as just another employment regulation, you should know that there are hefty civil penalties than can be imposed for each violation — $500 for each violation and up to $500,000 for a single "event".

What’s the Takeaway for Employers?

This takeaway should be an obvious one – treat the employment applications as you would personnel files and take the necessary precautions for both storage and destruction.  For electronic applications, be sure to delete any information from discarded laptops etc. For paper copies, a shredder should suffice to protect that information.

With so many outside services now offering bulk shredding (and recycling at the same time), it’s never been easier to comply with this new rules.