A common request of our users or potential users is whether we support a candidate portal. They see features like on Indeed or Monster and they want that too. They think it will make them look more professional and established, but what they don’t realize is with that infrastructure comes a lot of responsibility.

Generally, a candidate portal is envisioned as a place a candidate or applicant can create a profile with a login and password and “express apply” to roles in your organization as well as review statuses of past applications and/or modify information on their profile.

We hear you loud and clear: this is a common and popular request. It is one we don’t support at this time, both in our core offering and/or via an All Access Extension, and while we aim to offer a basic portal at some time in the near future, we’d like to explain why we don’t think you should have a Portal on your site.

Matador Jobs Was Built With Privacy Law Adherence In Mind

Matador Jobs was build in mid-to-late 2017 and launched in 2018. The European Union’s General Data Protection Regulation, or GDPR, the first of what would be many laws or regulations that govern obligations of a digital company to store, use, and discard user data, would take effect in mid-2018 and thus was on our minds as we made Matador.

Since GDPR and subsequent laws or regulations hold responsible the firm to protect data, we developed a solution where user Personal Identifiable Information (PII) was stored in one place: Bullhorn.

Matador Jobs Pro, and thus each website that uses it, only holds a temporary copy of personal identifiable information of candidates for only as long as is necessary to submit that data to Bullhorn, thereafter destroying it. This means that there is no space for on-demand access to that data from the website.

This massively assists firms in compliance with various consumer data privacy laws including the EU’s GDPR and the USA’s CCPA (California Law, but basically the US standard), as well as massively limits their risk should their website be compromised in a hack or other security situation.

PII Stored On WordPress Are Security Risks & Compliance Obligations

A portal, to be performant and useful, would need to hold copies of user PII in the website. This means that firms would add a second risk vector and second data storage point for user info. This drastically increases:

  • the information security obligations of the firm, and thus the cost to run the site in a compliant way,
  • the number of risk vectors for a security hole, and thus the potential of and costs of a hack or security breach,
  • and the effort required to adhere to data access and deletion obligations under the law, since data now exists in more places.

Our users, sometimes despite our advice to the contrary, will run Matador on WordPress sites with less than optimal security settings, out of date and insecure Server, PHP, and WordPress versions, and with plugins and themes that aren’t vetted for security. Any one of those issues can be a place an attacker compromises the website.

WordPress, while when fully updated is extremely secure, exists in an ecosystem designed to be easy-going and easy-to-use. That is fine for a blog post website but risky when you’re holding copies of secure user information and must adhere to laws and regulations related to that data.

Our average user does not have the IT infrastructure to properly mitigate those risks, so even when we release software that creates a user portal, we will not make it available for simple download so we can coach users on how to use it safely.

In the meanwhile, trust us, let Bullhorn be the handler of your applicants’ sensitive PII data.

Bonus! Qualify for QuickApply

An assumption people have with a portal feature is that candidates must create a profile before they can apply for a role. This would disqualify you from listing your roles as “quick apply” roles on Google for Jobs Search engine. Since “quick apply” roles are listed prominently, you would hurt your traffic by having a portal.

“Quick Apply” are job listings where the user, with no login required, can fill out a simple one-step form located no more than one click away from the job listing (ie: after an “Apply Now” click).

You Don’t Need a Portal, or the Headache It Can Bring

So to recap, while a candidate portal can work for large aggregators like Indeed and Monster, they introduce several complex expectations on a simple recruiting firm’s website, and the features are overkill aren’t worth the trouble.

When discussing a portal with our users, once we break down the above, they see the benefits of having a portal far outweighed the potential drawbacks and added complexity. While it is something we remain interested in creating for our select users with the infrastructure to use it safely, it is something we truly believe more than 4/5ths of our users should avoid.