Data Deletion to Support Data Privacy for Recruiting

The Data Deletion project ensures that user application data is not kept in the system longer than the defined amount of time set by the data retention period. As a part of this project, Data Deletion is divided into two areas:

  • Deletion of individual applications within a requisition
  • Anonymization

With this functionality, you can do the following:

  • Data Retention Mapping - Map data retention periods to a Location Organizational Unit (OU). This is done by the administrator through submission of a work order to Global Customer Support.
  • Delete Hired Employee Data - Delete applications for hired employees who leave the Legal Entity, become inactive and who request to be forgotten OR whose data exceeds the data retention period.
  • Delete Application within a Closed Requisition - Trigger the data deletion time-based event for closed requisitions.
  • Data Anonymization - Applicants who have exceeded the period of inactivity for anonymization will not be dispositioned if that applicant is not dispositioned and part of a requisition that is in an Open status. In addition, the word "Archive" (or variations of it) has been replaced with Anonymization (or variations of it) in many instances throughout the system. The anonymized user is no longer searchable.

Difference between Anonymization and Deletion

  • Deletion - Upon successful execution of data deletion, all non-hired applications within the Cornerstone system that have exceeded the data retention as configured by the administrator for a given Location OU, will be deleted. This deletion is permanent and non-reversible.
    • Removal method is dependent on the scenario:
    • For time-based: Deletion of non-hired applications based on a data retention period which is triggered following a pre-defined timeframe when the requisition is closed or the applicant is dispositioned.
  • Anonymization - Replacement of applicant core user data (Prefix, Suffix, First, Middle, Last Name, Email Address, City, State, Zip, Country) with randomized string of characters within the database
    • User of the Cornerstone system – When a user leaves a legal entity and requests to be forgotten or their core data is outside the entity’s data retention period, then that user’s core data is anonymized throughout the Cornerstone portal (e.g. Recruiter and/or Recruiting Administrator).

    Note: The Compliance Enablement Preference for New Submission Anonymization is different than the anonymization described above. When the Anonymize personal applicant data for New Submissions option is selected in Compliance Enablement Preferences for a Location OU, the value in the Name column for applicants in a New Submission status is replaced with the applicant's requisition number and applicant ID. The applicant ID is scrambled so that the applicant remains anonymous. Users can still sort the table using the Name column. However, once that applicant moves into a new status, their information is no longer anonymized.

Note: To enable instant application data deletion and profile anonymization, contact Global Customer Support.

Use Cases


  • The user's application is not deleted when moving from one Legal entity to another, provided that the user is in an Active status in the portal.
  • Applications from an external source are not impacted.
  • Even if a candidate exceeds the period of inactivity for a given requisition, an applicant's data is not anonymized if the applicant has an application in a job requisition that is in an Open status. However, if the applicant is dispositioned in an Open requisition for which they are the only applicant, then their data is anonymized.
  • When a requisition has multiple locations, the data deletion rules will apply to the primary location of that requisition.
  • If an applicant is hired, then their application will not be deleted until the user leaves the Legal Entity and either requests to be forgotten or their data exceeds the data retention period.