Book a demo Log in / Sign up

Applicant Privacy Notice Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Applicant Privacy Notice?

The Applicant Privacy Notice has become increasingly important with the evolution of privacy laws and regulations in the United States. This document is essential for companies conducting recruitment activities, particularly those operating across multiple states or handling sensitive personal information. The notice must comply with federal regulations and state-specific requirements, particularly in states with comprehensive privacy laws like California. An Applicant Privacy Notice typically includes information about data collection methods, processing purposes, sharing practices, security measures, and applicant rights. It serves as both a compliance tool and a trust-building mechanism with potential employees.

Frequently Asked Questions

Is an Applicant Privacy Notice legally required for employers in the United States?

Yes, an Applicant Privacy Notice is legally required under federal laws like the Fair Credit Reporting Act (FCRA) when conducting background checks, and the Americans with Disabilities Act (ADA) when collecting medical information. Many states also have additional privacy disclosure requirements for job applicants. Failure to provide proper notice can result in significant legal penalties and lawsuits.

Can I be sued if my company doesn't have an Applicant Privacy Notice?

Yes, you can face lawsuits and significant penalties without proper applicant privacy disclosures. Under the FCRA, employers can be liable for actual damages, attorney fees, and statutory damages up to $1,000 per violation. State privacy laws may impose additional penalties, and class action lawsuits from multiple applicants are increasingly common.

How is an Applicant Privacy Notice different from an Employee Privacy Policy?

An Applicant Privacy Notice specifically covers data collection during the hiring process, including background checks and pre-employment screening under FCRA requirements. An Employee Privacy Policy governs ongoing workplace data collection for current employees. Both serve different legal purposes and are typically required as separate documents with different disclosure requirements.

How long does it typically take to draft an Applicant Privacy Notice?

A basic Applicant Privacy Notice can be drafted in 1-2 hours using a template, but customization for your specific business practices and state requirements may take additional time. If working with an attorney, expect 2-4 hours of legal review to ensure compliance with federal FCRA requirements and applicable state laws.

Which states have the strictest requirements for Applicant Privacy Notices?

California, New York, Illinois, and Washington have some of the most comprehensive applicant privacy requirements beyond federal FCRA mandates. These states often require specific language about data retention, candidate rights, and detailed disclosures about third-party screening companies. Multi-state employers should ensure their notice meets the highest applicable standard.

Can using an outdated Applicant Privacy Notice get my company in legal trouble?

Yes, using outdated privacy notices can lead to FCRA violations and state law non-compliance as privacy regulations frequently change. Courts have imposed significant penalties on employers using obsolete forms that don't meet current disclosure requirements. Review and update your notice annually or whenever privacy laws change.

Do small businesses under 15 employees need Applicant Privacy Notices?

Yes, FCRA disclosure requirements apply to all employers regardless of size when conducting background checks on applicants. While some employment laws have small business exemptions, federal privacy disclosure requirements and most state applicant privacy laws apply to businesses of all sizes. Size exemptions typically don't apply to data privacy obligations.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Applicant Privacy Notice

An Applicant Privacy Notice is a crucial legal document that employers must provide to job candidates, explaining how personal information is collected, used, shared, and protected during the hiring process. This document ensures transparency and helps you comply with various federal and state privacy regulations that govern employment practices in the United States.

When do you need this document?

You need an Applicant Privacy Notice whenever you collect personal information from job candidates, whether through online applications, interviews, background checks, or skills assessments. This requirement applies if you conduct business in states with specific privacy laws like California, Virginia, or Colorado, or if you perform background checks covered by the Fair Credit Reporting Act. The notice is essential when collecting sensitive information such as Social Security numbers, medical information under ADA guidelines, or demographic data for EEOC compliance. You must provide this notice before or at the time of data collection, making it a fundamental part of your recruitment process documentation.

Key legal considerations

Your Applicant Privacy Notice must clearly describe all categories of personal information collected, including contact details, employment history, education records, and any information obtained through background checks or social media screening. The document should specify the legal basis for processing this information, such as legitimate business interests or legal compliance requirements. You must detail how long you retain applicant data and under what circumstances it may be shared with third parties like background check providers, recruiters, or legal authorities. Include information about data security measures and be transparent about any automated decision-making processes used in your hiring workflow. The notice should also clearly outline applicant rights, including access, correction, and deletion rights where applicable under state laws.

Legal requirements in the United States

Federal regulations require compliance with the Fair Credit Reporting Act when conducting background checks, mandating specific disclosures and obtaining written consent before accessing consumer reports. The Americans with Disabilities Act governs how you handle medical and disability-related information, requiring strict confidentiality and limited use provisions. Equal Employment Opportunity Commission guidelines regulate the collection and use of demographic information to prevent discriminatory practices. State-level requirements vary significantly, with California's Consumer Privacy Rights Act requiring detailed disclosures about personal information categories, processing purposes, and consumer rights. Virginia's Consumer Data Protection Act and similar laws in other states impose additional notice requirements and grant specific rights to applicants. Your notice must address the highest standard among all applicable laws to ensure comprehensive compliance across jurisdictions where you operate or recruit candidates.

GOVERNING LAW

Applicable law

This Applicant Privacy Notice is drafted to comply with United States law. Key legislation includes:

FCRA: Fair Credit Reporting Act - Federal law governing the collection and use of consumer reports including background checks and credit reports during the application process

ADA: Americans with Disabilities Act - Federal law regulating the collection and handling of medical and disability-related information during the application process

EEOC Laws: Equal Employment Opportunity Laws - Federal regulations governing the handling of demographic information and preventing discrimination in employment

CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act - State laws providing California residents with specific privacy rights and notice requirements for personal data handling

VCDPA: Virginia Consumer Data Protection Act - State law providing Virginia residents with privacy rights and establishing requirements for personal data processing

CPA: Colorado Privacy Act - State law establishing privacy rights for Colorado residents and requirements for businesses processing personal data

NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - State law requiring businesses to implement security programs to protect private information of New York residents

HIPAA: Health Insurance Portability and Accountability Act - Federal law protecting medical information, relevant if position is in healthcare or involves medical information

GLBA: Gramm-Leach-Bliley Act - Federal law governing the protection of personal financial information, relevant for positions in financial services

GDPR: General Data Protection Regulation - EU law that may apply if the company operates in or collects data from EU residents, establishing strict requirements for personal data processing

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it